User privacy preservation is critical to prevent many sophisticated attacks that are based on the user's server access patterns and ID-related information. We propose a password-based user authentication scheme that provides strong privacy protection using one-time credentials. It eliminates the possibility of tracing a user's authentication history and hides the user's ID and password even from servers. In addition, it is resistant against user impersonation even if both a server's verification database and a user's smart card storage are disclosed. We also provide a revocation scheme for a user to promptly invalidate the user's credentials on a server when the user's smart card is compromised. The schemes use lightweight operations only such as computing hashes and bitwise XORs.

Passive optical network topology has been widely adopted in access networks due to its low-cost and yet flexible network structure. To further promote the passive optical networks, the cost reduction of optical modules is critical. Relatively expensive combination of a conventional index-coupled distributed feedback laser diode (IC-DFB-LD) and an optical isolator is commonly used for passive optical networks with transmission distance more than 30 km. Although gain-coupled DFB-LDs (GC-DFB-LD) have been widely investigated in the hope of eliminating the isolator in optical modules, their limited output power keeps them from practical use in passive optical networks. In this paper, we describe the development of 1.31 µm and 1.49 µm GC-DFB-LDs with high output power and optical feed back tolerance for isolator-free optical modules in access networks. The relative intensity noise (RIN) degradation was well suppressed below -120 dB/Hz at -8 dB optical feedback in the temperatures range from 0 to 85 from both 1.31 µm and 1.49 µm GC-DFB-LDs. Optical feedback tolerance of 1.31 µm and 1.49 µm GC-DFB-LDs were improved by more than 6 dB and 4 dB as compared with conventional IC-DFB-LDs. Dispersion power penalty after over 30 km transmission at 1.25 Gbps were achieved less than 0.3 dB and 0.7 dB under -15 dB optical feedback conditions. The proposed 1.31 µm GC-DFB-LD prototypes experimentally demonstrated 14 mW output power with over 5,000-hour operation at 85. Our devices are found to fully complying IEEE 802.3ah standard and seem to be promising for the low-cost optical modules in long-reach access network applications. The details of the device structure as well as transmission experiments are also reported.

Random substitutions are very useful and practical method for privacy-preserving schemes. In this paper we obtain the exact relationship between the estimation errors and three parameters used in the random substitutions, namely the privacy assurance metric γ, the total number n of data records, and the size N of transition matrix. We also demonstrate some simulations concerning the theoretical result.

In this letter, we propose a Throughput-aimed MAC Protocol with Quality of Service (QoS) provision (T-MAC) for cognitive Ad Hoc networks. This protocol operates based on the Time Division Multiple Access (TDMA) slot assignments and the power control mechanism, which can improve the QoS provision and network throughput. Our simulation results show that the T-MAC protocol can efficiently increase the network throughput and reduce the access delay.

This paper deals with a design problem of an observer-based robust stabilizing controller for a class of polytopic uncertain systems. The proposed controller synthesis differs from the conventional quadratic stabilization based on Lyapunov criterion and is based on the computation of the system's trajectory. In this paper, we show a LMI-based design method of the observer-based robust controller. The effectiveness of the proposed controller design approach is presented through a simple numerical example.

Broadband wireless access networks are promising technology for providing better end user services. For such networks, designing a scheduling algorithm that fairly allocates the available bandwidth to the end users and maximizes the overall network throughput is a challenging task. In this paper, we develop a centralized fair scheduling algorithm for IEEE 802.16 mesh networks that exploits the spatio-temporal bandwidth reuse to further enhance the network throughput. The proposed mechanism reduces the length of a transmission round by increasing the number of non-contending links that can be scheduled simultaneously. We also propose a greedy algorithm that runs in polynomial time. Performance of the proposed algorithms is evaluated by extensive simulations. Results show that our algorithms achieve higher throughput than that of the existing ones and reduce the computational complexity.

In this letter, we propose distorted scenes enhancement algorithm in order to provide end user perceptual QoE-guaranteed IPTV service. The block edge detection with weight factor and partition-based local color values method can be applied for the degraded video frames which are affected by network transmission errors such as out of order, jitter, and packet loss to improve QoE efficiently. Based on the result of quality metric after using the distorted scenes enhancement algorithm, the distorted scenes have been restored better than others.

The dynamic channel allocation (DCA) scheme in multi-cell systems causes serious inter-cell interference (ICI) problem to some existing calls when channels for new calls are allocated. Such a problem can be addressed by advanced centralized DCA design that is able to minimize ICI. Thus, in this paper, a centralized DCA is developed for the downlink of multi-cell orthogonal frequency division multiple access (OFDMA) systems with full spectral reuse. However, in practice, as the search space of channel assignment for centralized DCA scheme in multi-cell systems grows exponentially with the increase of the number of required calls, channels, and cells, it becomes an NP-hard problem and is currently too complicated to find an optimum channel allocation. In this paper, we propose an ant colony optimization (ACO) based DCA scheme using a low-complexity ACO algorithm which is a kind of heuristic algorithm in order to solve the aforementioned problem. Simulation results demonstrate significant performance improvements compared to the existing schemes in terms of the grade of service (GoS) performance and the forced termination probability of existing calls without degrading the system performance of the average throughput.

