On Policy Evolution in Centralized Secure Interoperation of Multiple Domains

Many works have addressed secure inter-operation in multi-domain environments in a centralized way. In these works, there is a global policy integrated or composed by a mediator for mediation of inter-domain resource access. During policy evolution, the global secure policy is recomposed or reintegrated, which is not appropriate for the dynamic environments where policy evolutes frequently. We present a scheme for policy evolution in centralized secure interoperation. In our scheme, policy evolution is gradual; that is, the global policy changes partly and therefore need not be reformed wholly. Besides, for inter-domain resource accesses to be totally mediated in the local domains, the part of global policy for the mediation of inter-domain access of each domain＇s resources is isolated and copied to the domain; we make the isolated policies updated gradually upon gradual policy evolution too. Our scheme makes centralized interoperation appropriate for the dynamic environments.     

Switching Equalization Algorithm Based on a New SNR Estimation Method

It is well-known that turbo equalization with the max-log-map （MLM） rather than the log-map （LM） algorithm is insensitive to signal to noise ratio （SNR） mismatch. As our first contribution, an improved MLM algorithm called scaled max-log-map （SMLM） algorithm is presented. Simulation results show that the SMLM scheme can dramatically outperform the MLM without sacrificing the robustness against SNR mismatch. Unfortunately, its performance is still inferior to that of the LM algorithm with exact SNR knowledge over the class of high-loss channels. As our second contribution, a switching turbo equalization scheme, which switches between the SMLM and LM schemes, is proposed to practically close the performance gap. It is based on a novel way to estimate the SNR from the reliability values of the extrinsic information of the SMLM algorithm.     

带动态撤销的移动自组织网络广播加密方案

In order to support the dynamics of the privileged users with low computation, communication and storage overheads in receivers, a secure broadcast encryption scheme for ad hoc networks based on cluster-based structure is proposed, as Mu-Vmdharajan狆s scheme cannot securely remove sub-scribers with data redundancy. In the proposed scheme, we employ polynomial function and filter functions as the basic means of constructing broadcast encryption procedure in order to reduce computation and shortage overhead. Compared with existing schemes, our scheme requires low computation, communication and storage overheads in receivers and can support the dynamics of the privileged users. Furthermore, our scheme can avoid massive message to exchange for establishing the decryption key between members of the cluster. The analysis of security and performance shows that our scheme is more secure than Mu-Vmdharajan ' s scheme and has the same speed of encryption and decryption as theirs. So our scheme is particularly suitable for the devices with low power setting such as ad hoc networks.     

Identity-based threshold signature and mediated proxy signature schemes

Proxy signature schemes allow an original signer to delegate his signing rights to a proxy signer. However, many proxy signature schemes have the defect which is the inability to solve the proxy revocation problem. In this article, we firstly propose an identity-based threshold signature scheme and show that it has the properties of unforgeability and robustness. In our threshold signature scheme, we adopt such a method that the private key associated with an identity rather than the master key is shared. Then, based on the threshold signature scheme, an identity-based mediated proxy signature scheme is proposed where a security mediator (SEM) is introduced to help a proxy signer to generate valid proxy signatures, examine whether a proxy signer signs according to the warrant, and check the revocation of a proxy signer. It is shown that the proposed scheme satisfies all the security requirements of a secure proxy signature. Moreover, a proxy signer must cooperate with the SEM to generate a valid proxy signature, which makes the new scheme have an effective and fast proxy revocation .     

Lossless Digital Watermarking Scheme for Image Maps

A lossless digital watermarking scheme,which was zero- perturbation on the content and graphics for the digital image maps,is proposed.During the simulation,the scheme has been utilized to model the copyright protection program as a commerce application.Compared to the traditional digital watermarking schemes,our scheme operates in redundancy areas of maps and is scalable to topology changes.Experimental results show that,with respect to the geometric attacks and image transformed,the performance of our scheme is better than the classical algorithms based space or frequency domain with much lower complexity..     

