End-to-end security scheme for mobility enabled healthcare Internet of Things

We propose an end-to-end security scheme for mobility enabled healthcare Internet of Things (IoT). The proposed scheme consists of (i) a secure and efficient end-user authentication and authorization architecture based on the certificate based DTLS handshake, (ii) secure end-to-end communication based on session resumption, and (iii) robust mobility based on interconnected smart gateways. The smart gateways act as an intermediate processing layer (called fog layer) between IoT devices and sensors (device layer) and cloud services (cloud layer). In our scheme, the fog layer facilitates ubiquitous mobility without requiring any reconfiguration at the device layer. The scheme is demonstrated by simulation and a full hardware/software prototype. Based on our analysis, our scheme has the most extensive set of security features in comparison to related approaches found in literature. Energy-performance evaluation results show that compared to existing approaches, our scheme reduces the communication overhead by 26% and the communication latency between smart gateways and end users by 16%. In addition, our scheme is approximately 97% faster than certificate based and 10% faster than symmetric key based DTLS. Compared to our scheme, certificate based DTLS consumes about 2.2 times more RAM and 2.9 times more ROM resources. On the other hand, the RAM and ROM requirements of our scheme are almost as low as in symmetric key-based DTLS. Analysis of our implementation revealed that the handover latency caused by mobility is low and the handover process does not incur any processing or communication overhead on the sensors.     

Architectures for the future networks and the next generation Internet: A survey

Networking research funding agencies in USA, Europe, Japan, and other countries are encouraging research on revolutionary networking architectures that may or may not be bound by the restrictions of the current TCP/IP based Internet. We present a comprehensive survey of such research projects and activities. The topics covered include various testbeds for experimentations for new architectures, new security mechanisms, content delivery mechanisms, management and control frameworks, service architectures, and routing mechanisms. Delay/disruption tolerant networks which allow communications even when complete end-to-end path is not available are also discussed.     

基于SIP的无线网络移动性管理研究

为了使移动设备能在无线IP网络中无缝漫游,无线IP网络必须要能提供有效的移动性管理来支持终端的移动性。基于SIP提出了一种新的应用层移动性管理方案,和已有的移动性管理方案相比,它既支持实时业务的快速切换,减少了切换时的延迟和丢包,也支持非实时业务,而且实现和部署起来比较简单方便。     

基于SIP的无线网络移动性管理研究

为了使移动设备能在无线IP网络中无缝漫游，无线IP网络必须要能提供有效的移动性管理来支持终端的移动性。基于SIP提出了一种新的应用层移动性管理方案，和已有的移动性管理方案相比，它既支持实时业务的快速切换，减少了切换时的延迟和丢包．也支持非实时业务，而且实现和部署起来比较简单方便。     

A location-based mobility tracking scheme for PCS networks

This paper introduces a location-based locating strategy for Personal Communication Services (PCS) systems. In the proposed scheme, location updates are based on the value of a movement counter. The update of the movement counter is based on information on the locations visited by a mobile terminal (MT) since the last location update. In particular, the cell identifiers and the corresponding movement counter values are maintained in the MT for a part of the visited cells since the last location update. When the MT enters a cell whose identifier is not stored in the MT, the movement counter increases by one. If the movement counter reaches the update threshold, a location update is triggered; otherwise, the cell identifier and the corresponding movement counter value are stored in the MT. When the MT enters a cell whose identifier is in the MT, the movement counter is assigned with the counter value kept in the MT for this cell, and all cells with greater counter values in the MT are removed. The proposed scheme allows the dynamic selection of the update threshold according to each user's calling and mobility patterns. Analytical and simulation models have been developed to compare the proposed scheme with both the movement-based scheme and the distance-based scheme. Results demonstrate that when the call-to-mobility ratio (CMR) is low, the proposed scheme can achieve a significant cost reduction compared to the movement-based scheme. For example, when the CMR is 0.01, a savings of around 25% in the optimal total cost per call arrival is achieved with the proposed scheme. Moreover, the proposed scheme is easier to implement than the distance-based scheme.     