In differentiated services, packet classification is used to categorize incoming packets into multiple forwarding classes based on pre-defined filters and make information accessible for quality of service. Although numerous algorithms have presented novel data structures to improve the search performance of packet classification, the performance of these algorithms are usually limited by the characteristics of filter databases. In this paper, we use a different approach of filter preprocessing to enhance the search performance of packet classification. Before generating the searchable data structures, we cluster filters in a bottom-up manner. The procedure of the filter clustering merges filters with high degrees of similarity. The experimental results show that the technique of filter clustering could significantly improve the search performance of Pruned Tuple Space Search, a notable hash-based algorithm. As compared to the prominent existing algorithms, our enhanced Pruned Tuple Space Search also has superior performance in terms of speed and space.

Provider authentication is necessary in bidirectional broadcasting services, and a digital signature scheme is often used to prevent an adversary from attempting impersonation. The cost of secure signing key management is extremely high. In addition, the key has to be updated very often, since it is frequently used. The result is that the verification key also has to be updated very often, and its redistribution cost is huge. These costs are real and substantive problems, especially when the number of users is large. In this paper, we propose a system that dramatically reduces these costs. In the system, the signing key is updated, but the corresponding verification key does not have to be updated. This means that the signing key can be updated without any cost for redistributing the verification key and that the system is secure against the threat of signing key leakage, since the key can be frequently updated. Moreover, we propose a new key management method that divides a conventional key management server's role into two. The use of a key-insulated signature (KIS) scheme enables low-cost and more secure key management with two servers. Finally, to make a bidirectional broadcasting service more secure even if the signing key is leaked, we developed a new strong KIS scheme. We performed an experiment that assessed the cost of our strong KIS scheme and found that it is sufficiently low. Accordingly, a provider authentication system employing this scheme would be more efficient and would have lower key redistribution and network costs in comparison with conventional authentication systems.

Context-aware systems detect user's physical and social contexts based on sensor networks, and provide services that adapt to the user accordingly. Representing, detecting, and managing the contexts are important issues in context-aware systems. Composition of contexts is a useful method for these works, since it can detect a context by automatically composing small pieces of information to discover service. Danger-aware services are a kind of context-aware services which need description of relations between a user and his/her surrounding objects and between users. However when applying the existing composition methods to danger-aware services, they show the following shortcomings that (1) they have not provided an explicit method for representing composition of multi-user' contexts, (2) there is no flexible reasoning mechanism based on similarity of contexts, so that they can just provide services exactly following the predefined context reasoning rules. Therefore, in this paper, we propose a two-stage composition method based on context similarity to solve the above problems. The first stage is composition of the useful information to represent the context for a single user. The second stage is composition of multi-users' contexts to provide services by considering the relation of users. Finally the danger degree of the detected context is computed by using context similarity between the detected context and the predefined context. Context is dynamically represented based on two-stage composition rules and a Situation theory based Ontology, which combines the advantages of Ontology and Situation theory. We implement the system in an indoor ubiquitous environment, and evaluate the system through two experiments with the support of subjects. The experiment results show the method is effective, and the accuracy of danger detection is acceptable to a danger-aware system.

Secret Handshake protocol allows members of the same group to authenticate each other secretly. That is, two members who belong to the same group can learn counterpart is in the same group, while non-member of the group cannot determine whether the counterpart is a member of the group or not. Yamashita and Tanaka proposed Secret Handshake Scheme with Multiple Groups (SHSMG). They extended a single group setting to a multiple groups setting where two members output "accept" iff both member's affiliations of the multiple groups are identical. In this paper, we first show the flaw of their SHSMG, and we construct a new secure SHSMG. Second, we introduce a new concept of Secret Handshake scheme, "monotone condition Secret Handshake with Multiple Groups (mc-SHSMG)," in order to extend the condition of "accept." In our new setting of handshake protocol, members can authenticate each other in monotone condition (not only both member's affiliations are identical but also the affiliations are not identical). The communication costs and computational costs of our proposed mc-SHSMG are fewer than the trivial construction of mc-SHSMG.

This paper proposes a novel adaptive image interpolation method using an edge-directed smoothness filter. Adaptive image interpolation methods tend to create higher visual quality images than traditional interpolation methods such as bicubic interpolation. These methods, however, often suffer from high computational costs and production of inadequate interpolated pixels. We propose a novel method to overcome these problems. Our approach is to estimate the enlarged image from the original image based on an observation model. Obtaining an image with edge-directed smoothness, we constrain the estimated image to have many edge-directed smooth pixels which are measured by using the edge-directed smoothness filter introduced in this paper. Additionally, we also propose a simplification of our algorithm to run with lower computational complexity and smaller memory. Simulation results show that the proposal method produces images with high visual quality and performs well on PSNR and computational times.

