无线传感器网络中分簇安全路由协议保密通信方法的能效研究

保密通信方法研究的是如何保证路由信息在传输的过程中的安全性,是无线传感器网络中的核心技术之一。针对现阶段大多无线传感器网络路由协议都存在路由安全性问题,该文从均衡能耗的角度出发,引入保密通信协议(SCP)保密通信方法,提出一种能耗均衡的保密通信协议,并对该协议的安全方案进行了分析。然后对协议的性能进行了仿真,结果证明了该协议在能耗和安全性上的性能和利用价值。     

基于公钥技术的端到端安全保密无线AKA协议简析

设计一个满足要求的正确的无线认证与密钥协商协议不但要遵循必要的安全设计准则,而且还要考虑到在无线通信环境下的特殊限制。因此必须在不损害协议安全性能的前提下,简化协议的计算量,压缩协议的通信量,本文提出一个基于公钥技术的端到端安全保密无线AKA协议。     

一种基于移动网络的端到端认证机制

为基于移动网络的业务通信双方-业务签约者和业务提供者之间建立一种端到端的相互信任关系,提出了一种新的基于移动网络的应用服务端到端认证机制。研究了移动网络业务通信的发展趋势和安全威胁,介绍了3GPP中的通用鉴权框架的认证机理,指出了它的不足,并且提出了改进方法。介绍了端到端认证机制的总体框架和协议流程,并对其安全性、通用性、灵活性进行了分析。给出了该认证机制的应用场景。     

固定电话网智能化中的端局模块化可行性探讨

固定电话网智能化的实施不仅是开放移机不改号、彩铃等新业务,还应考虑如何实现维护效率的提升,端局模块化便是努力方向,是固网智能化实施的一个重要延伸.介绍了端局模块化的现实意义,结合网上开放的各种业务,重点分析了端局模块化的可行性,提出了从简化端局局数据和端局呼叫控制类业务属性上移SHLR（综合智能归属位置寄存器）着手的端局模块化实施方案,对难以上移SHLR管理的业务分析了限制原因,得出了各业务能否上移SHLR的结论.     

面向路径的无线多跳网络端-端吞吐量分析

基于802.11 DCF机制的无线多跳网络性能深受MAC层的介质访问机制和上层路由机制相互作用的影响.本文面向自组织网络路径,给出了端-端最优吞吐量的模型以及计算其上下界的方法.本文的研究更加注重无线多跳网络的实际特性:分组调度可以任意方式调度,节点的载波侦听范围大于其传输范围.研究发现路径的端到端吞吐量与路径长度、分组发送速率和分组调度策略等因素密切相关.本文还分析了其他因素对端-端带宽的影响程度.本文从面向路径的分析模拟工作中得出的一些独特结论相信将有助于上层应用程序以及路由协议的研究.     

安全可信的互联网体系结构与端到端传送关键技术

围绕无连接网络中安全可信的端到端传送关键问题,从互联网的工作原理出发,提出了具备安全可信和主动防御能力的互联网端到端传送关键技术,包括层间交互、语义一致的协议栈安全漏洞检测与防御,随机标识、层次验证的分组转发正确性检测,以及频域分析、交互图构造的传送连接可信检测,实现了分组数据可靠生成、安全传输、可信应用3个阶段全生命周期的安全闭环,有效增强了互联网的整体安全性。在实际网络环境中进行规模化应用及部署的结果表明,所提出的技术方法能够有效抵御拒绝服务（DoS）、流量劫持、身份欺骗、路由篡改等针对互联网的各种攻击威胁。     

移动通信端到端语音传输安全问题与对策分析

随着移动通信的广泛应用,语音通信安全问题日益突出.移动通信网的现有安全机制仅对无线信道进行了加密,未能提供地面核心网络的安全措施.文中针对移动语音通信安全现状,探讨了实现端到端语音保密通信的方法,分析了加密语音在移动网内传输面l临的主要问题,研究了加密语音基于移动数据业务信道传输和基于话音业务信道传输的两种实现方案,分析了方案的可行性,指出了下一步的研究方向.     

基于802.16接入的端到端切换机制研究

对802.16无线接入网络的端到端切换机制进行了分析研究,结合802.16接入网络的特点,使用SIP协议实现端到端切换,提出了旨在减少切换时延和丢包的网络设计构架。     

PTN中LTE业务端到端承载性能分析方案探究

PTN具有分组交换及共享带宽的技术特征,融合承载2G/3G/4G、家客、集客业务,为了强化对LTE的承载品质保障,业界在不断探索LTE业务端到端承载性能分析手段.基于对LTE业务的相关承载规范研究和日常实践经验总结,提出了一种基于Y.1731协议的OAM监控分析方案,同时深入研究了基于TWAMP的软/硬探针分析方案,总结了各类分析方案的部署和应用情况,为PTN日常维护工作提供参考.     

