Distributed Multiple Access and Service Differentiation Algorithms for Wireless Networks

Nilsson, Thomas

January 2008

Communicating over a wireless channel poses many unique challenges not found in wired communication because of the special characteristics of the wireless channel. The capacity in a wireless network is typically scarce as a result of the limited bandwidth and many distinct phenomenons, like attenuation and interference, that work destructively on the received signals. The Medium Access Control (MAC) layer is responsible for sharing this limited resource among the users. This allocation problem should be handled by considering the Quality of Service (QoS) requirements of each user as to maximize the utility. Efficient MAC algorithms are crucial in minimizing collisions between transmissions and thus achieving high utilization of the channel. This thesis focuses on conflict resolution and service differentiation algorithms for wireless local area networks, where there is no central control of the channel and each sender independently contends for access. In part I, we study three approaches to improve the IEEE 802.11(e) standards with focus on QoS. In the first approach, utility functions are considered, that model application preferences, to achieve service differentiation and maximize the aggregated utility. We provide algorithms for two subsidiary problems that arise from the maximization problem, and show that a near--optimal solution is found. In the second approach a collision detection algorithm for multicast transmissions is proposed, that increases the reliability for multicast compared to the protected unicast traffic. The third approach is an improved MAC algorithm for the QoS standard IEEE 802.11e. The improved algorithm outperforms the standard and achieves close to optimal performance for large number of scenarios, which significantly reduces the need of adjusting the contention parameters. In part II, we focus on channel bursting protocols that use noise bursts to resolve channel conflicts. These protocols is capable of achieving very low collision probability. We propose two new bursting protocols, that achieve very high channel utilization, and show that the bursting technique has good fairness properties and provides efficient support for service differentiation. We also show that it is possible to reduce the number of bursts without loosing performance. In part III, the optimal backoff distribution that minimizes the collision probability is derived. We then propose a heuristic backoff distribution with similar properties that yields high channel utilization. An extension for service differentiation is provided where the sizes of the backoff windows are adjusted.

Wireless Local Area Networks

Medium Access Control

Quality of Service

Resource Allocation

IEEE 802.11

IEEE 802.11e

Datatransmission

Datatransmission

Guessing And Compression : A Large Deviations Approach

Hanawal, Manjesh Kumar

02 1900

The problem of guessing a random string is studied. It arises in the analysis of the strength of secret-key cryptosystems against guessing attacks. Expected number of guesses, or more generally moments of the number of guesses needed to break the cryptosystem grow exponentially with the length of the string. This thesis studies the rate of exponential growth of these moments using the theory of large deviations. A closer elation between guessing and compression is first established. For systems with large key rates, it is shown that if the source’s sequence of so-called information spectrum random variables satisfies the large deviation property with a certain rate function, then the limiting guessing exponent exists and is a scalar multiple of the Legendre-Fenchel dual of the rate function. This is then used to rederive several prior results. The large deviations approach brings to light the relevance of information spectrum in determining guessing exponents. For systems with key-rate constraints, bounds are derived on the limiting guessing exponents for general sources. The obtained bounds are shown to be tight for stationary memoryless, Markov, and unifilar sources, thus recovering some known results. The bounds are obtained by establishing a close relationship between error exponents and correct decoding exponents for fixed rate source compression on the one hand and exponents for guessing moments on the other.

