912 resultados para Access Control
Resumo:
Relay selection for cooperative communications has attracted considerable research interest recently. While several criteria have been proposed for selecting one or more relays and analyzed, mechanisms that perform the selection in a distributed manner have received relatively less attention. In this paper, we analyze a splitting algorithm for selecting the single best relay amongst a known number of active nodes in a cooperative network. We develop new and exact asymptotic analysis for computing the average number of slots required to resolve the best relay. We then propose and analyze a new algorithm that addresses the general problem of selecting the best Q >= 1 relays. Regardless of the number of relays, the algorithm selects the best two relays within 4.406 slots and the best three within 6.491 slots, on average. Our analysis also brings out an intimate relationship between multiple access selection and multiple access control algorithms.
Resumo:
In this paper we are concerned with finding the maximum throughput that a mobile ad hoc network can support. Even when nodes are stationary, the problem of determining the capacity region has long been known to be NP-hard. Mobility introduces an additional dimension of complexity because nodes now also have to decide when they should initiate route discovery. Since route discovery involves communication and computation overhead, it should not be invoked very often. On the other hand, mobility implies that routes are bound to become stale resulting in sub-optimal performance if routes are not updated. We attempt to gain some understanding of these effects by considering a simple one-dimensional network model. The simplicity of our model allows us to use stochastic dynamic programming (SDP) to find the maximum possible network throughput with ideal routing and medium access control (MAC) scheduling. Using the optimal value as a benchmark, we also propose and evaluate the performance of a simple threshold-based heuristic. Unlike the optimal policy which requires considerable state information, the heuristic is very simple to implement and is not overly sensitive to the threshold value used. We find empirical conditions for our heuristic to be near-optimal as well as network scenarios when our simple heuristic does not perform very well. We provide extensive numerical and simulation results for different parameter settings of our model.
Resumo:
Ad hoc networks are being used in applications ranging from disaster recovery to distributed collaborative entertainment applications. Ad hoc networks have become one of the most attractive solution for rapid deployment of interconnecting large number of mobile personal devices. The user community of mobile personal devices are demanding a variety of value added multimedia entertainment services. The popularity of peer group is increasing and one or some members of the peer group need to send data to some or all members of the peer group. The increasing demand for group oriented value added services is driving for efficient multicast service over ad hoc networks. Access control mechanisms need to be deployed to provide guarantee that the unauthorized users cannot access the multicast content. In this paper, we present a topology aware key management and distribution scheme for secure overlay multicast over MANET to address node mobility related issues for multicast key management. We use overlay approach for key distribution and our objective is to keep communication overhead low for key management and distribution. We also incorporate reliability using explicit acknowledgments with the key distribution scheme. Through simulations we show that the proposed key management scheme has low communication overhead for rekeying and improves the reliability of key distribution.
Resumo:
Channel-aware assignment of subchannels to users in the downlink of an OFDMA system requires extensive feedback of channel state information (CSI) to the base station. Since bandwidth is scarce, schemes that limit feedback are necessary. We develop a novel, low feedback, distributed splitting-based algorithm called SplitSelect to opportunistically assign each subchannel to its most suitable user. SplitSelect explicitly handles multiple access control aspects associated with CSI feedback, and scales well with the number of users. In it, according to a scheduling criterion, each user locally maintains a scheduling metric for each subchannel. The goal is to select, for each subchannel, the user with the highest scheduling metric. At any time, each user contends for the subchannel for which it has the largest scheduling metric among the unallocated subchannels. A tractable asymptotic analysis of a system with many users is central to SplitSelect's simple design. Extensive simulation results demonstrate the speed with which subchannels and users are paired. The net data throughput, when the time overhead of selection is accounted for, is shown to be substantially better than several schemes proposed in the literature. We also show how fairness and user prioritization can be ensured by suitably defining the scheduling metric.
Resumo:
Channel-aware assignment of sub-channels to users in the downlink of an OFDMA system demands extensive feedback of channel state information (CSI) to the base station. Since the feedback bandwidth is often very scarce, schemes that limit feedback are necessary. We develop a novel, low feedback splitting-based algorithm for assigning each sub-channel to its best user, i.e., the user with the highest gain for that sub-channel among all users. The key idea behind the algorithm is that, at any time, each user contends for the sub-channel on which it has the largest channel gain among the unallocated sub-channels. Unlike other existing schemes, the algorithm explicitly handles multiple access control aspects associated with the feedback of CSI. A tractable asymptotic analysis of a system with a large number of users helps design the algorithm. It yields 50% to 65% throughput gains compared to an asymptotically optimal one-bit feedback scheme, when the number of users is as small as 10 or as large as 1000. The algorithm is fast and distributed, and scales with the number of users.