面向下一代网络的端到端多路径传输层架构

为了解决传统网络无法有效同时使用多家乡终端的多个接口传输数据的问题,提出了一种面向下一代网络的端到端多路径传输层架构-E2EMP.E2EMP通过自适应的根据路径特性分发数据,采用双层序列空间,实施灵活的端到端路径管理,提高了多家乡终端的传输性能.实验仿真表明,E2EMP能够有效地聚合终端多家乡的出口带宽,同时提高了数据传输的安全性和可靠性.     

Fast Firmware Implementation of RSA-Like Security Protocol for Mobile Devices

In modern mobile communications, personal privacy and security are of top concern to mobile phone subscribers. Yet, owing to the limit of their processing capability, mainstream mobile manufacturers are still unable to apply advanced security protocol to mobile devices. It should be noted that many security protocols are based on RSA algorithm. To implement RSA algorithm and thus apply many advanced security protocols to mobile networks, this paper proposes an efficient and practical method based on the Texas Instruments TMS320C55x family. When the proposed method is employed, it takes only 7.9 milliseconds to perform a 1024-bit RSA encryption operation at the clock frequency of 200 MHz. Our decryption operation is at least 3.5 times faster than the time taken to perform the same operation without employing the proposed method. In addition, the proposed method can stop any power-analysis attack on RSA-based security protocols, thereby enhancing the security of mobile environments.     

Authentication and Billing Protocols for the Integration of WLAN and 3G Networks

Wireless communications have developed rapidly and have been applied for many services. Cellular (the third-generation) mobile networks and wireless local area network (WLAN) are two important technologies for providing wireless communications. The third-generation (3G) networks provide wider service areas, and “always-o” and ubiquitous connectivity with low-speed data rate. WLAN networks offer higher data rate and the easy compatibility of wired Internet, but cover smaller areas. In fact, 3G and WLAN possess complementary properties. Integrating 3G and WLAN networks may offer subscribers high-speed wireless data services and ubiquitous connectivity. For integrating two heterogeneous networks, several issues should be involved, authentication, billing, quality of service, and seamless roaming between 3G and WLAN networks. In this paper, we address the authentication and billing problems and propose two protocols that provide both authentication and billing services. One protocol utilizes a one-time password approach to authenticate subscribers. This protocol is efficient in both computation time and authentication procedures. Because of the restrictions of the password-based approach, this protocol could not offer the non-repudiation property for the billing problem. Another protocol is constructed on a public-key-based system (i.e., certificates). Although it requires more computation time than the password-based approach, non-repudiation is guaranteed. Performance analysis simulation results are given to validate our two protocols.     

Towards more reliable and secure source routing in mobile ad hoc and sensor networks

Routing protocols in mobile ad hoc and sensor networks discover a multi-hop route between source and destination nodes. A highly reliable path is an important component for enhancing the security of communication. This paper presents RAS: a Reliable routing protocol for enhanced reliability and security of communication in mobile Ad hoc and Sensor networks. Enhanced reliability and security are achieved by the maintenance of a reliability factor by the nodes, which is increased when nodes participate successfully in data transmissions. This is determined through the use of positive and passive acknowledgements. Additional optimizations are included in order to increase the efficiency and performance of the network. Simulation experiments are performed in order to verify the operation of the proposed protocol and evaluate its performance. The results show an improvement in the reliability of the discovered path with the proper choice of certain important reliability parameters.     

The Complementary Use of 3G WCDMA and GSM/GPRS Cellular Radio Networks

The traffic performance of integrated 3G wide-band code division multiple access (WCDMA) and GSM/GPRS network is evaluated. This type of network links two cellular radio systems which have different set of frequency bands and the same coverage size. The base station of 3G WCDMA is installed on an existing GSM/GPRS site. Dual-mode mobile terminals use handoff to establish calls on the better system. The soft handoff or inter-frequency hard handoff occurs when mobile terminals of 3G WCDMA or GSM/GPRS move between two adjacent cells, respectively. The inter-system hard handoffs are used between 3G WCDMA and GSM/GPRS systems. The data rate conversions between different systems, soft handoff region size, multiple data rate multimedia services, and the effect of the mobile terminal mobility on the user mean dwell time in each system are considered in the study. The simulation results demonstrate that a great traffic performance improvement on the complementary use of 3G WCDMA and GSM/GPRS cellular radio networks compared with the use of GSM/GPRS cellular radio networks. When high-data rate transmission is chosen for low-mobility subscribers, both the handoff failure probability, and carried traffic rates increase with the new call generation rate. However, both rates decrease conversely with the increasing new call generation rate as soon as the new call generation rate exceeds a critical value. This causes the integrated networks saturation. The higher mean speed for the mobile terminals produces lower new call blocking probabilities and total carried traffic. The new call blocking probabilities and total carried traffic increase with the size of the soft handoff region.     

