Professional Documents
Culture Documents
An Overflow Problem in Network Codingfor Secure Cloud Storage
An Overflow Problem in Network Codingfor Secure Cloud Storage
Abstract—In this paper, we present the overflow problem of a network coding storage system (NCSS) when the encoding parameters
and the storage parameters are mismatched. The overflow problem of the NCSS occurs because the network-coded encryption
yields extended coded data, resulting in high storage and processing overhead. To avoid the overflow problem, we propose an
overflow-avoidance NCSS scheme that takes account of security and storage requirements in both encoding and storage procedures.
We provide the analytical results of the maximum allowable stored encoded data under the perfect secrecy criterion. The design
guidelines to achieve high coding efficiency with the lowest storage cost are also presented.
1 INTRODUCTION
TABLE 1
An Illustrative Example of the Overflow
Problem in the Case of Binary Digits
A b c
2 3
1 1 1
41 2 35 ð1; 1; 0ÞT ð0; 3; 5ÞT =ð0; 11; 101ÞT
1 4 5
the entropy of the plaintext is equal to the conditional entropy repair bandwidth can be achieved. The most relevant one to
of the plaintext given the eavesdropped data. A network our work is [34]. It investigated how to store data reliably in
coding scheme for approaching the storage upper bound multiple clouds and provided the optimal amount of data
under the perfect secrecy was proposed in [20]. Different to be stored in the clouds. The storage cost is shown to be
secure regenerating codes to achieve perfect secrecy against highly affected by the potential number of colluding cloud
eavesdropping were reported in [21], [22], [23]. databases. However, the number of colluding cloud data-
For secure storage over multiple clouds, the authors of bases in [34] is assumed to be known, which is impractical
[4] proposed a security protection scheme to prevent eaves- in many applications. Compared with these previous
droppers from decoding any symbol. In [24], a link eaves- works, our proposed methodology has the following unique
dropping problem was investigated in a network-coded features.
cloud storage system in which transmission links between
the local datacenter and its remote backup site are eaves- We investigate the overflow problem in chunked
dropped. In the considered link eavesdropping problem, network coding. Through analyses, we show that the
the security level is defined as the probability that coded number of bits to represent a symbol is an important
data cannot be decoded correctly. In addition to eavesdrop- factor related to the overflow problem.
ping attacks, some recent works [25], [26] investigated how Different from the previous work [33] considering
to detect when the coded data are modified. binary operation, we extend the performance charac-
terization of chunked network codes using a general
finite field.
2.3 Performance Issue of Network Coding The encoding process and the data placement are
Two major challenges for designing a practical network jointly designed in the proposed network coding
coding system include i) the computational cost of encoding framework in consideration of the storage cost as well
and decoding and ii) the storage cost of coded data. The as security requirements. Extending [34], we consider
destination node can decode the received packet if and only a probabilistic security model of a network-coded
if the coefficient matrix of the packet is full rank. To cloud storage system. Our results provide a compre-
decrease the probability of receiving linearly dependent hensive understanding for finding the best combina-
packets, the coding parameters including the field size and tion of coding and storage parameters.
the encoding matrix size are assumed to be large. However,
larger value of coding parameters will lead to higher 3 SYSTEM MODEL AND PROBLEM SETUP
computational cost [27]. In addition, to decode a received Now we discuss the coding scheme and define the overflow
codeword, the destination node requires the coding vector problem.
which results in additional packet overhead. Especially, the
computation and storage costs would be severe for a huge 3.1 System Model for NCSS
number of input packets [28]. Consider the original base-d data vector b ¼ ðb1 ; . . . ; bn ÞT ,
To overcome the above issues, it is proposed to separate where elements bi are independent discrete uniformly dis-
a large file into a number of small chunks to which the net- tributed integers over f0; . . . ; d 1g. To securely store b to
work coding is applied [29]. This design is also used in the multiple cloud databases, network coding scheme that enc-
network coding storage system in which the information odes symbols by linear transformation is considered in this
bits are divided into groups (chunks) before encoding. paper [4].
