Global ETD Search

291	Access management in electronic commerce system Wang, Hua January 2004 (has links) The definition of Electronic commerce is the use of electronic transmission mediums to engage in the exchange, including buying and selling, of products and services requiring transportation, either physically or digitally, from location to location. Electronic commerce systems, including mobile e-commerce, are widely used since 1990. The number of world-wide Internet users tripled between 1993 and 1995 to 60 million, and by 2000 there were 250 million users. More than one hundred countries have Internet access. Electronic commerce, especial mobile e-commerce systems, allows their users to access a large set of traditional (for example, voice communications) and contemporary (for example, e-shop) services without being tethered to one particular physical location. With the increasing use of electronic service systems for security sensitive application (for example, e-shop) that can be expected in the future, the provision of secure services becomes more important. The dynamic mobile environment is incompatible with static security services. Electronic service access across multiple service domains, and the traditional access mechanisms rely on cross-domain authentication using roaming agreements starting home location. Cross-domain authentication involves many complicated authentication activities when the roam path is long. This limits future electronic commerce applications. Normally, there are three participants in an electronic service. These are users, service providers, and services. Some services bind users and service providers as well as services such as flight services; other services do not bind any participants, for instance by using cash in shopping services, everyone can use cash to buy anything in shops. Hence, depending on which parts are bound, there are different kinds of electronic services. However, there is no scheme to provide a solution for all kinds of electronic services. Users have to change service systems if they want to apply different kind of electronic services on the Internet. From the consumer's point of view, users often prefer to have a total solution for all kinds of service problems, some degree of anonymity with no unnecessary cross authentications and a clear statement of account when shopping over the Internet. There are some suggested solutions for electronic service systems, but the solutions are neither total solution for all kinds of services nor have some degree of anonymity with a clear statement of account. In our work, we build a bridge between existing technologies and electronic service theory such as e-payment, security and so on. We aim to provide a foundation for the improvement of technology to aid electronic service application. As validation, several technologies for electronic service system design have been enhanced and improved in this project. To fix the problems mentioned above, we extend our idea to a ticket based access service system. The user in the above electronic service system has to pay when s/he obtains service. S/He can pay by traditional cash (physical cash), check, credit or electronic cash. The best way to pay money for goods or services on the Internet is using electronic cash. Consumers, when shopping over the Internet, often prefer to have a high level of anonymity with important things and a low level with general one. The ideal system needs to provide some degree of anonymity for consumers so that they cannot be traced by banks. There are a number of proposals for electronic cash systems. All of them are either too large to manage or lack flexibility in providing anonymity. Therefore, they are not suitable solutions for electronic payment in the future. We propose a secure, scalable anonymity and practical payment protocol for Internet purchases. The protocol uses electronic cash for payment transactions. In this new protocol, from the viewpoint of banks, consumers can improve anonymity if they are worried about disclosure of their identities. An agent, namely anonymity provider agent provides a higher anonymous certificate and improves the security of the consumers. The agent will certify re-encrypted data after verifying the validity of the content from consumers, but with no private information of the consumers required. With this new method, each consumer can get the required anonymity level. Electronic service systems involve various subsystems such as service systems, payment systems, and management systems. Users and service providers are widely distributed and use heterogeneous catalog systems. They are rapidly increasing in dynamic environments. The management of these service systems will be very complex. Whether systems are successful or not depends on the quality of their management. To simplify the management of e-commerce systems \cite{Sandhu97}, we discuss role