Organizations are adopting the Bring Your Own Device(BYOD)concept to enhance productivity and reduce expenses.However,this trend introduces security challenges,such as unauthorized access.Traditional access control sy...Organizations are adopting the Bring Your Own Device(BYOD)concept to enhance productivity and reduce expenses.However,this trend introduces security challenges,such as unauthorized access.Traditional access control systems,such as Attribute-Based Access Control(ABAC)and Role-Based Access Control(RBAC),are limited in their ability to enforce access decisions due to the variability and dynamism of attributes related to users and resources.This paper proposes a method for enforcing access decisions that is adaptable and dynamic,based on multilayer hybrid deep learning techniques,particularly the Tabular Deep Neural Network Tabular DNN method.This technique transforms all input attributes in an access request into a binary classification(allow or deny)using multiple layers,ensuring accurate and efficient access decision-making.The proposed solution was evaluated using the Kaggle Amazon access control policy dataset and demonstrated its effectiveness by achieving a 94%accuracy rate.Additionally,the proposed solution enhances the implementation of access decisions based on a variety of resource and user attributes while ensuring privacy through indirect communication with the Policy Administration Point(PAP).This solution significantly improves the flexibility of access control systems,making themmore dynamic and adaptable to the evolving needs ofmodern organizations.Furthermore,it offers a scalable approach to manage the complexities associated with the BYOD environment,providing a robust framework for secure and efficient access management.展开更多
Abstract: Two-tier heterogeneous networks (HetNets), where the current cellular networks, i.e., macrocells, are overlapped with a large number of randomly distributed femtocells, can potentially bring significant b...Abstract: Two-tier heterogeneous networks (HetNets), where the current cellular networks, i.e., macrocells, are overlapped with a large number of randomly distributed femtocells, can potentially bring significant benefits to spectral utilization and system capacity. The interference management and access control for open and closed femtocells in two-tier HetNets were focused. The contributions consist of two parts. Firstly, in order to reduce the uplink interference caused by MUEs (macrocell user equipments) at closed femtocells, an incentive mechanism to implement interference mitigation was proposed. It encourages femtoeells that work with closed-subscriber-group (CSG) to allow the interfering MUEs access in but only via uplink, which can reduce the interference significantly and also benefit the marco-tier. The interference issue was then studied in open-subscriber-group (OSG) femtocells from the perspective of handover and mobility prediction. Inbound handover provides an alternative solution for open femtocells when interference turns up, while this accompanies with PCI (physical cell identity) confusion during inbound handover. To reduce the PCI confusion, a dynamic PCI allocation scheme was proposed, by which the high handin femtocells have the dedicated PCI while the others share the reuse PCIs. A Markov chain based mobility prediction algorithm was designed to decide whether the femtoeell status is with high handover requests. Numerical analysis reveals that the UL interference is managed well for the CSG femtocell and the PCI confusion issue is mitigated greatly in OSG femtocell compared to the conventional approaches.展开更多
Mobility in Wireless Sensor Network (WSN) presents distinctive challenges in Medium Access Control (MAC) scheme. Numerous MAC protocols for sensor networks assume that sensor nodes are static and focus primarily on en...Mobility in Wireless Sensor Network (WSN) presents distinctive challenges in Medium Access Control (MAC) scheme. Numerous MAC protocols for sensor networks assume that sensor nodes are static and focus primarily on energy efficiency. This work seeks to develop an improved mobility conscious medium access control scheme for wireless sensor networks with a view to enhance energy conservation on mobile sensor nodes. On this note, mobility patterns of different scenarios are modelled using Gauss Markov Mobility Model (GMMM) to determine the position and distance of the sensor nodes and how they are correlated in time.展开更多
This study proposes a new multiple access con-trol protocol named distributed synchronous reservation mul-tiple access control protocol,in which the hidden and exposed terminal problems are solved,and the quality of s...This study proposes a new multiple access con-trol protocol named distributed synchronous reservation mul-tiple access control protocol,in which the hidden and exposed terminal problems are solved,and the quality of service(QoS)requirements for real-time traffic are guaranteed.The protocol is founded on time division multiplex address and a different type of traffic is assigned to different priority,according to which a node should compete for and reserve the free slots in a different method.Moreover,there is a reservation acknowledgement process before data transmit in each reserved slot,so that the intruded terminal problem is solved.The throughput and average packets drop probability of this protocol are analyzed and simulated in a fully connected network,the results of which indicate that this protocol is efficient enough to support the real-time traffic,and it is more suitable to MANETs.展开更多