However, it is still an open issue to jointly optimize the Let an n n Vandermonde matrix A be the encoding
design of chunked network codes and chunk transmission
matrix, where Ai;j ¼ ðai1 j Þ and ai are distinct nonzero ele-
scheme [30].
ments over a finite field Fq for q ¼ 2k > n. Then a cloud
user encodes data c ¼ ðc1 ; . . . ; cn ÞT ¼ Ab and splits the
2.4 Objective of This Paper encoded data into p segments. It is assumed that the cloud
In this paper, we focus on the performance issue of network user can arbitrarily store any piece of the encoded data to
coding when applying network coding in multiple untru- any cloud database. Let ~ci ði ¼ 1; . . . ; pÞ be the encoded data
sted clouds. The objective of this work is to develop a sys- vector stored in the ith cloud database. A legitimate user
tematic design methodology of a network-coded cloud can collect ~ci from the cloud databases and obtain the origi-
storage system. Similar methodology for the joint coding nal data by performing A1 c.
and placement problem can be found in [31], [32], [33], [34]. We consider the security threat from an eavesdropper
The authors of [31] considered the relations among the having infinite computing power and the knowledge of
clouds during the encoding process and proposed an encoding matrix, but access less than half of the cloud data-
encoding-aware data placement scheme to achieve through- bases [4]. The objective of the eavesdropper is to guess the
put gains of encoding operations. An adaptive network cod- original data. The considered cloud storage system can sup-
ing storage scheme was proposed in [32]. The encoding port different security levels in different databases [35].
strategy is adjusted according to the transmission condi- Define Pei as the probability that the ith cloud database is
tions (e.g., packet loss rate). However, the storage cost of the compromised. Also, the cloud user specifies a security
coded data is not considered. In [33], the authors proposed requirement Pu , which represents the maximum probability
to encode chunks using binary addition and bitwise cyclic that an eavesdropper can guess the original data. Next, we
shift in order to reduce encoding complexity. It is shown will show the overflow problem when distributing encoded
that the optimal tradeoff between storage capacity and symbols to multiple cloud databases.
792 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 30, NO. 4, APRIL 2019
TABLE 2
Example of the Definitions for Overflow Problem
A b c ~
c1 ¼ ðc1 ; c3 Þ ~
c2 ¼ ðc2 Þ strictly non-overflow 3-bounded non-overflow
2 3
1 1 1
Case1 41 2 35 ð1; 0; 0ÞT ð1; 1; 1ÞT ð1; 1Þ ð1Þ Yes Yes
1 4 5
2 3
1 1 1
Case2 41 2 35 ð1; 1; 0ÞT ð0; 11; 101ÞT ð0; 101Þ ð11Þ No Yes
1 4 5
3.2 Overflow Problem Theorem 1. Let si be the number of digits in the base-d plaintext
Although network coding scheme can prevent eavesdrop- bi and 2k be the Galois field size of encoding matrix A. Then,
pers from obtaining the information of the original data [1], the NCSS system is strictly non-overflow if si ¼ s ¼ logk d.
2
the length of encoded data in digital format may become k
larger than the length of the original data. This phenomenon Proof. First, we assume that si < log 2 d. Then, we have
is called overflow in this paper and is formally defined as k
follows. ¼ k log d 2 ¼ log d 2k : (1)
log 2 d
Definition 1 (Strictly Non-overflow). Let ld ðaÞ be the num-
Because the coding process deals with integers, we have
ber of digits that represents a in base d. A piece of encoded
si log d ð2k 1Þ. Since ci is distributed over f0; . . . ;
data c ¼ ðc1 ; . . . ; cn ÞT is strictly non-overflow if and only if
2k 1g, the maximum number of digits used to represent
ld ðci Þ ld ðbi Þ for each i. Note that the length of the encoded
an encoded element is ld ðci Þmax ¼ log d ð2k 1Þ. Further-
data is equal to that of the plaintext for a strictly non-overflow
more, the number of digits in bi can be represented as
encoding process.
