Spatial coordinated medium sharing: Optimal access control management in drive-thru internet

Driven by the ever-growing expectation of ubiquitous connectivity and the widespread adoption of IEEE 802.11 networks, it is not only highly demanded but also entirely possible for in-motion vehicles to establish convenient Internet access to roadside WiFi access points (APs) than ever before, which is referred to as Drive-Thru Internet. The performance of Drive-Thru Internet, however, would suffer from the high vehicle mobility, severe channel contentions, and instinct issues of the IEEE 802.11 MAC as it was originally designed for static scenarios. As an effort to address these problems, in this paper, we develop a unified analytical framework to evaluate the performance of Drive-Thru Internet, which can accommodate various vehicular traffic flow states, and to be compatible with IEEE 802.11a/b/g networks with a distributed coordination function (DCF). We first develop the mathematical analysis to evaluate the mean saturated throughput of vehicles and the transmitted data volume of a vehicle per drive-thru. We show that the throughput performance of Drive-Thru Internet can be enhanced by selecting an optimal transmission region within an AP's coverage for the coordinated medium sharing of all vehicles. We then develop a spatial access control management approach accordingly, which ensures the airtime fairness for medium sharing and boosts the throughput performance of Drive-Thru Internet in a practical, efficient, and distributed manner. Simulation results show that our optimal access control management approach can efficiently work in IEEE 802.11b and 802.11g networks. The maximal transmitted data volume per drive-thru can be enhanced by 113.1% and 59.5% for IEEE 802.11b and IEEE 802.11g networks with a DCF, respectively, compared with the normal IEEE 802.11 medium access with a DCF.

Energy-efficient medium access control in wireless sensor networks

Medium access control for wireless sensor networks has been an active
research area in the past decade. This chapter discusses a set of important medium access control (MAC) attributes and possible design trade-offs in protocol design, with an emphasis on energy efficiency. Then we categorize existing MAC protocols into five groups, outline the representative protocols, and compare their advantages and disadvantages in the context of wireless sensor network. Finally, thoughts for practitioners are presented and open research issues are also discussed.

Context-based e-health system access control mechanism

E-Health systems logically demand a sufficiently fine-grained authorization policy for access control. The access to medical information should not be just role-based but should also include the contextual condition of the role to access data. In this paper, we present a mechanism to extend the standard role-based access control to incorporate contextual information for making access control decisions in e-health application. We present an architecture consisting of authorisation and context infrastructure that work cooperatively to grant access rights based on context-aware authorization policies and context information.

An illumination invariant face recognition system for access control using video

Illumination and pose invariance are the most challenging aspects of face recognition. In this paper we describe a fully automatic face recognition system that uses video information to achieve illumination and pose robustness. In the proposed method, highly nonlinear manifolds of face motion are approximated using three Gaussian pose clusters. Pose robustness is achieved by comparing the corresponding pose clusters and probabilistically combining the results to derive a measure of similarity between two manifolds. Illumination is normalized on a per-pose basis. Region-based gamma intensity correction is used to correct for coarse illumination changes, while further refinement is achieved by combining a learnt linear manifold of illumination variation with constraints on face pattern distribution, derived from video. Comparative experimental evaluation is presented and the proposed method is shown to greatly outperform state-of-the-art algorithms. Consistent recognition rates of 94-100% are achieved across dramatic changes in illumination.

FEACS: a flexible and efficient access control scheme for cloud computing

In the past few years, cloud computing has emerged as one of the most influential paradigms in the IT industry. As promising as it is, this paradigm brings forth many new challenges for data security because users have to outsource sensitive data on untrusted cloud servers for sharing. In this paper, to guarantee the confidentiality and security of data sharing in cloud environment, we propose a Flexible and Efficient Access Control Scheme (FEACS) based on Attribute-Based Encryption, which is suitable for fine-grained access control. Compared with existing state-of-the-art schemes, FEACS is more practical by following functions. First of all, considering the factor that the user membership may change frequently in cloud environment, FEACS has the capability of coping with dynamic membership efficiently. Secondly, full logic expression is supported to make the access policy described accurately and efficiently. Besides, we prove in the standard model that FEACS is secure based on the Decisional Bilinear Diffie-Hellman assumption. To evaluate the practicality of FEACS, we provide a detailed theoretical performance analysis and a simulation comparison with existing schemes. Both the theoretical analysis and the experimental results prove that our scheme is efficient and effective for cloud environment.

Anonymous credential-based access control scheme for clouds

In the cloud, data is usually stored in ciphertext for security. Attribute-based encryption (ABE) is a popular solution for allowing legal data users to access encrypted data, but it has high overhead and is vulnerable to data leakage. The authors propose an anonymous authorization credential and Lagrange interpolation polynomial-based access control scheme in which an access privilege and one secret share are applied for reconstructing the user's decryption key. Because the credential is anonymously bounded with its owner, only the legal authorized user can access and decrypt the encrypted data without leaking any private information.