As mobile networks become high speed and attain an all-IP structure, more services are possible. This brings about many new security requirements that traditional security programs cannot handle. This paper analyzes s...As mobile networks become high speed and attain an all-IP structure, more services are possible. This brings about many new security requirements that traditional security programs cannot handle. This paper analyzes security threats and the needs of 3G/4G mobile networks, and then proposes a novel protection scheme for them based on their whole structure. In this scheme, a trusted computing environment is constructed on the mobile terminal side by combining software validity verification with access control. At the security management center, security services such as validity verification and integrity check are provided to mobile terminals. In this way, terminals and the network as a whole are secured to a much greater extent. This paper also highlights problems to be addressed in future research and development.展开更多
In order to resolve the hidden and exposed terminal problems and improve the probability of concurrent packet transmissions for multihop Mobile Ad Hoc Networks (MANETs), a novel slotted Asyrmaetric Dual-Channel Medi...In order to resolve the hidden and exposed terminal problems and improve the probability of concurrent packet transmissions for multihop Mobile Ad Hoc Networks (MANETs), a novel slotted Asyrmaetric Dual-Channel Medium Access Control (ADC-MAC) protocol is proposed. It exploits sirmltaneous reservation with less collisions and conision-flee data packet transmissions, and achieves optimal transmission balance on the Control Channel (CCH) and Data Channel (DCH) by adjusting the relationship between Reservation Slot (RS) on the CCH and the data packet Transmission Slot (TS) on the DCH. Transmission interferences can be avoided by only observing CCH for the transmission time of a data packet. The proposed RS and contention micro-slot backoff mechanisms also greatly improve channel access efficiency. Simulation results show that compared to IFEE 802. 11 DCF and -Mc protocols, the proposed protocol can achieve a throughput gain of 88% in singlehop networks and 151% in nltihop networks at the same total data rate.展开更多
This paper proposes a new multi-channel Medium Access Control (MAC) protocol named as Dual Reservation Code Division Multiple Access (CDMA) based MAC protocol with Power Control (DRCPC). The code channel is divided in...This paper proposes a new multi-channel Medium Access Control (MAC) protocol named as Dual Reservation Code Division Multiple Access (CDMA) based MAC protocol with Power Control (DRCPC). The code channel is divided into common channel,broadcast channel and several data chan-nels. And dynamic power control mechanism is implemented to reduce near-far interference. Compared with IEEE 802.11 Distributed Coordination Function (DCF) protocol,the results show that the pro-posed mechanism improves the average throughput and limits the transmission delay efficiently.展开更多
Wireless sensor network (WSN) requires robust and efficient communication protocols to minimise delay and save energy. The lifetime of WSN can be maximised by selecting proper medium access control (MAC) scheme de...Wireless sensor network (WSN) requires robust and efficient communication protocols to minimise delay and save energy. The lifetime of WSN can be maximised by selecting proper medium access control (MAC) scheme depending on the contention level of the network. The throughput of WSN however reduces due to channel fading effects even with the proper design of MAC protocol. Hence this paper proposes a new MAC scheme for enabling packet transmission using cooperative multi-input multi-output (MIMO) utilising space time codes(STC) such as space time block code (STBC), space time trellis code (STTC) to achieve higher energy savings and lower delay by allowing nodes to transmit and receive information jointly. The performance of the proposed MAC protocol is evaluated in terms of transmission error probability, energy consumption and delay. Simulation results show that the proposed cooperative MIMO MAC protocol provides reliable and efficient transmission by leveraging MIMO diversity gains.展开更多
Modern battlefield doctrine is based on mobility, flexibility, and rapid response to changing situations. As is well known, mobile ad hoc network systems are among the best utilities for battlefield activity. Although...Modern battlefield doctrine is based on mobility, flexibility, and rapid response to changing situations. As is well known, mobile ad hoc network systems are among the best utilities for battlefield activity. Although much research has been done on secure routing, security issues have largely been ignored in applying mobile ad hoc network theory to computer technology. An ad hoc network is usually assumed to be homogeneous, which is an irrational assumption for armies. It is clear that soldiers, commanders, and commanders-in-chief should have different security levels and computation powers as they have access to asymmetric resources. Imitating basic military rank levels in battlefield situations, how multilevel security can be introduced into ad hoc networks is indicated, thereby controlling restricted classified information flows among nodes that have different security levels.展开更多