基于区块链的物联网任务协作信任管理方案

在物联网智能设备任务协作场景中,为解决设备交互不受信以及存在恶意设备破坏协作的问题,提出一种基于区块链的信任管理方案。半分布式的架构克服了集中式和分布式架构的不足,任务协作过程中兼顾了双方的信任,并设计了审查机制确保任务评价的真实可靠。信任的衡量中使用狄利克雷分布模拟任务评价的多样性,构建信任为数个状态,并利用马尔可夫链评估信任状态和全局信任。仿真结果表明,提出的方案可以客观衡量设备的信任,同时在检测恶意设备、提高协作任务成功率及避免误判方面具有优势,因此可以有效确保任务交互的可信和协作环境的安全。     

分离机制移动性管理系统测试

分离机制移动性管理系统是基于分离机制的在扩展代理移动IPv6的基础上提出的一种新的网络结构,它包括三个子系统,即身份与位置分离子系统、控制平面与数据平面分离子系统以及接入网与核心网分离子系统。描述了该系统中涉及的实体功能,以及移动节点的注册及通信流程。对系统进行了功能和性能测试,给出了测试结果。     

Power management techniques in smartphone-based mobility sensing systems: A survey

The rapidly enhancing sensing capabilities of smartphones are enabling the development of a wide range of innovative mobile sensing applications that are impacting on everyday life of mobile users. However, supporting long-term sensing applications is challenging because of their key requirements for continuous access to embedded sensors for gathering raw data, which can deplete the device’s battery in a few hours. This problem is expected to remain in the near future because the improvements on the capacity of batteries are coming at a slower pace than those advances in computing and sensing capabilities. The research community has highlighted the need for power-aware and context-aware sensing techniques deployed at different levels of mobile platforms for making a more efficient use of energy resources. Previous studies have analyzed the optimization of power consumption in mobile devices over different critical axes, like data transmission, computing, and hardware design. However, a comprehensive study focused in the challenges of power-aware smartphone-based sensing and strategies for addressing them has not been produced yet. This survey aims to fill this void with a particular focus on mobility sensing systems (e.g., human activity recognition, location-based services), presenting a comprehensive review of relevant strategies aimed at solving this issue. Also, this survey defines a taxonomy for such solutions, highlighting their strengths and limitations. Finally, most relevant open challenges and trends are discussed for providing insights for future research in the field.     

Protocols for mobility management in heterogeneous multi-hop wireless networks

Substantial works have recently been reported on the mobility management in single-hop wireless networks (e.g. cellular networks and WLAN hotspots), while there has been an increased interest in multi-hop communications. This has made mobility management in heterogeneous multi-hop wireless networks (HMWNs) really interesting so that both single-hop and multi-hop communication paradigms can be integrated. One of the main research challenges for 4G wireless systems is the identification of a mobility management technique that could integrate different wireless technologies such as WLANs, WMANs and WWANs, operating in infrastructure (single-hop) and infrastructureless (ad hoc or multi-hop) modes. In this article we envision a futuristic HMWN where heterogeneous networks, operating in single-hop and multi-hop modes are integrated to provide increased capacity and enhanced coverage for the users. We summarize various existing mobility management solutions and discuss why these schemes are not adequate for HMWNs, as well as highlighting our view of mobility management issues in HMWNs.     

移动因特网中单播移动性管理研究*

基于移动因特网的移动性管理面临新的挑战。单播移动性管理协议和算法层出不穷,目的是为了使移动节点能进行平滑切换。研究了不同种类的单播移动性管理,分析了各种方案的优缺点,并总结了进一步的研究方向。     

基于标志的名字空间及其移动性管理研究

随着Internet的迅速发展,网络名字空间结构及对移动性、安全性的支持面临着新的挑战,IP地址同时用做用户的身份标志和位置标志,语义过载,不能很好地解决主机的移动、多宿主、动态IP地址变化、网络安全。针对此问题,研究者提出了许多方案来改进Internet的名字空间和对移动性、安全性的支持。分析了当前Internet名字空间及其对移动性支持存在的问题,并对目前几种基于身份标志和位置标志相分离的名字空间改进方案对移动性、安全性支持进行了对比研究。     