ld ðbi Þ. Thus, we have
Definition 2 (a-bounded Non-overflow). Let j~ci j denote
the number of elements in ~ci . A piece of encoded data c ¼ si ¼ ld ðbi Þ log d ð2k 1Þ ¼ ld ðci Þmax : (2)
ðc1 ; . . . ; cn ÞT is a-bounded Non-overflow if and only if
As a result, the length of encoded data can be larger than
the length of the original data, and the overflow problem
X
j~ci j
ld ðcj Þ j~ci jald ðbi Þ; occurs.
j¼1 Second, we assume that si > logk d. We take exponentia-
2 k
tion with base d on both sides and we have dsi > dlog d 2 ¼ 2k
for 1 i p.
TABLE 3
Assume the encoded data are stored in cloud databases Notations in this Paper
randomly. The increasing cost of storage or computation
resources can be measured by the extension degree a ¼ lld ðc iÞ
. Notations Descriptions
d ðbi Þ
Table 2 shows an example for the two different overflow b Original data array
cases with d ¼ 2 and p ¼ 2. The extension degree is bounded d Base of bi
by 3 in case 2, compared to the strictly non-overflow case 1. ld ðaÞ Number of digits that represents a in base d
Note that all the coding operations in the example are per- A Encoding matrix
k Use Galois field size 2k for A
formed in Galois field GF(23 ), constructed with the primitive n Matrix size of A
polynomial P ðxÞ ¼ x3 þ x þ 1. Table 3 summarizes the nota- p Total number of cloud databases
tions used in this paper. c Encoded data vector
~
ci Encoded data vector
4 OVERFLOW-AVOIDANCE NCSS SYSTEM that stored in the ith cloud database
j~
ci j Number of elements in ~ ci
4.1 Overflow Analysis si Number of digits in bi
Now we analyze the conditions that cause the overflow b0 Regrouped data array
problem of a network-coded cloud storage system. Then we r Size of b0
Pei Probability of the ith
show how the overflow problem can be avoided by select-
cloud database being compromised
ing the proper data length in encoding process. We investi- Pg Probability that an eavesdropper
gate the conditions of distributing coded data for achieving can guess the original data
various security levels. Based on the above analysis, we Pu Security requirement: Maximum probability
describe the system design methods of the NCSS scheme. that an eavesdropper can guess the original data
The encoding parameters in NCSS is related to the over- l Amount of encoded data stored at
flow problem. To avoid the overflow problem, the encoding a local machine for every encoding operation
m Length of the original message
parameters can be designed according to the following a Number of encoding operations
Theorems.
CHEN AND WANG: AN OVERFLOW PROBLEM IN NETWORK CODING FOR SECURE CLOUD STORAGE 793
from (1). Since bi ¼ dsi contradicts the fact that the maxi-
mum value of bi is 2k 1, si ¼ s ¼ logk d. u
t
2
X
j~ci j
ld ðcj Þ j~ci jlog d ð2k 1Þ
j¼1
1 (3)
¼ a j~ci jlog d ð2k 1Þ
a
aj~ci jsi
¼ aj~ci jld ðbi Þ:
u
t
Theorems 1 and 2 provide the criteria of selecting the
length of the plaintext. Next, we discuss the relation between
the security requirement and the amount of encoded stored
data.
Theorem 3. The NCSS system satisfies the security require-
ment Pu if
Fig. 2. System flow of the overflow-avoidance NCSS scheme.
X
j~ci j X
n
Pu
ld ð~
ci ðjÞÞ ld ðct Þ þ log d ;
j¼1 t¼1
Pei The field size must be larger than the maximal value of the
data array element d 1. Otherwise, some data elements can-
for 1 i p. not be represented in the field. After that, a proper length of
data elements si can be decided according to Theorems 1 and
Proof. Without loss of generality, we consider an eavesdrop-
2. This is called dynamic length alphabet representation. We
per that can access only one of the two cloud databases.
then regroup b to b0 ¼ ðb1 . . . bs1 ; bs1 þ1 . . . bs1 þs2 ; . . . ; bs^r1 þ1 . . . bs^r Þ
D P
Thus, the probability that an eavesdropper can guess the
original data (denoted by Pg ) is the product of the intru- based on the value of si , where s^r ¼ ri¼1 si . Next, we gener-
sion probability of the cloud database and the probability ate an n n encoding matrix A with the following condition:
of guessing the remaining encoded digits. It follows that Condition 2.
