Gulf legacy: from factory floor to desert war

The role in the Persian Gulf War of maintenance and of contractor support of the high-tech systems used is examined. Two of the most difficult maintenance challenges were the F-15E and the Joint Stars surveillance aircraft. The measures that enabled maintenance crews to achieve a full mission-capable rate of 94% for the F-15E are described. The Joint Stars program, in which two modified Boeing 707 aircraft were outfitted with an advanced radar to detect moving targets over vast stretches of ground and provide high-resolution images of some of them, was a developmental project whose operational use was sustained by constant contractor involvement. With a war effort depending on developmental systems too new to have stocks of spare parts, rushing newly minted parts to the theater was of paramount importance. Deployment of men and material was planned, simulated, and monitored on computers. Transportation and logistics within the theater, however, were often horrendous. The Defense Logistics Agency hopes to improve the process with a laser-card-based system     

Mimic defense authentication method for physical access control

To address the security problem of the vulnerability of the authentication methods of traditional physical access control systems,a mimic defense authentication method was designed based on the principle of mimic defense technique and its dynamic heterogeneous redundant architecture (DHR),using mobile 2D code as the interface and dynamic password as the core.First,the actuator pool of the authentication server was constructed.Then,a central controller consisting of functional modules such as input distribution agent,selector and voter was used to dynamically schedule heterogeneous redundant actuators from the actuator pool.Finally,a multimode ruling on the heterogeneous redundant actuator output to determine the authentication result was made by the voter.The experimental results show that the proposed authentication method has higher security and reliability compared to the traditional physical access control system authentication method,and at the same time,it can be used in combination with other authentication methods.     

An energy‐efficient framework for ubiquitous phone access

Energy‐constrained smartphones and operation‐facilitated tablets are popular and necessary in our daily life, and people may prefer to use tablet to access smartphone's features for energy efficiency and easy operation. In this paper, we present uPhone, an energy‐efficient framework for ubiquitous phone access that allows ubiquitous and symmetric access to a smartphone's core features via a third device such as a tablet. More specifically, we design uPhone in two main components of devices and uPhone server, then implement it on a smartphone as a primary device and a tablet as a secondary device, and finally evaluate it in terms of energy savings, latency, and reliability. The evaluation results demonstrate that uPhone achieves up to 44% energy savings compared with simply typing and sending messages, and notifies on a smartphone, incurs little latency overhead that is acceptable by users, and performs roughly equivalent to standard messages with a high‐quality user experience. Copyright © 2016 John Wiley & Sons, Ltd.     

Energy-efficient multiple cooperative moving relay selection for heterogeneous nonorthogonal-multiple access systems

In a high-speed vehicular scenario, due to vehicle penetration loss (VPL) and fast signal fluctuations, frequent handovers occur, which results in more battery consumption. So power saving is a critical concern in high-speed wireless networks. In the past, moving relay (MR)-based heterogeneous network (HetNet) models were proposed and studied to overcome the effect of VPL, but the issue of power saving has not been studied till now for vehicular HetNet. In this paper, we propose an energy-efficient algorithm that selects the best number of cooperative MRs among multiple MRs installed on the top of the train for efficient utilization of transmission power in a NOMA-based wireless network. A half-duplex amplify-and-forward relaying protocol is used for the investigation. We define the optimization problem of energy efficiency for cooperative MR. The problem of energy maximization is stated as an optimization problem, and an energy-efficient MR selection algorithm is proposed as the solution to the optimization problem. The simulation results show that the proposed algorithm enhances the energy efficiency of vehicular and nonvehicular users and it also decreases the outage probability at fixed spectral efficiency in comparison with the fixed MR-based selection combining and maximum ratio combining diversity techniques. This result will be beneficial in vehicular communication to achieve maximum energy efficiency.     

