Performance analysis of a threshold based distributed channel allocation algorithm for cellular networks

Rapid advances of the handheld devices and the emergence of the demanding wireless applications require the cellular networks to support the demanding user needs more effectively. The cellular networks are expected to provide these services under a limited bandwidth. Efficient management of the wireless channels by effective channel allocation algorithms is crucial for the performance of any cellular system. To provide a better channel usage performance, dynamic channel allocation schemes have been proposed. Among these schemes, distributed dynamic channel allocation approaches showed good performance results. The two important issues that must be carefully addressed in such algorithms are the efficient co-channel interference avoidance and messaging overhead reduction. In this paper, we focus on our new distributed channel allocation algorithm and evaluate its performance through extensive simulation studies. The performance evaluation results obtained under different traffic load and user mobility conditions, show that the proposed algorithm outperforms other algorithms recently proposed in the literature.     

5G异构网络中基于群组的切换认证方案

随着5G网络的发展,各类网络服务质量极大提升的同时网络环境也愈加复杂,从而带来了一系列安全挑战。切换认证可以解决用户在不同类型网络间的接入认证问题,但现存方案仍存在一些不足,还需要解决如全局切换认证、密钥协商、隐私保护、抵抗伪装攻击、抵抗中间人攻击、抵抗重放攻击以及群组用户切换效率等问题。针对这些问题,提出了一个5G异构网络中基于群组的切换认证方案。在所提出的方案中,注册域服务器在区块链上为每个用户存入一个通行证,任何实体都可以利用该通行证对用户进行认证,从而实现全局切换认证。对于群组用户,各用户分别设置可聚合的认证参数,验证者通过验证聚合签名实现对群组用户的批量验证。新方案不仅提升了群组用户切换时的效率,同时还满足上述安全性要求。基于形式化分析软件AVISPA的分析结果表明,所提出的方案是安全的。性能分析表明,所提出的方案执行批量验证时的效率比现存方案至少提升了89.8％。     

全视角特征结合众包的跨社交网络用户识别

随着互联网的普及和不断发展,用户通过多个社交网络进行社交活动,使用社交网络带来的丰富内容和服务.通过识别出不同社网上的同一用户,可以有助于进行用户推荐、行为分析、影响力最大化,因而显得尤为重要.已有方法主要基于用户的结构特征和属性特征来识别匹配用户,大多仅考虑局部结构,并且受已知匹配用户数量的限制.基于此,本文提出了一种基于全视角特征结合众包的跨社交网络用户识别方法（OCSA）.首先,利用众包来提高已知匹配用户的数量,接着,应用全视角特征评价用户的相似度,以提升用户匹配的准确性,最后,利用两阶段的迭代式匹配方法完成用户识别工作.实验结果表明该文提出的算法可显著提高用户识别的召回率和准确率,并解决了已知匹配用户数量不足时的识别问题.     

A Generic Framework for Anonymous Authentication in Mobile Networks

Designing an anonymous user authentication scheme in global mobility networks is a non-trivial task because wireless networks are susceptible to attacks and mobile devices powered by batteries have limited communication, processing and storage capabilities. In this paper, we present a generic construction that converts any existing secure password authen- tication scheme based on a smart card into an anonymous authentication scheme for roaming services. The security proof of our construction can be derived from the underlying password authentication scheme employing the same assumptions. Compared with the original password authentication scheme, the transformed scheme does not sacrifice the authentication effciency, and additionally, an agreed session key can be securely established between an anonymous mobile user and the foreign agent in charge of the network being visited. Furthermore, we present an instantiation of the proposed generic construction. The performance analysis shows that compared with other related anonymous authentication schemes, our instantiation is more effcient.     