P P
n j~ci j n < 2k (6)
l ðc Þ l ð~
c ðjÞÞ
t¼1 d t j¼1 d i
Pg ¼ Pei d
(4) and
Pei dlog d Pu log d Pei
¼ Pu : n r: (7)
u
t Since matrix A is constructed from n distinct elements
over the Galois field, we have n < 2k . In addition, the
4.2 Proposed Scheme matrix multiplication cannot be operated if the size of
Now we present our proposed overflow-avoidance NCSS encoding matrix is larger than the size of regrouped
scheme with the required security level Pu . Our proposed data array. We then encode b0 with A and obtain the
scheme is executed in three steps. First, a dynamic-length encoded data array c ¼ ðc1 ; . . . ; cn ÞT . Finally, c can be
alphabet representation of network-coded data is adopted regrouped to ~c by Theorem 3, which specifies the maxi-
based on Theorems 1 and 2. Second, the original data are mum amount of encoded data that can be stored in a
preprocessed and regrouped. Third, the regrouped data are cloud database according to user’s security requirement.
encoded and distributed to the distributedly located cloud Finally, the elements of ~c are distributed to the corre-
databases. sponding p cloud databases.
Fig. 2 shows the system flow of the proposed overflow- Table 4 shows an example of the proposed overflow-
avoidance NCSS scheme. Assume that a cloud user wants avoidance NCSS scheme in the strictly non-overflow case.
to store a single-digit data array b ¼ ðb1 ; . . . ; bm ÞT with base Assume that the original data are b ¼ ð0; 0; 1; 0; 1; 1; 1; 0; 1Þ
d to the p cloud databases. We first choose a power k for the and the encoded data are stored to two cloud databases with
1
field characteristics according to the following condition: Pe1 ¼ 0:5, Pe2 ¼ 0:25, and Pu ¼ 64 . According to Theorem 1,
we have s ¼ 3. Hence, the original data are regrouped to
Condition 1. ð001; 011; 101Þ in the dynamic length alphabet representation
process. The resulting coded data is ð111; 011; 001Þ. Next,
2k d: (5) from Theorem 3, we can calculate the maximal numbers of
794 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 30, NO. 4, APRIL 2019
TABLE 4
Example of Adopting Overflow-avoidance NCSS Scheme in Storing Encoded Data to Two Cloud Databases
b d k s b0 r n A c ~
c
2 3
1 1 1
ð0; 0; 1; 0; 1; 1; 1; 0; 1Þ 2 3 3 ð001; 011; 101Þ 3 3 41 2 35 ð111; 011; 001Þ ð1110; 11001Þ
1 4 5
digits that can be stored in the first and the second cloud from the ith to the jth position of vector e. The set of rows
database are four and five, respectively. As a result, the from the ith to the jth position of matrix D is represented
coded data stored in the first and the second cloud database as Di:j . In addition, bi are independent random variables
are 1110 and 11001, respectively. uniformly distributed over Fq with entropy Hðbi Þ ¼ HðbÞ.
For simplicity, without loss of generality, assume that
5 SECURITY ANALYSIS t contiguous components of the encoded data cpþ1:pþt are
stored to the clouds. Then we can obtain
In this section, we analyze the proposed overflow-
avoidance NCSS scheme in terms of security level and stor-
HðbðwÞ Þ
age cost. First, we discuss the issue of enhancing security (9)
level from a system design aspect. Then, we derive the ¼ HðbðwÞ jcpþ1:pþt Þ HðbðwÞ jcÞ
upper bound on data size that can be stored in the cloud ¼ IðbðwÞ ; cÞ IðbðwÞ ; cpþ1:pþt Þ
with unconditional security.
