物联网环境中可信移动节点接入认证技术研究

针对物联网数据节点因缺少可信性验证导致传输安全性较差的问题，研究一种可信移动节点接入认证技术。首先，在设计技术架构的基础上，拼接并生成身份标识；其次，完成初始化操作后，提取密钥，完成移动节点与终端节点的双向认证与接入；最后，进行实验分析。测试结果表明：针对50组可信移动节点，利用本文方法安全接入认证的延迟时间较短，接入认证的成功率较高；针对50组非可信移动节点，利用本文方法验证并完成阻拦的成功率也较高，说明本文方法能够为物联网通信网络的稳定运行提供技术支持。     

基于加密SD卡的内网移动终端可信接入方案

为了解决因不可信移动终端非法接入内网导致的信息安全问题,设计了一种基于加密SD卡的内网移动终端可信接入方案。通过可信计算技术,以加密SD卡作为可信硬件设备实现了移动终端设备的可信启动、完整性验证与内网可信接入,并对接入后移动终端与内网的数据交互过程提供了一种加密通信安全存储机制。实验结果表明,该方案在不改变移动终端基本架构的前提下,较为高效地对移动终端进行安全性认证,并在一定程度上保护内网环境的安全。     

基于多属性的移动终端安全接入网络认证协议

很多网络安全事件是由恶意用户具有较大访问的权限而引起的。为预防网络恶意行为的发生,首先解决好网络安全接入认证。基于此,提出一个基于多属性的移动终端安全接入网络认证协议。该协议将移动设备属性和用户属性映射为一个网络访问标识符,在移动设备和网络之间建立一个双向认证过程,并支持设备的移动性。另外网络在移动终端的访问过程中采取定期认证检验,避免假冒用户现象发生。仿真实验表明,该协议具有较好的安全性和较短的认证延时。     

基于WLAN快速移动接入仿真研究

IEEE 802.11（WLAN）无线局域网标准原本是为提供室内外固定接入网络服务而设计的,由于大范围无线服务应用的推动,其在快速移动环境下的接入应用需求也随之产生。通过Matlab仿真工具,对WLAN快速移动接入进行了仿真分析,研究了移动速度、数据发送速率、接收信噪比等因素对移动接入性能的影响,分析得出WLAN的移动接入应用关键是在高移动速度与高数据速率之间做出优化选择,最后提出了WLAN移动接入应用方案。     

移动IPv6接入技术研究

移动IPv6技术可支持网络访问的双向性、移动性,以及实时多媒体业务等。当前的移动IPv6协议及NEMO协议虽然较支持了移动性。然而其仅能支持单一的网络接口通信。本文对移动IPv6多接入问题,开展了研究。本文对IPv6协议及NEMO协议进行了详细的分析,提出了一种移动IPv6多接入技术详细设计方案。     

移动IPv6网络安全接入认证方案

对于移动IPv6网络,身份认证是网络安全的关键问题之一.针对移动IPv6网络的接入认证,提出了一种基于移动互联网双向认证方案.在移动切换过程中的接入认证和家乡注册,采用对家乡注册消息进行基于双私钥签名的方式,实现了家乡代理和移动节点分别对注册消息的签名,实现了接入认证与家乡注册的并发执行,移动用户和接入网络的一次交互实现了用户和接入域的有效双向认证.理论分析和数据结果表明,方案的认证总延时和切换延时要优于传统方法,有效地降低了系统认证的延时.安全性分析表明,框架中的基于双私钥的CPK方案满足双向接入认证安全,有效地解决了密钥托管问题.     

Bluetooth接入LAN技术研究

本文分析了Bluetooth接入LAN的工作方式、协议软件栈功能并对接入控制机制进行了研究。Bluetooth接入LAN是Bluetooth的重要应用之一,使移动设备实现随时访问LAN或Internet的共享资源。     

LTE网络端MAC层随机接入的研究及实现

本文研究LTE系统网络端MAC子层随机接入过程与实现。分析随机接入的原因,设计出随机接入过程中主要的接口原语,分析随机接入过程遇到的各种异常情况,以正常情况下的随机接入过程为例,设计出随机接入过程的流程图,并利用SDL和TTCN协议仿真,产生MSC图。仿真结果表明,设计方案有效的完成了正常的随机接入过程。     

移动IPv6接入认证方案的设计与实现

移动IPv6协议在实现了移动节点在不同子网间平滑切换的同时,也引入了新的安全问题.本文在阐述了移动IPv6相关概念和移动节点接入认证原理的基础上,详细分析了移动节点漫游切换时面临的主要安全问题,然后提出了移动IPv6节点切换过程中EAP+RADIUS接入注册认证方案的设计和实现方法.最后通过实验测试证明该方案能够有效解决相关的安全问题.     