Determining the Impact of Personal Mobility Carbon Allowance Schemes in Transportation Networks

Personal mobility carbon allowance (PMCA) schemes are designed to reduce carbon consumption from transportation networks. PMCA schemes influence the travel decision process of users and accordingly impact the system metrics including travel time and greenhouse gas (GHG) emissions. We develop a multi-user class dynamic user equilibrium model to evaluate the transportation system performance when PMCA scheme is implemented. The results using Sioux-Falls test network indicate that PMCA schemes can achieve the emissions reduction goals for transportation networks. Further, users characterized by high value of travel time are found to be less sensitive to carbon budget in the context of work trips. Results also show that PMCA scheme can lead to higher emissions for a path compared with the case without PMCA because of flow redistribution. The developed network equilibrium model allows to examine the change in system states at different carbon allocation levels and to design parameters of PMCA schemes accounting for population heterogeneity.     

面向多网关的无线传感器网络多因素认证协议

无线传感器网络作为物联网的重要组成部分,广泛应用于环境监测、医疗健康、智能家居等领域.身份认证为用户安全地访问传感器节点中的实时数据提供了基本安全保障,是保障无线传感器网络安全的第一道防线;前向安全性属于系统安全的最后一道防线,能够极大程度地降低系统被攻破后的损失,因此一直被学术及工业界视为重要的安全属性.设计面向多网关的可实现前向安全性的无线传感器网络多因素身份认证协议是近年来安全协议领域的研究热点.由于多网关无线传感器网络身份认证协议往往应用于高安全需求场景,一方面需要面临强大的攻击者,另一方面传感器节点的计算和存储资源却十分有限,这给如何设计一个安全的多网关无线传感器网络身份认证协议带来了挑战.近年来,大量的多网关身份认证协议被提出,但大部分都随后被指出存在各种安全问题.2018年,Ali等人提出了一个适用于农业监测的多因素认证协议,该协议通过一个可信的中心(基站)来实现用户与外部的传感器节点的认证;Srinivas等人提出了一个通用的面向多网关的多因素身份认证协议,该协议不需要一个可信的中心,而是通过在网关之间存储共享秘密参数来完成用户与外部传感器节点的认证.这两个协议是多网关无线传感器网络身份认证协议的典型代表,分别代表了两类实现不同网关间认证的方式:1)基于可信基站,2)基于共享秘密参数.分析指出这两个协议对离线字典猜测攻击、内部攻击是脆弱的,且无法实现匿名性和前向安全性.鉴于此,本文提出一个安全增强的可实现前向安全性的面向多网关的无线传感器网络多因素认证协议.该协议采用Srinivas等协议的认证方式,即通过网关之间的共享秘密参数完成用户与外部传感器节点的认证,包含两种典型的认证场景.对新协议进行了BAN逻辑分析及启发式分析,分析结果表明该协议实现了双向认证,且能够安全地协商会话密钥以及抵抗各类已知的攻击.与相关协议的对比结果显示,新协议在提高安全性的同时,保持了较高的效率,适于资源受限的无线传感器网络环境.     

Providing distributed certificate authority service in cluster-based mobile ad hoc networks

Nodes in a mobile ad hoc network (MANET) are more vulnerable and there is no predefined infrastructure in such a network. Providing secure communication in these networks is an important and challenging problem. Among all proposed schemes, the model of using distributed certificate authorities (CA) based on threshold cryptography and proactive share update using a cluster-based architecture seems to be a promising approach. However, there are two issues that are not well studied in the current literature for this model: (1) how to locate enough CA servers, and (2) how to perform the proactive share update. In this paper, we propose two efficient schemes with low system overhead to tackle these two problems. Compared with existing approaches, our CA architecture provides faster CA services to user nodes at reduced system overhead. The effectiveness of our proposed schemes has been verified by extensive simulation.     

