Your search keyword '"ACCESS control of computer networks"' showing total 31 results

1. Out Lag Synchronization of Fractional Order Delayed Complex Networks with Coupling Delay via Pinning Control.

Author

Zhang, Weiwei, Cao, Jinde, Chen, Dingyuan, and Alsaedi, Ahmed

Subjects

SYNCHRONIZATION, PERSONAL identification numbers, ACCESS control of computer networks, COMPUTER simulation

Abstract

This paper discusses the out lag synchronization of fractional order complex networks (FOCN) including both internal delay and coupling delay and with the employment of pinning control scheme. Using comparison theorem and constructing the auxiliary function, several synchronization criterions by linear feedback pinning control are presented. The model and the obtained results in this work are more general than the previous works. Correctness and effectiveness of the theoretical results are validated through numerical simulations. [ABSTRACT FROM AUTHOR]

Published

2019

2. An analysis on the revoking mechanisms for JSONWeb Tokens.

Author

Jánoky, László Viktor, Levendovszky, János, and Ekler, Péter

Subjects

*ACCESS control of computer networks, *WIRELESS sensor networks, *COMPUTER security, *WIRELESS communications, *AD hoc computer networks

Abstract

JSON Web Tokens provide a scalable solution with significant performance benefits for user access control in decentralized, large-scale distributed systems. Such examples would entail cloud-based, micro-services styled systems or typical Internet of Things solutions. One of the obstacles still preventing the wide-spread use of JSON Web Token-based access control is the problem of invalidating the issued tokens upon clients leaving the system. Token invalidation presently takes a considerable processing overhead or a drastically increased architectural complexity. Solving this problem without losing the main benefits of JSON Web Tokens still remains an open challenge which will be addressed in the article. We are going to propose some solutions to implement low-complexity token revocations and compare their characteristics in different environments with the traditional solutions. The proposed solutions have the benefit of preserving the advantages of JSON Web Tokens, while also adhering to stronger security constraints and possessing a finely tuneable performance cost. [ABSTRACT FROM AUTHOR]

Published

2018

3. Reputation trust mechanism under the organizational-based access control model.

Author

Toumi, Khalifa, Sfar, Hela, and Garcia Alfaro, Joaquin

Subjects

COMPUTER network security, INFORMATION technology security, CLOUD computing, ACCESS control of computer networks, INFORMATION technology

Abstract

The spread of high-speed networks changes the way in which organizations manage information. Distributed environments, such as multi-cloud environments, can be exploited by users belonging to different organizations. Companies are realizing that they can achieve significant cost savings by outsourcing some of their information technology environments to specialized service companies. This rapid transition has introduced a number of security risks and challenges. The resulting environment cannot succeed at addressing them without the use of access control policies and the definition of trust mechanisms. Access control ontologies, as a structured way to represent real word elements, are widely employed for making the security interoperable and understandable. Ontologies that have been built for this aim suffer from the lack of crucial elements for distributed environments. In this paper, we tackle the problem of trust-based access control models. We define a list of trust elements that should be integrated into any access control ontology. We also provide a mapping technique that permits the exchange of trust information. Based on these two contributions, our reputation mechanism, that builds upon the organization-based access control model (OrBAC), is created. To prove the efficiency of our proposal, we test it in a multi-cloud environment. Then, we conduct a set of experiments that show the high accuracy level of our system. Copyright © 2016 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

4. ABKS-CSC: attribute-based keyword search with constant-size ciphertexts.

Author

Yang, Ye, Han, Jinguang, Susilo, Willy, Yuen, Tsz Hon, and Li, Jiguo

Subjects

KEYWORD searching, COMPUTER algorithms, ACCESS control of computer networks, CRYPTOGRAPHY, CYBERTERRORISM, DATA encryption

Abstract

Attribute-based keyword search (ABKS) was proposed to enable a third party to search encrypted keywords without compromising the security of the original data. Because it can express flexible access policy, ABKS has attracted a lot of attention. Existing ABKS schemes mainly focused on the expression of access structures, while the computation cost and communication cost are linear with the number of required attributes. Therefore, existing ABKS schemes are unsuitable to the devices that have constrained space and computing power, such as smart phone and tablet. In this paper, an ABKS with constant-size ciphertext scheme is proposed. The proposed scheme captures the following nice features: (1) The index encryption algorithm has constant computation cost; (2) the searchable ciphertexts are constant size; (3) the trapdoors for keywords are constant size; and (4) the test algorithm has constant computation cost. To the best of our knowledge, it is the first time that an ABKS with constant-size ciphertext scheme is proposed. Copyright © 2016 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

5. A robust cryptographic-based system for secure data sharing in cloud environments.

Author

Mahmoud, Ibrahim M., Nour El-Din, Sherif H., Elgohary, Rania, Faheem, Hossam, and Mostafa, Mostafa G. M.