Strong and privacy-friendly management of federated identities for service provision over UMTS

Mobile subscribers who wish to mutually authenticate to service providers on the Internet utilize existing identity management mechanisms, such as Microsoft .net passport, overlooking the existing trust relationship between the subscriber and the 3G mobile operator and increasing network resources consumption, in an environment that requires security mechanisms that are as lightweight as possible. Furthermore, knowledge as well as the possession of an item, does not distinguish a person uniquely, revealing an inherent security weakness of pin authentication mechanisms. This paper proposes a protocol (3GbioId) for implementing strong identity management for Internet applications over 3G mobile networks. 3GBioId introduces biometrics, as well as the principles of the Liberty Alliance, into the 3G mobile security architecture, targeting to a more effective, secure and lightweight identity management alternative to the existing protocols. The results of a security, privacy, performance, usability and complexity evaluation indicate 3GbioId’s benefits and limits.     

Privileged Treatment of UMTS Subscribers in GSM Networks

Different user segments have various requirements and expectations towards the performance of mobile networks. Subscribers having experienced the high quality of UMTS networks desire to maintain high speech quality and excellent data throughput also in areas of missing UMTS but existing GSM coverage. In GSM networks a privileged treatment of UMTS subscribers by means of proper resource allocation provides a substantial quality improvement with respect to standard GSM subscribers. This strategy allows network operators to reduce the performance gap between both network areas experienced by UMTS subscribers. A detailed study on the performance of circuit switched speech and packet data services has been performed based on system level simulations. The results show significant speech quality advantages for users with dual-RAT terminals compared to standard GSM users as well as notably higher data throughput rates.     

移动计算网络环境中的认证与小额支付协议

本文在分析现有移动用户认证协议与因特网认证协议基础上,针对移动计算网络的技术特点设计了一个用于移动用户与收费信息服务网络相互认证和用户进行小额电子支付的协议,该协议的新颖之处在于把小额支付方案融入认证协议当中,使移动用户可以利用笔记本电脑或掌上电脑进行付费的网面浏览、购买低价位信息商品以及进行移动电子商务,同时也为移动用户漫游时的记费提供了依据.协议不仅在公共参数的存储空间需求和用户端计算负荷上是适当的,而且可以保护用户不被错误收费,同时提供服务网络防止用户抵赖的合法证据.该协议基于一个全局的公钥基础设施,适用于未来的基于第三代移动通信系统的网络计算环境.     

Cross-layer analysis of protocol delay in mobile devices receiving BCMCS

Broadcast and multicast services allow the high-speed delivery of multimedia content to multiple subscribers over CDMA2000 wireless networks. This relies on a high-rate broadcast packet data system with an air interface governed by two interacting protocols: the medium access control (MAC) protocol specifies the methods of multiplexing and of forward error correction used to reduce the radio link error-rate seen by the higher layers; and the security protocol specifies the procedures used to encrypt and decrypt content, following the Advanced Encryption Standard. We investigated the mutual effect of these protocols, in the context of an ARM9-based mobile platform, and their influence on delay. This allowed us to propose a novel analytic model that can predict the total delay by summing the separate but related delays incurred by implementations of the MAC and security protocols with particular parameters. This cross-layer model includes the characteristics of error control in the MAC layer and the varying condition of the fading channel in the physical layer. We can use this model to estimate the size of data buffers that mobiles require to provide a seamless multimedia service.     

移动计算网络环境中的认证与支付研究

该文针对移动计算网络的技术特点设计了一个用于移动用户与收费信息服务网络相互认证和用户进行电子支付的方案，该方案的新颖之处在于把小额支付方案融入认证协议当中，方案不仅在公共参数的存储空间需求和用户端计算负荷上是适当的，而且可以保护用户不被错误收费，同时提供服务者防止用户抵赖的合法证据。该方案基于一个全局的公钥基础设施，适合于未来的基于第三代移动通信系统的网络计算环境。     

个人通信系统中的一种移动用户登记认证协议

假冒和窃听攻击是无线通信面临的主要威胁。在个人通信系统中,为了对无线链路提供安全保护,必须对链路上所传送的数据/话音进行加密,而且在用户与服务网络之间必须进行相互认证。近年来,人们在不同的移动通信网络(如GSM,IS-41,CDPD,Wireless LAN等)中提出了许多安全协议。然而,这些协议在个人通信环境中应用时存在不同的弱点。本文基于个人通信系统的双钥保密与认证模型,设计了用户位置登记认证协议;并采用BAN认证逻辑对协议的安全性进行了形式化证明,也对协议的计算复杂性进行了定性分析。分析表明,所提出的协议与现有的协议相比具有许多新的安全特性。