基于Axis2的web服务安全框架设计与实现

web服务的广泛应用和网络技术多元化的发展迫切需求一个既能实现web服务安全,又能兼容各种客户端的安全框架.在Axis2的基础上,设计并实现了一个完整的、符合WS-Security规范的web服务框架.框架以文件配置、消息加密和程序控制实现web服务安全,采用SOAP通信协议解决了与各种客户端通信的问题.测试结果表明,此框架可以实现数字签名、消息加密和基于角色的访问控制,能够接收各种基于SOAP协议的客户端请求,具有很好的安全性和兼容性,为企业的web服务安全提供了一个有效的解决方案.     

EGAKA:一种面向LTE-A机器类型通信的高效组认证与密钥协商协议

机器类型通信(Machine Type Communication,MTC)作为物联网的基础,有着广阔的市场和应用前景。LTE-A网络能够为MTC的发展提供有力的支持,第三代合作伙伴项目(3rd Generation Partnership Project,3GPP)已经在3GPP标准Release10中正式定义了MTC。与普通的移动用户设备相比,MTC设备具有数量多、功耗低的特点,这给LTE-A网络的身份认证问题提出了新的挑战。当大量MTC设备同时接入网络时,如果每个设备都进行独立的身份认证过程,则会导致LTE-A网络出现严重的信令拥塞问题。同时,MTC设备由于计算资源有限,不宜做大量的运算。针对MTC网络中设备认证过程的信令拥塞问题,提出了基于聚合代理签名和消息认证码的组认证与密钥协商协议EGAKA。该协议采用聚合代理签名使得LTE-A网络可以同时验证多个MTC设备,并最小化认证过程中的信令开销。采用消息认证码的方法进行密钥协商,有利于降低MTC设备的计算开销。通过着色Petri网(Colored Petri Nets,CPN)的建模和分析,证明该协议能够正确完成认证和密钥协商。另外,通过在性能方面与文中引用的协议比较,证明该协议在信令开销和计算开销方面具有一定优势。     

CADeComp: Context-aware deployment of component-based applications

The expansion of wireless communication and mobile hand-held devices makes it possible to deploy a broad range of applications on mobile terminals such as PDAs and mobile phones. The constant context changes of mobile users oblige them to carry out many deployment tasks of the same application in order to obtain an application whose configuration satisfies the context requirements. The difficulty and the frequency of these deployment tasks led us to study the deployment in a mobile environment and to look for a solution for the automation of the deployment adaptation to the context. This paper studies the deployment sensitivity to the context in order to identify the variable deployment parameters and to analyze the impact of the deployment adaptation on the production life cycle of applications. The contribution made by this paper consists in an innovative middleware entity called Context-Aware Deployment of COMPonents (CADeComp), which can be plugged into existing middleware deployment services. CADeComp defines a flexible data model that facilitates the tasks of component producers and application assemblers by allowing them to specify the meta-information required to adapt the deployment to the context. The advantage of CADeComp is that it is based on reliable adaptive mechanisms that are defined by a platform-independent model according to the MDA approach. We propose a mapping of the CADeComp model to CCM. CADeComp was implemented and evaluated on this platform.     

Cross-layer opportunistic adaptation for voice over ad hoc networks

The support of voice communication is fundamental in the deployment of an ad hoc network for the battlefield or emergency response. We use the QoS requirements of voice to identify factors influencing its communication, and validate their significance through statistical analysis. Based on the results, we propose an opportunistic protocol within a cross-layer framework that adapts these factors at different time scales. Hop-by-hop adaptation exploits the PHY/MAC interaction to improve the use of the spectral resources through opportunistic rate-control and packet bursts, while end-to-end adaptation exploits the LLC/application interaction to control the demand per call through voice coding and packet size selection. Our objective is to maximize the number of calls admitted while minimizing loss of quality. We evaluate the performance of the protocol in simulation with real audio traces using both quantitative and mean opinion score (MOS) audio quality metrics, comparing to several standard voice codecs. The results indicate that: (i) compression and packet-size selection play a critical role in supporting QoS over ad hoc networks; (ii) header compression is needed to limit the overhead per packet especially over longer paths; (iii) good voice quality is achieved even in strenuous network conditions.     

Preventing delegation-based mobile authentications from man-in-the-middle attacks

In this paper, an approach of mutual authentication and key exchange for mobile access, based on the trust delegation and message authentication code, is developed, and a novel nonce-based authentication approach is presented. The proposed protocols can effectively defend all known attacks to mobile networks including the denial-of-service attacks and man-in-the-middle attacks. In particular, in contrast to some previous work, our design gives users a chance to set a session key according to users' will, and does not require a mobile user to compute useless hash key chains in the face of HLR-online authentication failures or run the initial authentication protocol before HLR-offline authentication. Moreover, our design enjoys both computation efficiency and communication efficiency as compared to known mobile authentication schemes.     