Security vulnerability of denial of service (DoS) in time out-medium access control (T-MAC) protocol was discussed and analysis of power consumption at each stage of T-MAC protocol was carried out. For power efficient...Security vulnerability of denial of service (DoS) in time out-medium access control (T-MAC) protocol was discussed and analysis of power consumption at each stage of T-MAC protocol was carried out. For power efficient authentication scheme which can provide reliability, efficiency, and security for a general T-MAC communication, a novel synchronization and authentication scheme using authentication masking code was proposed. Authentication data were repeated and masked by PN sequence. The simulation results show that the proposed approach can provide synchronization and authentication simultaneously for nodes in wireless sensor network (WSN). 63 bits AMC code gives above 99.97% synchronization detection and 93.98% authentication data detection probability in BER 0.031 7.展开更多
Big data has a strong demand for a network infrastructure with the capability to support data sharing and retrieval efficiently. Information-centric networking (ICN) is an emerging approach to satisfy this demand, w...Big data has a strong demand for a network infrastructure with the capability to support data sharing and retrieval efficiently. Information-centric networking (ICN) is an emerging approach to satisfy this demand, where big data is cached ubiquitously in the network and retrieved using data names. However, existing authentication and authorization schemes rely mostly on centralized servers to provide certification and mediation services for data retrieval. This causes considerable traffic overhead for the secure distributed sharing of data. To solve this problem, we employ identity-based cryptography (IBC) to propose a Distributed Authentication and Authorization Scheme (DAAS), where an identity-based signature (IBS) is used to achieve distributed verifications of the identities of publishers and users. Moreover, Ciphertext-Policy Attribnte-based encryption (CP-ABE) is used to enable the distributed and fine-grained authorization. DAAS consists of three phases: initialization, secure data publication, and secure data retrieval, which seamlessly integrate authentication and authorization with the in- terest/data communication paradigm in ICN. In particular, we propose trustworthy registration and Network Operator and Authority Manifest (NOAM) dissemination to provide initial secure registration and enable efficient authentication for global data retrieval. Meanwhile, Attribute Manifest (AM) distribution coupled with automatic attribute update is proposed to reduce the cost of attribute retrieval. We examine the performance of the proposed DAAS, which shows that it can achieve a lower bandwidth cost than existing schemes.展开更多
Secure authentication and accurate localization among Internet of Things(IoT)sensors are pivotal for the functionality and integrity of IoT networks.IoT authentication and localization are intricate and symbiotic,impa...Secure authentication and accurate localization among Internet of Things(IoT)sensors are pivotal for the functionality and integrity of IoT networks.IoT authentication and localization are intricate and symbiotic,impacting both the security and operational functionality of IoT systems.Hence,accurate localization and lightweight authentication on resource-constrained IoT devices pose several challenges.To overcome these challenges,recent approaches have used encryption techniques with well-known key infrastructures.However,these methods are inefficient due to the increasing number of data breaches in their localization approaches.This proposed research efficiently integrates authentication and localization processes in such a way that they complement each other without compromising on security or accuracy.The proposed framework aims to detect active attacks within IoT networks,precisely localize malicious IoT devices participating in these attacks,and establish dynamic implicit authentication mechanisms.This integrated framework proposes a Correlation Composition Awareness(CCA)model,which explores innovative approaches to device correlations,enhancing the accuracy of attack detection and localization.Additionally,this framework introduces the Pair Collaborative Localization(PCL)technique,facilitating precise identification of the exact locations of malicious IoT devices.To address device authentication,a Behavior and Performance Measurement(BPM)scheme is developed,ensuring that only trusted devices gain access to the network.This work has been evaluated across various environments and compared against existing models.The results prove that the proposed methodology attains 96%attack detection accuracy,84%localization accuracy,and 98%device authentication accuracy.展开更多
基金partly supported by the University of Malaya Impact Oriented Interdisci-plinary Research Grant under Grant IIRG008(A,B,C)-19IISS.