Modeling Video on Demand services taking into account statistical dependences in user behavior

The popularity of video services on the Internet, and moreover High Definition (HD) videos, has increased continuously in recent years. This growing demand for high quality video services can cause problems in current communication networks. For this reason, the characterization and modeling of video workloads have become essential factors in evaluating the performance of these services. This paper presents the implementation of a simulation model of a Video on Demand (VoD) service. The model takes into account both the behavior of the users and the server workload. While the former is analyzed through a real VoD service, the latter is analyzed through lab experiments. Nevertheless, the main contribution of our model is that it also considers the dependences among user interactions. The model has been validated using real data and evaluated in different situations. Results show that performance is influenced both by massive access to the contents and by the dependence structure of user interactions.     

A Distributed Workflow Management System with Case Study of Real-life Scientific Applications on Grids

Next-generation scientific applications feature complex workflows comprised of many computing modules with intricate inter-module dependencies. Supporting such scientific workflows in wide-area networks especially Grids and optimizing their performance are crucial to the success of collaborative scientific discovery. We develop a Scientific Workflow Automation and Management Platform (SWAMP), which enables scientists to conveniently assemble, execute, monitor, control, and steer computing workflows in distributed environments via a unified web-based user interface. The SWAMP architecture is built entirely on a seamless composition of web services: the functionalities of its own are provided and its interactions with other tools or systems are enabled through web services for easy access over standard Internet protocols while being independent of different platforms and programming languages. SWAMP also incorporates a class of efficient workflow mapping schemes to achieve optimal end-to-end performance based on rigorous performance modeling and algorithm design. The performance superiority of SWAMP over existing workflow mapping schemes is justified by extensive simulations, and the system efficacy is illustrated by large-scale experiments on real-life scientific workflows for climate modeling through effective system implementation, deployment, and testing on the Open Science Grid.     

TCP Performance in Flow-Based Mix Networks: Modeling and Analysis

Anonymity technologies such as mix networks have gained increasing attention as a way to provide communication privacy. Mix networks were developed for message-based applications such as e-mail, but researchers have adapted mix techniques to low-latency flow-based applications such as anonymous Web browsing. Although a significant effort has been directed at discovering attacks against anonymity networks and developing countermeasures to those attacks, there is little systematic analysis of the quality of service (QoS) for such security and privacy systems. In this paper, we systematically address TCP performance issues of flow-based mix networks. A mix's batching and reordering schemes can dramatically reduce TCP throughput due to out-of-order packet delivery. We developed a theoretical model to analyze such impact and present formulas for approximate TCP throughput in mix networks. To improve TCP performance, we examined the approach of increasing TCP's duplicate threshold parameter and derived formulas for the performance gains. Our proposed approaches will not degrade the system anonymity degree since they do not change the underlying anonymity mechanism. Our data matched our theoretical analysis well. Our developed theoretical model can guide the deployment of batching and reordering schemes in flow-based mix networks and can also be used to investigate a broad range of reordering schemes.     

Attribute-based authentication on the cloud for thin clients

We propose two new authentication schemes for the cloud that support private attribute-based authentication services. The basic scheme is non-anonymous attribute-based authentication scheme. The extended scheme of the basic scheme is fully anonymous attribute-based authentication scheme to realize full anonymity and unlinkability services. In the proposed schemes, a user is authenticated by the remote server if the intersection of the set of his/her assigned attributes and the server’s required attributes exceeds a satisfactory predefined level. Unlike existing attribute-based encryption and signature schemes that require the user to perform significant amount of elliptic curve bilinear pairings and modular exponentiations, and require the user to hold a significantly long decryption/signature key, in our schemes the user is not required to perform any bilinear pairings. With a fixed length private key, independent of the number of attributes, the cloud user performs only few exponentiations by which he/she is able to authenticate himself/herself to the remote server and establish a session key with the server with the condition that he/she satisfies a predefined level of the server’s attributes requirement. Therefore, our schemes are suitable for implementation on devices with limited resources. We provide the rigorous security of the proposed schemes and complexity analysis of our schemes. Finally, the security and performance comparisons of our schemes with the existing related schemes show that our schemes outperform other existing schemes.     