Subjects

CRYPTOGRAPHY, ROBUST control, INFORMATION sharing, INFORMATION technology security, CLOUD computing, ACCESS control of computer networks

Abstract

Over the past few years, the usage of cloud storage services has been growing rapidly to share digital objects between data owner and consumers. However, such environment introduces many data privacy disclosure challenges. These challenges are maintaining data confidentiality, enforcing fine-grained data access control, applying efficient user revocation mechanism, and resisting collusion between system users. In addition, such environment imposes the support of system scalability and generic implementation features. Unfortunately, the proposal of a robust system that accomplishes all data privacy disclosure challenges and the mentioned features is still an open problem. In this paper, a robust cryptographic-based system that solves the stated problem is presented. In addition, the proposed system offers a novel architecture of data consumer digital identity. The presented digital identity solves scalability challenges faced by previous works without complicating data management for both data owner and consumer. Moreover, the proposed digital identity eliminates the need of online presence of data owner and consumer to exchange any information. Furthermore, the proposed system defends man-in-the-middle attack, ensures identity of participants, achieves non-repudiation, and maintains role separation between different participants. Finally, the proposed system implementation proofs the system validity to accomplish all the specified goals with acceptable performance. Copyright © 2017 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

6. An access control scheme with dynamic user management and cloud-aided decryption.

Author

Shi, Jiaoli, Huang, Chuanhe, Wang, Jing, He, Kai, and Shen, Xieyang

Subjects

ACCESS control of computer networks, CLOUD computing, CRYPTOGRAPHY, INTERNET users, COMPUTER security

Abstract

Ciphertext-policy attribute-based encryption is becoming a cryptographic solution to realize fine-grained access control. However, some important problems have not been effectively solved yet such as (i) low efficiency of dynamic change of a user or his attribute and (ii) high computation cost at user end. In this paper, we propose an access control scheme with dynamic user management using a version key and especially realize direct cloud-aided attribute revocation without updating another user's key or re-encrypting ciphertexts. We present a cloud-aided decryption method with which most of decrypting work can be transferred to cloud. Compared with the existing schemes, our scheme causes less computation cost at user end and supports efficient dynamic change of a user or his attribute. Simulation indicates that our direct cloud-aided attribute revocation method takes less time. Copyright © 2017 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

7. FairAccess: a new Blockchain-based access control framework for the Internet of Things.

Author

Ouaddah, Aafaf, Abou Elkalam, Anas, and Ait Ouahman, Abdellah

Subjects

ACCESS control of computer networks, BLOCKCHAINS, COMPUTER security, INTERNET of things, BITCOIN

Abstract

Security and privacy are huge challenges in Internet of Things (IoT) environments, but unfortunately, the harmonization of the IoT-related standards and protocols is hardly and slowly widespread. In this paper, we propose a new framework for access control in IoT based on the blockchain technology. Our first contribution consists in providing a reference model for our proposed framework within the Objectives, Models, Architecture and Mechanism specification in IoT. In addition, we introduce FairAccess as a fully decentralized pseudonymous and privacy preserving authorization management framework that enables users to own and control their data. To implement our model, we use and adapt the blockchain into a decentralized access control manager. Unlike financial bitcoin transactions, FairAccess introduces new types of transactions that are used to grant, get, delegate, and revoke access. As a proof of concept, we establish an initial implementation with a Raspberry PI device and local blockchain. Finally, we discuss some limitations and propose further opportunities. Copyright © 2017 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

8. Identifying an OpenID anti-phishing scheme for cyberspace.

Author

Abbas, Haider, Qaemi Mahmoodzadeh, Moeen, Aslam Khan, Farrukh, and Pasha, Maruf

Subjects

COMPUTER network security, INTERNET security, ACCESS control of computer networks, RESEARCH on Internet users, CYBERSPACE

Abstract

OpenID is widely being used for user centric identity management in many Web applications. OpenID provides Web users with the ability to manage their identities through third party identity providers while remaining independent of the subject that actually uses the identities to authenticate individuals. Starting from the early stages of its inception, OpenID has received a large amount of acceptance and use in the current Web community because of its flexibility and ease of use. However, in addition to its benefits and flexibilities, OpenID faces its own share of vulnerabilities and threats, which have made its future and large-scale use in cyberspace questionable. OpenID Phishing is one such attack that has received much attention and that requires a comprehensive solution. This paper aims at identifying and discussing a solution to OpenID Phishing by proposing a user authentication scheme that allows OpenID providers to identify a user using publicly known entities. The research will help in next-generation cyber security innovations by reducing the authentication dependency on user credentials, that is, login name/password. The authentication scheme is also validated through detailed descriptions of use cases and prototype implementation. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

9. A testbed-based framework for performance evaluation of multicast broadcast systems in OFDMA networks.

Author

Hsiao, Chiu-Han, Rampa, Vittorio, Wen, Yean-Fu, and Lin, Frank Yeong-Sung

Subjects

MULTICASTING (Computer networks), NETWORK performance, ACCESS control of computer networks, CELL phone users, SUPERPOSITION principle (Physics), SIMULATION methods & models, IEEE 802.16 (Standard)

