We propose a primary traffic based multihop relaying algorithm with cooperative transmission (PTBMR-CT). It enlarges the hop transmission distances to reduce the number of cognitive relays on the route from the cognitive source (CS) to the cognitive destination (CD). In each hop, from the cognitive nodes in a specified area depending on whether the primary source (PS) transmits data to the primary destination (PD), the cognitive node that is farthest away from the cognitive relay that sends data is selected as the other one that receives data. However, when the PS is transmitting data to the PD, from the cognitive nodes in a specified area, another cognitive node is also selected and prepared to be the cognitive relay that receives data of cooperative transmission. Cooperative transmission is performed if the PS is still transmitting data to the PD when the cognitive relay that receives data of the next hop transmission is being searched. Simulation results show that the average number of cognitive relays is reduced by PTBMR-CT compared to conventional primary traffic based farthest neighbor relaying (PTBFNR), and PTBMR-CT outperforms conventional PTBFNR in terms of the average end-to-end reliability, the average end-to-end throughput, the average required transmission power of transmitting data from the CS to the CD, and the average end-to-end transmission latency.

Role-based access control (RBAC) model has been widely recognized as an efficient access control model and becomes a hot research topic of information security at present. However, in the large-scale enterprise application environments, the traditional RBAC model based on the role hierarchy has the following deficiencies: Firstly, it is unable to reflect the role relationships in complicated cases effectively, which does not accord with practical applications. Secondly, the senior role unconditionally inherits all permissions of the junior role, thus if a user is under the supervisor role, he may accumulate all permissions, and this easily causes the abuse of permission and violates the least privilege principle, which is one of the main security principles. To deal with these problems, we, after analyzing permission types and role relationships, proposed the concept of atom role and built an atom-role-based access control model, called ATRBAC, by dividing the permission set of each regular role based on inheritance path relationships. Through the application-specific analysis, this model can well meet the access control requirements.

An important concept in secret sharing scheme is the access structure. However, determining the access structure of the secret sharing scheme based on a linear code is a very difficult problem. In this work, we provide a method to construct a class of two-weight linear codes over finite rings. Based on the two-weight codes, we present an access structure of a secret sharing scheme.

Recently, there is much concern about the provenance of distributed processes, that is about the documentation of the origin and the processes to produce an object in a distributed system. The provenance has many applications in the forms of medical records, documentation of processes in the computer systems, recording the origin of data in the cloud, and also documentation of human-executed processes. The provenance of distributed processes can be modeled by a directed acyclic graph (DAG) where each node represents an entity, and an edge represents the origin and causal relationship between entities. Without sufficient security mechanisms, the provenance graph suffers from integrity and confidentiality problems, for example changes or deletions of the correct nodes, additions of fake nodes and edges, and unauthorized accesses to the sensitive nodes and edges. In this paper, we propose an integrity mechanism for provenance graph using the digital signature involving three parties: the process executors who are responsible in the nodes' creation, a provenance owner that records the nodes to the provenance store, and a trusted party that we call the Trusted Counter Server (TCS) that records the number of nodes stored by the provenance owner. We show that the mechanism can detect the integrity problem in the provenance graph, namely unauthorized and malicious “authorized” updates even if all the parties, except the TCS, collude to update the provenance. In this scheme, the TCS only needs a very minimal storage (linear with the number of the provenance owners). To protect the confidentiality and for an efficient access control administration, we propose a method to encrypt the provenance graph that allows access by paths and compartments in the provenance graph. We argue that encryption is important as a mechanism to protect the provenance data stored in an untrusted environment. We analyze the security of the integrity mechanism, and perform experiments to measure the performance of both mechanisms.