PCS网络位置管理方案性能分析

PCS（Personal Communication Service）网络中位置管理开销昂贵；为减小开销，研究人员提出了许多种方案。研究了基于LRA（Lazy Replication Algorithm）的位置管理方案，建立了分析模型，以相邻两次呼叫期间实现位置管理所花费的开销为指标，对IS-41和LRA两者的性能进行了比较。研究表明，对于高移动性或远离归属地的用户，LRA显著优于IS-41；另一方面，对于呼叫多发生于两个服务区间或低移动性的用户，IS-41优于LRA；从总体上看，LRA性能优于IS-41。     

联合考虑主用户QoS和安全约束下认知NOMA安全传输

本文研究了认知非正交多址接入(NOMA)网络中联合考虑主用户服务质量(QoS)约束和安全约束下次用户物理层安全传输.该网络中采用认知功率分配策略,优先保障主用户的QoS和安全性能.在此功率分配方案下,推导得出了次用户连接中断概率(COP)和安全中断概率(SOP)的闭式表达式,揭示了系统参数配置对次用户传输可靠性和安全性的影响关系,以及安全性-可靠性之间的折衷关系.仿真结果表明,较强的主用户安全约束恶化了次用户的安全性能,但是提升了次用户的安全-可靠折衷性能.     

考虑服务性能的计算机网络级联失效建模

为分析计算机网络中级联失效对服务性能的影响,在考虑初始负载、节点转发速率和路由策略的基础上,建立一种基于负载容量的级联失效模型。定义吞吐量、负载率和服务时延3个评价参数,对级联失效发生前后网络服务性能的变化进行度量。以BA无标度网络为对象进行仿真实验,结果表明,该模型能客观反映级联失效导致网络服务性能急剧下降的现象,对级联失效的预防和控制具有一定指导意义。     

Analytical framework for dimensioning hierarchical WiMax–WiFi networks

Providing diverse, ubiquitous and cost-effective broadband services is a foremost challenge for the telecommunication community. Fixed WiMAX or IEEE 802.16d is one of the most promising radio access technologies, providing high performance similar to wired xDSL systems, yet superior to that of current 3G mobile technologies. Numerous deployment concepts are foreseen for WiMAX networks. They are designed to cover isolated areas, thus embodying an appealing solution for cellular networks or wireless backhaul for WiFi access. The latter concept is of interest in this paper that puts forward an analytical model based on the economical aspects to dimension hierarchical WiMax–WiFi networks. The proposed model consists in replacing a finite number of nodes by an equivalent continuum. Its key feature lies in accounting for the effect of interference as well as for the physical layer and channel characteristics in an easy and straightforward manner. On the one hand, the model takes into consideration frequency planning and scheduling aspects; and on the other hand, it provides tractable formulae of the end-user mean capacity and coverage probability in order to properly dimension the hybrid network. Last but not least, the economical facet of network planning is considered to unravel the design trade-offs between maximizing the service provider profit and satisfying the end user requirements in terms of performance.     

A novel user-participating authentication scheme

When utilizing services over public networks, a remote user authentication mechanism forms a first line of defense by rejecting illegal logins from unauthorized users. On-line applications over the Internet such as E-learning, on-line games, etc. are ever more common; remote user participation via networks plays a vital role in security and should be guaranteed. Without this countermeasure, malicious users are likely to enable agents to communicate with remote on-line systems. While existing remote user authentication schemes rarely address this issue, this paper highlights the problem of guaranteeing remote user participation. This proposed user authentication scheme benefits from combining CAPTCHA techniques and visual secret sharing to ensure deliberate human interaction. This scheme provides mutual authentication and is secure against certain known attacks, as well as low in computation cost.     