Abstract

Multicast Broadcast Service (MBS) applications can efficiently reduce the usage of network resources, still providing mobile users with real-time high-quality content. MBS capabilities are usually implemented by using a single frequency network; moreover, new features, such as connection identifier for broadcast/multicast messages and other MBS-enabled descriptors, are added to cope with already existent entities and services. With the intention to optimize performances and verify the on-field feasibility, we propose an MBS approach to Orthogonal Frequency Division Multiple Access systems based on superposition coding (SPC). Because MBS features have a large impact in the architectural design of the network protocols, an integrated framework is mandatory to speed up the system simulation, verification, and redesign steps. This paper shows the design of an experimental testbed for performance evaluation of SPC-enabled physical (PHY) and medium access control (MAC) layers over Mobile WiMAX systems. In addition, it proposes some architectural modifications of the WiMAX protocols, by exploiting its core network capabilities. The experimental results obtained from the testbed confirm that augmented throughput capabilities can be achieved by SPC-enabled PHY/MAC layers. However, to fully exploit the additional available throughput, an integrated framework must be adopted to evaluate the protocol modifications for the MBS-enabled entities. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

10. Uplink bit combining for multiple base-stations MIMO with applications to CoMP systems.

Author

Leib, Harry and Lin, Wenjing

Subjects

PERFORMANCE of MIMO systems, ACCESS control of computer networks, COMPUTER network reliability, LIKELIHOOD ratio tests, SIGNAL-to-noise ratio, COMPUTER simulation

Abstract

This work considers a simple bit level combining technique, aided by robust bit reliability information, for uplink collaborating multiple-input multiple-output (MIMO) base-stations (also known as macrodiversity MIMO), operating over composite Rayleigh-lognormal fading channels. Bit reliability weights based on a robust modification of the logarithmic likelihood ratio, combined with instantaneous symbol signal-to-noise ratio information, are derived for different local MIMO detection schemes. This bit reliability information is used at the fusion center, together with locally detected data, for combining and producing final information bits delivered to the destination. Computer simulation results confirm that such bit level combining techniques, when used with minimum mean squared error ordered successive interference cancelation and also with sphere decoding maximum likelihood local detectors, provide significant performance improvements over non-collaborative base-stations systems. Performance gains are maintained even when these schemes suffer from channel estimation errors and also in the presence of space correlation. Low backhaul overhead and performance advantages make these bit level combining techniques attractive for applications in next generation cellular systems employing coordinated multi-point (CoMP) technology, as well as for other collaborative MIMO communication schemes.Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

11. DCNC: throughput maximization via delay controlled network coding for wireless mesh networks.

Author

Qu, Yuben, Dong, Chao, Chen, Chen, Wang, Hai, Tian, Chang, and Tang, Shaojie

Subjects

LINEAR network coding, WIRELESS mesh networks, ACCESS control of computer networks, COMPUTER network reliability, DATA packeting, END-to-end delay

Abstract

Network coding (NC) can greatly improve the performance of wireless mesh networks (WMNs) in terms of throughput and reliability, and so on. However, NC generally performs a batch-based transmission scheme, the main drawback of this scheme is the inevitable increase in average packet delay, that is, a large batch size may achieve higher throughput but also induce larger average packet delay. In this work, we put our focus on the tradeoff between the average throughput and packet delay; in particular, our ultimate goal is to maximize the throughput for real-time traffic under the premise of diversified and time-varying delay requirements. To tackle this problem, we propose DCNC, a delay controlled network coding protocol, which can improve the throughput for real-time traffic by dynamically controlling the delay in WMNs. To define an appropriate control foundation, we first build up a delay prediction model to capture the relationship between the average packet delay and the encoding batch size. Then, we design a novel freedom-based feedback scheme to efficiently reflect the reception of receivers in a reliable way. Based on the predicted delay and current reception status, DCNC utilizes the continuous encoding batch size adjustment to control delay and further improve the throughput. Extensive simulations show that, when faced with the diversified and time-varying delay requirements, DCNC can constantly fulfill the delay requirements, for example, achieving over 95% efficient packet delivery ratio (EPDR) in all instances under good channel quality, and also obtains higher throughput than the state-of-art protocol. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

12. 3S: three-signature path authentication for BGP security.

Author

Liu, Yaping, Deng, Wenping, Liu, Zhihong, and Huang, Feng

Subjects

BGP (Computer network protocol), ACCESS control of computer networks, COMPUTER network security, INTERNET protocols, CRYPTOGRAPHY research

Abstract

Because of the lack of mechanism to verify a route's path authorization, border gateway protocol (BGP) has been disrupted by route hijacking for decades. Although several secure inter-domain protocols have been proposed during the past years, such as secure BGP (S-BGP) and BGPsec, they all have serious performance issues in both time and space cost, preventing their further deployment in the practical Internet. Statistical results from the real Internet reveal that multiple Internet protocol prefixes could often been announced along with the same AS path/sub-path to its downstream autonomous systems; hence, the route announcements can be aggregated at the level of prefix. In light of this, we propose a three-signature path authentication ( 3S) scheme to improve the performance of path authentication. We first introduce the concept of 'virtual AS,' to reflect a cluster of prefixes that are announced along a common path/sub-path. Then we aggregate those prefixes into an atom and only need to sign the first route announcement of a virtual AS instead of single prefixes; thus, it can reduce the number of cryptographic operations significantly. We evaluate the performance of 3 S scheme in both theoretical and experimental ways; the results have shown that our proposed scheme is more efficient yet without losing security capabilities as existing methods such as S-BGP and BGPsec. Copyright © 2015 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2015