URSA: ubiquitous and robust access control for mobile ad hoc networks

Restricting network access of routing and packet forwarding to well-behaving nodes and denying access from misbehaving nodes are critical for the proper functioning of a mobile ad-hoc network where cooperation among all networking nodes is usually assumed. However, the lack of a network infrastructure, the dynamics of the network topology and node membership, and the potential attacks from inside the network by malicious and/or noncooperative selfish nodes make the conventional network access control mechanisms not applicable. We present URSA, a ubiquitous and robust access control solution for mobile ad hoc networks. URSA implements ticket certification services through multiple-node consensus and fully localized instantiation. It uses tickets to identify and grant network access to well-behaving nodes. In URSA, no single node monopolizes the access decision or is completely trusted. Instead, multiple nodes jointly monitor a local node and certify/revoke its ticket. Furthermore, URSA ticket certification services are fully localized into each node's neighborhood to ensure service ubiquity and resilience. Through analysis, simulations, and experiments, we show that our design effectively enforces access control in the highly dynamic, mobile ad hoc network.     

Location-aware access to hospital information and services

Hospital workers are highly mobile; they are constantly changing location to perform their daily work, which includes visiting patients, locating resources, such as medical records, or consulting with other specialists. The information required by these specialists is highly dependent on their location. Access to a patient's laboratory results might be more relevant when the physician is near the patient's bed and not elsewhere. We describe a location-aware medical information system that was developed to provide access to resources such as patient's records or the location of a medical specialist, based on the user's location. The system is based on a handheld computer which includes a trained backpropagation neural-network used to estimate the user's location and a client to access information from the hospital information system that is relevant to the user's current location.     

AuthFlow: authentication and access control mechanism for software defined networking

Software-defined networking (SDN) is being widely adopted by enterprise networks, whereas providing security features in these next generation networks is a challenge. In this article, we present the main security threats in software-defined networking and we propose AuthFlow, an authentication and access control mechanism based on host credentials. The main contributions of our proposal are threefold: (i) a host authentication mechanism just above the MAC layer in an OpenFlow network, which guarantees a low overhead and ensures a fine-grained access control; (ii) a credential-based authentication to perform an access control according to the privilege level of each host, through mapping the host credentials to the set of flows that belongs to the host; (iii) a new framework for control applications, enabling software-defined network controllers to use the host identity as a new flow field to define forwarding rules. A prototype of the proposed mechanism was implemented on top of POX controller. The results show that AuthFlow denies the access of hosts either without valid credentials or with revoked authorization. Finally, we show that our scheme allows, for each host, different levels of access to network resources according to its credential.     

A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security

Ubiquitous networks provide roaming service for mobile nodes enabling them to use the services extended by their home networks in a foreign network. A mutual authentication scheme between the roamed mobile node and the foreign network is needed to be performed through the home network. Various authentication schemes have been developed for such networks, but most of them failed to achieve security in parallel to computational efficiency. Recently, Shin et al. and Wen et al. separately proposed two efficient authentication schemes for roaming service in ubiquitous networks. Both argued their schemes to satisfy all the security requirements for such systems. However, in this paper, we show that Shin et al. 's scheme is susceptible to: (i) user traceability; (ii) user impersonation; (iii) service provider impersonation attacks; and (iv) session key disclosure. Furthermore, we show that Wen et al. 's scheme is also insecure against: (i) session key disclosure; and (ii) known session key attacks. To conquer the security problems, we propose an improved authentication scheme with anonymity for consumer roaming in ubiquitous networks. The proposed scheme not only improved the security but also retained a lower computational cost as compared with existing schemes. We prove the security of proposed scheme in random oracle model. Copyright © 2015 John Wiley & Sons, Ltd.     

Energy-efficient information routing in sensor networks for robotic target tracking

Target tracking problems have been studied for both robots and sensor networks. However, existing robotic target tracking algorithms require the tracker to have access to information-rich sensors, and may have difficulty recovering when the target is out of the tracker??s sensing range. In this paper, we present a target tracking algorithm that combines an extremely simple mobile robot with a networked collection of wireless sensor nodes, each of which is equipped with an unreliable, limited-range, boolean sensor for detecting the target. The tracker maintains close proximity to the target using only information sensed by the network, and can effectively recover from temporarily losing track of the target. We present two algorithms that manage message delivery on this network. The first, which is appropriate for memoryless sensor nodes, is based on dynamic adjustments to the time-to-live (TTL) of transmitted messages. The second, for more capable sensor nodes, makes message delivery decisions on-the-fly based on geometric considerations driven by the messages?? content. We present an implementation along with simulation results. The results show that our system achieves both good tracking precision and low energy consumption.     