A Fully Homomorphic Encryption Scheme with Better Key Size

Fully homomorphic encryption is faced with two problems now. One is candidate fully homomorphic encryption schemes are few. Another is that the efficiency of fully homomorphic encryption is a big question. In this paper, we propose a fully homomorphic encryption scheme based on LWE, which has better key size. Our main contributions are： （1） According to the binary-LWE recently, we choose secret key from binary set and modify the basic encryption scheme proposed in Linder and Peikert in 2010. We propose a fully homomorphic encryption scheme based on the new basic encryption scheme. We analyze the correctness and give the proof of the security of our scheme. The public key, evaluation keys and tensored ciphertext have better size in our scheme. （2） Estimating parameters for fully homomorphic encryption scheme is an important work. We estimate the concert parameters for our scheme. We compare these parameters between our scheme and Bral2 scheme. Our scheme have public key and private key that smaller by a factor of about logq than in Bral2 scheme. Tensored ciphertext in our scheme is smaller by a factor of about log2q than in Bral2 scheme. Key switching matrix in our scheme is smaller by a factor of about log3q than in Bra12 scheme.     

可有效同步注册的短的群签名方案(英文)

Group signature schemes are fundamental cryptographic tools. A group signature scheme allows members of a group to anonymously sign misuse, the anonymity messages. To counter can be revoked by the group manager. The group joining operation is a critical component of group signature scheme, the framing attack can be prevented by group joining processes. This paper presents an efficient group signature scheme with a simple joining protocol that is based on a ＂single message and signature response＂ interaction between the prospective user and the group manager. The security of our group signature is based on the Discrete Logarithm assumption and Decisional Linear Diffie- Hellman assumption. The formal security proof of our scheme is given in the random oracle model. Our scheme is also a very efficient short group signature scheme with efficient concurrent join.     

Reversible Data Embedding Scheme Using Relationships between Pixel-Values and Their Neighbors

Reversible data embedding is becoming a very important issue in securing images transmitted over the Internet, especially in dealing with sensitive images such as those created for military data and medical data. Based on the relationships between pixels and their neighbors, we propose a reversible data embedding scheme to embed hidden messages into an original image. In our proposed scheme, a two-layer data embedding approach is used for our proposed data embedding phase. Layer-1 embedding is used to hide secret data. Layer-2 embedding, which is an embedding variant of the proposed layer-1 embedding, is used to hide side information, such as the parameters required to restore the marked image. In our layer-1 embedding, the value of an embedded pixel is determined according to a predetermined threshold and the relationship between the pixel and its neighbors. In our layer-2 embedding, the similar data embedding concept is expanded to the block-based. Experimental results provide supportive data to show that the proposed scheme can provide greater hiding capacity while preserving the image quality of a marked image in comparison with previous work.     

On Minimizing Delay with Probabilistic Splitting of Traffic Flow in Heterogeneous Wireless Networks

In the paper,we propose a framework to investigate how to effectively perform traffic flow splitting in heterogeneous wireless networks from a queue point.The average packet delay in heterogeneous wireless networks is derived in a probabilistic manner.The basic idea can be understood via treating the integrated heterogeneous wireless networks as different coupled and parallel queuing systems.The integrated network performance can approach that of one queue with maximal the multiplexing gain.For the purpose of illustrating the effectively of our proposed model,the Cellular/WLAN interworking is exploited.To minimize the average delay,a heuristic search algorithm is used to get the optimal probability of splitting traffic flow.Further,a Markov process is applied to evaluate the performance of the proposed scheme and compare with that of selecting the best network to access in terms of packet mean delay and blocking probability.Numerical results illustrate our proposed framework is effective and the flow splitting transmission can obtain more performance gain in heterogeneous wireless networks.     

Utility optimization scheduling for multi-point video surveillance in ubiquitous network

Resource allocation is an important problem in ubiquitous network. Most of the existing resource allocation methods considering only wireless networks are not suitable for the ubiquitous network environment, and they will harm the interest of individual users with instable resource requirements. This paper considers the multi-point video surveillance scenarios in a complex network environment with both wired and wireless networks. We introduce the utility estimated by the total costs of an individual network user. The problem is studied through mathematical modeling and we propose an improved problem-specific branch-and-cut algorithm to solve it. The algorithm follows the divide-and-conquer principle and fully considers the duality feature of network selection. The experiment is conducted by simulation through C and Lingo. And it shows that compared with a centralized random allocation scheme and a cost greed allocation scheme, the proposed scheme has better per- formance of reducing the total costs by 13.0% and 30.6% respectively for the user.     