13. A biometrics and smart cards-based authentication scheme for multi-server environments.

Author

Lu, Yanrong, Li, Lixiang, Peng, Haipeng, and Yang, Yixian

Subjects

BIOMETRIC identification cards, COMPUTER access control, SMART cards, BIOMETRIC identification, ACCESS control of computer networks

Abstract

With the rapid development of computer networks, multi-server architecture has attracted much attention in many network environments. Moreover, in order to achieve non-repudiation which both passwords and cryptographic keys cannot provide, several password authentication schemes combining a user's biometrics for multi-server environments have been proposed in the past. In 2014, Chuang et al. presented a biometrics-based multi-server authenticated key agreement scheme and declared that their scheme was efficient and secure. Later, Mishra et al. commented that the scheme by Chuang et al. was susceptible to stolen smart card, impersonation and denial of service attacks. To conquer these weaknesses, Mishra et al. presented an efficient biometrics-based multi-server authenticated key agreement scheme using hash functions. However, we prove that the scheme by Mishra et al. is insecure against forgery, server masquerading and lacks perfect forward secrecy. The focus of this paper is to present a robust biometrics and public-key techniques-based authentication scheme, which is a significant enhancement to the scheme recently proposed by Mishra et al. The highlight of our scheme is that it not only conquers the flaws but also is efficient compared with other related authenticated key agreement schemes. Copyright © 2015 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2015

14. Failure rate estimation of overhead electric distribution lines considering data deficiency and population variability.

Author

Moradkhani, Amin, Haghifam, Mahmood R., and Mohammadzadeh, Mohsen

Subjects

*SOFTWARE failures, *ACCESS control of computer networks, *HIERARCHICAL Bayes model, *DATA analysis, *POISSON'S equation

Abstract

Estimating a precise data-driven failure rate of electrical components in the distribution networks is a prominent task in asset management of the network. To estimate the failure rates in the overhead distribution lines, there are two main challenges: data deficiency and population variability. In order to overcome difficulties, this paper proposes an applicable method based on hierarchical Bayesian Poisson regression (HBPR). The proposed method is applied to the real distribution system with 34 feeders. The deviance information criterion and model checking procedure are used to compare the goodness of fit between HBPR and exchangeable hierarchical Bayesian model (EHBM). Finally, to show the functionality of the HBPR model, the failure rates obtained from HPBR and EHBM are used to calculate reliability indices, and the results are compared with the actual value of indices. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2015

15. Practical Electromagnetic Disturbance Analysis on Commercial Contactless Smartcards.

Author

Jaedeok Ji, Dong-Guk Han, Seokwon Jung, Sangjin Lee, and Jongsub Moon

Subjects

*SMART cards, *ELECTROMAGNETISM, *CONTACTLESS payment systems, *ACCESS control of computer networks, *INFORMATION technology security

Abstract

Contactless smart cards are being widely employed in electronic passports, monetary payments, access control systems, and so forth, because of their advantages such as convenience and ease of maintenance. In this paper, we present a new side-channel attack method for contactless smart cards. This method exploits the information leakage stemming from electromagnetic disturbances (EMD). We also made a convenient and low-cost EMD reader board that performs side-channel attacks on contactless smart cards. In order to demonstrate that EMDs can become another information-leakage side channel, we have carried out side-channel analysis on a commercial contactless smart card that performs 128-bit ARIA encryptions, and we have been able to successfully find all 16 bytes of the ARIA key from the target device. From our experimental results, we conclude that the proposed EMD analysis yields better results than the conventional power analysis. [ABSTRACT FROM AUTHOR]

Published

2014

16. LQG Control of Networked Control Systems with Limited Information.

Author

Qing-Quan Liu and Fang Jin

Subjects

*ACCESS control of computer networks, *MIMO systems, *DIGITAL communications, *H2 control, *FEEDBACK control systems, *SENSOR networks

Abstract

This paper addresses linear quadratic Gaussian (LQG) control problems formulti-inputmultioutput (MIMO), linear time-invariant (LTI) systems, where the sensors and controllers are geographically separated and connected via a digital communication channel with limited data rates. An observer-based, quantized state feedback control scheme is employed in order to achieve the minimum data rate for mean square stabilization of the unstable plant. An explicit expression is presented to state the tradeoff between the LQ cost and the data rate. Sufficient conditions on the data rate for mean square stabilization are derived. An illustrative example is given to demonstrate the effectiveness of the proposed scheme. [ABSTRACT FROM AUTHOR]