Light trail architecture is attracting attention as a new optical wavelength-division multiplexing network architecture that can be built with currently available devices and can achieve bandwidth allocation with granularity finer than a wavelength. Because a light trail is a shared medium, we need a medium access control (MAC) protocol to prevent collisions. Although MAC protocols using token passing can prevent collisions, the bandwidths of links that are located upstream of the token holding node are kept idle. We first propose a dynamic light trail splitting method for increasing throughput of a light trail by using such idle bandwidths. Our method splits a trail into upstream and downstream trails at the token holding node, and independent data transmission on the two trails are permitted. As a result, we expect that the split trail architecture will achieve higher throughput than the original non-split trail architecture. The degree of performance improvement with the split trail architecture depends on how appropriately we determine the upstream and downstream token holding times of every transmission node. Thus, we formulate a problem in which we optimize the token holding times to accommodate requested traffic volume as a linear programming problem. We then derive the throughput of the split trail architecture by solving the problem using the NUOPT solver and investigate the degree of improvement over the original architecture. In addition, we evaluate the end-to-end delay of the split trail architecture by simulation. According to numerical examples, the split trail architecture achieves 1) almost the same throughput as the original one for the worst-case traffic pattern where every transmission node sends data to the terminating node of the trail only, 2) about 1.6 times higher throughput for a uniform traffic pattern where every node pair requests the same traffic volume and an extremely unbalanced traffic pattern where only a few node pairs request huge traffic volume, 3) about 1.9 time higher throughput for the split trail architecture's good-case traffic pattern where every transmission node sends data to its adjacent downstream node only, and 4) the end-to-end delay enough to satisfy any application's QoS requirement according to ITU-T Recommendation Y.1541.

We have studied resistance-switching properties of RF sputtered Si-rich oxides sandwiching with Pt electrodes. By sweeping bias to the top Pt electrode, non-polar type resistance switching was observed after a forming process. In comparison to RF sputtered TiOx case, significant small current levels were obtained in both the high resistance state (HRS) and the low resistance state (LRS). And, even with decreasing SiOx thickness down to 8 nm from 40 nm, the ON/OFF ratio in resistance-switching between HRS and LRS as large as 103 was maintained. From the analysis of current-voltage characteristics for Pt/SiOx on p-type Si(100) and n-type Si(100), it is suggested that the red-ox (REDction and OXidation) reaction induced by electron fluence near the Pt/SiOx interface is of importance for obtaining the resistance-switching behavior.

In this paper, the authors focus on upstream transmission in TDMA-based IEEE 802.16j and propose two time slot assignment algorithms to decrease end-to-end transmission latency. One of the proposed algorithms assigns time slots considering the hop count from a gateway node, and the other takes the path from the relay node to the gateway node into account. In addition, a restriction in assigning time slots is introduced to reduce the delay at each relay node. The algorithms with the restriction assign later time slots considering the time slot order of links connecting a relay node. The performance of the proposed algorithms is evaluated through simulation experiments from the viewpoints of frame size and end-to-end transmission latency, and it is confirmed that the proposed algorithms achieve small transmission latency regardless of packet generation rate in the network, and decrease the transmission latency by up to 70% compared with the existing algorithm.

With the proliferation of IEEE 802.11 wireless local area networks, large numbers of wireless access points have been deployed, and it is often the case that a user can detect several access points simultaneously in dense metropolitan areas. Most owners, however, encrypt their networks to prevent the public from accessing them due to the increased traffic and security risk. In this work, we use pricing as an incentive mechanism to motivate the owners to share their networks with the public, while at the same time satisfying users' service demand. Specifically, we propose a “federated network” concept, in which radio resources of various wireless local area networks are managed together. Our algorithm identifies two candidate access points with the lowest price being offered (if available) to each user. We then model the price announcements of access points as a game, and characterize the Nash Equilibrium of the system. The efficiency of the Nash Equilibrium solution is evaluated via simulation studies as well.

We propose an outband sensing-based IEEE 802.11h protocol without a full dynamic frequency selection (DFS) test. This scheme has two features. Firstly, every station performs a cooperative outband sensing, instead of inband sensing during a quiet period. And secondly, as soon as a current channel becomes bad, every station immediately hops to a good channel using the result of outband sensing. Simulation shows the proposed scheme increases network throughput against the legacy IEEE 802.11h.