based access control management. We define roles and permissions in the subsystems. For example, there are roles TELLER, AUDITOR, MANAGER and permissions teller (account operation), audit operation, managerial decision in a bank system. Permissions are assigned to roles such as permission teller is assigned to role TELLER. People (users) employed in the bank are granted roles to perform associated duties. However, there are conflicts between various roles as well as between various permissions. These conflicts may cause serious security problems with the bank system. For instance, if permissions teller and audit operation are assigned to a role, then a person with this role will have too much privilege to break the security of the bank system. Therefore, the organizing of relationships between users and roles, roles and permissions currently requires further development. Role based access control (RBAC) has been widely used in database management and operating systems. In 1993, the National Institute of Standards and Technology (NIST) developed prototype implementations, sponsored external research, and published formal RBAC models. Since then, many RBAC practical applications have been implemented, because RBAC has many advantages such as reducing administration cost and complexity. However, there are some problems which may arise in RBAC management. One is related to authorization granting process. For example, when a role is granted to a user, this role may conflict with other roles of the user or together with this role; the user may have or derive a high level of authority. Another is related to authorization revocation. For instance, when a role is revoked from a user, the user may still have the role. To solve these problems, we present an authorization granting algorithm, and weak revocation and strong revocation algorithms that are based on relational algebra. The algorithms check conflicts and therefore help allocate the roles and permissions without compromising the security in RBAC. We describe the applications of the new algorithms with an anonymity scalable payment scheme. In summary, this thesis has made the following major contributions in electronic service systems: 1. A ticket based global solution for electronic commerce systems; A ticket based solution is designed for different kinds of e-services. Tickets provide a flexible mechanism and users can check charges at anytime. 2. Untraceable electronic cash system; An untraceable e-cash system is developed, in which the bank involvement in the payment transaction between a user and a receiver is eliminated. Users remain anonymous, unless she/he spends a coin more than once. 3. A self-scalable anonymity electronic payment system; In this payment system, from the viewpoint of banks, consumers can improve anonymity if they are worried about disclosure of their identities. Each consumer can get the required anonymity level. 4. Using RBAC to manage electronic payment system; The basic structure of RBAC is reviewed. The challenge problems in the management of RBAC with electronic payment systems are analysed and how to use RBAC to manage electronic payment system is proposed. 5. The investigation of recovery algorithms for conflicting problems in user-role assignments and permission-role assignments. Formal authorization allocation algorithms for role-based access control have developed. The formal approaches are based on relational structure, and relational algebra and are used to check conflicting problems between roles and between permissions. electronic commerce e-commerce system e-payment role based access control (RBAC) technology internet
292	Towards securing networks of resource constrained devices a study of cryptographic primitives and key distribution schemes / Chan, Kevin Sean. January 2008 (has links) Thesis (Ph.D)--Electrical and Computer Engineering, Georgia Institute of Technology, 2009. / Committee Chair: Fekri, Faramarz; Committee Member: James McClellan; Committee Member: John Copeland; Committee Member: Steven McLaughlin; Committee Member: Yajun Mei. Part of the SMARTech Electronic Thesis and Dissertation Collection.
293	Lokal Nätverkssäkerhet - experimentell studie av Microsoft Network Access Protection Petersson, Marcus, Hägg, David, Wiman, Christoffer January 2008 (has links) <p>Den här rapporten beskriver en experimentell studie av Microsoft Network Protection (NAP) och är ämnad för att utvärdera hur mogen tekniken är för att implementeras i en aktiv nätverksmiljö. För att göra studien tog vi hjälp av gymnasieskolan John Bauer i Kalmar. Tester har utförts med DHCP-framtvingning och 802. 1x-framtvingning, dessa är två av NAPs fyra olika framtvingande funktioner. En mindre analys av skolans switchkonfigurationer och interna säkerhet har även gjorts på John Bauers begäran. Testerna har visat att DHCP-framtvingning är en bra och enkel lösning för John Bauers trådade klienter. NAP-funktionen 802. 1x- framtvingning var en större utmaning dock, och blev inte lyckad. Utbudet av information om NAP är än för knapphändig och vi anser därför att inte bara 802.1x framtvingning inte är redo för implementation, utan även framtvingning med DHCP.</p> Network Access Control NAC Network Access Protection NAP 802.1x DHCP EAP Intern säkerhet Computer engineering Datorteknik