Maximum lifetime broadcast communications in cooperative multihop wireless ad hoc networks: Centralized and distributed approaches

We investigate the problem of broadcast routing in energy constrained stationary wireless ad hoc networks with an aim to maximizing the network lifetime measured as the number of successive broadcast sessions that can be supported. We propose an energy-aware spanning tree construction scheme supporting a broadcast request, considering three different signal transmission schemes in the physical layer: (a) point-to-point, (b) point-to-multipoint, and (c) multipoint-to-point. First we present a centralized algorithm that requires global topology information. Next, we extend this to design an approximate distributed algorithm, assuming the availability of k-hop neighborhood information at each node, with k as a parameter. We prove that the centralized scheme has time complexity polynomial in the number of nodes and the distributed scheme has a message complexity that is linear in the number of nodes. Results of numerical experiments demonstrate significant improvement in network lifetime following our centralized scheme compared to existing prominent non-cooperative broadcasting schemes proposed to solve the same lifetime maximization problem in wireless ad hoc networks. Due to lack of global topology information, the distributed solution does not produce as much advantage as the centralized solution. However, we demonstrate that with increasing value of k, the performance of the distributed scheme also improves significantly.     

A Distributed Opportunistic Access Scheme and its Application to OFDMA Systems

Multiuser systems can provide multiuser diversity gains by assigning channels to users with higher channel gains. To avoid the extensive information exchange with the access point for the uplink access in centralized approaches, we propose in this paper a distributed opportunistic access scheme. Through a judicious design of a novel backoff mechanism to utilize the channel information and reduce collisions, significant multiuser diversity gains are achieved. To a user, the higher the channel gain is, the smaller the backoff time-slot and, hence, the higher the access priority of that user is. In addition, for heterogeneous systems, our proposed scheme can realize multiuser diversity gains and achieve fairness among the users at the same time. Finally, we design two distributed opportunistic access schemes for OFDMA systems. Users contend on all sub-channels in the first scheme and only on several strongest sub-channels in the second scheme. Compared with traditional centralized OFDMA systems and other distributed access schemes, our proposed schemes reduce overhead and achieve a higher throughput.     

Security and Cooperation in clustered mobile ad hoc networks with centralized supervision

Although individual node cooperation is necessary for the correct execution of network protocols in mobile ad hoc networks (MANETs), it is not always guaranteed. In this paper, we present a node reputation scheme aiming at reinforcing node cooperation in MANETs with centralized control. This scheme was designed for centralized ad hoc network architecture (CANA), an ad hoc enhancement to the HIPERLAN/2 WLAN standard. Misbehavior detection techniques for protocol attacks in both the cluster formation and data transmission phases of the network operation are developed. Statistical methods for selecting the optimal parameters of the reputation scheme are investigated and their efficiency is illustrated through theoretical analysis and simulation results. Throughout this paper, the specific aspects of CANA that impose particular design decisions are outlined and the applicability of our scheme to other network architectures is discussed.     

The Research on Handoff Strategy in Beyond 3G Wireless Networks

1Introduction TheBeyondThirdGenerationMobileSystems(B3G)isabrandnewmobilitycommunicationsystembasedon IPv6corenetwork.B3Gcanprovidevariousservices withtheendtoendQoSguaranteeflexible,andthe transferdatarate150Mb/s.Itspeakratecanreach30～50Mb/sinlargecover…     

A multicast key management scheme based on characteristic values of members

A new collusion attack on Pour-like schemes is proposed in this paper. Then, we present a collusion-free centralized multicast key management scheme based on characteristic values of members. The re-keying method that other group members calculate new keys when a member is joining or leaving is also designed. It achieves forward secrecy and backward secrecy. Compared with typical existing centralized schemes, the storage of Group Key Controller (GKC) in our scheme halves the storage overhead of others, and communication overhead of GKC is 2 in case of joining re-keying. Especially, the leaving re-keying overhead is log₂ n, and the overall performance is excellent.     