Performance analysis of a fixed local anchor scheme for supporting UPT services

Intelligent Networks (INs) are well suited for implementing Universal Personal Telecommunication (UPT) services. For efficient planning of IN accommodating UPT services, it is essential to analyze the effect of UPT user personal mobility. In this paper, an IN architecture with a fixed local anchor (FLA) is proposed for supporting UPT services. The performance of the proposed IN architecture is compared with an IN architecture based on IS-41 with consideration of UPT user personal mobility in terms of call delivery cost and location update cost. The performance of the proposed IN depends on the characteristics of UPT user mobility and incall deregistration. The proposed IN yields better performance than an IN based on IS-41 as UPT user mobility decreases and the probability of explicit incall deregistration increases.     

Proactive planning of bandwidth resource using simulation-based what-if predictions forWeb services in the cloud

Resource planning is becoming an increasingly important and timely problem for cloud users.As more Web services are moved to the cloud,minimizing network usage is often a key driver of cost control.Most existing approaches focus on resources such as CPU,memory,and disk I/O.In particular,CPU receives the most attention from researchers,but the bandwidth is somehow neglected.It is challenging to predict the network throughput of modem Web services,due to the factors of diverse and complex response,evolving Web services,and complex network transportation.In this paper,we propose a methodology of what-if analysis,named Log2Sim,to plan the bandwidth resource of Web services.Log2Sim uses a lightweight workload model to describe user behavior,an automated mining approach to obtain characteristics of workloads and responses from massive Web logs,and traffic-aware simulations to predict the impact on the bandwidth consumption and the response time in changing contexts.We use a real-life Web system and a classic benchmark to evaluate Log2Sim in multiple scenarios.The evaluation result shows that Log2Sim has good performance in the prediction of bandwidth consumption.The average relative error is 2%for the benchmark and 8% for the real-life system.As for the response time,Log2Sim cannot produce accurate predictions for every single service request,but the simulation results always show similar trends on average response time with the increase of workloads in different changing contexts.It can provide sufficient information for the system administrator in proactive bandwidth planning.     

Travel Plans in Public Transit Networks Using Artificial Intelligence Planning Models

Users of public transit networks require tools that generate travel plans to traverse them. The main issue is that public transit networks are time and space dependent. Travel plans depend on the current location of users and transit units, along with a set of user preferences and time restrictions. In this work, we propose the design and development of artificial intelligence (AI) planning models for engineering travel plans for such networks. The proposed models consider temporal actions, bus locations, and user preferences as constraints, to restrict the set of travel plans generated. Our approach decouples model design from algorithm construction, providing a greater level of flexibility and richness of solutions. We also introduce an integer linear programming formulation, and a fast preprocessing procedure, to evaluate the quality of the solutions returned by the proposed planning models. Experimental results show that AI planning models can efficiently generate close to optimal solutions. Furthermore, our analysis identifies user preferences as the most critical factor that increases solution complexity for planning models.     

A study of overheads and accuracy for efficient monitoring of wireless mesh networks

IEEE 802.11-based wireless mesh networks are being increasingly deployed in enterprize and municipal settings. A lot of work has been done on developing measurement-based schemes for resource provisioning and fault management in these networks. The above goals require an efficient monitoring infrastructure to be deployed, which can provide the maximum amount of information regarding the network status, while utilizing the least possible amount of network resources. However, network monitoring involves overheads, which can adversely impact performance from the perspective of the end user. The impact of monitoring overheads on data traffic has been overlooked in most of the previous works. It remains unclear as to how parameters such as number of monitoring agents, or frequency of reporting monitoring data, among others, impact the performance of a wireless network. In this work, we first evaluate the impact of monitoring overheads on data traffic, and show that even small amounts of overhead can cause a large degradation in the network performance. We then explore several different techniques for reducing monitoring overheads, while maintaining the objective (resource provisioning, fault management, and others) that needs to be achieved. Via extensive simulations and experiments, we validate the efficiency of our proposed approaches in reducing overheads, their impact on the quality of data collected from the network, and the impact they have on the performance of the applications using the collected data. Based on results, we conclude that it is feasible to make the current monitoring techniques more efficient by reducing the communication overheads involved while still achieving the desired application-layer objectives.