Privacy-preserving clustering (PPC in short) is important in publishing sensitive time-series data. Previous PPC solutions, however, have a problem of not preserving distance orders or incurring privacy breach. To solve this problem, we propose a new PPC approach that exploits Fourier magnitudes of time-series. Our magnitude-based method does not cause privacy breach even though its techniques or related parameters are publicly revealed. Using magnitudes only, however, incurs the distance order problem, and we thus present magnitude selection strategies to preserve as many Euclidean distance orders as possible. Through extensive experiments, we showcase the superiority of our magnitude-based approach.

This paper proposes a robust state observer for multi-input multi-output LTI systems. Unknown inputs of polynomial form and high-frequency measurement noises are considered in the system model. The unknown inputs and the noises are not in the same form. Multiple integrations of both the observer error signal and the measurement output are used for the observer design. The existence condition of the proposed observer is shown to be the same as that of the proportional-integral (PI) observer. Computer simulations show the effectiveness of the proposed observer.

This letter presents an optimal user selection algorithm that provides a maximum sum-rate in a zero-forcing based Multiuser MIMO system for downlink. The proposed technique forms a primary group of users whose channel power exceeds a predetermined threshold. Through computer simulations, we have found that the proposed method outperforms the conventional technique yielding a sum rate that is 0.33 bps/Hz higher when the transmit SNR is 10 dB and the total number of users and transmit antennas in the cell is 100 and 4, respectively.

In key-recovery methods using smart cards, a user can recover the disk encryption key in cooperation with the system administrator, even if the user has lost the smart card including the disk encryption key. However, the disk encryption key is known to the system administrator in advance in most key-recovery methods. Hence user's disk data may be read by the system administrator. Furthermore, if the disk encryption key is not known to the system administrator in advance, it is difficult to achieve a key authentication. In this paper, we propose a scheme which enables to recover the disk encryption key when the user's smart card is lost. In our scheme, the disk encryption key is not preserved anywhere and then the system administrator cannot know the key before key-recovery phase. Only someone who has a user's smart card and knows the user's password can decrypt that user's disk data. Furthermore, we measured the processing time required for user authentication in an experimental environment using a virtual machine monitor. As a result, we found that this processing time is short enough to be practical.

The Distributed Denial of Service attack (DDoS) is one of the major threats to network security that exhausts network bandwidth and resources. Recently, an efficient approach Live Baiting was proposed for detecting the identities of DDoS attackers in web service using low state overhead without requiring either the models of legitimate requests nor anomalous behavior. However, Live Baiting has two limitations. First, the detection algorithm adopted in Live Baiting starts with a suspects list containing all clients, which leads to a high false positive probability especially for large web service with a huge number of clients. Second, Live Baiting adopts a fixed threshold based on the expected number of requests in each bucket during the detection interval without the consideration of daily and weekly traffic variations. In order to address the above limitations, we first distinguish the clients activities (Active and Non-Active clients during the detection interval) in the detection process and then further propose a new adaptive threshold based on the Change Point Detection method, such that we can improve the false positive probability and avoid the dependence of detection on sites and access patterns. Extensive trace-driven simulation has been conducted on real Web trace to demonstrate the detection efficiency of the proposed scheme in comparison with the Live Baiting detection scheme.

Traditional double auction protocols only concern the price information of participants without considering their QoS requirements, which makes them unsuitable for the service grid. In this paper we first introduce QoS information into double auction to present the QoS-enabled Double Auction Protocol (QDAP). QDAP tries to assign the asks which have the least candidate bids firstly to make more participants trade and provides QoS guarantee at the same time. Simulation experiments have been performed to compare QDAP with two traditional double auction protocols and the result shows that QDAP is more suitable for the service grid.

Mobile devices, such as cellular phones and car navigation systems, are essential to daily life. People acquire necessary information and preferred content over communication networks anywhere, anytime. However, usability issues arise from the simplicity of user interfaces themselves. Thus, a recommendation of content that is adapted to a user's preference and situation will help the user select content. In this paper, we describe a method to realize such a system using Bayesian networks. This user-adapted mobile system is based on a user model that provides recommendation of content (i.e., restaurants, shops, and music that are suitable to the user and situation) and that learns incrementally based on accumulated usage history data. However, sufficient samples are not always guaranteed, since a user model would require combined dependency among users, situations, and contents. Therefore, we propose the LK method for modeling, which complements incomplete and insufficient samples using knowledge data, and CPT incremental learning for adaptation based on a small number of samples. In order to evaluate the methods proposed, we applied them to restaurant recommendations made on car navigation systems. The evaluation results confirmed that our model based on the LK method can be expected to provide better generalization performance than that of the conventional method. Furthermore, our system would require much less operation than current car navigation systems from the beginning of use. Our evaluation results also indicate that learning a user's individual preference through CPT incremental learning would be beneficial to many users, even with only a few samples. As a result, we have developed the technology of a system that becomes more adapted to a user the more it is used.