294	CONTROLE DE ACESSO A RECURSOS COMPUTACIONAIS DE FORMA FLEXÍVEL E DINÂMICA ATRAVÉS DE CONTEXTO / ACCESS CONTROL TO COMPUTER RESOURCES IN A FLEXIBLE AND DYNAMIC THROUGH CONTEXT Bandeira, Junior Marcos 30 March 2010 (has links) Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / A model of access control aims to limit the actions that a User can have legitimate in a system. Its purpose is to improve security by ensuring the properties of integrity and confidentiality. The model of access control is considered standard based on profiles or roles. The profiles are functions that the User can exercise and access permissions to objects are associated with a profile according to their function. The model-based profiles can not take into account aspects of the environment where the access occurs, it limits the possibilities of establishing policies for the most comprehensive security accompanying the scenario of technological change. Models that extend the model-based profiles have been proposed, there are settings in them that make possible the mapping of the environment where the access occurs, also called context, however, there is no consensus on the representation of context and security policies demonstrated by definitions of these models are specific to their use cases. This work presents a model based access control in context expressions CABEC. This model has definitions based on models that extend the model based on profiles, however, shows the construction of security policies for different domains. Security policies built with the CABEC take into account dynamic information environment and their combinations. These aspects are important because they increase the wealth of security policies and flexibility in its construction. The dynamic aspects of context refers to information the moment of interaction, are given as time intervals, number of simultaneous access, physical access, location. The aspect of flexibility in policy construction comes from the possibility of the security manager to choose the amount of rules and combinations thereof, can build a policy that takes into account the rule of office hours combined with the role that the subject is exerting at the time, or simply considering a rule that takes into account only its location. With a model of access control that takes into account dynamic information and their combination increases the security and, consequently, the gain in productivity in relation to ownership of availability of services, data and computing resources. / Um modelo de controle de acesso tem o objetivo de limitar as ações que um usuário legítimo pode exercer em um sistema. Sua finalidade é melhorar a segurança garantindo as propriedades de integridade e confidencialidade. O modelo de controle de acesso considerado padrão é o baseado em perfis ou papéis. Os perfis são funções que o usuário pode exercer e as permissões de acesso a objetos são associadas a um perfil de acordo com a sua função. O modelo baseado em perfis não consegue levar em conta aspectos do ambiente onde ocorre o acesso, isso limita as possibilidades de construção de políticas de segurança mais abrangentes que acompanhem o cenário da evolução tecnológica. Modelos que estendem do modelo baseado em perfis foram propostos, neles existem definições que tornam possível o mapeamento do ambiente onde ocorre o acesso, também chamado de contexto, porém, não existe um consenso em relação à representação do contexto e as políticas de segurança demonstradas pelas definições desses modelos são específicas para seus casos de uso. Esse trabalho apresenta um modelo de controle de acesso baseado em expressões de contexto CABEC. Tal modelo possui definições baseadas nos modelos que estendem o modelo baseado em perfis, porém, demonstra a construção de políticas de segurança para domínios diferentes. As políticas de segurança construídas com o CABEC levam em consideração informações dinâmicas do ambiente e suas combinações. Esses aspectos são importantes, pois aumentam a riqueza das políticas de segurança e a flexibilidade na sua construção. Os aspectos dinâmicos do contexto se referem a informações do instante da interação, são dados como intervalos de tempo, quantidade de acessos simultâneos, meio físico de acesso, localização. O aspecto da flexibilidade na construção das políticas vem da possibilidade do gerente de segurança escolher a quantidade de regras e suas combinações, pode construir uma política que leve em conta a regra de horário de expediente combinada com a função que o sujeito está exercendo naquele momento, ou simplesmente considerar uma regra que leva em conta somente sua localização. Com um modelo de controle de acesso que leva em conta informações dinâmicas e suas combinações aumenta-se a segurança e, conseqüentemente, se ganha em produtividade em relação à propriedade de disponibilidade de serviços, dados e recursos computacionais. Controle de acesso Contexto Segurança Access control Context Security
