一种基于移动计算环境的因果日志卷回恢复算法

由于移动节点的不可靠和无线网络连接的脆弱性,研究移动计算系统容错机制具有重要意义.对可以跨区移动、随时可以与网络断开的自治性很强的移动节点来说,异步的卷回恢复是一种重要的容错手段.现有的移动计算环境下的卷回恢复算法都无法完全实现一致的异步卷回恢复.基于因果消息日志,提出一种新的移动计算环境的卷回恢复算法:通过先行图来记录节点间的消息依赖关系,将异步检查点、基于发送方的暂存消息日志和先行图全部在移动支持站上存储和处理,为移动节点提供一种透明的容错服务,完全消除依赖关系在移动节点之间造成的影响.用形式化的方法证明了系统的一致性.仿真结果表明,在卷回开销达到最低的同时,也显著降低了无错运行时的通信和存储开销.     

一种基于信道不可靠环境的协调式检查点协议

在分布式计算环境中经常使用检查点/恢复策略来进行容错.文中主要研究在信道不可靠的环境中通过协调使相互通信的各进程所做的检查点保持全局一致性的方法.通过分析中途消息与信道可靠性之间的关系以及已有检查点协议对于中途消息处理方法,提出了一种应用于信道不可靠环境下的协调式检查点方法,其消息复杂度为O(N)且不引入其他的计算负担,只通过一次同步即可达到全局一致性状态,相比于以往的协调式检查点协议大大减小了时间开销,提,高了在不可靠信道环境中做全局一致检查点的效率.     

基于Lustre文件系统的MPI检查点系统实现技术与性能测试

基于协同式检查点的回卷恢复是在大规模并行计算机系统中得到采用的一项重要容错技术,其性能开销主要为协同协议和检查点映像存储所决定.描述了一个在MPICH2中实现的应用透明的并行检查点系统,相比已有的技术,该系统有以下特点：1）协同协议操作利用了并行应用的近邻通信特性,通过虚连接方法减少协议的处理开销;2）采用Lustre文件系统简化检查点映像文件管理的复杂性;3）通过并行I/O操作提高性能,优化检查点映像的存储过程.实际应用的测试表明,该检查点系统具有较小的运行时间开销和良好的可扩展性.     

移动Ad Hoc网络混合检查点策略

考虑到移动Ad Hoc网络无固定中心节点、多跳路由和资源有限等特点,基于分簇移动Ad Hoc网络结构,提出了一种结合同步和异步检查点技术的混合检查点策略,即同簇终端检查点必须保持同步,而异簇终端检查点保持独立.首先讨论了混合检查点模型及其正确性准则.然后,基于簇内及簇间检查点依赖图,讨论了不同类型检查点清除规则.最后,给出了相应的检查点及回滚恢复算法,并证明了回滚恢复的正确性.所提出的混合检查点策略既能避免同簇进程级联回滚所引起的资源浪费、又能避免异簇终端之间过多跨簇消息传递及减少无线通信延迟.实验结果表明,与单纯的同步及异步检查点策略相比,所提出的检查点策略是一种综合考虑移动Ad Hoc网络各种资源约束的较好折中方案,且具有恢复时间短、对簇头依赖小、灵活性好等优点.     

一种基于索引的准同步检查点协议

在基于索引的分布式检查点算法中，尽量减少全局一致性检查点和强制检查点的数目对提高计算效率具有重要意义．该文在已有的基于索引的检查点算法的基础上，提出了一种新的检查点协议，既减少检查点的数目，又使各个进程的检查点之间实时同步，以免程序出错后回卷执行的开销太大，丢失过多有效计算．模拟实验表明，按该文所提协议，平均每条消息导致的强制检查点数比传统方法平均减少23．2％．     

分层检查点的近似最优周期计算模型

针对大规模高性能计算（HPC）系统中检查点效率提升问题,提出一种面向分层检查点近似最优周期计算模型。首先,通过分析一个HPC系统中应用程序的执行过程,将检查点周期优化抽象为一个非线性的检查点成本模型;其次,通过分析可能故障位置推导出分层检查点成本公式,并引入两个减速因子和一个加速因子来模拟消息日志对分层检查点造成的影响。仿真实验结果表明,所提模型与理论近似最优周期检查点成本平均误差在5%以下,相对传统检查点周期优化模型的平均误差降低了20%,能够有效提高检查点的效率,提升HPC系统可用性。     

移动计算容错行为研究

移动计算作为新兴技术正在迅速发展。与有线固定环境相比,移动环境中的无线网络连接更加脆弱,移动主机可靠性差,由此在移动计算环境中引入实现错误恢复的机制显得尤为重要。文章详细分析了移动计算的环境及其特点,介绍基于检查点和日志的容错技术,基于移动Agent的容错技术,并作了相关的比较。     

