A study on the authentication method for TAmI in ambient intelligence (secure group decision making toolkit)

It is difficult to get the decision about an opinion after many users get the meeting in same place. It used to spend too much time in order to find solve some problem because of the various opinions of each other. TAmI (Group Decision Making Toolkit) is the System to Group Decision in Ambient Intelligence [1]. This program was composed with IGATA [2], WebMeeting and the related Database system. But, because it is sent without any encryption in IP / Password, it can be opened to attacker. They can use the IP / Password to the bad purpose. As the result, although they make the wrong result, the joined member can’t know them. Therefore, in this paper, we studied the applying method of user’s authentication into TAmI.

A study on security grade assignment model for mobile users in urban computing

The relation between the information/knowledge expression and the physical expression can be involved as one of items for an ambient intelligent computing [2],[3]. Moreover, because there are so many contexts around user/spaces during a user movement, all appplcation which are using AmI for users are based on the relation between user devices and environments. In these situations, it is possible that the AmI may output the wrong result from unreliable contexts by attackers. Recently, establishing a server have been utilizes, so finding secure contexts and make contexts of higher security level for save communication have been given importance. Attackers try to put their devices on the expected path of all users in order to obtain users informationillegally or they may try to broadcast their SPAMS to users. This paper is an extensionof [11] which studies the Security Grade Assignment Model (SGAM) to set Cyber-Society Organization (CSO).

Disseminating data using broadcast when topology is unknown

Consider the problem of disseminating data from an arbitrary source node to all other nodes in a distributed computer system, like Wireless Sensor Networks (WSNs). We assume that wireless broadcast is used and nodes do not know the topology. We propose new protocols which disseminate data faster and use fewer broadcasts than the simple broadcast protocol.

On the adaptation of broadcast transactions in token-passing fieldbus networks with heterogeneous transmission media

Broadcast networks that are characterised by having different physical layers (PhL) demand some kind of traffic adaptation between segments, in order to avoid traffic congestion in linking devices. In many LANs, this problem is solved by the actual linking devices, which use some kind of flow control mechanism that either tell transmitting stations to pause (the transmission) or just discard frames. In this paper, we address the case of token-passing fieldbus networks operating in a broadcast fashion and involving message transactions over heterogeneous (wired or wireless) physical layers. For the addressed case, real-time and reliability requirements demand a different solution to the traffic adaptation problem. Our approach relies on the insertion of an appropriate idle time before a station issuing a request frame. In this way, we guarantee that the linking devices’ queues do not increase in a way that the timeliness properties of the overall system turn out to be unsuitable for the targeted applications.

Evaluating the duration of message transactions in broadcast wired/wireless fieldbus networks

Determining the response time of message transactions is one of the major concerns in the design of any distributed computer-controlled system. Such response time is mainly dependent on the medium access delay, the message length and the transmission delay. While the medium access delay in fieldbus networks has been thoroughly studied in the last few years, the transmission delay has been almost ignored as it is considered that it can be neglected when compared to the length of the message itself. Nevertheless, this assumption is no longer valid when considering the case of hybrid wired/wireless fieldbus networks, where the transmission delay through a series of different mediums can be several orders of magnitude longer than the length of the message itself. In this paper, we show how to compute the duration of message transactions in hybrid wired/wireless fieldbus networks. This duration is mainly dependent on the duration of the request and response frames and on the number and type of physical mediums that the frames must cross between initiator and responder. A case study of a hybrid wired/wireless fieldbus network is also presented, where it becomes clear the interest of the proposed approach

LNT: a logical neighbor tree secure group communication scheme for wireless sensor networks

Secure group communication is a paradigm that primarily designates one-to-many communication security. The proposed works relevant to secure group communication have predominantly considered the whole network as being a single group managed by a central powerful node capable of supporting heavy communication, computation and storage cost. However, a typical Wireless Sensor Network (WSN) may contain several groups, and each one is maintained by a sensor node (the group controller) with constrained resources. Moreover, the previously proposed schemes require a multicast routing support to deliver the rekeying messages. Nevertheless, multicast routing can incur heavy storage and communication overheads in the case of a wireless sensor network. Due to these two major limitations, we have reckoned it necessary to propose a new secure group communication with a lightweight rekeying process. Our proposal overcomes the two limitations mentioned above, and can be applied to a homogeneous WSN with resource-constrained nodes with no need for a multicast routing support. Actually, the analysis and simulation results have clearly demonstrated that our scheme outperforms the previous well-known solutions.