To begin with, from (4) we know that the lower bound of ¼ HðcÞ Hðcpþ1:pþt Þ HðcjbðwÞ Þ þ Hðcpþ1:pþt jbðwÞ Þ
the security requirement Pu is HðcÞ Hðcpþ1:pþt Þ:
P Pj~ci j (10)
n
l ðc Þ ld ð~
ci ðjÞÞ
t¼1 d t j¼1
Pei d Pu : (8) In the above equations, (9) holds because of the perfect
secrecy criterion and due to the fact that the secret infor-
Since ld ðct Þ is proportional to the size of Galois field, a larger mation can be reconstructed if the entire codewords are
encoding matrix size n and a large value of power k of the given. In (10), we have Hðcpþ1:pþt jbðwÞ Þ HðcjbðwÞ Þ 0
field characteristics can result in higher security levels. since
However, enlarging encoding parameters causes higher
coding complexity. Next, we show that the security level HðcjbðwÞ Þ Hðcpþ1:pþt jbðwÞ Þ ¼ Hðcpþtþ1:n jbðwÞ ; cpþ1:pþt Þ:
can be enhanced to unconditional security level by storing
a certain amount of encoded data in the local machine. Since bi are i.i.d random variables, it follows that
In the considered NCSS with eavesdropper, unconditional
security is equivalent to perfect secrecy, which means that HðbðwÞ Þ ¼ H bqð1Þ ; bqð2Þ ; . . . ; bqðwÞ ¼ wHðbÞ; (11)
the eavesdropper can get no information from the original
message [36]. where qðjÞ is the jth element of a random integer
sequence ranged from 1 to n. Because the encoded data
Definition 3 (Perfect Secrecy Criterion [37]). Denote S as vector c contains the entire information of b at most, we
the random variable associated with the secret data fragments can obtain
and E as the random variable associated with the encoded frag-
ments observed by the eavesdropper. The perfect secrecy requires HðcÞ nHðbÞ: (12)
HðSjEÞ ¼ HðSÞ;
Moreover, an n n Vandermonde matrix A is non-
where H(X) represents the entropy of a random variable X. singular [5]. Thus, the eavesdropper can apply Gaussian
elimination to obtain the reduced row echelon form of
In the worst case, an eavesdropper can access the the submatrix S, whose elements are ½Si;j ¼ ½Ai;j for
encoded data of all the cloud databases. The following theo- p þ 1 i; j p þ t. The Eavesdropper Reduced Matrix M
rem can be applied to specify the maximal amount of can be obtained as
encoded data fragments that can be stored in the cloud, 2 3
while keeping the rest of data in a local machine to ensure mp1 . . . j j . . . mpn
perfect secrecy. 6 .. .. . .. 7
Mpþ1:pþt ¼ 4 . . j It j .. . 5; (13)
pþt1 . . . j j pþt1
. . . mn
Theorem 4. Assume that w-digit secret information is encoded m1
with (n w)-digit data b. For both strictly non-overflow and
a-bounded
P non-overflow schemes, a cloud user can store at where the other element of M are the same as A. Hence,
most nj¼1 ld ðcj Þ w digits of encoded data to the cloud under the eavesdropper have t equations to solve n unknown
the perfect secrecy criterion. elements. It implies that
Proof. Let eðhÞ represent a subset containing any h compo- Hðcpþ1:pþt Þ ¼ tHðbÞ: (14)
nents of vector e. We denote ei:j as the subvector formed
CHEN AND WANG: AN OVERFLOW PROBLEM IN NETWORK CODING FOR SECURE CLOUD STORAGE 795
tHðbÞ nHðbÞ wHðbÞ: (15) cloud databases have the same probability of being compro-
mised (i.e., Pei ¼ Pe ) and the security requirement is Pu ,
The above equation shows that we can store at most the which specifies the maximum probability that an eaves-
n w components of encoded data to the clouds under dropper can guess the original message. In addition to the
perfect secrecy criterion. For the strictly non-overflow encoded data, the encoding matrix is stored at the local site.