位替换运算的超轻量级移动RFID认证协议

在传统的RFID系统中,读写器与服务器之间采用安全的有线信道通信;而新产生的移动RFID系统则与传统的RFID系统中不同,读写器与服务器之间基于无线信道进行通信,使得适用于传统RFID系统的认证协议并不能运用在移动RFID系统中。为解决该缺陷,提出一种基于位替换运算的超轻量级移动射频识别系统双向认证协议MSB。MSB基于按位运算对信息进行加密,降低通信实体的计算量;标签、读写器、服务器先认证再通信机制,使得MSB能抵抗常见的攻击。对协议进行安全性分析,表明协议具备较高的安全属性;对协议进行性能分析,表明协议具备低计算量的特征;对协议进行基于GNY逻辑形式化分析,给出协议严谨的推理证明过程。     

一种基于信道不可靠环境的协调式检查点协议

在分布式计算环境中经常使用检查点／恢复策略来进行容错。文中主要研究在信道不可靠的环境中通过协调使相互通信的各进程所做的检查点保持全局一致性的方法。通过分析中途消息与信道可靠性之闯的关系以及已有检查点协议对于中途消息处理方法,提出了一种应用于信道不可靠环境下的协调式检查点方法,其消息复杂度为O（N）且不引入其他的计算负担,只通过一次同步即可达到全局一致性状态,相比于以往的协调式检查点协议大大减小了时间开销,提高了在不可靠信道环境中做全局一致检查点的效率。     

基于共享内存的机群服务检查点机制研究

针对既有基于稳定存储的机群服务检查点存在的系统成本高、恢复时间长的问题,提出了一种基于共享内存的机群服务检查点机制;设计了一套面向基于共享内存的检查点信息主-备存储模式的检查点信息管理协议,确保机群服务检查点信息一致性;设计了一套基于单向逻辑环的检查点组管理协议,确保检查点逻辑备份环中检查点进程的成员视图一致性.性能实验结果表明,该检查点机制具有较好的检查点信息读写性能,组管理协议系统开销小,较好地满足了机群服务检查点需求.     

A scalable group communication mechanism for mobile agents

Many multi-agent applications based on mobile agents require message propagation among group of agents. A fast and scalable group communication mechanism can considerably improve performance of these applications. Unfortunately, most of the existing approaches do not scale well and disseminate messages slowly when the number of agents grows.In this paper, we propose Sama, a new group communication mechanism, to speed up message delivery for a group of mobile agents on a heterogeneous internetwork. The main contribution of Sama is distribution and parallelization of message propagation in an efficient way to achieve scalability and high-speed of message delivery to group members. Sama uses message dispatcher objects (MDOs), which are stationary agents on each host, to propagate messages concurrently. The proposed mechanism is independent of agent locations and transparently delivers messages to the group using constant number of remote messages. It also transparently recovers from host failures. We also present a Hop-Ring protocol that considerably improves the performance of message dissemination in Sama. Our experimental results show that message propagation in Sama is significantly fast compared to the previously proposed methods.     

ID-based proxy signature scheme with message recovery

A proxy signature scheme, introduced by Mambo, Usuda and Okamoto, allows an entity to delegate its signing rights to another entity. Identity based public key cryptosystems are a good alternative for a certificate based public key setting, especially when efficient key management and moderate security are required. From inception several ID-based proxy signature schemes have been discussed, but no more attention has been given to proxy signature with message recovery. In this paper, we are proposing provably secure ID-based proxy signature scheme with message recovery and we have proved that our scheme is secure as existential forgery-adaptively chosen message and ID attack. As proposed scheme is efficient in terms of communication overhead and security, it can be a good alternative for certificate based proxy signatures, used in various applications such as wireless e-commerce, mobile agents, mobile communication and distributed shared object systems, etc.     

基于协议逆向的移动终端通信数据解析

针对移动终端通信协议及通信数据的解析,其难点在于大部分移动终端应用程序并无相关公开的技术文档,难以获知其采取的通信协议类型。指令执行序列分析技术通过分析程序执行的指令序列逆向推断出消息格式和状态机。但有时序列信息采集不全,导致状态机推断不完备,从而无法获取全部协议信息。针对上述问题,提出了一个新型的基于状态机对比推断分析的移动终端通信协议解析方案,可用于取证场景提高数据取证的准确性和完备性。该方案首先利用PIN动态二进制插桩,识别污点源并跟踪污点轨迹分析出协议消息格式;然后根据格式信息对提取的协议消息进行聚类分析推断出原始状态机;最后利用最长公共子序列（LCS,longest common subsequence）算法与已知的协议状态机进行对比,相似度最高者即为推断出的通信协议类型。在Android平台上基于两类应用程序设计实验对该方案进行测试和评估,实验结果表明可准确提取应用程序的通信内容,实用价值强。     