Cryptography

Access Control

Random String

Compression Of Information

Information Theory

Coding Theory

Large Deviations Theory

Guessing and Compression

Computer Science

Security Infrastructure and Applicationsfor Mobile Agents

Shibli, Awais

January 2010

Research areas of this dissertation are security for mobile agents, for applications based on mobile agents, and for distributed network environments in which mobile agents execute. Mobile agents paradigm has captured researchers’ and industry’s interests long time ago because of its innovative capabilities and attractive applications. The ability of mobile agents to autonomously migrate from host to host, transferring their code and internal state, enables them to accomplish tasks in network and distributed environments more conveniently, robustly, and efficiently than traditional client-server applications. But, in spite of significant benefits of the mobile agent paradigm, the technology is still mainly in a research domain and so far it has not been adopted on a large scale by the industry and users. One of the reasons for that is security related issues and security concerns. Current research in the area of mobile agents’ security is focused mainly on protection and security of agents and agents’ runtime platforms. But most of the currently available mobile agent systems do not support comprehensive security requirements for a general mobile agents paradigm. Therefore, there is a need for a complete and comprehensive security infrastructure for mobile agents, not only in the form of security services and mechanisms for agents’ runtime execution, but also as a complete set of infrastructural components, along with methodology for creation, classification, adoption, and validation of mobile agents before their deployment in real-environments. In addition, protection of mobile agents code and their baggage during execution is also needed. The lack of such concept, infrastructure and security solutions is hindrance for wider adoption of mobile agent systems at the time of this research. In our research, we solve these comprehensive requirements with solutions that can be classified in two groups: The first group is solutions for designing, implementation and deployment of a security infrastructure for mobile agents, along with methodology for secure deployment and execution of mobile agents. The proposed infrastructure for mobile agents is based on a methodology for creation, classification and validation of trusted mobile agents. It includes security architecture for publishing, discovery and adoption of mobile agents. Moreover, it provides integrated system for mobile agent deployment that supports launching, authorization and execution of mobile agents. Mobile agents execution is based on a protective approach, as compared to traditional detective or preventive methods, that not only provides code protection, but code execution and data privacy as well. The second group is solutions for use of security infrastructure and, in particular, secure and trusted mobile agents for real-life applications. The main result in this group is the design and implementation of a network intrusion detection and prevention system based on mobile agents. The system efficiently solves several problems of existing IDS/IPS. It can detect new vulnerabilities before they are exploited by hackers, it can process and filter large volumes of log entries, it reacts to intrusions in real–time, it provides protection against unknown attacks, it supports and improves commercial IDS/IPS products, and it also efficiently handles software patches. The system not only improves use of existing popular IDS/IPS, but it also eliminates several of their core problems. In addition, it is self–protected by full encryption, both of mobile agents and their execution platforms, and therefore not vulnerable to attacks against its own components and resources. / QC20100525

Mobile Agents Security

Access Control

Network Security

Trusted Mobile Agents

Statistics, computer and systems science

Statistik, data- och systemvetenskap

Automatic speaker verification on site and by telephone: methods, applications and assessment

Melin, Håkan

January 2006

Speaker verification is the biometric task of authenticating a claimed identity by means of analyzing a spoken sample of the claimant's voice. The present thesis deals with various topics related to automatic speaker verification (ASV) in the context of its commercial applications, characterized by co-operative users, user-friendly interfaces, and requirements for small amounts of enrollment and test data. A text-dependent system based on hidden Markov models (HMM) was developed and used to conduct experiments, including a comparison between visual and aural strategies for prompting claimants for randomized digit strings. It was found that aural prompts lead to more errors in spoken responses and that visually prompted utterances performed marginally better in ASV, given that enrollment data were visually prompted. High-resolution flooring techniques were proposed for variance estimation in the HMMs, but results showed no improvement over the standard method of using target-independent variances copied from a background model. These experiments were performed on Gandalf, a Swedish speaker verification telephone corpus with 86 client speakers. A complete on-site application (PER), a physical access control system securing a gate in a reverberant stairway, was implemented based on a combination of the HMM and a Gaussian mixture model based system. Users were authenticated by saying their proper name and a visually prompted, random sequence of digits after having enrolled by speaking ten utterances of the same type. An evaluation was conducted with 54 out of 56 clients who succeeded to enroll. Semi-dedicated impostor attempts were also collected. An equal error rate (EER) of 2.4% was found for this system based on a single attempt per session and after retraining the system on PER-specific development data. On parallel telephone data collected using a telephone version of PER, 3.5% EER was found with landline and around 5% with mobile telephones. Impostor attempts in this case were same-handset attempts. Results also indicate that the distribution of false reject and false accept rates over target speakers are well described by beta distributions. A state-of-the-art commercial system was also tested on PER data with similar performance as the baseline research system. / QC 20100910

speaker recognition

speaker verification

speech technology

biometrics

access control

speech corpus

variance estimation

Information and language technology

Informations- och språkteknologi

Computer security and the bank security officer : "You are required to render it secure"

Glavin, Howard E.