scheme, we have only one digit in each P component of Let m and a be the length of the original message and the
encoded data. Thus, we can store at most nj¼1 ld ðcj Þ w number of encoding operations, respectively. In addition to
digits of encoded data to the clouds, while keeping the the encoded data, the user needs to keep the encoding
remaining w digits in the local machines. However, we matrix for decoding. In case of strictly non-overflow storage,
may have multiple digits in each component of encoded the storage cost at the local site is the function of encoding
~
data for a-bounded non-overflow scheme. Let eðhÞ repre- matrix size n and the amount of stored encoded data l. As a
sent a subset containing any w fragmentary components result, the storage space used to store the encoded data and
of vector e. With at least n unknown digits, knowing cðwÞ~
the encoding matrix at the local site is
cannot help solve b. As a result, it follows that
fðn; lÞ ¼ n2 s þ al: (19)
I cðwÞ
~
; b ¼ 0: (16)
Subject to the security requirement Pu , the storage cost mini-
Note that we still have t equations to solve n unknown mization problem can be expressed as
elements. That is,
min fðn; lÞ (20a)
p al
Hðb ðwÞ
jcpþ1:pþt ; c ðwÞ
~
Þ ¼ Hðb ðwÞ
jcpþ1:pþt Þ: (17) s.t. ð1 Pe Þ d 4 Pu (20b)
Finally, we obtain 2 4n 42 k
(20c)
l 4n (20d)
I cpþ1:pþt ; cðwÞ
~
; bðwÞ ¼ I cpþ1:pþt ; bðwÞ : (18) ans¼m (20e)
TABLE 5
Parameter Setting
Parameter Value
Original file size 2 MB
Base of bi (d) 2
Galois field size (k) 8 to 16
Number of cloud databases (p) 2 or 3
Probability of the cloud databases 0.5
being compromised (Pe )
Security requirement (Pu ) 106
various Pu are the same when m exceeds a certain threshold. 7 EXPERIMENTAL RESULTS
This is because the considered system is in the case of lower Since the encoding process is performed at local machines,
bound cost (i.e., l ¼ 1). Noteworthily, a larger k can yield a processing delay may be the performance bottlenecks.
smaller lower bound when m > 1000. In general, k 2 ½8; 16 Thus, it is of importance to investigate the impacts of the
[38]. For m < 1000, it is suggested that k ¼ 8; otherwise, system design parameters of a secure network coding
k ¼ 16. scheme on its delay performance. To implement the user
The amount of stored encoded data l is another impor- application and cloud storage, we develop the coding layer
tant design parameter for the proposed NCSS. In practice, and storage layer of NCSS. Each original file is associated
the NCSS system with large l requires a large memory to with the metadata which includes the coding information
store all the coding coefficients. Fig. 6 shows the required l (e.g., encoding coefficients). The goal of our experiments is
under different Pu . To achieve a higher security require- to explore the encoding performance of the proposed NCSS
ment, the user needs to store more encoded data in the local in terms of the file encoding time and the storage cost. Our
site. In addition, l can be reduced up to 80 percent if a large experiments are conducted on a commodity computer with
file is encoded. It is observed that the file size plays a bigger an Intel Core i5 processor running at 2.4 GHz, 8 GB of
role in determining l compared to the Galois field size. RAM, and a 5,400 RPM Hitachi 500 GB Serial ATA drive
Noth that we consider a secure network coding system with an 8 MB buffer. Table 5 shows the parameters setting
with no redundancy as in [1], i.e., n input symbols are for experiments. Note that, in our setting, different cloud
encoded to n coded symbols, and we need all the n coded databases are geographically separated. Hence, the pre-
symbols to recover the data. As shown in [12], network sented results are equivalent to those with p clouds, each
coding can achieve optimal storage-bandwidth tradeoff in having numerous databases.
erasure coded-distributed storage systems. The proposed We begin by estimating the cost of basic field operation.
scheme can be applied to those with redundancy, such as Fig. 7 shows the multiplication processing time of the net-
erasure codes [31] and regenerating codes [33]. In these work coding storage system with different sizes of Galois
cases, n input symbols are encoded to n þ z coded symbols, field. Although the complexity for the network coding is
where the amount of redundancy z depends on the required Oðn2 Þ modular multiplication, we find that the field size
only affects the processing time slightly, which supports
our design methodology of selecting k. Specifically, it
Fig. 6. The amount of stored encoded data l versus security requirement Fig. 7. Processing time versus the multiplication times for different
Pu for different message lengths m. Galois fields 2k .