RiSeG: a ring based secure group communication protocol for resource-constrained wireless sensor networks

Securing group communication in wireless sensor networks has recently been extensively investigated. Many works have addressed this issue, and they have considered the grouping concept differently. In this paper, we consider a group as being a set of nodes sensing the same data type, and we alternatively propose an efficient secure group communication scheme guaranteeing secure group management and secure group key distribution. The proposed scheme (RiSeG) is based on a logical ring architecture, which permits to alleviate the group controller’s task in updating the group key. The proposed scheme also provides backward and forward secrecy, addresses the node compromise attack, and gives a solution to detect and eliminate the compromised nodes. The security analysis and performance evaluation show that the proposed scheme is secure, highly efficient, and lightweight. A comparison with the logical key hierarchy is preformed to prove the rekeying process efficiency of RiSeG. Finally, we present the implementation details of RiSeG on top of TelosB sensor nodes to demonstrate its feasibility.

Improving the reliability of WiDom in a single broadcast domain

WiDom is a previously proposed prioritized medium access control protocol for wireless channels. We present a modification to this protocol in order to improve its reliability. This modification has similarities with cooperative relaying schemes, but, in our protocol, all nodes can relay a carrier wave. The preliminary evaluation shows that, under transmission errors, a significant reduction on the number of failed tournaments can be achieved.

Static-priority scheduling over wireless networks with multiple broadcast domains

We propose a wireless medium access control (MAC) protocol that provides static-priority scheduling of messages in a guaranteed collision-free manner. Our protocol supports multiple broadcast domains, resolves the wireless hidden terminal problem and allows for parallel transmissions across a mesh network. Arbitration of messages is achieved without the notion of a master coordinating node, global clock synchronization or out-of-band signaling. The protocol relies on bit-dominance similar to what is used in the CAN bus except that in order to operate on a wireless physical layer, nodes are not required to receive incoming bits while transmitting. The use of bit-dominance efficiently allows for a much larger number of priorities than would be possible using existing wireless solutions. A MAC protocol with these properties enables schedulability analysis of sporadic message streams in wireless multihop networks.

On the performance limits of slotted CSMA/CA in IEEE 802.15.4 for broadcast transmissions in wireless sensor networks

The IEEE 802.15.4 has been adopted as a communication protocol standard for Low-Rate Wireless Private Area Networks (LRWPANs). While it appears as a promising candidate solution for Wireless Sensor Networks (WSNs), its adequacy must be carefully evaluated. In this paper, we analyze the performance limits of the slotted CSMA/CA medium access control (MAC) mechanism in the beacon-enabled mode for broadcast transmissions in WSNs. The motivation for evaluating the beacon-enabled mode is due to its flexibility and potential for WSN applications as compared to the non-beacon enabled mode. Our analysis is based on an accurate simulation model of the slotted CSMA/CA mechanism on top of a realistic physical layer, with respect to the IEEE 802.15.4 standard specification. The performance of the slotted CSMA/CA is evaluated and analyzed for different network settings to understand the impact of the protocol attributes (superframe order, beacon order and backoff exponent), the number of nodes and the data frame size on the network performance, namely in terms of throughput (S), average delay (D) and probability of success (Ps). We also analytically evaluate the impact of the slotted CSMA/CA overheads on the saturation throughput. We introduce the concept of utility (U) as a combination of two or more metrics, to determine the best offered load range for an optimal behavior of the network. We show that the optimal network performance using slotted CSMA/CA occurs in the range of 35% to 60% with respect to an utility function proportional to the network throughput (S) divided by the average delay (D).

TV Recommendation and Personalization Systems: Integrating Broadcast and Video On-demand Services

he expansion of Digital Television and the convergence between conventional broadcasting and television over IP contributed to the gradual increase of the number of available channels and on demand video content. Moreover, the dissemination of the use of mobile devices like laptops, smartphones and tablets on everyday activities resulted in a shift of the traditional television viewing paradigm from the couch to everywhere, anytime from any device. Although this new scenario enables a great improvement in viewing experiences, it also brings new challenges given the overload of information that the viewer faces. Recommendation systems stand out as a possible solution to help a watcher on the selection of the content that best fits his/her preferences. This paper describes a web based system that helps the user navigating on broadcasted and online television content by implementing recommendations based on collaborative and content based filtering. The algorithms developed estimate the similarity between items and users and predict the rating that a user would assign to a particular item (television program, movie, etc.). To enable interoperability between different systems, programs characteristics (title, genre, actors, etc.) are stored according to the TV-Anytime standard. The set of recommendations produced are presented through a Web Application that allows the user to interact with the system based on the obtained recommendations.