03 June 2011

This thesis has taken an in-depth look into bank computer security, the bank security officer, and "The 1968 Bank Protection Act."To accomplish this, a questionnaire was developed and furnished to all bank members of the Indiana Bankers Association to be responded to by the bank security officers. This document was based on the premise that this bank officer is ill-trained, overworked by unrelated duties, and generally not interested in security."The 1968 Bank Protection Act" made this officer's position a legal requirement to maintain its banking operation and charged this officer with certain duties.The resultant responses verified the original hypothesis and showed a need for future training.This thesis shows the profile of, a computer criminal and also some cases to illustrate the type and scope of criminal ventures related to bank computer facilities. This was all coupled with an analysis of the law as it applies and offers a training vehicle to bring this officer up to a level of competency in this field.Ball State UniversityMuncie, IN 47306

Computers -- Access control.

Banks and banking -- Security measures.

Ball State University. Thesis (M.S.)

Energy-Efficient Tree Splitting Algorithm in Wireless Sensor Networks

Shiau, You-cheng

25 July 2007

In this thesis, we propose a power saving strategy based on tree splitting algorithm in wireless sensor network with multiple packet reception. We concentrate on the case that maximum queue size is 1. We derive both analytical results and simulation results. We use theory of Markov chain to analyze the evolution of the system state. In addition, we propose to use Renewal theory to calculate the throughput. Furthermore, we obtain the average system size, the packet blocking probability, and the average packet delay. Because the network model is distributed, we can¡¦t understand the state of network all the time. So we use the length of last collision resolution cycle to predict the length of next cycle, and determine the sleeping time by the predicted length of next cycle to implement power saving. At last we will use the simulation result to show the performance of our power saving strategy.

wireless local area networks

medium access control

multiple packet reception

tree splitting algorithm

power saving

Markov chain

Implementation Of Database Security Features Using Bit Matrices

Gopal, K

04 1900

Information security is of utmost concern in a multiuser environment. The importance of security is felt much more with the widespread use of distributed database. Information is by itself a critical resource of an enterprise and thus the successful operation of an enterprise demands that data be made accessible only by authorized users and that the data be made to reflect the state of the enterprise. Since many databases are online, accessed by multiple users concurrently, special mechanisms are needed to insure integrity and security of relevant information, This thesis describes a model for computer database security that supports a wide variety of security policies. The terms security policies and security mechanism are presented in Chapter I. The interrelated topics of security and integrity are discussed in some detail. The importance and means of insuring security of information is also presented in this chapter. In Chapter 2, the work done In the field of Computer Security and related topic has been presented. In general computer security models could be classified broadly under the two categories. (1) Models based on Access Control Matrix and (2) Models based on Information Flow Control. The development of the models baaed on the above two schemes as also the policies supported by some of the schemes are presented in this chapter. A brief description of the work carried out in database security as aim the definition of related terns are given in Chapter 3. The interrelationship between the operating system security and database security is also presented in this chapter. In general the database security mechanism depends on the existing operating system. The database security mechanism are thus only as strong as the underlying operating system on which it is developed. The various schemes used for implementing database security such as access controller and capability lists are described in this chapter. In Chapter 4, a model for database security has been described. The model provides for: (a) Delegation of access rights by a user and (b) Revocation of access rights previously granted by a user. In addition, algorithms for enforcing context dependent and content dependent rules are provided in this cheer. The context-dependent rules are stored in the form of elements of a bit matrix. Context-dependent rules could then be enforced by suitably manipulating the bit matrix and interpreting the value of me elements of the matrix, The major advantage of representing the rules using bit matrices is that the matrix itself could be maintalnet3 in main memory. The time taken to examine if a user is authorized to access an object is drastically reduced because of the reduced time required to inspect main memory. The method presented in this chapter, in addition to reducing the time requirement for enforcing security also presents a method for enforcing decentralized authorization control, a facility that is useful in a distributed database environment. Chapter 5 describes a simulation method that is useful for comparing the various security schemes. The tasks involved in the simulation are – 1. Creation of an arrival (job). 2. Placing the incoming job either in the wait queue or in the run state depending on the type of access needed for: the object. 3. Checking that the user on whose behalf the job is being executed is authorized to access the object in the mode requested. 4. Checking for the successful completion of the job and termination of the job. 5. Collection of important parameters such as number of jobs processed, average connect time. Simulation was carried out for timing both the access controller scheme and bit matrix scheme, The results of the simulation run bear the fact that the bit matrix scheme provides a faster method Six types of access were assumed to be permissible, three of the access types requiring shared lock and the rest requiring exclusive locks on the objects concerned, In addition the only type of operation allowed was assumed to be for accessing the objects. It is be noted that the time taken to check for security violation is but one of the factors for rating the security system. In general, various other factors such as cost of implementing the security system, the flexibility that offers enforcing security policies also have to be taken into account while comparing the security systems. Finally, in Chapter 6, a comparison of the security schemes are made. In conclusion the bit matrix approach is seen to provide the following features. (a) The time required to check if an access request should be honoured is very small. (b) The time required to find a11 users accessing an object viz, accountability is quite small. (c) The time required to find all objects accessible by a user is also quite small. (dl The scheme supports both decentralized and centralized authorization control. (e) Mechanism for enforcing delegation of access rights and revocation of access rights could be built in easily. ( f ) The scheme supports content-dependent, context-dependent controls and also provides a means for enforcing history-dependent control. Finally, some recommendations for further study in the field of Computer Database Security are presented.