Time-bound negotiation framework for electronic commerce agents

For efficient and informative coordination of agents especially in electronic commerce environment, a time-bound agent negotiation framework is proposed utilizing a time-based commitment scheme. By attaching commitment duration to agent messages, the traditional contract net protocol is extended to a time-bound negotiation framework (TBNF). The proposed negotiation framework has a new message type which allows for parties to agree upon the extension of a commitment duration, and a novel commitment concept in the form of negative commitment. The semantics of the messages with the commitment duration are interpreted, and then the three typical negotiation protocols are formally defined and compared — nothing-guaranteed protocol, acceptance-guaranteed protocol, and finite-time guarantee protocol — which can be incorporated into TBNF. The TBNF should provide a background for efficient and effective electronic commerce negotiation while accommodating each agent's adaptive negotiation strategy.     

基于RocketMQ的MQTT消息推送服务器分布式部署方案

伴随着互联网的飞速发展,特别是在近几年中,移动互联网的发展更为迅猛.在移动互联网中,消息推送是其中很重要的一部分,它是手机客户端信息发布和通信的重要方式.MQTT协议是Android系统中消息推送的实现技术之一,由于其具有低功耗、节省流量和可扩展性强的优点,目前已得到了众多应用.同时,RocketMQ作为一种分布式消息队列,在服务器分布式部署上具有很大优势,具有高性能、高可靠、高实时、分布式特点.本文介绍了MQTT协议与RocketMQ的这种开源项目的应用,并通过RocketMQ与Mosquitto相结合的方式,实现了一种基于RocketMQ的MQTT消息推送服务器及其分布式部署.     

基于Ajax的Web Service架构

Web Service是一种基于标准的应用集成方式,允许不同的客户端使用它提供的服务。本文介绍通过Ajax使用异步消息传递,SOAP协议作为Web服务通信协议的基础,实现Web Servcie架构的应用程序的开发。     

A Mechanism for Communication-Efficient Broadcast Encryption over Wireless Ad Hoc Networks

Due to its low communication cost, stateful broadcast encryption is an appealing solution for secure content distribution in mobile ad hoc wireless networks (MANETs). Unfortunately, the inherent limitations of MANETs prevent a standard application of such schemes since they require receivers to be online. In this paper, we present a reliable message delivery mechanism for MANETs that is based on erasure codes and that leverages node mobility in order to achieve non-interactive recovery of missed messages. We then show how our mechanism can be used to reliably deliver the key updates of a stateful broadcast encryption scheme. Our solution has several useful properties: it allows trade-offs between the amount of storage required at each node and the speed of message recovery; and it has the ability to leverage the resources of unauthorized nodes. We evaluate the performance of our approach through simulation, and show that it achieves good performance for networks with high node density.     

一种基于移动Agent的主动网络体系结构

1.引言随着Internet的发展,网络应用和网络用户的行为更加多样化。流行的TCP/IP网络体系结构已经不能适应网络通信技术发展和Internet服务拓展的需要。然而现有的网络体系不可能被完全替代,一种可行的方法是对其升级并保持向下兼容,主动网络是一种较好的途径。通过对互操作层次特性做根本性变化,主动网络能提供一个软件可编程的范例,允许中间网络节点完成动态网络定制,避开冗长的标准化过程,实现网络技术的快速发展和服务应用的快速引进,并改善网络计算能力和功能。     

移动IPv6编码安全技术研究

移动IPv6主要采用IPSec作为它的安全协议,其所支持的所有加密算法不能够同时纠正数据在传输过程中遇到的同步错误。本文首先分析移动IPv6的安全和传输可靠性问题。其次根据一般线性分组码的译码问题是一个NPC问题,利用纠错码构造一个既可以加密又可以纠错的密码算法的可能解决方案——BCH-CIPHER,并分析了该方案的可行性。最后给出方案的具体实施过程。     

基于MQTT协议的海洋观测数据推送系统

为实现海洋观测数据的及时推送,设计了一种数据推送系统,目的是将各个观测船、浮标和水下观测网等采集到的海洋观测数据推送到手机客户端,并实现异常数据的报警。提出了一种基于MQTT协议的数据推送方案,在加密与验证方面对MQTT协议进行改进。此外,设计了安全认证机制与消息管理模块,保证了消息在传输中不被篡改或者丢失。测试结果证明,该方案安全性较高,服务权限设计合理,费用方面也具有较大的优势。     

Evaluation framework for adaptive context-aware routing in large scale mobile peer-to-peer systems