Published

2014

17. An Action-Based Fine-Grained Access Control Mechanism for Structured Documents and Its Application.

Author

Mang Su, Fenghua Li, Zhi Tang, Yinyan Yu, and Bo Zhou

Subjects

ACCESS control of computer networks, INTERNET protocols, ELECTRONIC data processing documentation, COMPARATIVE studies, COMPUTER science research

Abstract

This paper presents an action-based fine-grained access control mechanism for structured documents. Firstly, we define a describing model for structured documents and analyze the application scenarios. The describing model could support the permission management on chapters, pages, sections, words, and pictures of structured documents. Secondly, based on the action-based access control (ABAC) model, we propose a fine-grained control protocol for structured documents by introducing temporal state and environmental state. The protocol covering different stages from document creation, to permission specification and usage control are given by using the Z-notation. Finally, we give the implementation of our mechanism and make the comparisons between the existing methods and our mechanism. The result shows that our mechanism could provide the better solution of fine-grained access control for structured documents in complicated networks. Moreover, it is more flexible and practical. [ABSTRACT FROM AUTHOR]

Published

2014

18. IDMA-Based MAC Protocol for Satellite Networks with Consideration on Channel Quality.

Author

Gongliang Liu, Xinrui Fang, and Wenjing Kang

Subjects

ACCESS control of computer networks, TELECOMMUNICATION satellites, ALGORITHMS, CALL admission control (Telecommunications), COMPUTER network protocols, PREDICTION models, QUALITY of service, COMPUTER simulation

Abstract

In order to overcome the shortcomings of existing medium access control (MAC) protocols based on TDMA or CDMA in satellite networks, interleave division multiple access (IDMA) technique is introduced into satellite communication networks. Therefore, a novel wide-band IDMA MAC protocol based on channel quality is proposed in this paper, consisting of a dynamic power allocation algorithm, a rate adaptation algorithm, and a call admission control (CAC) scheme. Firstly, the power allocation algorithm combining the technique of IDMA SINR-evolution and channel quality prediction is developed to guarantee high power efficiency even in terrible channel conditions. Secondly, the effective rate adaptation algorithm, based on accurate channel information per timeslot and by the means of rate degradation, can be realized. What is more, based on channel quality prediction, the CAC scheme, combining the new power allocation algorithm, rate scheduling, and buffering strategies together, is proposed for the emerging IDMA systems, which can support a variety of traffic types, and offering quality of service (QoS) requirements corresponding to different priority levels. Simulation results show that the new wide-band IDMA MAC protocol can make accurate estimation of available resource considering the effect of multiuser detection (MUD) and QoS requirements of multimedia traffic, leading to low outage probability as well as high overall system throughput. [ABSTRACT FROM AUTHOR]

Published

2014

19. Selective Cooperative Transmission in Ad Hoc Networks with Directional Antennas.

Author

Eui-Jik Kim and Sungkwan Youm

Subjects

*DIRECTIONAL antennas, *ACCESS control of ad hoc networks, *ACCESS control of computer networks, *TCP/IP, *TRANSMISSION line matrix methods

Abstract

This paper presents a selective cooperative transmission scheme (abbreviated SCT) for ad hoc network with directional antennas that leverages the benefits of directional-only antenna approach and cooperative communication. The main feature of SCT is its adaptability to the channel condition in the network. In other words, when the node sends data, SCT determines its transmission strategy on either direct or cooperative transmission via a relay node called a forwarder, depending on the transmission time. Simulation results are provided to validate the effectiveness of the proposed scheme. [ABSTRACT FROM AUTHOR]

Published

2013

20. PID Controller Based on Memristive CMAC Network.

Author

Lidan Wang, Xiaoyan Fang, Shukai Duan, and Xiaofeng Liao

Subjects

*PID controllers, *REAL-time control, *APPROXIMATION theory, *COMPUTER simulation, *ACCESS control of computer networks

Abstract

Compound controller which consists of CMAC network and PID network is mainly used in control system, especially in robot control. It can realize nonlinear tracking control of the real-time dynamic trajectory and possesses good approximation effect. According to the structure and principle of the compound controller, memristor is introduced toCMAC network to be a compound controller in this paper. The new PID controller based on memristive CMAC network is built up by replacing the synapse in the original controller by memristors. The effect of curve approximation is obtained byMATLAB simulation experiments. This network improves the response and learning speed of the system and processes better robustness and antidisturbance performance. [ABSTRACT FROM AUTHOR]

Published

2013

21. Analytical Performance Evaluation of Different Switch Solutions.

Author

Sans, Francisco and Gamess, Eric

Subjects

SWITCHING circuits, PERFORMANCE evaluation, ACCESS control of computer networks, NETWORK interface devices, ETHERNET, COST effectiveness

Abstract

The virtualization of the network access layer has opened new doors in how we perceive networks. With this virtualization of the network, it is possible to transforma regular PC with several network interface cards into a switch. PC-based switches are becoming an alternative to off-the-shelf switches, since they are cheaper. For this reason, it is important to evaluate the performance of PCbased switches. In this paper, we present a performance evaluation of two PC-based switches, using Open vSwitch and LiSA, and compare their performance with an off-the-shelf Cisco switch. The RTT, throughput, and fairness for UDP are measured for both Ethernet and Fast Ethernet technologies. From this research, we can conclude that the Cisco switch presents the best performance, and both PC-based switches have similar performance. Between Open vSwitch and LiSA, Open vSwitch represents a better choice since it has more features and is currently actively developed. [ABSTRACT FROM AUTHOR]