CHEN AND WANG: AN OVERFLOW PROBLEM IN NETWORK CODING FOR SECURE CLOUD STORAGE 797
indicates that the security level can be enhanced signifi- optimal encoding and storage parameters was provided to
cantly by selecting an appropriate value of k at a small solve the overflow problem and minimize the storage cost.
computational cost. Furthermore, we derived an analytical upper bound on the
To evaluate the computational efficiency of the proposed maximal allowable stored data in the cloud nodes under per-
NCSS scheme, we conduct an encoding test using the pro- fect secrecy criterion. We demonstrated that encoding effi-
posed network coding scheme. Fig. 8 shows the processing ciency in terms of processing time can be improved by
time between the strictly non-overflow and the a-bounded jointly designing the encoding and the storage system
non-overflow schemes for 2 MB file with p ¼ 2, where parameters. More importantly, we suggested the design
a ¼ 5. The processing time is longer for a smaller n or k guidelines for NCSS to optimize the performance tradeoff
since the numbers of encoding times increase. As a result, among security requirement, storage cost per node, and
the system spends more time in I/O operations and fetching encoding processing time. This work can be extended to
data between the kernel and user [10]. Compared to the incorporate user budgets and file recovery, which is an inter-
strictly non-overflow scheme, the a-bounded non-overflow esting topic to study further in the future.
scheme requires more computation cost. The a-bounded
non-overflow scheme costs more than 11 times and 22 times APPENDIX
of the processing time than that of the strictly non-overflow
scheme when k ¼ 16 and 8, respectively. Finally, the best Here we first show that the original storage cost minimiza-
performance is achieved when n > 100 for both non- tion (20) is not convex even when the integer constraint is
overflow schemes. Because increasing n results in a larger relaxed. Then we give the algorithm for solving the optimi-
cost than increasing k, we suggest adjusting k to meet the zation problem by minimizing over separated variables.
security requirements under the condition n ¼ 100. Theorem 5. The objective function of the original storage cost
Fig. 9 compares the processing time of the strictly non- minimization (20) is not convex.
overflow and the a-bounded non-overflow schemes versus
the power of Galois field characteristic k. In the figure, the Proof. We consider the case of strictly non-overflow
strictly non-overflow scheme is preferable to the a-bounded scheme. Substituting si ¼ s ¼ logk d into (20), the original
2
non-overflow scheme. Noteworthily, k negligibly affects the storage cost minimization is equivalent to
processing time of the strictly non-overflow scheme, but do
impact the processing time of the a-bounded non-overflow k mlog 2 d 1
min fðn; lÞ ¼ n2 þ n l (21a)
scheme. log 2 d k
We note that it is shown in [33] that k ¼ 8 is preferred k Pu
s.t. log d n 4l 4n (21b)
from the viewpoint of low computational cost in the case of mlog 2 d ð1 Pc Þp
m ¼ 4 KB with no eavesdropper. This is consistent to our
observation from Figs. 4 and 8. On the other hand, if storage 2 4 n 4 2k (21c)
cost is the primary concern, k ¼ 16 is recommended based
n; l 2 Zþ : (21d)
on our results.