集中监控系统中软件的设计和实现

实时集中监控系统的实时性、可靠性取决于系统的硬件结构与软件体系结构 ,文中介绍了集中监控系统的结构和实现方案 ,描述了集中监控系统的软件模型 ,阐述了软件的具体设计方法及各软件模块的运行优先级问题。设计体现了集中管理、分散控制的思想 ,运用分布式计算方法 ,在保证集中监控可靠性的同时 ,提高了集中监控的实时性、安全性     

移动网络中一种分布式GLR设计方案

UMTS核心网在访问网络处引入可选网元GLR来减少用户远离HLR漫游时的位置管理信令开销。传统GLR方案中,GLR一般在访问网络处集中设置,随着访问网络处漫游用户数的增多,GLR有可能成为系统瓶颈,且GLR的故障对系统是致命的。针对集中式GLR存在的问题,该文提出一种分布式GLR设置方案,使用户在访问网络处的首个访问VLR成为其GLR,从而提高系统对GLR故障的抗毁性,有效降低GLR潜在的瓶颈问题。分析结果表明,该文提出的分布式GLR方案在抗毁性,缓解瓶颈问题,降低入呼数据库查询开销及延迟等指标方面都优于传统GLR方案,同时,所提出的分布式GLR方案易于实现,只需相关网元软件升级即可。     

Distributed computation of shared backup path in mesh optical networks using probabilistic methods

We assess the benefits of using statistical techniques to ascertain the shareability of protection channels when computing shared-mesh restored lightpaths in optical mesh networks. These optical networks support wavelength conversion everywhere as a byproduct of the electronic nature of the switching in the optical-electronic-optical optical cross connect used. Current deterministic approaches require a detailed level of information proportional to the number of active lightpaths. Although this is not an issue for good sized networks in the foreseeable future, these approaches are not practicable for distributed route computation involving larger networks. On the other hand, distributed approaches that do not make use of shareability information require a significant amount of additional capacity compared to a centralized approach with access to complete shareability information. With the proposed approach we show that even with less information, independent of the amount of traffic demand, it is possible to predict the shareability of protection channels with remarkable accuracy. In addition, we propose a local distributed channel assignment scheme that is used in conjunction with our distributed route computation proposal to assign shared channels when provisioning the backup path. This channel assignment scheme can also be used to further optimize capacity usage in individual links upon certain events or at regular intervals. Experiments are provided that demonstrate that our approach yields faster computation times with no significant penalty in terms of capacity usage than a centralized approach using complete information.     

基于中国剩余定理的秘密共享组播密钥管理方案

该文结合中国剩余定理和Shamir秘密共享方法,提出了一种新的组播密钥管理方案基于中国剩余定理的秘密共享(CRTSS)组播密钥管理方案,并把所提出的CRTSS方案与GKMP方案进行比较和分析。结果表明,CRTSS方案克服了传统集中式平面型管理方式更新开销大的通病,提升了整体性能,是一种可靠的、新型的集中式平面型组播密钥管理方案。     

Performance analysis of opportunistic nonregenerative relaying

Opportunistic relaying in cooperative communication depends on careful relay selection. However, the traditional centralized method used for opportunistic amplify‐and‐forward protocols requires precise measurements of channel state information at the destination. In this paper, we adopt the max–min criterion as a relay selection framework for opportunistic amplify‐and‐forward cooperative communications, which was exhaustively used for the decode‐and‐forward protocol, and offer an accurate performance analysis based on exact statistics of the local signal‐to‐noise ratios of the best relay. Furthermore, we evaluate the asymptotical performance and deduce the diversity order of our proposed scheme. Finally, we validate our analysis by showing that performance simulation results coincide with our analytical results over Rayleigh fading channels, and we compare the max–min relay selection with their centralized channel state information‐based and partial relay selection counterparts. Copyright © 2013 John Wiley & Sons, Ltd.