Published

2013

22. A Fuzzy Preprocessing Module for Optimizing the Access Network Selection in Wireless Networks.

Author

Kaleem, Faisal, Mehbodniya, Abolfazl, Kang K. Yen, and Fumiyuki Adachi

Subjects

FUZZY systems, MATHEMATICAL optimization, WIRELESS communications, ACCESS control of computer networks, MOBILE radio stations, UBIQUITOUS computing, ESTIMATION theory

Abstract

A heterogeneous wireless network is characterized by the presence of different wireless access technologies that coexist in an overlay fashion. These wireless access technologies usually differ in terms of their operating parameters. On the other hand, Mobile Stations (MSs) in a heterogeneous wireless network are equipped with multiple interfaces to access different types of services from these wireless access technologies. The ultimate goal of these heterogeneous wireless networks is to provide global connectivity with efficient ubiquitous computing to these MSs based on the Always Best Connected (ABC) principle. This is where the need for intelligent and efficient Vertical Handoffs (VHOs) between wireless technologies in a heterogeneous environment becomes apparent. This paper presents the design and implementation of a fuzzy multicriteria based Vertical Handoff Necessity Estimation (VHONE) scheme that determines the proper time for VHO, while considering the continuity and quality of the currently utilized service, and the end-users' satisfaction. [ABSTRACT FROM AUTHOR]

Published

2013

23. Key Management Schemes for Multilayer and Multiple Simultaneous Secure Group Communication.

Author

Aparna, R. and Amberker, B. B.

Subjects

COMPUTER network security, MULTILAYERS, PUBLIC key infrastructure (Computer security), ONLINE data processing, DATA encryption, ACCESS control of computer networks

Abstract

Many emerging applications are based on group communication model and many group communications like multimedia distribution and military applications require a security infrastructure that provides multiple levels of access control for group members. The group members are divided into a number of subgroups and placed at different privilege levels based on certain criteria. A member at higher level must be capable of accessing communication in its own level as well as its descendant lower levels but not vice versa. In this paper we propose a key management scheme for thismultilayer group communication. We achieve substantial reduction in storage and encryption cost compared to the scheme proposed by Dexter et al. We also address periodic group rekeying. Applications like scientific discussion and project management may lead to a scenario in which it is necessary to set up multiple secure groups simultaneously, and few members may be part of several secure groups. Managing group keys for simultaneous secure groups is critical. In this paper we propose a novel key management scheme for multiple simultaneous groups. [ABSTRACT FROM AUTHOR]

Published

2012

24. Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers.

Author

Damopoulos, Dimitrios, Menesidou, Sofia A., Kambourakis, Georgios, Papadaki, Maria, Clarke, Nathan, and Gritzalis, Stefanos

Subjects

INTRUSION detection systems (Computer security), MACHINE learning, ACCESS control of computer networks, MOBILE communication system security, IPHONE (Smartphone), TEXT messages, WEB browsing, SECURITY systems

Abstract

ABSTRACT Mobile devices have evolved and experienced an immense popularity over the last few years. This growth however has exposed mobile devices to an increasing number of security threats. Despite the variety of peripheral protection mechanisms described in the literature, authentication and access control cannot provide integral protection against intrusions. Thus, a need for more intelligent and sophisticated security controls such as intrusion detection systems (IDSs) is necessary. Whilst much work has been devoted to mobile device IDSs, research on anomaly-based or behaviour-based IDS for such devices has been limited leaving several problems unsolved. Motivated by this fact, in this paper, we focus on anomaly-based IDS for modern mobile devices. A dataset consisting of iPhone users data logs has been created, and various classification and validation methods have been evaluated to assess their effectiveness in detecting misuses. Specifically, the experimental procedure includes and cross-evaluates four machine learning algorithms (i.e. Bayesian networks, radial basis function, K-nearest neighbours and random Forest), which classify the behaviour of the end-user in terms of telephone calls, SMS and Web browsing history. In order to detect illegitimate use of service by a potential malware or a thief, the experimental procedure examines the aforementioned services independently as well as in combination in a multimodal fashion. The results are very promising showing the ability of at least one classifier to detect intrusions with a high true positive rate of 99.8%. Copyright © 2011 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2012

25. A wireless sensor network for precision agriculture and its performance.

Author

Sahota, Herman, Kumar, Ratnesh, and Kamal, Ahmed

Subjects

WIRELESS sensor networks, PRECISION farming, PERFORMANCE evaluation, INFORMATION technology, ACQUISITION of data, COMPUTER network protocols, ACCESS control of computer networks, ENERGY consumption, ROUTING (Computer network management)