295	Protection obligatoire des serveurs d’applications Web : application aux processus métiers / Mandatory protection of Web applications servers : usage for the workflow environments Fonda, Maxime 21 May 2014 (has links) Dans cette thèse, nous nous intéressons au contrôle d’accès obligatoire dans les serveurs d’applications Web. Nous présentons une approche de protection obligatoire fondée sur un modèle abstrait d’applications Web. Les modèles d’applications Web existants, comme par exemple SOA peuvent être représentés par ce modèle abstrait d’application. Notre protection obligatoire s’appuie sur un langage de protection dédié permettant d’exprimer les besoins en terme de contrôle d’accès au sein d’un serveur d’application Web. Ce langage de protection utilise notre modèle d’application pour contrôler de manière efficace les accès des sujets aux objets de l’applications Web. Nous établissons également une méthode de calcul automatisé des politiques de sécurité qui facilite donc l’administration de la protection obligatoire proposée. Une implémentation sur des environnements Microsoft basés sur le serveur Web IIS et le canevas .Net est présentée. La solution est indépendante des applications Web protégées car elle repose sur l’utilisation d’un adaptateur applicatif pour s’interfacer avec n’importe quelle application. Celle-ci est fonctionnelle sur des environnements de workflow de la société QualNet ayant co-financée cette thèse. Les expérimentations menées montrent que notre protection obligatoire supporte des environnements à grande échelle et impose une élévation faible du temps de traitement, de l’ordre de 5%, qui diminue lorsque la taille des applications augmente. / This thesis focuses on mandatory access control in Web applications server. We present a novel approach of mandatory protection based on an abstract Web application model. Existing models of Web applications such as SOA fit with our abstract model. Our mandatory protection uses a dedicated language that allows to express the security requirements of a Web application. This dedicated protection language uses our Web application model to control efficiently the accesses of the subjects to the objects of a Web application. We establish a method to automatically compute the requested security policies facilitating thus the administration of the mandatory protection. An implementation on Microsoft-based environments uses the IIS Web server and the .Net Framework. The solution is independent from the Web applications to protect since it uses an application adaptor to interface our mandatory protection with the applications. This implementation is fully running on the workflow environments from the QualNet society, that cofunded this Ph.D thesis. Experiments show that our mandatory protection supports large scale environments since the overhead is near to 5 % and decreases when the size of the application increases. Sécurité Contrôle d’accès Serveurs Web Protection obligatoire Workflows Security Access control Web servers Mandatory protection Workflows
296	Improving the Security of Building Automation Systems Through an seL4-based Communication Framework Habeeb, Richard 22 March 2018 (has links) Existing Building Automation Systems (BASs) and Building Automation Networks (BANs) have been shown to have serious cybersecurity problems. Due to the safety-critical and interconnected nature of building subsystems, local and network access control needs to be finer grained, taking into consideration the varying criticality of applications running on heterogeneous devices. In this paper, we present a secure communication framework for BASs that 1) enforces rich access control policy for operating system services and objects, leveraging a microkernel-based architecture; 2) supports fine-grained network access control on a per-process basis; 3) unifies the security control of inter-device and intra-device communication using proxy processes; 4) tunnels legacy insecure communication protocols (e.g., BACnet) through a secure channel, such as SSL, in a manner transparent to legacy applications. We implemented the framework on seL4, a formally verified microkernel. We conducted extensive experiments and analysis to compare the performance and effectiveness of our communication systems against a traditional Linux-based implementation of the same control scenario. Our experiments show that the communication performance of our system is faster or comparable to the Linux-based architecture in embedded systems. Cyber Physical Systems Cybersecurity of Smart Buildings High-Assurance Systems Microkernel Access Control Mechanisms Computer Sciences