文摘Organizations are adopting the Bring Your Own Device(BYOD)concept to enhance productivity and reduce expenses.However,this trend introduces security challenges,such as unauthorized access.Traditional access control systems,such as Attribute-Based Access Control(ABAC)and Role-Based Access Control(RBAC),are limited in their ability to enforce access decisions due to the variability and dynamism of attributes related to users and resources.This paper proposes a method for enforcing access decisions that is adaptable and dynamic,based on multilayer hybrid deep learning techniques,particularly the Tabular Deep Neural Network Tabular DNN method.This technique transforms all input attributes in an access request into a binary classification(allow or deny)using multiple layers,ensuring accurate and efficient access decision-making.The proposed solution was evaluated using the Kaggle Amazon access control policy dataset and demonstrated its effectiveness by achieving a 94%accuracy rate.Additionally,the proposed solution enhances the implementation of access decisions based on a variety of resource and user attributes while ensuring privacy through indirect communication with the Policy Administration Point(PAP).This solution significantly improves the flexibility of access control systems,making themmore dynamic and adaptable to the evolving needs ofmodern organizations.Furthermore,it offers a scalable approach to manage the complexities associated with the BYOD environment,providing a robust framework for secure and efficient access management.
基金Project(2012AA01A301-01)supported by the National High-Tech Research and Development Plan of ChinaProjects(61301148,61272061)supported by the National Natural Science Foundation of China+3 种基金Projects(20120161120019,2013016111002)supported by the Research Fund for the Doctoral Program of Higher Education of ChinaProjects(14JJ7023,10JJ5069)supported by the Natural Science Foundation of Hunan Province,ChinaProject(ISN12-05)supported by State Key Laboratory of Integrated Services Networks Open Foundation,ChinaProject(531107040276)supported by the Fundamental Research Funds for the Central Universities,China
文摘Abstract: Two-tier heterogeneous networks (HetNets), where the current cellular networks, i.e., macrocells, are overlapped with a large number of randomly distributed femtocells, can potentially bring significant benefits to spectral utilization and system capacity. The interference management and access control for open and closed femtocells in two-tier HetNets were focused. The contributions consist of two parts. Firstly, in order to reduce the uplink interference caused by MUEs (macrocell user equipments) at closed femtocells, an incentive mechanism to implement interference mitigation was proposed. It encourages femtoeells that work with closed-subscriber-group (CSG) to allow the interfering MUEs access in but only via uplink, which can reduce the interference significantly and also benefit the marco-tier. The interference issue was then studied in open-subscriber-group (OSG) femtocells from the perspective of handover and mobility prediction. Inbound handover provides an alternative solution for open femtocells when interference turns up, while this accompanies with PCI (physical cell identity) confusion during inbound handover. To reduce the PCI confusion, a dynamic PCI allocation scheme was proposed, by which the high handin femtocells have the dedicated PCI while the others share the reuse PCIs. A Markov chain based mobility prediction algorithm was designed to decide whether the femtoeell status is with high handover requests. Numerical analysis reveals that the UL interference is managed well for the CSG femtocell and the PCI confusion issue is mitigated greatly in OSG femtocell compared to the conventional approaches.
文摘Mobility in Wireless Sensor Network (WSN) presents distinctive challenges in Medium Access Control (MAC) scheme. Numerous MAC protocols for sensor networks assume that sensor nodes are static and focus primarily on energy efficiency. This work seeks to develop an improved mobility conscious medium access control scheme for wireless sensor networks with a view to enhance energy conservation on mobile sensor nodes. On this note, mobility patterns of different scenarios are modelled using Gauss Markov Mobility Model (GMMM) to determine the position and distance of the sensor nodes and how they are correlated in time.
