In classical public‐key infrastructure (PKI), the certificate authorities (CAs) are fully trusted, and the security of the PKI relies on the trustworthiness of the CAs. However, recent failures and compromises of CAs showed that if a CA is corrupted, fake certificates may be issued, and the security of clients will be at risk. As emerging solutions, blockchain‐ and log‐based PKI proposals potentially solved the shortcomings of the PKI, in particular, eliminating the weakest link security and providing a rapid remedy to CAs' problems. Nevertheless, log‐based PKIs are still exposed to split‐world attacks if the attacker is capable of presenting two distinct signed versions of the log to the targeted victim(s), while the blockchain‐based PKIs have scaling and high‐cost issues to be overcome. To address these problems, this paper presents a secure and accountable transport layer security (TLS) certificate management (SCM), which is a next‐generation PKI framework. It combines the two emerging architectures, introducing novel mechanisms, and makes CAs and log servers accountable to domain owners. In SCM, CA‐signed domain certificates are stored in log servers, while the management of CAs and log servers is handed over to a group of domain owners, which is conducted on the blockchain platform. Different from existing blockchain‐based PKI proposals, SCM decreases the storage cost of blockchain from several hundreds of GB to only hundreds of megabytes. Finally, we analyze the security and performance of SCM and compare SCM with previous blockchain‐ and log‐based PKI schemes. 相似文献
Wireless body area network (WBAN) has witnessed significant attentions in the healthcare domain using biomedical sensor-based monitoring of heterogeneous nature of vital signs of a patient’s body. The design of frequency band, MAC superframe structure, and slots allocation to the heterogeneous nature of the patient’s packets have become the challenging problems in WBAN due to the diverse QoS requirements. In this context, this paper proposes an Energy Efficient Traffic Prioritization for Medium Access Control (EETP-MAC) protocol, which provides sufficient slots with higher bandwidth and guard bands to avoid channels interference causing longer delay. Specifically, the design of EETP-MAC is broadly divided in to four folds. Firstly, patient data traffic prioritization is presented with broad categorization including Non-Constrained Data (NCD), Delay-Constrained Data (DCD), Reliability-Constrained Data (RCD) and Critical Data (CD). Secondly, a modified superframe structure design is proposed for effectively handling the traffic prioritization. Thirdly, threshold based slot allocation technique is developed to reduce contention by effectively quantifying criticality on patient data. Forth, an energy efficient frame design is presented focusing on beacon interval, superframe duration, and packet size and inactive period. Simulations are performed to comparatively evaluate the performance of the proposed EETP-MAC with the state-of-the-art MAC protocols. The comparative evaluation attests the benefit of EETP-MAC in terms of efficient slot allocation resulting in lower delay and energy consumption.
Wireless Personal Communications - Current research in wireless communication undoubtedly points towards the tremendous advantages of using visible light as a spectrum for significantly boosting... 相似文献
Base station's location privacy in a wireless sensor network (WSN) is critical for information security and operational availability of the network. A key part of securing the base station from potential compromise is to secure the information about its physical location. This paper proposes a technique called base station location privacy via software-defined networking (SDN) in wireless sensor networks (BSLPSDN). The inspiration comes from the architecture of SDN, where the control plane is separated from the data plane, and where control plane decides the policy for the data plane. BSLPSDN uses three categories of nodes, namely, a main controller to instruct the overall operations, a dedicated node to buffer and forward data, and lastly, a common node to sense and forward the packet. We employ three kinds of nodes to collaborate and achieve stealth for the base station and thus protecting it against the traffic-analysis attacks. Different traits of the WSN including energy status and traffic density can actively be monitored by BSLPSDN, which positively affects the energy goals, expected life of the network, load on common nodes, and the possibility of creating diversion in the wake of an attack on the base station. We incorporated multiple experiments to analyze and evaluate the performance of our proposed algorithm. We use single controller with multiple sensor nodes and multiple controllers with multiple sensor nodes to show the level of anonymity of BS. Experiments show that providing BS anonymity via multiple controllers is the best method both in terms of energy and privacy. 相似文献
The experimental study of the laser beam parameters of the pulse repetitive RF-excited diffusion cooled waveguide CO2 laser are presented. The measurements are carried out for the pumping pulse duration of 100 μs and pulse repetitive rates 5 - 14 kHz. The average power density delivered to the active medium is 76 W/cm^3. Three types of the pulses, namely the square, the sine and the triangular ones have been applied at the input as pumping pulses and their effects on the output power and the delay time have been studied. The output power of the radiation versus input power, pressure of the laser gas mixture and modulation frequency has been investigated. The results indicate that the output peak power for the three types of pulses increases with increase of the pressure of the laser gas mixture and with the input power where as it decreases with the repetition frequency. The delay time of the output pulse decreases with the increase of the repetition frequency and input power, where as it increases with the increase of the pressure of the laser gas mixture. The behavior of the output power and the delay time with duty cycle for square pulse has also been investigated. 相似文献
Path Diversification is a new mechanism that can be used to select multiple paths between a given ingress and egress node pair using a quantified diversity measure to achieve maximum flow reliability. The path diversification mechanism is targeted at the end-to-end layer, but can be applied at any level for which a path discovery service is available. Path diversification also takes into account service requirements for low-latency or maximal reliability in selecting appropriate paths. Using this mechanism will allow future internetworking architectures to exploit naturally rich physical topologies to a far greater extent than is possible with shortest-path routing or equal-cost load balancing. We describe the path diversity metric and its application at various aggregation levels, and apply the path diversification process to 13 real-world network graphs as well as 4 synthetic topologies to asses the gain in flow reliability. Based on the analysis of flow reliability across a range of networks, we then extend our path diversity metric to create a composite compensated total graph diversity metric that is representative of a particular topology’s survivability with respect to distributed simultaneous link and node failures. We tune the accuracy of this metric having simulated the performance of each topology under a range of failure severities, and present the results. The topologies used are from national-scale backbone networks with a variety of characteristics, which we characterize using standard graph-theoretic metrics. The end result is a compensated total graph diversity metric that accurately predicts the survivability of a given network topology. 相似文献
Telecommunication Systems - A recent trend of peering at geo-diversified Internet exchange points (IXPs) has empowered decades-old proposal of inter-networking and opened up new avenues of business... 相似文献