Abstract

ABSTRACT The use of wireless sensor networks is essential for implementation of information and control technologies in precision agriculture. We present our design of network stack for such an application where sensor nodes periodically collect data from fixed locations in a field. Our design of the physical layer consists of multiple power modes in both the receive and transmit operations for the purpose of achieving energy savings. In addition, we design our MAC layer to use these multiple power modes to improve the energy efficiency of wake-up synchronization phase. Our MAC protocol also organizes all the sender nodes to be synchronized with the receiver simultaneously and transmit their data in a time scheduled manner. Next, we design our energy aware routing strategy that balances the energy consumption over the nodes in the entire field and minimizes the number of wake-up synchronization overheads by scheduling the nodes for transmission in accordance with the structure of the routing tree. We develop analytical models and simulation studies to compare the energy consumption of our MAC protocol with that of the popular S-MAC protocol for a typical network topology used in our application under our routing strategy. Our MAC protocol is shown to have better energy efficiency as well as latency in a periodic data collection application. We also show the improvements resulting from the use of our routing strategy, in simulations, compared with the case when the next hop is chosen randomly from the set of neighbors that are closer to the sink node. Copyright © 2011 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2011

26. A refined MAC protocol with multipacket reception for wireless networks.

Author

Lee, Hyukjin, Lim, Cheng-Chew, and Choi, Jinho

Subjects

WIRELESS communications, ACCESS control of computer networks, COMPUTER network protocols, DATA transmission systems, PERFORMANCE evaluation, ANTENNAS (Electronics), SIGNAL processing

Abstract

Medium access control (MAC) protocols making use of multipacket reception (MPR) capability achieve better throughput than conventional MAC protocols. When a wireless network operates with MPR capable nodes and non-MPR nodes, the MAC protocols must not only utilise the MPR capability to maximise throughput, but must also enable the co-existence with these two types of nodes. We propose a new MPR MAC protocol to achieve the co-existence requirement by adopting a request-to-send (RTS)/clear-to-send (CTS) mechanism in IEEE 802.11 MAC standards. This MPR MAC protocol also improves throughput by allowing additional data transmissions to use the MPR capability fully. We analyse the system throughput of the co-existence of different link characteristics of nodes, and optimise its throughput by adjusting contention window sizes with respect to certain throughput requirements of the nodes. Copyright © 2010 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2011

27. Link layer solutions for supporting real-time traffic over CDMA wireless mesh networks.

Author

Alsabaan, Maazen, Zhuang, Weihua, and Wang, Ping

Subjects

WIRELESS sensor networks, WIRELESS communications, CODE division multiple access, ACCESS control of computer networks, QUALITY of service, DISTRIBUTED computing, MULTIMEDIA communications

Abstract

With recent advances in the development of wireless communication networks, wireless mesh networks (WMNs) have been receiving considerable research interests in recent years. The need to support integrated services and ensure quality of service (QoS) satisfaction for various applications is one of the fundamental challenges for successful WMN deployment. In order to provide differentiated services, medium access control (MAC) should have priority management at the link layer. In code division multiple access (CDMA)-based WMNs, the interference phenomenon and simultaneous transmissions must be considered. We propose two priority schemes for MAC in a distributed CDMA-based WMN, taking into account interference, multimedia services, QoS requirements, and simultaneous transmissions. The first priority scheme is within a node. Each node has an independent queue for each traffic class. According to QoS requirements, the queue that should be served first is determined. The second priority scheme is among neighbor nodes. It is proposed for multiple simultaneous transmissions in the CDMA network. This scheme gives a larger chance of correct transmission to high priority traffic than low priority traffic. In addition, we propose to use adaptive spreading gain and a frame structure to achieve high resource utilization. Simulation results demonstrate that the proposed schemes can achieve effective QoS guarantee. Copyright © 2009 John Wiley & Sons, Ltd. Two priority management techniques have been proposed to support real-time traffic in CDMA-based WMNs, taking into account interference, multimedia services, QoS requirements, and simultaneous transmissions. An adaptive spreading gain and a frame structure are used to achieve high resource utilization. Simulation results demonstrate that the proposed schemes can achieve effective QoS guarantee. [ABSTRACT FROM AUTHOR]

Published

2011

28. Security analysis and improvements of IEEE standard 802.16 in next generation wireless metropolitan access network.

Author

Xiong, Naixue, Yang, Fan, Li, Hong-Yan, Park, Jong Hyuk, Dai, Yuanshun, and Pan, Yi

Subjects

COMPUTER network security, IEEE 802.16 (Standard), METROPOLITAN area networks (Computer networks), ACCESS control of computer networks, INFORMATION technology security, FORENSIC sciences, GRID computing