基金supported by the National Natural Science Foundation of China(Grant Nos.60372048,60496316)the Hi-Tech Research and Development Program of China(No.2005AA123910).
文摘This study proposes a new multiple access con-trol protocol named distributed synchronous reservation mul-tiple access control protocol,in which the hidden and exposed terminal problems are solved,and the quality of service(QoS)requirements for real-time traffic are guaranteed.The protocol is founded on time division multiplex address and a different type of traffic is assigned to different priority,according to which a node should compete for and reserve the free slots in a different method.Moreover,there is a reservation acknowledgement process before data transmit in each reserved slot,so that the intruded terminal problem is solved.The throughput and average packets drop probability of this protocol are analyzed and simulated in a fully connected network,the results of which indicate that this protocol is efficient enough to support the real-time traffic,and it is more suitable to MANETs.
基金funded by the National High-Technology Research and Development Program of China"(863"Program)under Grant No.2009AA01Z427
文摘As mobile networks become high speed and attain an all-IP structure, more services are possible. This brings about many new security requirements that traditional security programs cannot handle. This paper analyzes security threats and the needs of 3G/4G mobile networks, and then proposes a novel protection scheme for them based on their whole structure. In this scheme, a trusted computing environment is constructed on the mobile terminal side by combining software validity verification with access control. At the security management center, security services such as validity verification and integrity check are provided to mobile terminals. In this way, terminals and the network as a whole are secured to a much greater extent. This paper also highlights problems to be addressed in future research and development.
基金Acknowledgements This work was supported partially by the National Natural Science Foundation of China under Gants No. 60872011, No. 61171074 the National S&T Major Project of China under Gant No. 2010ZX03003-003-03+1 种基金 the Program for New Century Excellent Talents in University the Fundamental Research Funds for the Central Universities.
文摘In order to resolve the hidden and exposed terminal problems and improve the probability of concurrent packet transmissions for multihop Mobile Ad Hoc Networks (MANETs), a novel slotted Asyrmaetric Dual-Channel Medium Access Control (ADC-MAC) protocol is proposed. It exploits sirmltaneous reservation with less collisions and conision-flee data packet transmissions, and achieves optimal transmission balance on the Control Channel (CCH) and Data Channel (DCH) by adjusting the relationship between Reservation Slot (RS) on the CCH and the data packet Transmission Slot (TS) on the DCH. Transmission interferences can be avoided by only observing CCH for the transmission time of a data packet. The proposed RS and contention micro-slot backoff mechanisms also greatly improve channel access efficiency. Simulation results show that compared to IFEE 802. 11 DCF and -Mc protocols, the proposed protocol can achieve a throughput gain of 88% in singlehop networks and 151% in nltihop networks at the same total data rate.
基金Supported by the Science Foundation of Shanghai Mu-nicipal Commission of Science and Technology under contract 045115012.
文摘This paper proposes a new multi-channel Medium Access Control (MAC) protocol named as Dual Reservation Code Division Multiple Access (CDMA) based MAC protocol with Power Control (DRCPC). The code channel is divided into common channel,broadcast channel and several data chan-nels. And dynamic power control mechanism is implemented to reduce near-far interference. Compared with IEEE 802.11 Distributed Coordination Function (DCF) protocol,the results show that the pro-posed mechanism improves the average throughput and limits the transmission delay efficiently.
文摘Wireless sensor network (WSN) requires robust and efficient communication protocols to minimise delay and save energy. The lifetime of WSN can be maximised by selecting proper medium access control (MAC) scheme depending on the contention level of the network. The throughput of WSN however reduces due to channel fading effects even with the proper design of MAC protocol. Hence this paper proposes a new MAC scheme for enabling packet transmission using cooperative multi-input multi-output (MIMO) utilising space time codes(STC) such as space time block code (STBC), space time trellis code (STTC) to achieve higher energy savings and lower delay by allowing nodes to transmit and receive information jointly. The performance of the proposed MAC protocol is evaluated in terms of transmission error probability, energy consumption and delay. Simulation results show that the proposed cooperative MIMO MAC protocol provides reliable and efficient transmission by leveraging MIMO diversity gains.