An OFDMA-based (Orthogonal Frequency Division Multiple Access-based) channel access scheme for dynamic spectrum access has the drawbacks of large PAPR (Peak to Average Power Ratio) and large ACI (Adjacent Channel Interference). To solve these problems, a flexible channel access scheme using an overlap FFT filter-bank was proposed based on single carrier modulation for dynamic spectrum access. In order to apply the overlap FFT filter-bank for dynamic spectrum access, it is necessary to clarify the performance of the overlap FFT filter-bank according to the design parameters since its frequency characteristics are critical for dynamic spectrum access applications. This paper analyzes the overlap FFT filter-bank and evaluates its performance such as frequency characteristics and ACI performance according to the design parameters.

Optical code-division multiple-access (OCDMA) is a promising technique for multimedia transmission in fiber-optic local-area networks (LANs). Variable-weight optical orthogonal codes (OOCs) can be used for OCDMA networks supporting multiple quality of services (QoS). Most constructions for optimal variable-weight OOCs have focused on the case where the number of distinct Hamming weights of all codewords is equal to two, and the codewords of weight 3 are normally included. In this letter, four explicit constructions of optimal (υ,{4,5,6},1,Q)-OOCs are presented, and more new optimal (υ,{4,5,6},1,Q)-OOCs are obtained via recursive constructions. These improve the existing results on optimal variable-weight OOCs with at least three distinct Hamming weights and minimum Hamming weight 4.

The emergence of new services in the cloud computing era has made smooth service migration an important issue in access networks. However, different types of equipment are typically used for the different services due to differences in service requirements. This leads to an increase in not only capital expenditures but also operational expenditures. Here we propose using a service adaptive approach as a solution to this problem. We analyze the requirements of a future access network in terms of service, network, and node. We discuss available access network technologies including the passive optical network, single star network. Finally, we present a future service adaptive access/aggregation network and its architecture along with a programmable optical line terminal and optical network unit, discuss its benefit, and describe example services that it would support.

Trusted network access protocols are proposed for the security and authorization of network-access requests. Because they differ greatly from traditional security protocols on security demands, they can not be analyzed with previous strand space works directly. To solve this problem, we first give some extensions necessary to verify them in this letter. Moreover, we point out Zhuo Ma et al.'s MN-TAP protocol is unsecure based on the Strand Space Model (SSM), and then improve the MN-TAP protocol and show that the improved MN-TAP protocol is secure in the SSM.

Federated identity and access management (FIAM) systems enable a user to access services provided by various organizations seamlessly. In FIAM systems, service providers normally stipulate that their users show assertions issued by allied parties to use their services as well as determine user privileges based on attributes in the assertions. However, the integrity of the attributes is important under certain circumstances. In such a circumstance, all released assertions should reflect modifications made to user attributes. Despite the ability to adopt conventional certification revocation technologies, including CRL or OCSP, to revoke an assertion and request the corresponding user to obtain a new assertion, re-issuing an entirely new assertion if only one attribute, such as user location or other environmental information, is changed would be inefficient. Therefore, this work presents a self-adaptive framework to achieve consistency in federated identity and access management systems (SAFIAM). In SAFIAM, an identity provider (IdP), which authenticates users and provides user attributes, should monitor access probabilities according to user attributes. The IdP can then adopt the most efficient means of ensuring data integrity of attributes based on related access probabilities. While Internet-based services emerge daily that have various access probabilities with respect to their user attributes, the proposed self-adaptive framework significantly contributes to efforts to streamline the use of FIAM systems.

The evolution of Internet, the growth of Internet users and the new enabled technological capabilities place new requirements to form the Future Internet. Many features improvements and challenges were imposed to build a better Internet, including securing roaming of data and services over multiple administrative domains. In this research, we propose a multi-domain access control infrastructure to authenticate and authorize roaming users through the use of the Diameter protocol and EAP. The Diameter Protocol is a AAA protocol that solves the problems of previous AAA protocols such as RADIUS. The Diameter EAP Application is one of Diameter applications that extends the Diameter Base Protocol to support authentication using EAP. The contributions in this paper are: 1) first implementation of Diameter EAP Application, called DiamEAP, capable of practical authentication and authorization services in a multi-domain environment, 2) extensibility design capable of adding any new EAP methods, as loadable plugins, without modifying the main part, and 3) provision of EAP-TLS plugin as one of the most secure EAP methods. DiamEAP Server basic performances were evaluated and tested in a real multi-domain environment where 200 users attempted to access network using the EAP-TLS method during an event of 4 days. As evaluation results, the processing time of DiamEAP using the EAP-TLS plugin for authentication of 10 requests is about 20 ms while that for 400 requests/second is about 1.9 second. Evaluation and operation results show that DiamEAP is scalable and stable with the ability to handle more than 6 hundreds of authentication requests per second without any crashes. DiamEAP is supported by the AAA working group of the WIDE Project.