Performance evaluation of an authentication solution for IMS services access

The IP Multimedia Subsystem (IMS) is an access-independent, IP based, service control architecture. Users’ authentication to the IMS takes place through the AKA (Authentication and Key Agreement) protocol, while Generic Bootstrapping Architecture (GBA) is used to authenticate users before accessing the multimedia services over HTTP. In this paper, we focus on the performance analysis of an IMS Service Authentication solution that we proposed and that employs the Identity Based Cryptography (IBC) to personalize each user access. We carry out the implementation of this solution on top of an emulated IMS architecture and evaluate its performance through different clients’ access scenarios. Performance results indicate that increase in the number of clients does not influence the average processing time and the average consumed resources of the GBA entities during the authentication. We also notice that the Bootstrapping Server Function (BSF) presents a bottleneck during the service authentication which helps in giving some guidelines for the GBA entities deployment.     

A practical authentication protocol with anonymity for wireless access networks

The use of anonymous channel tickets was proposed for authentication in wireless environments to provide user anonymity and to probably reduce the overhead of re‐authentications. Recently, Yang et al. proposed a secure and efficient authentication protocol for anonymous channel in wireless systems without employing asymmetric cryptosystems. In this paper, we will show that Yang et al.'s scheme is vulnerable to guessing attacks performed by malicious visited networks, which can easily obtain the secret keys of the users. We propose a new practical authentication scheme not only reserving the merits of Yang et al.'s scheme, but also extending some additional merits including: no verification table in the home network, free of time synchronization between mobile stations and visited networks, and without obsolete anonymous tickets left in visited networks. The proposed scheme is developed based on a secure one‐way hash function and simple operations, a feature which is extremely fit for mobile devices. We provide the soundness of the authentication protocol by using VO logic. Copyright © 2010 John Wiley & Sons, Ltd.     

面向移动IPv6层次化网络的快速接入认证方案

提出了一个面向移动IPv6层次化网络的快速接入认证方案,从效率和安全性2个方面提高移动IPv6层次化网络接入认证的性能。首先,利用向量网络地址编码方法实现网络数据传输,提高家乡注册性能;其次,提出一种基于格的层次化签名方案,在接入认证过程中实现双向认证,提高认证过程的安全性。方案分析表明,所提出的接入认证方案具有强不可伪造性并可以抵御网络中的重放攻击,同时可以减少整个接入认证过程的延迟时间。     

CPK-based login authentication for electricity operation information system

Login authentication security is indispensable to applications of client/server (C/S) structure. Although some security technology in login authentication is relatively mature after years of development, it cannot meet high security requirements for the system in the case of limited resources. To deal with it, this paper proposes a new login authentication solution and applies it in electricity operation information system (EOIS), an application aiming at electrical equipment overhaul and report. The authors firstly discuss the reason why combined public key (CPK) is adopted as the key technology instead of the common one public key infrastructure (PKI). Secondly, they expatiate on CPK generation mechanism and the realizing process of login authentication, including local authentication using CPK-based digital signature and remote authentication using web service. Then, some results from three encryption methods (message-digest algorithm 5(MD5), secure hash algorithm (SHA-1) and CPK-based digital signature) to test EOIS are given, which show that the new solution builds its security on Hash function chosen and protection of combined private key. Finally, the security analysis reveals that CPK-based login authentication is safer to ensure the certainty of user identity, the integrality and non-repudiation of messages, and the confidentiality of transmission.     

3种接入认证技术的浅析与比较

接入认证技术支撑了宽带接入的发展.目前,应用最为广泛的认证技术有3种:以太网上传送PPP协议(PPPoE,PPP over Ethernet)、Web和802.1x .文章先给出了用户认证系统的基本模型,并基于此对这3种用户认证技术进行了分析与比较.从可扩展性上考虑,Web认证技术的可扩展性是最好的.文章最后给出了作者的观点:Web认证在将来会得到更好的发展.     