297	Distributed authentication for resource control Burdis, Keith Robert January 2000 (has links) This thesis examines distributed authentication in the process of controlling computing resources. We investigate user sign-on and two of the main authentication technologies that can be used to control a resource through authentication and providing additional security services. The problems with the existing sign-on scenario are that users have too much credential information to manage and are prompted for this information too often. Single Sign-On (SSO) is a viable solution to this problem if physical procedures are introduced to minimise the risks associated with its use. The Generic Security Services API (GSS-API) provides security services in a manner in- dependent of the environment in which these security services are used, encapsulating security functionality and insulating users from changes in security technology. The un- derlying security functionality is provided by GSS-API mechanisms. We developed the Secure Remote Password GSS-API Mechanism (SRPGM) to provide a mechanism that has low infrastructure requirements, is password-based and does not require the use of long-term asymmetric keys. We provide implementations of the Java GSS-API bindings and the LIPKEY and SRPGM GSS-API mechanisms. The Secure Authentication and Security Layer (SASL) provides security to connection- based Internet protocols. After finding deficiencies in existing SASL mechanisms we de- veloped the Secure Remote Password SASL mechanism (SRP-SASL) that provides strong password-based authentication and countermeasures against known attacks, while still be- ing simple and easy to implement. We provide implementations of the Java SASL binding and several SASL mechanisms, including SRP-SASL. Computers -- Access control Data protection Computer networks -- Security measures
298	Processus sécurisés de dématérialisation de cartes sans contact / Secure processes of dematerialization of contactless cards Bouazzouni, Mohamed Amine 08 November 2017 (has links) Au fil des années, la technologie sans contact NFC s'est imposée dans notre quotidien au travers des différents services proposés. Les cas d'utilisation sont nombreux allant des cartes de fidélité, des cartes de transport, des cartes de paiement sans contact jusqu'aux cartes de contrôle d'accès. Cependant, les premières générations des cartes NFC ont une sécurité minimale reposant sur l'hypothèse de leur non-clonabilité. De multiples vulnérabilités ont été découvertes et leur exploitation a permis des copies frauduleuses. Afin de remédier à ces vulnérabilités, une nouvelle génération de cartes à la sécurité augmentée a vu le jour. Ces cartes permettent une authentification avec un lecteur basée sur des algorithmes de chiffrements symétriques tels qu'AES, DES, et 3DES. Elles sont plus robustes que la première génération mais ont subi des également une attaque en reverse-engineering. Pour garantir et améliorer le niveau de sécurité du système de contrôle d'accès, nous proposons dans le cadre de l'opération neOCampus, la dématérialisation sécurisée de la carte sans contact sur un smartphone muni de la technologie NFC. Cette dématérialisation nous permet d'exploiter la puissance de calcul et la capacité de stockage du smartphone afin de déployer des algorithmes d'authentification plus robustes. Cependant, l'OS du smartphone ne peut être considéré comme un environnement de confiance. Afin de répondre à la problématique du stockage et du traitement sécurisés sur un smartphone, plusieurs solutions ont été proposées : les Secure Elements (SE), les Trusted Platform Module (TPM), les Trusted Execution Environment (TEE) et la virtualisation. Afin de stocker et de traiter de manière sécurisée les données d'authentification, le TEE apparait comme la solution idéale avec le meilleur compromis sécurité/performances. Cependant, de nombreux smartphones n'embarquent pas encore de TEE. Pour remédier à cette contrainte, nous proposons une architecture basée sur l'utilisation de TEEs déportés sur le Cloud. Le smartphone peut le contacter via une liaison Wi-Fi ou 4G. Pour se faire, un protocole d'authentification basé sur IBAKE est proposé. En plus de ce scénario nominal, deux autres scenarii complémentaires ont été proposés permettant d'accompagner le développement et la démocratisation des TEE non seulement dans le monde des smartphones mais aussi sur des dispositifs peu onéreux comme le Raspberry Pi 3. Ces architectures déploient le même algorithme d'authentification que le scénario nominal. Nous proposons aussi une architecture hors ligne permettant à un utilisateur de s'authentifier à l'aide d'un jeton de connexion en cas d'absence de réseaux sans fil. Cette solution permet de relâcher