基金the National Natural Science Foundation of China (60773049)the Natural Science Foundationof Jiangsu Province (BK2007086)the Fundamental Research Project of Natural Science in Colleges of Jiangsu Province(07KJB520016).
文摘Modern battlefield doctrine is based on mobility, flexibility, and rapid response to changing situations. As is well known, mobile ad hoc network systems are among the best utilities for battlefield activity. Although much research has been done on secure routing, security issues have largely been ignored in applying mobile ad hoc network theory to computer technology. An ad hoc network is usually assumed to be homogeneous, which is an irrational assumption for armies. It is clear that soldiers, commanders, and commanders-in-chief should have different security levels and computation powers as they have access to asymmetric resources. Imitating basic military rank levels in battlefield situations, how multilevel security can be introduced into ad hoc networks is indicated, thereby controlling restricted classified information flows among nodes that have different security levels.
文摘Security vulnerability of denial of service (DoS) in time out-medium access control (T-MAC) protocol was discussed and analysis of power consumption at each stage of T-MAC protocol was carried out. For power efficient authentication scheme which can provide reliability, efficiency, and security for a general T-MAC communication, a novel synchronization and authentication scheme using authentication masking code was proposed. Authentication data were repeated and masked by PN sequence. The simulation results show that the proposed approach can provide synchronization and authentication simultaneously for nodes in wireless sensor network (WSN). 63 bits AMC code gives above 99.97% synchronization detection and 93.98% authentication data detection probability in BER 0.031 7.
文摘Big data has a strong demand for a network infrastructure with the capability to support data sharing and retrieval efficiently. Information-centric networking (ICN) is an emerging approach to satisfy this demand, where big data is cached ubiquitously in the network and retrieved using data names. However, existing authentication and authorization schemes rely mostly on centralized servers to provide certification and mediation services for data retrieval. This causes considerable traffic overhead for the secure distributed sharing of data. To solve this problem, we employ identity-based cryptography (IBC) to propose a Distributed Authentication and Authorization Scheme (DAAS), where an identity-based signature (IBS) is used to achieve distributed verifications of the identities of publishers and users. Moreover, Ciphertext-Policy Attribnte-based encryption (CP-ABE) is used to enable the distributed and fine-grained authorization. DAAS consists of three phases: initialization, secure data publication, and secure data retrieval, which seamlessly integrate authentication and authorization with the in- terest/data communication paradigm in ICN. In particular, we propose trustworthy registration and Network Operator and Authority Manifest (NOAM) dissemination to provide initial secure registration and enable efficient authentication for global data retrieval. Meanwhile, Attribute Manifest (AM) distribution coupled with automatic attribute update is proposed to reduce the cost of attribute retrieval. We examine the performance of the proposed DAAS, which shows that it can achieve a lower bandwidth cost than existing schemes.
文摘Secure authentication and accurate localization among Internet of Things(IoT)sensors are pivotal for the functionality and integrity of IoT networks.IoT authentication and localization are intricate and symbiotic,impacting both the security and operational functionality of IoT systems.Hence,accurate localization and lightweight authentication on resource-constrained IoT devices pose several challenges.To overcome these challenges,recent approaches have used encryption techniques with well-known key infrastructures.However,these methods are inefficient due to the increasing number of data breaches in their localization approaches.This proposed research efficiently integrates authentication and localization processes in such a way that they complement each other without compromising on security or accuracy.The proposed framework aims to detect active attacks within IoT networks,precisely localize malicious IoT devices participating in these attacks,and establish dynamic implicit authentication mechanisms.This integrated framework proposes a Correlation Composition Awareness(CCA)model,which explores innovative approaches to device correlations,enhancing the accuracy of attack detection and localization.Additionally,this framework introduces the Pair Collaborative Localization(PCL)technique,facilitating precise identification of the exact locations of malicious IoT devices.To address device authentication,a Behavior and Performance Measurement(BPM)scheme is developed,ensuring that only trusted devices gain access to the network.This work has been evaluated across various environments and compared against existing models.The results prove that the proposed methodology attains 96%attack detection accuracy,84%localization accuracy,and 98%device authentication accuracy.