Achieving simple, secure and efficient hierarchical access control in cloud computing

Access control is an indispensable security component of cloud computing, and hierarchical access control is of particular interest since in practice one is entitled to different access privileges. This paper presents a hierarchical key assignment scheme based on linear-geometry as the solution of flexible and fine-grained hierarchical access control in cloud computing. In our scheme, the encryption key of each class in the hierarchy is associated with a private vector and a public vector, and the inner product of the private vector of an ancestor class and the public vector of its descendant class can be used to derive the encryption key of that descendant class. The proposed scheme belongs to direct access schemes on hierarchical access control, namely each class at a higher level in the hierarchy can directly derive the encryption key of its descendant class without the need of iterative computation. In addition to this basic hierarchical key derivation, we also give a dynamic key management mechanism to efficiently address potential changes in the hierarchy. Our scheme only needs light computations over finite field and provides strong key indistinguishability under the assumption of pseudorandom functions. Furthermore, the simulation shows that our scheme has an optimized trade-off between computation consumption and storage space.

A secure and efficient data sharing framework with delegated capabilities in hybrid cloud

Hybrid cloud is a widely used cloud architecture in large companies that can outsource data to the publiccloud, while still supporting various clients like mobile devices. However, such public cloud data outsourcing raises serious security concerns, such as how to preserve data confidentiality and how to regulate access policies to the data stored in public cloud. To address this issue, we design a hybrid cloud architecture that supports data sharing securely and efficiently, even with resource-limited devices, where private cloud serves as a gateway between the public cloud and the data user. Under such architecture, we propose an improved construction of attribute-based encryption that has the capability of delegating encryption/decryption computation, which achieves flexible access control in the cloud and privacy-preserving in datautilization even with mobile devices. Extensive experiments show the scheme can further decrease the computational cost and space overhead at the user side, which is quite efficient for the user with limited mobile devices. In the process of delegating most of the encryption/decryption computation to private cloud, the user can not disclose any information to the private cloud. We also consider the communication securitythat once frequent attribute revocation happens, our scheme is able to resist some attacks between private cloud and data user by employing anonymous key agreement.

Client identification and money laundering control : perspectives on the Financial Intelligence Centre Act 38 of 2001

The Financial Intelligence Centre Act 38 of 2001 (FICA) compels certain persons and institutions (defined as "accountable institutions'') to identify and verify the identity of a new client before any transaction may be concluded or any business relationship is established.1 Accountable institutions are listed in schedule ¹ to FICA and include banks, brokers, financial advisers, insurance companies, attorneys and estate agents. This duty to identify new clients came into effect on 30 June 2003. However, FICA also requires a similar procedure to be followed in respect of all current clients. Current clients are those with whom an accountable institution had business relationships on 30 June 2003.² After 30 June 2004 an institution may not conclude a transaction in the course of its business relationship with an unidentified current client, until it has established and verified that client's identity as prescribed. An institution that concludes any transaction in contravention of this prohibition, commits an offence and is liable to a fine not exceeding R10 million or to imprisonment of up to 15 years.³

The majority of accountable institutions and their clients failed to meet the June 2004 current client identification deadline.4 This failure posed serious economic and legal risks. With a few days to spare, the minister of finance granted a partial and temporary exemption in respect of these requirements. This article explores the statutory scheme for identification and re-identification of clients and some of the practical problems that were encountered. The June 2004 exemptions from these requirements are also considered and proposals for law reform are made.

The discussion of the FICA identification scheme necessitates the following brief overview of the international and South African money laundering control framework.

1 s 21(1) of FICA.
2 s 21(2) of FICA. See also s 82(2)(b).
3 s 46(2) of FICA read with s 68(1) of FICA.

Advances in pervasive computing

Purpose – The purpose of this paper is to provide an overview of advances in pervasive computing.
Design/methodology/approach – The paper provides a critical analysis of the literature.
Findings – Tools expected to support these advances are: resource location framework, data management (e.g. replica control) framework, communication paradigms, and smart interaction mechanisms. Also, infrastructures needed to support pervasive computing applications and an information appliance should be easy for anyone to use and the interaction with the device should be intuitive.
Originality/value – The paper shows how everyday devices with embedded processing and connectivity could interconnect as a pervasive network of intelligent devices that cooperatively and autonomously collect, process and transport information, in order to adapt to the associated context and activity

The effectiveness of graphical authentication

This research tested the effectiveness of a graphical approach to passwords. A field-experiment, in which graphical passwords were used by 185 subjects, helped to evaluate the approach. It was found that although graphical passwords were successfully used to authenticate useres, more work is required to ensure they are more usable.