Performance analysis of Virtual Mobility Domain scheme vs. IPv6 mobility protocols

The population of mobile users seeking connectivity to the Internet has been growing over the years, spurred by the capabilities of handsets and the increasing rich Internet content and services. Mobility management to enable efficient Internet access for users on the move is thus gaining significance. IETF has standardized several protocols such as Mobile IPv6, Hierarchical Mobile IPv6, and Proxy Mobile IPv6 to provide mobility management on the IP network. With future Internet design initiatives gaining momentum, it is important that these initiatives consider mobility management as an integral part of the design. In this article, we introduce the concept of Virtual Mobility Domain and describe the main features and key strengths of Virtual Mobility Domain that are designed to provide mobility management in a newly proposed tiered Internet architecture. Instead of IP addressing, the proposed Virtual Mobility Domain uses a tiered-addressing scheme to identify a mobile node with a single address regardless of its location. The tiered addressing provides a dynamic address length which brings less signaling overhead and scalable management. We also propose a collaborative network-based mobility management mechanism to provide low-latency handoffs and less processing-overhead on the mobile node compared to the IPv6-based protocols. The proposed mobility scheme unifies inter and intra-domain mobility management by introducing common anchor cloud concept which provides a distributed management and seamless mobility experience. We present comparative qualitative and quantitative performance analysis of Virtual Mobility Domain and aforementioned IPv6-based mobility protocols for Intra-AS roaming support. We examine handoff latency and signaling overhead performance of each protocol based on numerical results retrieved from analytical models and OPNET modeler based simulations. The results from a comparative performance study show the potential for more efficient mobility management under the proposed Internet architecture.     

Performance analysis of DNS-assisted global mobility management scheme in cost-optimized proxy mobile IPv6 Networks

Proxy Mobile IPv6 (PMIPv6) is designed to provide a network-based localized mobility management protocol, but it does not handle the global mobility of hosts. In this paper, we propose a location management scheme based on Domain Name System (DNS) for PMIPv6. In this proposed scheme, DNS as a location manager provides PMIPv6 for global mobility. In addition, a paging extension scheme is introduced to PMIPv6 in order to support large numbers of mobile terminals and enhance network scalability. To evaluate the proposed location management scheme, we establish an analytical model, also formulate the location update and the paging cost, and analyse the influence of the different factors on the total signalling cost. The performance results show how the total signal cost changes under various parameters.     

The Internet: global information superhighway for the future

The information revolution is bringing people of different backgrounds from around the world into a global information superhighway. The Internet provides a global platform connecting thousands of networks around the world. There is a variety of information available on the Internet for the users. It has been considered as a forum for users to share worldwide information resources. The resources are so vast that many of us really cannot grasp or understand the Internet fully. It has become a ‘global information library’ which allows the users to participate in the group discussion, search for any information, start any discussion with others and so on. It can be considered as a hybrid environment of postal services, citizen's band radio, libraries and neighborhood community centers where we (‘we’ is mainly used in this paper in its generic form) can spend time with our friends (‘our’ is also mainly used generically). Internet users (Internauts) share jokes, gossip in on-line conferences and join special groups to keep abreast of their specific interests. The main objective of this tutorial is to discuss various services on the Internet, their implementations, various Internet tools, and interconnection to the Internet. Other important issues like the Internet addressing, domain name system, IP addressing, etc. are discussed in detail in order to understand some design concepts. A brief list of the different types of browsers for different platforms is given. A discussion on future of the Internet is given via different advances and tools defined to provide security, interconnectivity and other related issues.     