Multicarrier DS-CDMA: a multiple access scheme for ubiquitous broadband wireless communications

We identify some of the key problems that may be encountered when designing a broadband multiple access system with bandwidth on the order of tens or even hundreds of megahertz. We commence with a comparative discussion in terms of the characteristics of three typical code-division multiple access schemes: single-carrier direct-sequence CDMA (SC DS-CDMA), multicarrier CDMA (MC-CDMA), and multicarrier DS-CDMA (MC DS-CDMA). Specifically, their benefits and deficiencies are analyzed when aiming to support ubiquitous communications over a variety of channels encountered in indoor, open rural, suburban, and urban environments. It is shown that when communicating in such diverse environments, both SC DS-CDMA and MC-CDMA exhibit certain limitations that are hard to circumvent. By contrast, when appropriately selecting the system parameters and using transmit diversity, MC DS-CDMA becomes capable of adapting to such diverse propagation environments at a reasonable detection complexity.     

基于WEB与802.1x的宽带接入认证方式

基于以太网的接入是众多宽带接入方案中的重要一员，宽带用户除了采用包月方式外，认证方式越来越流行。目前可用的认证方案主要有三种，即WEB认证、PPPoE认证、802.1x认证。其中PPPoE方式应用时间最长，技术成熟，但是要采用大容量的BAS设备，相对而言成本较高。而WEB与802.1x还处于发展阶段，有许多问题值得探讨。在《通讯世界》2003年第3期“宽带接入的认证管理方式分析”一文中对三种认证方式作了分析对比，但笔者认为其中的某些论点已经落后于现状，需进一步阐述。宽带接入层一般会采用两级方案，姑且暂称为BAN（Building Acc…     

节能有效的无线传感器网络状态信息收集算法

网络状态信息收集协议既要保证信息收集的准确性、实时性,又要保证协议算法的轻量级特性.为解决上述矛盾问题,提出了一种轻量级的、能量有效的、基于无损聚合的层次分簇数据收集机制(QTBDC).QTBDC首先对网络节点编码并在节点间建立起一个逻辑层次簇结构,然后利用各个子簇状态数据的相似性和编码的连续性,实现了网内无损聚合.该监测机制使得网络状态信息的收集在不丢失数据细节信息的情况下,数据通信量大大减少.经过仿真分析表明,该方法与现有经典数据收集方法相比,实现了节能,延长了网络的生命期.     

Technique for authentication, access control and resource management in open distributed systems

A consistent approach to authentication and access control is proposed. In this new approach, resource management is included. By combining the properties of public key encryption with cascading proxies a single mechanism is devised to provide these three aspects of protection.<>     

Performance evaluation of software-defined clustered-optical access networking for ubiquitous data center optical interconnection

In recent years, p-cycles have been widely investigated for survivability of WDM networks. They provide fast recovery speed such as ring and capacity efficiency as mesh survivability schemes. However, restoration paths are very long, which causes excessive latency and intolerable physical impairments. On the other hand, nowadays, a wide set of applications require an optical path with almost no delay. The existing approaches, namely loopbacks removal and inter-cycle switching, provide a significant reduction in the restored path, but even then a number of restored paths remain many times longer than the working path lengths. In this paper, we propose a network partitioning-based approach to control the length of each restored path as per delay sustainability of time critical applications. The basic idea of the work is to partition the network into domains and construct the p-cycles for each domain independently. The domain wise construction of p-cycles restricts their length, which consequently reduces the length of restored paths. Here, we introduce a new concept where the selected border nodes are overlapped among adjacent domains to cover inter-domain spans of the network as a domain span in order to ensure their survivability through domain p-cycles. Simulation results show that the proposed solution is good enough to control the restored path length with small augmentation in redundancy of spare capacity as compared to optimal design of p-cycles. More importantly, it enhances the dual failure restorability significantly.     

多种用户接入方式和综合认证平台建设

本文论述了基于RADIUS协议的认证平台的现状和多用户接入情况下的综合认证需求，并对宽带接入的业务属性和业务流程对认证的需求进行了分析。