[32] J. Li, Y. Liu, Z. Zhang, J. Ren, and N. Zhao, “Towards green Li-Chun Wang (M’96-SM’06-F’11) received the
IoT networking: Performance optimization of network coding BS degree from National Chiao Tung University,
based communication and reliable storage,” IEEE Access, vol. 5, Taiwan, R.O.C., in 1986, the MS degree from
pp. 8780–8791, 2017. National Taiwan University, in 1988, and the MsSci
[33] H. Hou, K. W. Shum, M. Chen, and H. Li, “BASIC codes: Low- and PhD degrees from the Georgia Institute of
complexity regenerating codes for distributed storage systems,” Technology, Atlanta, in 1995, and 1996, respec-
IEEE Trans. Inf. Theory, vol. 62, no. 6, pp. 3053–3069, Jun. 2016. tively, all in electrical engineering. From 1990
[34] P. Hu, C. W. Sung, S.-W. Ho, and T. H. Chan, “Optimal coding to 1992, he was with the Telecommunications Lab-
and allocation for perfect secrecy in multiple clouds,” IEEE Trans. oratories of Chunghwa Telecom Co. In 1995, he
Inf. Forensics Secur., vol. 11, no. 2, pp. 388–399, Feb. 2016. was affiliated with Bell Northern Research of
[35] M. Barua, X. Liang, R. Lu, and X. Shen, “ESPAC: Enabling security Northern Telecom, Inc., Richardson, TX. From
and patient-centric access control for eHealth in cloud comp- 1996 to 2000, he was with AT&T Laboratories, where he was a senior tech-
uting,” Int. J. Secur. Netw., vol. 6, no. 2, pp. 67–76, 2011. nical staff member in the Wireless Communications Research Depart-
[36] D. Chen, N. Zhang, R. Lu, X. Fang, K. Zhang, Z. Qin, and X. Shen, ment. Since August 2000, he has joined the Department of Electrical and
“An LDPC code based physical layer message authentication Computer Engineering of National Chiao Tung University in Taiwan and is
scheme with prefect security,” IEEE J. Sel. Areas Commun., vol. 36, the current chairman of the same department. His current research inter-
no. 4, pp. 748–761, 2018. ests are in the areas of radio resource management and cross-layer
[37] J. L. Massey, “An introduction to contemporary cryptology,” Proc. optimization techniques for wireless systems, heterogeneous wireless net-
IEEE, vol. 76, no. 5, pp. 533–549, May 1988. work design, and cloud computing for mobile applications. He won the Dis-
[38] G. Angelopoulos, M. Medard, and A. P. Chandrakasan, “Energy- tinguished Research Award of National Science Council, Taiwan in 2012,
aware hardware implementation of network coding,” in Proc. Int. and was elected to the IEEE fellow grade in 2011 for his contributions to
Conf. Res. Netw., 2011, pp. 137–144. cellular architectures and radio resource management in wireless net-
works. He was a co-recipient(with Gordon L. Stuber and Chin-Tau Lea)
Yu-Jia Chen received the BS degree and PhD of the 1997 IEEE Jack Neubauer Best Paper Award for his paper
degree in electrical engineering from National “Architecture Design, Frequency Planning, and Performance Analysis for
Chiao Tung University, Taiwan, in 2010 and 2015, a Microcell/Macrocell Overlaying System,” IEEE Transactions on Vehicu-
respectively. He is currently a postdoctoral fellow in lar Technology, vol. 46, no. 4, pp. 836-848, 1997. He has published more
National Chiao Tung University. His research inter- than 200 journal and international conference papers. He served as an
ests include network coding for secure storage associate editor for the IEEE Trans. on Wireless Communications from
in cloud datacenters, software defined networks 2001 to 2005, the guest editor of Special Issue on ”Mobile Computing and
(SDN), and 5G cellular network. He has published Networking” for the IEEE Journal on Selected Areas in Communications in
22 conference papers and 6 journal papers. He is 2005, ”Radio Resource Management and Protocol Engineering in Future
holding three US patent and three ROC patent. He Broadband Networks” for the IEEE Wireless Communications Magazine
is a member of the IEEE. in 2006, and ”Networking Challenges in Cloud Computing Systems
and Applications,” for the IEEE Journal on Selected Areas in Communi-
cations in 2013, respectively. He is holding 10 US patents. He is a fellow of
the IEEE.