la contrainte sur la connectivité du smartphone à son Cloud. Nous procédons à une évaluation de l'architecture de dématérialisation et de l'algorithme d'authentification en terme de performances et de sécurité. Les opérations cryptographiques du protocole d'authentification sont les plus coûteuses. Nous avons alors procédé à leur évaluation en nous intéressant en particulier aux opérations de chiffrement IBE et à la génération de challenges ECC. Nos implémentations ont été évaluées pour l'infrastructure Cloud et l'environnement mobile. Nous avons ensuite procédé à une validation du protocole d'authentification sur les trois architectures sélectionnées à l'aide de l'outil Scyther. Nous avons montré, que pour les trois scenarii, la clé de session négociée via le protocole d'authentification restait secrète durant tout le protocole. Cette caractéristique nous garantit que les données d'authentification chiffrées avec cette clé resteront secrètes et que la phase d'identification de la personne est protégée tout en préservant l'ergonomie du système existant. / Over the years, the Near Field Communication technology has emerged in our daily lives through a variety of services. There are several use cases for contactless cards : loyalty cards, metro and bus cards, payment cards and access control cards. However, the first version of these cards has a low security level that is based on the assumption that the cards can not be cloned. To address this issue, a new version of NFC cards has been developed. It allows an authentication with the NFC reader through symmetric encryption algorithms such as AES, DES or 3DES. These cards are more robust that the previous ones. However, these cards have also undergone a reverseengineering attack. We propose, in the context of the neOCampus project, to replace the contactless cards with a smartphone equipped with the NFC capabilities. This process, called dematerialization, allows us to take advantage of the computational power and the storage capabilities of the smartphone to deploy more complex and robust authentication algorithms. However, the OS of the smartphone can not be considered as a trusted environment for the storage and the processing of sensitive data. To address these issues, several solutions were proposed : Secure Elements (SE), Trusted Platform Module (TPM), Trusted Execution Environment (TEE) and Virtualization. In order to store and process securely authentication data, the TEE seems to be the best trade-off between security and performances. Nevertheless, many smartphones do not embeed TEE and it is necessary to negotiate agreements with the TEE manufacturers in order to deploy a secure application on it. In order to figure out these issues, we propose to set up an architecture with a TEE in the Cloud. The smartphone has a secure Cloud that can be reached through a Wi-Fi or 4G connection. The reader has also its own secure Cloud reachable with an Ethernet link. An authentication protocol based on IBAKE is also proposed. In addition to this scenario, two other scenarios were proposed to follow the development and democratization of the TEE on the smartphones and on some inexpensive devices such as Raspberry Pi 3. These alternative architectures deploy the same authentication protocol as the main scenario. We propose an offline architecture allowing a user to authenticate using a connection token. This solution relaxes the connectivity constraint between the smartphone and its secure Cloud. We perform an evaluation of our architecture and of the authentication algorithm in terms of performances and security. The cryptographical operations of the authentication protocol are the most consuming operations in term of performance. We have chosen to target these operations especially the encryption with the IBE and the ECC challenges generation. Our implementations have been evaluated for a Cloud infrastructure and a mobile-like environment. We also perform a formal verification of the authentication protocol through the three considered architectures with Scyther. We showed that, for the three scenarios, that the session key negotiated through the authentication protocol remains secret during the overall execution of the protocol. These characteristic guarantee that the authentication data encrypted with this key will remain secret and that this step of the algorithm will be secure while preserving the ergonomy of the existing system. TEE Dématérialisation Contrôle d'accès Authentication NFC Cloud sécurisé TEE Dematerializaion Access control Authentication NFC Secure Cloud