The proliferation of novel wireless network technologies creates new opportunities for complex peer-to-peer information dissemination systems. A key challenge that remains in this area is how to select the best algorithms and protocols to communicate effectively on a large scale. In this paper, we focus in particular on large scale mobile networks where effectiveness depends on the requirements of the application at hand and on the context of the peers in the network. We propose a framework for context-aware adaptive information sharing that allows the evaluation of and comparison with alternative information routing protocols using network metrics to measure a variety of quality attributes of the information dissemination protocols. These metrics can then be used to verify which protocol is best suited for a particular application. We illustrate our evaluation framework with different information dissemination protocols in an inter-vehicle communication scenario.     

Mobile Web services: a new agent-based framework

Mobile devices and server applications often run on different platforms, which can make integration problematic. Web services might offer a solution, but they typically include XML protocols that are too "heavy" for mobile devices. In this article, we describe agent-based mobile services framework. It uses wireless portal networks and eliminates XML processing on mobile clients. It also offers dynamic service selection and rapid application development and deployment for Web service providers.     

Efficient validation of mobile transactions in wireless environments

In broadcast environments, the limited bandwidth of the upstream communication channel from the mobile clients to the server bars the application of conventional concurrency control protocols. In this paper, we propose a new variant of the optimistic concurrency control (OCC) protocol that is suitable for broadcast environments. At the server, forward validation of a transaction is done against currently running transactions, including mobile transactions and server transactions. At the mobile clients, partial backward validation of a transaction is done against committed transactions at the beginning of every broadcast cycle. Upon completion of execution, read-only mobile transactions can be validated and committed locally and update mobile transactions are sent to the server for final validation. These update transactions have a better chance of commitment because they have gone through the partial backward validation. In addition to the nice properties of conventional OCC protocols, this protocol provides autonomy between the mobile clients and the server with minimum upstream communication, which is a desirable feature to the scalability of applications running in broadcast environments. This protocol is able to process both update transactions and read-only transactions at the mobile clients at low space and processing overheads.     

Integrated data ciphering unit design for secure message transfer in networks

The importance of transmitting voice messages in a secure manner over telephone networks has recently started attracting the attention of telephone companies. In order to provide an encryption-based secure communication of voice messages over telephone networks, the telephone companies will be faced with the problem of where to locate the encryption/decryption devices and also how to interface them with the existing telephone switching and multiplexing equipment. This problem is of prime importance in the sense that proper placement of such encryption/decryption devices would bring down the overall cost of providing secure communication services to their customers that would in turn bring more revenue to the telephone companies. In this respect, the design of an integrated data ciphering unit (DCU) and proper deployment of the same inside a low bit rate voice (LBRV) transcoder equipment are presented in this paper. The accuracy of adaptive differential pulse code modulation (ADPCM) prediction algorithm and the impact of errors due to decoding are analyzed for such deployment in order to provide a better level of security. Also, a cost analysis is carried out to show that the cost of providing a secure communication service to the customers is quite negligible.     

A scalable framework for mobile real-time group communication services

A scalable framework for mobile real-time group communication services is developed in this paper. Examples for possible applications of this framework are mobile social networks, mobile conference calls, mobile instant messaging services, and mobile multi-player on-line games. A key requirement for enabling a real-time group communication service is the tight constraint imposed on the call delivery delay. Since establishing such communication service for a group of independent mobile users under a tight delay constraint is NP-hard, a two-tier architecture is proposed, that can meet the delay constraint imposed by the real-time service requirement for many independent mobile clients in a scalable manner. This goal is achieved by two dimensional partition of the space, first by organization and then geographically. Both the time and memory complexity associated with the location management of N mobile users are O(N) for the location management provided by the proposed framework, while a distributed scheme requires O(N²) for both time and memory complexity.     

多跳移动Ad Hoc无线网络中UPMA协议的仿真

基于有效竞争预约接人、无冲突轮询传输的思想,该文改进了支持节点移动性和多跳网络结构的依据用户妥善安排的多址接人（UPMA）协议,然后利用网络仿真工具OPNET构建了UPMA协议的仿真框架,并仿真了由自组织分群算法所获得群的群内无线传输情况。该仿真框架为UPMA协议详细配置了物理层和数据链路层模型,可以设置不同的信道特性以及应用场景。在此基础上,该文分析了UPMA协议的信道吞吐量、平均消息时延和平均消息丢弃率,并将其与带冲突避免的载波侦听多址接人协议（CSMA／CA）、轮询协议进行了性能比较。仿真结果表明,UPMA协议可以提供较高的吞吐量、较低的平均消息时延和较小的平均消息丢弃率。