PMIPv6接入方式的实现与对比

代理移动IPv6协议能够在移动主机不参与信令交互的基础上对IPv6主机进行移动管理,这是通过扩展在网络节点和家乡代理之间交互的移动IPv6信令消息格式实现的。代理移动IPv6不需要移动主机与家乡代理进行信令交互。网络中的代理移动实体将代替移动主机与家乡代理进行信令交互并对移动主机进行管理。提出并分析了移动主机接入代理移动IPv6域内的三种方案,分别是二层接入,三层Router Solicitation接入,通用移动管理协议（GMMP）,并对它们进行了比较,即二层接入速度更快,RS接入具有普适性,GMMP接入则更符合标准化。     

MCSOSA: multimedia content share using ontology and secure access agent in mobile cloud

Mobile cloud is not just a traditional cloud, but a concept of virtualization that has expanded into mobile technology. It provides access to the data created and used by a user and content service by cloud platform. A feature of mobile cloud is supported that is the convenience of multimedia content sharing by mobile devices. However, there is a problem of inaccuracy of information retrieval in the process of sharing as well as personal information leakage and service inability status due to the malicious access to the mobile terminal in the retrieval process. This paper suggests the model to which the protective technique of multimedia content retrieval & access in mobile cloud is applied. The model stores and manages the individually different forms of content, and constructs the multimedia ontology in order to enhance the reliability in mismatched problems occurring in the retrieval process, and also suggests the response technique to security vulnerability occurring in the content access.     

物联网环境下移动节点可信接入认证协议

无线传感器网络（WSN）中的移动节点缺乏可信性验证,提出一种物联网（IoT）环境下移动节点可信接入认证协议。传感器网络中移动汇聚节点（Sink节点）同传感器节点在进行认证时,传感器节点和移动节点之间完成相互身份验证和密钥协商。传感器节点同时完成对移动节点的平台可信性验证。认证机制基于可信计算技术,给出了接入认证的具体步骤,整个过程中无需基站的参与。在认证时利用移动节点的预存的假名和对应公私钥实现移动节点的匿名性,并在CK（Canetti-Krawczyk）模型下给出了安全证明。在计算开销方面与同类移动节点认证接入方案相比,该协议快速认证的特点更适合物联网环境。     

Mobile services access and payment through reusable tickets

Third-generation mobile systems (3G) such as Universal Mobile Telecommunications Service (UMTS) bring mobile users a broad range of new value-added services (VASs). For mobile access across multiple service domains, the traditional access mechanisms require the exchange of authentication information between the home domain and the foreign domain using roaming agreements. This requirement involves complicated and expensive authentication activities in large scale mobile networks. This paper proposes a lightweight service access mechanism in which the computation complexity is low on the mobile device and the ticket can be reused. It introduces two hash chains: an authentication chain and a payment chain. The authentication chain allows a ticket to be reused and achieves mutual authentication and non-repudiation. The payment chain is lightweight, practical and likely to avoid re-initialization. Security analysis and comparison with related works indicate that our proposal is more appropriate for mobile communication networks.     

The impact of mobile access to the internet on information search completion time and customer conversion

One of the advantages of mobile access to the Internet can be found in that it allows one to conduct information search in a ubiquitous manner. Accordingly, the time for net surfing required to gain necessary information through the Internet is reduced when mobile access is combined with ordinary PC access. As mobile devices continue to advance rapidly, it becomes quite important to find a way to assess the impact of mobile access to the Internet on the performance of e-commerce. Among such performance indicators, of particular interest is the conversion rate, where a customer takes some desirable action at the website, for example, by becoming a member, placing an order and so on. The purpose of this paper is to develop and analyze a mathematical model for describing the information search process through the Internet with or without the mobile access. The analytical framework that we propose in this article enables one to assess the impact of mobile access on information search completion time and the conversion rate. We provide numerical examples to demonstrate the effectiveness of the computational procedures that we developed in this research.     