299	Privacy-Preserving Mobile Crowd Sensing January 2016 (has links) abstract: The presence of a rich set of embedded sensors on mobile devices has been fuelling various sensing applications regarding the activities of individuals and their surrounding environment, and these ubiquitous sensing-capable mobile devices are pushing the new paradigm of Mobile Crowd Sensing (MCS) from concept to reality. MCS aims to outsource sensing data collection to mobile users and it could revolutionize the traditional ways of sensing data collection and processing. In the meantime, cloud computing provides cloud-backed infrastructures for mobile devices to provision their capabilities with network access. With enormous computational and storage resources along with sufficient bandwidth, it functions as the hub to handle the sensing service requests from sensing service consumers and coordinate sensing task assignment among eligible mobile users to reach a desired quality of sensing service. This paper studies the problem of sensing task assignment to mobile device owners with specific spatio-temporal traits to minimize the cost and maximize the utility in MCS while adhering to QoS constraints. Greedy approaches and hybrid solutions combined with bee algorithms are explored to address the problem. Moreover, the privacy concerns arise with the widespread deployment of MCS from both the data contributors and the sensing service consumers. The uploaded sensing data, especially those tagged with spatio-temporal information, will disclose the personal information of the data contributors. In addition, the sensing service requests can reveal the personal interests of service consumers. To address the privacy issues, this paper constructs a new framework named Privacy-Preserving Mobile Crowd Sensing (PP-MCS) to leverage the sensing capabilities of ubiquitous mobile devices and cloud infrastructures. PP-MCS has a distributed architecture without relying on trusted third parties for privacy-preservation. In PP-MCS, the sensing service consumers can retrieve data without revealing the real data contributors. Besides, the individual sensing records can be compared against the aggregation result while keeping the values of sensing records unknown, and the k-nearest neighbors could be approximately identified without privacy leaks. As such, the privacy of the data contributors and the sensing service consumers can be protected to the greatest extent possible. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2016 Computer science access control data security mobile crowd sensing privacy preservation
300	Scheduled Medium Access Control in Mobile Ad Hoc Networks January 2013 (has links) abstract: The primary function of the medium access control (MAC) protocol is managing access to a shared communication channel. From the viewpoint of transmitters, the MAC protocol determines each transmitter's persistence, the fraction of time it is permitted to spend transmitting. Schedule-based schemes implement stable persistences, achieving low variation in delay and throughput, and sometimes bounding maximum delay. However, they adapt slowly, if at all, to changes in the network. Contention-based schemes are agile, adapting quickly to changes in perceived contention, but suffer from short-term unfairness, large variations in packet delay, and poor performance at high load. The perfect MAC protocol, it seems, embodies the strengths of both contention- and schedule-based approaches while avoiding their weaknesses. This thesis culminates in the design of a Variable-Weight and Adaptive Topology Transparent (VWATT) MAC protocol. The design of VWATT first required answers for two questions: (1) If a node is equipped with schedules of different weights, which weight should it employ? (2) How is the node to compute the desired weight in a network lacking centralized control? The first question is answered by the Topology- and Load-Aware (TLA) allocation which defines target persistences that conform to both network topology and traffic load. Simulations show the TLA allocation to outperform IEEE 802.11, improving on the expectation and variation of delay, throughput, and drop rate. The second question is answered in the design of an Adaptive Topology- and Load-Aware Scheduled (ATLAS) MAC that computes the TLA allocation in a decentralized and adaptive manner. Simulation results show that ATLAS converges quickly on the TLA allocation, supporting highly dynamic networks. With these questions answered, a construction based on transversal designs is given for a variable-weight topology transparent schedule that allows nodes to dynamically and independently select weights to accommodate local topology and traffic load. The schedule maintains a guarantee on maximum delay when the maximum neighbourhood size is not too large. The schedule is integrated with the distributed computation of ATLAS to create VWATT. Simulations indicate that VWATT offers the stable performance characteristics of a scheduled MAC while adapting quickly to changes in topology and traffic load. / Dissertation/Thesis / Ph.D. Computer Science 2013 Computer science adaptation medium access control mobile wireless networks topology transparent variable weight schedules

Search results