Various network services, such as virtual private network, cloud computing and Internet protocol television, are often provided across multiple network operators. The difficulty in managing the quality of service across multiple operator domains is the barrier to adoption especially to service level agreement-sensitive and mission critical cases. Federating network resources among operators is necessary to manage the quality of service across operators. To manage network resources of other operator domains, the network operator's federation mechanisms aiming at a future open access network model are essential. In this paper, the mechanisms of the signaling process as well as the capability of the bandwidth broker are proposed for open access networking, where multiple operators are connected via a common access network operator. Considering that both the next generation network and the non-next generation network architectures must coexist, we have analyzed federation mechanisms for establishing practical functional extensions to existing bandwidth broker implementations for the federation signaling. Based on the analysis, the designs of the federation signaling and the required bandwidth broker functional models are proposed. The proposed design is prototyped and the demonstration of the federation signaling shows that the federation mechanism can assure the bandwidth of a targeted live data stream on demand across the trunk and the access network operators even under a congested situation.

Radio frequency on free-space optical (RoFSO) technology is regarded as a new universal platform for enabling seamless convergence of fiber and FSO communication networks, thus extending broadband connectivity to underserved areas. In this paper, we investigate the performance to characterize the transmission of code division multiple access (CDMA) based wireless signals over RoFSO system using aperture averaging (AA) technique under strong turbulence conditions. An analytical model including a modified carrier-to-noise-plus- interference ratio (CNIR) form and a novel closed-form expression for the bit-error rate (BER) is derived. Unlike earlier work, our model takes into consideration the effect of using the AA technique modeled by the gamma-gamma distribution, the optical noises, the intermodulation distortion term due to the laser diode non-linearity and the multiple interference access. By investigating the impact of AA on our model in the strong turbulence regime, we show that there is a design trade-off between the receiver lens aperture and the number of users to achieve a required CNIR ensuring a substantial scintillation fade reduction. The presented work can be used as baseline for the design and performance evaluation of the RoFSO system's ability to transmit different broadband wireless services signals over turbulent FSO links in real scenarios.

In this letter, we propose two antenna grouping schemes for uplink Nx SC-FDMA MIMO systems, where the multiple component carriers can be divided into several groups which are handled by different antennas, thus the number of component carriers on each antenna will be reduced by the group method. As a result, the peak-to-average power ratio (PAPR) of each antenna has been reduced. To further enhance the performance, an interleaving method is proposed to achieve better diversity gain due to the channel varying in the spatial domain and the frequency domain during one turbo coded stream. Our simulation figures clearly demonstrate that in all examples, the proposed schemes are shown to be effective in improving the Block Error Rate (BLER) performance while reducing the PAPR.

With advances in communication technologies, network services provided via the Internet have become widely diversified, and people can use these services not only via wired networks but also via wireless networks. There are several wireless systems in practical use such as cellular, WiMAX and WiFi. Although these wireless network systems have developed independently of each other, they should be integrated for seamless access by users. However, each system uses an individual spectrum prescribed by law to avoid radio interference. To overcome such a situation, dynamic spectrum access technology is receiving much attention. We propose a dynamic spectrum assignment method in which a WiFi system temporarily uses a spectrum band of the WiMAX system in WiFi/WiMAX integrated networks to reduce call blocking probability of multimedia communication services. We confirm the effectiveness of the proposed method by simulation experiments.

We propose a simple approximate model for unslotted opportunistic spectrum access networks under nonsaturation conditions. The main simplification we introduce is that all secondary users, except a tagged one, in nonsaturated setting can be approximated by saturated ones with a scaled version of backoff interval. We analyze the approximate model and verify the model using simulations.