Resumo:
In this paper, we analyze the coexistence of a primary and a secondary (cognitive) network when both networks use the IEEE 802.11 based distributed coordination function for medium access control. Specifically, we consider the problem of channel capture by a secondary network that uses spectrum sensing to determine the availability of the channel, and its impact on the primary throughput. We integrate the notion of transmission slots in Bianchi's Markov model with the physical time slots, to derive the transmission probability of the secondary network as a function of its scan duration. This is used to obtain analytical expressions for the throughput achievable by the primary and secondary networks. Our analysis considers both saturated and unsaturated networks. By performing a numerical search, the secondary network parameters are selected to maximize its throughput for a given level of protection of the primary network throughput. The theoretical expressions are validated using extensive simulations carried out in the Network Simulator 2. Our results provide critical insights into the performance and robustness of different schemes for medium access by the secondary network. In particular, we find that the channel captures by the secondary network does not significantly impact the primary throughput, and that simply increasing the secondary contention window size is only marginally inferior to silent-period based methods in terms of its throughput performance.
Resumo:
Multi-packet reception (MPR) promises significant throughput gains in wireless local area networks (WLANs) by allowing nodes to transmit even in the presence of ongoing transmissions in the medium. However, the medium access control (MAC) layer must now be redesigned to facilitate rather than discourage - these overlapping transmissions. We investigate asynchronous MPR MAC protocols, which successfully accomplish this by controlling the node behavior based on the number of ongoing transmissions in the channel. The protocols use the backoff timer mechanism of the distributed coordination function, which makes them practically appealing. We first highlight a unique problem of acknowledgment delays, which arises in asynchronous MPR, and investigate a solution that modifies the medium access rules to reduce these delays and increase system throughput in the single receiver scenario. We develop a general renewal-theoretic fixed-point analysis that leads to expressions for the saturation throughput, packet dropping probability, and average head-of-line packet delay. We also model and analyze the practical scenario in which nodes may incorrectly estimate the number of ongoing transmissions.
Resumo:
Different medium access control (MAC) layer protocols, for example, IEEE 802.11 series and others are used in wireless local area networks. They have limitation in handling bulk data transfer applications, like video-on-demand, videoconference, etc. To avoid this problem a cooperative MAC protocol environment has been introduced, which enables the MAC protocol of a node to use its nearby nodes MAC protocol as and when required. We have found on various occasions that specified cooperative MAC establishes cooperative transmissions to send the specified data to the destination. In this paper we propose cooperative MAC priority (CoopMACPri) protocol which exploits the advantages of priority value given by the upper layers for selection of different paths to nodes running heterogeneous applications in a wireless ad hoc network environment. The CoopMACPri protocol improves the system throughput and minimizes energy consumption. Using a Markov chain model, we developed a model to analyse the performance of CoopMACPri protocol; and also derived closed-form expression of saturated system throughput and energy consumption. Performance evaluations validate the accuracy of the theoretical analysis, and also show that the performance of CoopMACPri protocol varies with the number of nodes. We observed that the simulation results and analysis reflects the effectiveness of the proposed protocol as per the specifications.
Resumo:
In this paper, we study a problem of designing a multi-hop wireless network for interconnecting sensors (hereafter called source nodes) to a Base Station (BS), by deploying a minimum number of relay nodes at a subset of given potential locations, while meeting a quality of service (QoS) objective specified as a hop count bound for paths from the sources to the BS. The hop count bound suffices to ensure a certain probability of the data being delivered to the BS within a given maximum delay under a light traffic model. We observe that the problem is NP-Hard. For this problem, we propose a polynomial time approximation algorithm based on iteratively constructing shortest path trees and heuristically pruning away the relay nodes used until the hop count bound is violated. Results show that the algorithm performs efficiently in various randomly generated network scenarios; in over 90% of the tested scenarios, it gave solutions that were either optimal or were worse than optimal by just one relay. We then use random graph techniques to obtain, under a certain stochastic setting, an upper bound on the average case approximation ratio of a class of algorithms (including the proposed algorithm) for this problem as a function of the number of source nodes, and the hop count bound. To the best of our knowledge, the average case analysis is the first of its kind in the relay placement literature. Since the design is based on a light traffic model, we also provide simulation results (using models for the IEEE 802.15.4 physical layer and medium access control) to assess the traffic levels up to which the QoS objectives continue to be met. (C) 2014 Elsevier B.V. All rights reserved.