Abstract

Next generation communications (NGC) represents advanced communication environments featuring objects that are focused on users. It is crucial to protect information and digital forensics for NGC. In this paper, we aim to address network security for NGC, including IEEE standard 802.16 that are associated with NGC utilization. The IEEE standard 802.16 is a wireless air interface technology in Wireless Metropolitan Access Network (WMAN). Now in the new era of wireless networking, it is the solution for 'last mile' problem. Point-to-MultiPoint (PMP) network architecture network mode and mesh network mode are two optional networking modes proposed in this standard. However, the security problems in its original protocol may be becoming the most serious obstacle in its marketable producing process. In this paper, explanation and analysis of the security mechanism are based on PMP and mesh networking modes, respectively. This paper focuses on authentication & authorization, which is the most important part but not explicitly defined in original security design of IEEE standard 802.16. Two improved schemes focused on authentication & authorization based on the two modes are proposed to strengthen 802.16 WMAN security, respectively. The relevant analysis and simulation results prove that our schemes are effective. Copyright © 2009 John Wiley & Sons, Ltd. In this paper, we modified the Wireless Key Management Infrastructure (WKMI, see Figure 10) proposed before for Point-to-MultiPoint (PMP) to adapt the mesh mode's requirements. Because UDP is not a reliable transport protocol, the proposed suitable protocol shall be RUDP (reliable UDP). This paper focuses on Authentication & Authorization, which is the most important part but not explicitly defined in original security design of IEEE standard 802.16. Two improved schemes focused on Authentication & Authorization based on the two modes are proposed to strengthen 802.16 WMAN security, respectively. The relevant analysis and simulation results prove that our schemes are effective. [ABSTRACT FROM AUTHOR]

Published

2011

29. Real-Time Communication Support for Cooperative, Infrastructure-Based Traffic Safety Applications.

Author

Böhm, Annette and Jonsson, Magnus

Subjects

*REAL-time control, *COMMUNICATION, *INFRASTRUCTURE (Economics), *TRAFFIC safety, *ACCESS control of computer networks, *IEEE 802.11 (Standard), *INTELLIGENT transportation systems, *GEOGRAPHICAL positions

Abstract

The implementation of ITS (Intelligent Transport Systems) services offers great potential to improve the level of safety, efficiency and comfort on our roads. Although cooperative traffic safety applications rely heavily on the support for real-time communication, the Medium Access Control (MAC) mechanism proposed for the upcoming IEEE 802.11p standard, intended for ITS applications, does not offer deterministic real-time support, that is, the access delay to the common radio channel is not upper bounded. To address this problem, we present a framework for a vehicle-to-infrastructure-based (V2I) communication solution extending IEEE 802.11p by introducing a collision-free MAC phase assigning each vehicle an individual priority based on its geographical position, its proximity to potential hazards and the overall road traffic density. Our solution is able to guarantee the timely treatment of safety-critical data, while minimizing the required length of this real-time MAC phase and freeing bandwidth for best-effort services (targeting improved driving comfort and traffic efficiency). Furthermore, we target fast connection setup, associating a passing vehicle to an RSU (Road Side Unit), and proactive handover between widely spaced RSUs. Our real-time MAC concept is evaluated analytically and by simulation based on a realistic task set from a V2I highway merge assistance scenario. [ABSTRACT FROM AUTHOR]

Published

2011

30. Security mechanisms and data access protocols in innovative wireless networks.

Author

Pathan, Al-Sakib Khan, Azad, Saiful, Khan, Rasib, and Caviglione, Luca

Subjects

*WIRELESS sensor networks, *ACCESS control of computer networks, *COMPUTER security, *WIRELESS communications, *AD hoc computer networks

Published

2018

31. Definition of the Constraint with Spatial Characters.

Author

Ju, Shiguang, Gu, Yi, Tang, Zhu, and Chen, Weihe

Subjects

*ACCESS control of computer networks, *COMPUTER security research, *SPATIAL data infrastructures, *DATABASE security, *COMPUTER users

Abstract

With the development of the RBAC applications, the spatial characters of those protected data objects have to be considered in many fields. In most cases, the permissions of the same user's access will be changed when the users' location changed. The roles played by the same user may be different since their spatial location is changing and then this user would have the different access authorizations in different spatial locations. Generally speaking, the permissions assigned to users depend on their position in a reference space: users often belong to well-defined categories; objects to which permissions must be granted are located in that space; access control policies must grant some privileges based on the positions of objects/users. Some considerable efforts have been recently devoted to the research of secure spatial database systems which guarantee high security and privacy. Especially the integration of the spatial dimension into RBAC-based models has been the hot topic as a consequence of the growing relevance of geo-spatial information in advanced GIS and mobile applications. In the context of mobile applications, spatial constraints are very important for supporting the definition and maintenance of access control policy. Constraint is an important matter of role-based access control policy. It is enforced on special roles in order to maintain the system security. There is only one constraint specified in the traditional RBAC, which is used to enforce the Separation of Duty (SoD) constraint. In this paper, according to the analysis of the spatial features of those protected spatial data object, combining the necessity of spatial constraints and the non-conflict conditions of spatial constraints with the satisfiability of spatial constraints sets and relevance between the different classes of constraints, the constraints with spatial characters are divided into three different classes: the constraints on spatial region, spatial separation of duty constraint, and constraints on cardinality of spatial role activation. We also present the relationship between the different constraints. [ABSTRACT FROM AUTHOR]

Published

2009