低轨航天器空地间移动IP切换技术研究

为解决低轨航天器与各地面基站之间移动IP切换时延大的问题,提出基于轨道信息预测的移动IP切换方案。根据轨道信息和地面基站位置信息事先预测接入地面基站的时刻和接入顺序,定时触发航天器与最合适接入的地面基站之间进行移动IP切换。研究并改进了数据链路层和网络层的切换流程,并通过STK和OPNET结合方式对该方案进行了仿真。实验结果表明,该方案能明显改善低轨航天器的移动IP切换性能。     

An access authentication protocol for trusted handoff in wireless mesh networks

WMNs (Wireless Mesh Networks) are a new wireless broadband network structure based completely on IP technologies and have rapidly become a broadband access measure to offer high capacity, high speed and wide coverage. Trusted handoff in WMNs requires that mobile nodes complete access authentication not only with a short delay, but also with the security protection for the mobile nodes as well as the handoff network. In this paper, we propose a trusted handoff protocol based on several technologies, such as hierarchical network model, ECC (Elliptic Curve Cryptography), trust evaluation and gray relevance analysis. In the protocol, the mobile platform's configuration must be measured before access to the handoff network can proceed and only those platforms whose configuration meets the security requirements can be allowed to access the network. We also verify the security properties through formal analysis based on an enhanced Strand model and evaluate the performance of the proposed protocol through simulation to show that our protocol is more advantageous than the EMSA (Efficient Mesh Security Association) authentication scheme in terms of success rate and average delay.     

Information access and QoS issues in a mobile computing environment

Efficient access to coherent information files is an important issue in mobile computing. In this paper we consider performance analysis of information access in a mobile computing environment. We employ a distributed directory scheme that permits uninterrupted use under disconnected and low bandwidth connections and minimizes invalidation and false sharing. This scheme allows for two invalidation schemes that avoid false sharing, and a mechanism for efficient maintenance of file details. We analyse the performance of the directory scheme in terms of time taken and energy consumed in executing operations such as read/write, connection, disconnection, and hoarding in mobile environments. The directory scheme is employed for facilitating efficient transfer of partially updated files in hierarchical networks. We also investigate quality of service issues related to file accesses in the mobile computing environment discussed in the paper. However, the scheme can be extended to any mobile computing environment.     

移动可信接入轻量级认证与评估协议

为增强移动终端可信网络接入认证与评估协议的可用性,降低网络通信负载及终端计算负载,提出一种轻量级的身份认证与平台鉴别评估协议。协议基于接入双方在首次接入时共享的认证密钥以及对方的可信平台配置信息,在不需要可信第三方参与的情况下,完成快速的身份认证与鉴别评估。协议减少了网络数据交换次数以及接入双方的计算工作量,在保证接入认证与评估所需的安全属性的同时,还增强了平台配置信息的机密性以及抵抗重放攻击的能力。安全性和性能分析表明,所提协议适合无线网络通信环境下的移动终端可信网络接入。     

Privacy-aware access control with trust management in web service

With the significant development of mobile commerce, privacy becomes a major concern for both customers and enterprises. Although data generalization can provide significant protection of an individual’s privacy, over-generalized data may render data of little value or useless. In this paper, we devise generalization boundary techniques to maximize data usability while, minimizing disclosure of privacy. Inspired by the fact that the permissible generalization level results in a much finer level access control, we propose a privacy-aware access control model in web service environments. We also analyze how to manage a valid access process through a trust-based decision and ongoing access control policies. The extensive experiments on both real-world and synthetic data sets show that the proposed privacy aware access control model is practical and effective.     

随机接入移动无线传感器网络快速组网媒体访问控制

基于非时隙CSMA/CA随机接入机制的IEEE802.15.4MAC协议组网耗时过长,不能满足自组网实时通信应用需求。针对这一问题,分析了MAC组网流程中各步骤所耗时间,提出一种新的快速组网策略,采用预分配信道,将关联过程从间接传输简化为直接传输,改进CSMA/CA冲突避免机制以减少冲突。仿真实验和现场测试结果均表明,与IEEE 802.15.4协议相比,提出的快速组网策略使得信道冲突降低,组网时间更快,更符合实时通信需求。