Resumo:
In the context of wireless sensor networks, we are motivated by the design of a tree network spanning a set of source nodes that generate packets, a set of additional relay nodes that only forward packets from the sources, and a data sink. We assume that the paths from the sources to the sink have bounded hop count, that the nodes use the IEEE 802.15.4 CSMA/CA for medium access control, and that there are no hidden terminals. In this setting, starting with a set of simple fixed point equations, we derive explicit conditions on the packet generation rates at the sources, so that the tree network approximately provides certain quality of service (QoS) such as end-to-end delivery probability and mean delay. The structures of our conditions provide insight on the dependence of the network performance on the arrival rate vector, and the topological properties of the tree network. Our numerical experiments suggest that our approximations are able to capture a significant part of the QoS aware throughput region (of a tree network), that is adequate for many sensor network applications. Furthermore, for the special case of equal arrival rates, default backoff parameters, and for a range of values of target QoS, we show that among all path-length-bounded trees (spanning a given set of sources and the data sink) that meet the conditions derived in the paper, a shortest path tree achieves the maximum throughput. (C) 2015 Elsevier B.V. All rights reserved.
Resumo:
Anonymity and authenticity are both important yet often conflicting security goals in a wide range of applications. On the one hand for many applications (say for access control) it is crucial to be able to verify the identity of a given legitimate party (a.k.a. entity authentication). Alternatively an application might require that no one but a party can communicate on its behalf (a.k.a. message authentication). Yet, on the other hand privacy concerns also dictate that anonymity of a legitimate party should be preserved; that is no information concerning the identity of parties should be leaked to an outside entity eavesdropping on the communication. This conflict becomes even more acute when considering anonymity with respect to an active entity that may attempt to impersonate other parties in the system. In this work we resolve this conflict in two steps. First we formalize what it means for a system to provide both authenticity and anonymity even in the presence of an active man-in-the-middle adversary for various specific applications such as message and entity authentication using the constructive cryptography framework of Mau11, MR11]. Our approach inherits the composability statement of constructive cryptography and can therefore be directly used in any higher-level context. Next we demonstrate several simple protocols for realizing these systems, at times relying on a new type of (probabilistic) Message Authentication Code (MAC) called key indistinguishable (KI) MACs. Similar to the key hiding encryption schemes of BBDP01] they guarantee that tags leak no discernible information about the keys used to generate them.
Resumo:
The paper traces the different management practices adopted for Nigerian inland water bodies from the Colonial era to independence. It observes that the full potentials of these waters have never been realized over the years due to the absence of an effective management. The replacement of the traditional fisheries management by the centralized top-down approach by government after independence has not helped matters. Lately, the cooperative/community-based management approach has taken the centre stage worldwide. This has been identified to offer the most viable and equitable option towards the attainment of an optimum utilization of the fisheries resource. The entire community sensing security of tenure and enjoying some of the benefits from access control will actively take responsibility and enforcement. The paper drew experiences from some water bodies in Bangladesh, Philippines, Benin Republic and Malawi showing sound management strategy that, if adopted for our small and medium size reservoirs and other water bodies, would help optimize on an sustainable manner the benefits from those water bodies
Resumo:
Esta dissertação apresenta e discute resultados de pesquisa desenvolvida como pré-requisito parcial para obtenção do grau de mestre em Bioética, Ética Aplicada e Saúde Coletiva junto ao Programa de Pós-graduação em Bioética, Ética Aplicada e Saúde Coletiva da Universidade do Estado do Rio de Janeiro, em regime de associação com a Universidade Federal do Rio de Janeiro, a Fundação Oswaldo Cruz e a Universidade Federal Fluminense. A pesquisa de metodologia qualitativa analisou material empírico composto por amostra de registros da Ouvidoria da Previdência Social contendo reclamações sobre o atendimento médico-pericial. A Previdência integra o campo da seguridade social e tem a vida e suas intercorrências na população de segurados como seu objeto de cuidados e controles. O benefício auxílio-doença é o mais frequentemente concedido entre todos os benefícios da Previdência sendo devido somente a seus segurados em dupla condição de vulnerabilidade, doentes e incapazes para o trabalho. A verificação da condição de incapacidade para o trabalho é realizada pelos médicos peritos da Previdência Social como pré-requisito para acesso ao benefício e funciona como mecanismo de controle de custos. Os resultados do estudo evidenciam que a tarefa de controle de acesso, realizada na interface com o segurado, exige um deslocamento da atividade médica da função assistencial para a pericial em decorrência da natureza da tarefa médico-pericial, onde o lugar do controle é o da exceção beneficente. Tal atribuição condiciona um risco da atividade médico-pericial que entendemos ser de ordem moral. As reclamações sobre o atendimento médico na perícia previdenciária foram compreendidas como índices de disfunções nesta interface, assim como os registros de violência em torno desta atividade. Resultantes da prática de limites de acesso ao benefício, na forma em que estes limites estão colocados. A análise desta interface coloca em relevo o paradoxo da proteção securitária que funciona retirando da proteção partes de sua população e caracteriza a relação médico-paciente na perícia médica da Previdência Social como moralmente conflituosa. A pesquisa na linha de uma bioética crítica, que enfatiza as políticas públicas que afetam a vida, entendeu Previdência Social como biopolítica e a atividade médico-pericial como expressão de biopoder, nos termos da filosofia política de Michel Foucault. Cabe à sociedade refletir seriamente sobre essas práticas de controle e definir o alcance e a forma da proteção securitária tendo em vista que esta proteção tensiona necessidades individuais e coletivas. Cabe a todos e a cada um ter em mente a dimensão ética da política previdenciária.