Total ordering group communication protocol based on coordinating sequencers for multiple overlapping groups

This paper presents a total ordering protocol for group communication systems with multiple overlapping groups. Our protocol takes advantages of the simplicity of the sequencer-based approach, but employs multiple sequencers to achieve better load balance. For a given message, the sequencer of the destination group constructs a sequencing array by requesting for relative delivery positions from the sequencers of the overlapping groups. The sequencing array is used by any receiving process to determine the delivery sequence of the message. The notion of logical clock is used for determining the relative delivery sequences of the messages. The coordination between the sequencers is performed in a simple, asynchronous and non-blocking manner. The delivery operation at a receiving process is very simple, and a message can be delivered as soon as it becomes deliverable. These factors amount to a significant saving of the computing and communication overhead for the system. As the protocol demands the minimum effort from the group members it is suitable for mobile computing environment in which mobile devices are typically tight on resources. In the paper, we also present some ways to enhance the performance of the system. Extension of the protocol to encompass the preservation of causality, the dynamic group membership and the failure recovery is included in the paper.     

基于Internet的移动短信互通设计方案

通过对国内外移动短信业务的相关分析,提出了M2I2M短信互通方案,其总体架构基于NGN的发展思路。关键是通过对现有手机与Internet之间的短信接口的改进和不同短信网络运营商之间协作调度短信方式的设计,实现手机均无需具有支持In-ternet业务功能,也可以凭借Internet为透明中介进行短信互通。与其他移动短信互通方案相比,M2I2M方案非常适用于国际用户间的移动短信互通。     

A secure short message communication protocol

According to the security requirement of the short message service （SMS） industry application, a secure short message communication protocol is proposed. This is an application level protocol constructed on the standard SMS communication protocol using public key authentication and key agreement without the need of wireless public key infrastructure （WPKI）. Secure short message transmission and dynamic key agreement between mobile terminals and the accessing gateway axe realized. The security of the proposed protocol is validated through the BAN logic. Compared with the standard SMS protocol, the effective payload rate of our protocol can reach 91.4%, and subscriber identity module （SIM） tool kit （STK） applications based on our protocol suit well for all kinds of mobile terminals in practical application.     

Preventing delegation-based mobile authentications from man-in-the-middle attacks

In this paper, an approach of mutual authentication and key exchange for mobile access, based on the trust delegation and message authentication code, is developed, and a novel nonce-based authentication approach is presented. The proposed protocols can effectively defend all known attacks to mobile networks including the denial-of-service attacks and man-in-the-middle attacks. In particular, in contrast to some previous work, our design gives users a chance to set a session key according to users' will, and does not require a mobile user to compute useless hash key chains in the face of HLR-online authentication failures or run the initial authentication protocol before HLR-offline authentication. Moreover, our design enjoys both computation efficiency and communication efficiency as compared to known mobile authentication schemes.     

A reliable multicast protocol for distributed mobile systems:design and evaluation

Reliable multicast is a powerful communication primitive for structuring distributed programs in which multiple processes must closely cooperate together. We propose a protocol for supporting reliable multicast in a distributed system that includes mobile hosts and evaluate the performance of our proposal through simulation We consider a scenario in which mobile hosts communicate with a wired infrastructure by means of wireless technology. Our proposal provides several novel features. The sender of each multicast may select among three increasingly strong delivery ordering guarantees: FIFO, causal, total. Movements do not trigger the transmission of any message in the wired network as no notion of hand-off is used. The set of senders and receivers (group) may be dynamic. The size of data structures at mobile hosts, the size of message headers, and the number of messages in the wired network for each multicast are all independent of the number of group members. The wireless network is assumed to provide only incomplete spatial coverage and message losses could occur even within cells. Movements are not negotiated and a mobile host that leaves a cell may enter any other cell, perhaps after a potentially long disconnection. The simulation results show that the proposed protocol has good performance and good scalability properties     

具有消息恢复的数字签名方案及其安全性

本文设计了两种具有消息恢复的数字签名方案，其安全性都基于因子分解问题和离散对数问题的，这两种方案签名具有随机性，用户密钥分配简单，比原有的具有消息恢复的数字签名方案性能更好，通信成本更低，因而有较高的安全性和实用性。     

基于TCAPsec协议的网络模型设计及性能分析

事务处理能力应用部分(TCAP)协议是移动通信网络的信令协议,由缺乏安全保护的七号信令承载。TCAP安全(TCAPsec)协议为传输TCAP消息提供了安全保证,在研究TCAPsec协议的网络模型、保护模式、消息结构和交互流程基础上,设计一个简化的TCAPsec网络模型,测试了不同模式下的网络时延,分析了TCAPsec对网络性能的影响。