Feature Extraction in Densely Sensed Environments: Extensions to Multiple Broadcast Domains

The vision of the Internet of Things (IoT) includes large and dense deployment of interconnected smart sensing and monitoring devices. This vast deployment necessitates collection and processing of large volume of measurement data. However, collecting all the measured data from individual devices on such a scale may be impractical and time consuming. Moreover, processing these measurements requires complex algorithms to extract useful information. Thus, it becomes imperative to devise distributed information processing mechanisms that identify application-specific features in a timely manner and with a low overhead. In this article, we present a feature extraction mechanism for dense networks that takes advantage of dominance-based medium access control (MAC) protocols to (i) efficiently obtain global extrema of the sensed quantities, (ii) extract local extrema, and (iii) detect the boundaries of events, by using simple transforms that nodes employ on their local data. We extend our results for a large dense network with multiple broadcast domains (MBD). We discuss and compare two approaches for addressing the challenges with MBD and we show through extensive evaluations that our proposed distributed MBD approach is fast and efficient at retrieving the most valuable measurements, independent of the number sensor nodes in the network.

Segurança de Redes em Sistemas de Experimentação Remota

O crescimento dos sistemas de informação e a sua utilização massiva criou uma nova realidade no acesso a experiências remotas que se encontram geograficamente distribuídas. Nestes últimos tempos, a temática dos laboratórios remotos apareceu nos mais diversos campos como o do ensino ou o de sistemas industriais de controlo e monitorização. Como o acesso aos laboratórios é efectuado através de um meio permissivo como é o caso da Internet, a informação pode estar à mercê de qualquer atacante. Assim, é necessário garantir a segurança do acesso, de forma a criar condições para que não se verifique a adulteração dos valores obtidos, bem como a existência de acessos não permitidos. Os mecanismos de segurança adoptados devem ter em consideração a necessidade de autenticação e autorização, sendo estes pontos críticos no que respeita à segurança, pois estes laboratórios podem estar a controlar equipamentos sensíveis e dispendiosos, podendo até eventualmente comprometer em certos casos o controlo e a monotorização de sistemas industriais. Este trabalho teve como objectivo a análise da segurança em redes, tendo sido realizado um estudo sobre os vários conceitos e mecanismos de segurança necessários para garantir a segurança nas comunicações entre laboratórios remotos. Dele resultam as três soluções apresentadas de comunicação segura para laboratórios remotos distribuídos geograficamente, recorrendo às tecnologias IPSec, OpenVPN e PPTP. De forma a minimizar custos, toda a implementação foi assente em software de código aberto e na utilização de um computador de baixo custo. No que respeita à criação das VPNs, estas foram configuradas de modo a permitir obter os resultados pretendidos na criação de uma ligação segura para laboratórios remotos. O pfSense mostrou-se a escolha acertada visto que suporta nativamente quaisquer das tecnologias que foram estudadas e implementadas, sem necessidade de usar recursos físicos muito caros, permitindo o uso de tecnologias de código aberto sem comprometer a segurança no funcionamento das soluções que suportam a segurança nas comunicações dos laboratórios remotos.

Migração de ligações Wi-Fi não seguras para ligações seguras, após autenticação em captive portal

Atualmente a popularidade das comunicações Wi-Fi tem crescido, os utilizadores acedem a partir de vários dispositivos como telemóveis, tablets, computadores portáteis sendo estes utilizados por qualquer pessoa nos mais variados locais. Com esta utilização massiva por parte dos utilizadores surgiram os hotspots Wi-Fi públicos (em aeroportos, estações de comboios, etc) que permitem a ligação de clientes recorrendo a ligações wireless não seguras (ou abertas). Tais hotspots utilizam, após a ligação de um cliente, um captive portal que captura o tráfego IP com origem no cliente e o redireciona para uma página Web de entrada. A página Web permite ao cliente comprar tempo de acesso à Internet ou, caso já seja um cliente da empresa, autenticar-se para ter acesso à Internet. A necessidade da ligação aberta assenta na possibilidade do operador do hotspot vender acesso à Internet a utilizadores não conhecidos (caso contrário teria de fornecerlhes uma senha previamente). No entanto, fornecer um acesso à Internet wireless sem qualquer tipo de segurança ao nível físico permite que qualquer outro utilizador consiga obter informação sobre a navegação Web dos utilizadores ligados (ex.: escuta de pedidos DNS). Nesta tese pretende-se apresentar uma solução que estenda um dos atuais mecanismos de autenticação Wi-Fi (WPA, WPA2) para que permita, após autenticação em captive portal, a migração de uma ligação aberta para uma ligação segura.

Multi-criteria short-term maintenance outage scheduling in smart distribution systems

Effective legislation and standards for the coordination procedures between consumers, producers and the system operator supports the advances in the technologies that lead to smart distribution systems. In short-term (ST) maintenance scheduling procedure, the energy producers in a distribution system access to the long-term (LT) outage plan that is released by the distribution system operator (DSO). The impact of this additional information on the decision-making procedure of producers in ST maintenance scheduling is studied in this paper. The final ST maintenance plan requires the approval of the DSO that has the responsibility to secure the network reliability and quality, and other players have to follow the finalized schedule. Maintenance scheduling in the producers’ layer and the coordination procedure between them and the DSO is modelled in this paper. The proposed method is applied to a 33-bus distribution system.