Resumo:
As biometrias vêm sendo utilizadas como solução de controle de acesso a diversos sistemas há anos, mas o simples uso da biometria não pode ser considerado como solução final e perfeita. Muitos riscos existem e não devem ser ignorados. A maioria dos problemas está relacionada ao caminho de transmissão entre o local onde os usuários requerem seus acessos e os servidores onde são guardados os dados biométricos capturados em seu cadastro. Vários tipos de ataques podem ser efetuados por impostores que desejam usar o sistema indevidamente. Além dos aspectos técnicos, existe o aspecto social. É crescente a preocupação do usuário tanto com o armazenamento quanto o uso indevido de suas biometrias, pois é um identificador único e, por ser invariável no tempo, pode ser perdido para sempre caso seja comprometido. O fato de que várias empresas com seus diferentes servidores guardarem as biometrias está causando incomodo aos usuários, pois as torna mais suscetíveis à ataques. Nesta dissertação, o uso de cartões inteligentes é adotado como possível solução para os problemas supracitados. Os cartões inteligentes preparados para multi-aplicações são usados para realizar as comparações biométricas internamente. Dessa forma, não seria mais necessário utilizar diversos servidores, pois as características biométricas estarão sempre em um único cartão em posse do dono. Foram desenvolvidas e implementadas três diferentes algoritmos de identificação biométrica utilizando diferentes características: impressão digital, impressão da palma da mão e íris. Considerando a memória utilizada, tempo médio de execução e acurácia, a biometria da impressão da palma da mão obteve os melhores resultados, alcançando taxas de erro mínimas e tempos de execução inferiores a meio segundo.
Resumo:
A realização da Internet das Coisas (Internet of Things, IoT) requer a integração e interação de dispositivos e serviços com protocolos de comunicação heterogêneos. Os dados gerados pelos dispositivos precisam ser analisados e interpretados em concordância com um modelo de dados em comum, o que pode ser solucionado com o uso de tecnologias de modelagem semântica, processamento, raciocínio e persistência de dados. A computação ciente de contexto possui soluções para estes desafios com mecanismos que associam os dados de contexto com dados coletados pelos dispositivos. Entretanto, a IoT precisa ir além da computação ciente de contexto, sendo simultaneamente necessário soluções para aspectos de segurança, privacidade e escalabilidade. Para integração destas tecnologias é necessário o suporte de uma infraestrutura, que pode ser implementada como um middleware. No entanto, uma solução centralizada de integração de dispositivos heterogêneos pode afetar escalabilidade. Assim esta integração é delegada para agentes de software, que são responsáveis por integrar os dispositivos e serviços, encapsulando as especificidades das suas interfaces e protocolos de comunicação. Neste trabalho são explorados os aspectos de segurança, persistência e nomeação para agentes de recursos. Para este fim foi desenvolvido o ContQuest, um framework, que facilita a integração de novos recursos e o desenvolvimento de aplicações cientes de contexto para a IoT, através de uma arquitetura de serviços e um modelo de dados. O ContQuest inclui soluções consistentes para os aspectos de persistência, segurança e controle de acesso tanto para os serviços de middleware, como para os Agentes de Recursos, que encapsulam dispositivos e serviços, e aplicações-clientes. O ContQuest utiliza OWL para a modelagem dos recursos e inclui um mecanismo de geração de identificadores únicos universais nas ontologias. Um protótipo do ContQuest foi desenvolvido e validado com a integração de três Agentes de Recurso para dispositivos reais: um dispositivo Arduino, um leitor de RFID e uma rede de sensores. Foi também realizado um experimento para avaliação de desempenho dos componentes do sistema, em que se observou o impacto do mecanismo de segurança proposto no desempenho do protótipo. Os resultados da validação e do desempenho são satisfatórios