基于P2P的无线mesh网移动性管理研究

无线Mesh网是一种新型的无线组网技术,现有的无线移动管理协议还不能在这一网络结构上直接适用.在典型无线mesh网络分层结构模型上,对现有的几种无线网络移动管理协议进行了比较,并且针对无线mesh网的结构特点提出了一种大型无线mesh网络下的移动性管理方案,采用了基于P2P的分层结构实现网络移动定位信息的自动注册、自动管理和快速查询,同时网络具有较好的负载均衡和抗毁性能.仿真结果表明,与传统的分层移动管理协议相比,该方案可以得到更优化的移动路由.     

互联网中的模糊滑模拥塞控制策略

针对互联网中的拥塞控制问题, 基于滑模控制理论及T-S（Takagi-Sugeno）模糊模型,提出了一种模糊滑模拥塞控制策略。考虑到互联网中存在的不确定和时变时滞因素,采用T-S模糊模型对网络系统进行了建模。利用线性矩阵不等式设计了一个渐近稳定的滑模面,有效地补偿了不确定及时滞因素的影响。基于趋近律的方法设计了控制器,有效地抑制了路由器中队列长度的振荡。多种情况下的仿真对比表明,所提出的控制策略具有更好的稳定性和鲁棒性。     

一种基于标地分离的卫星网络移动切换管理技术

移动卫星网络因具有覆盖区域广、通信延时低等优势受到广泛关注,当前有大量研究旨在开发IP协议的组网技术,并将其与地面IP网络融合。融合网络的挑战之一,即为卫星移动性,用户在卫星网络中的接入点频繁切换导致移动管理问题,而现有的移动IP技术不能高效支持卫星网络移动切换。为了高效支持移动切换,在卫星网络中应用标地分离思想,在标地分离的架构下研究切换管理问题;用映射服务系统对终端进行位置管理,在移动切换中由新接入卫星网关和终端的标志为主要信息在原卫星中形成通告转发表。仿真结果表明,相对移动IP技术,该方法有明显优势。将其应用于卫星网络时可以降低切换延时,减少大量的绑定更新开销或是次优路由,提升系统的性能和可扩展性。     

面向可信互联网的IP地址管理技术研究*

作为互联网最重要的基础资源,IP地址与互联网安全可信有着广泛的联系,包含IP地址分配、IP地址配置以及源地址验证等环节在内的IP地址管理工作的研究,是构建可信互联网环境的关键。在构建可信互联网的价值观下,探讨IP地址管理层面的研究内容,梳理近年来IP地址管理范畴内的研究热点以及相关问题的由来,分析相关的技术方案,并就未来的研究方向进行展望。     

移动因特网中安全组播通信的密钥管理研究

比较了各种确保安全组播通信的密钥管理算法和方案,针对移动环境下移动频繁、可靠性差的特点,讨论了在RingNet结构下移动因特网的组播密钥管理问题。     

A lightweight attribute-based encryption scheme for the Internet of Things

Internet of Things (IoT) is an emerging network paradigm, which realizes the interconnections among the ubiquitous things and is the foundation of smart society. Since IoT are always related to user’s daily life or work, the privacy and security are of great importance. The pervasive, complex and heterogeneous properties of IoT make its security issues very challenging. In addition, the large number of resources-constraint nodes makes a rigid lightweight requirement for IoT security mechanisms. Presently, the attribute-based encryption (ABE) is a popular solution to achieve secure data transmission, storage and sharing in the distributed environment such as IoT. However, the existing ABE schemes are based on expensive bilinear pairing, which make them not suitable for the resources-constraint IoT applications. In this paper, a lightweight no-pairing ABE scheme based on elliptic curve cryptography (ECC) is proposed to address the security and privacy issues in IoT. The security of the proposed scheme is based on the ECDDH assumption instead of bilinear Diffie–Hellman assumption, and is proved in the attribute based selective-set model. By uniformly determining the criteria and defining the metrics for measuring the communication overhead and computational overhead, the comparison analyses with the existing ABE schemes are made in detail. The results show that the proposed scheme has improved execution efficiency and low communication costs. In addition, the limitations and the improving directions of it are also discussed in detail.