Computer and Information Science

Computer Security

Database Security

Information Flow Control

Access Control Model

Security Policies

Simulation Process

Bit matrix

Design and performance evaluation of a new spatial reuse firewire protocol [electronic resource] / by Vijay Chandramohan.

Chandramohan, Vijay.

January 2003

Title from PDF of title page. / Document formatted into pages; contains 84 pages. / Thesis (M.S.C.S.)--University of South Florida, 2003. / Includes bibliographical references. / Text (Electronic thesis) in PDF format. / ABSTRACT: New generations of video surveillance systems are expected to possess a large-scale network of intelligent video cameras with built-in image processing capabilities. These systems need to be tethered for reasons of bandwidth and power requirements. To support economical installation of video cameras and to manage the huge volume of information flow in these networks, there is a need for new shared-medium daisy-chained physical and medium access control (bus arbitration) layer communication protocols. This thesis describes the design principles of Spatial reuse FireWire Protocol (SFP), a novel request/grant bus arbitration protocol, architected for an acyclic daisy-chained network topology. SFP is a new extension of the IEEE 1394b FireWire architecture. / ABSTRACT: SFP preserves the simple repeat path functionality of FireWire while offering two significant advantages: 1) SFP supports concurrent data transmissions over disjoint segments of the network (spatial reuse of bandwidth), which increases the effective throughput and 2) SFP provides support for priority traffic, which is necessary to handle real-time applications (like packet video), and mission critical applications (like event notifications between cameras) that have strict delay and jitter constraints. The delay and throughput performance of FireWire and SFP were evaluated using discrete-event queuing simulation models built with the CSIM-18 simulation library. Simulation results show that for a homogeneous traffic pattern SFP improves upon the throughput of IEEE 1394b by a factor of 2. For a traffic pattern typical of video surveillance applications, throughput increases by a factor of 7. / ABSTRACT: Simulation results demonstrate that IEEE 1394b asynchronous stream based packet transactions offer better delay performance than isochronous transactions for variable bit rate video like MPEG-2 and MPEG-4. SFP extends this observation by supporting priority traffic. QoS for packet video is provided in SFP by mapping individual asynchronous stream packets to the three priority classes. / System requirements: World Wide Web browser and PDF reader. / Mode of access: World Wide Web.

sensor networks.

video surveillance.

bus arbitration.

medium access control.

ieee 1394b.

Performance Enhancement Using Cross Layer Approaches in Wireless Ad Hoc Networks

Khallid, Murad

01 January 2011

Ad hoc network is intrinsically autonomous and self-configuring network that does not require any dedicated centralized management. For specialized applications such as, military operations, search-and-rescue missions, security and surveillance, patient monitoring, hazardous material monitoring, 4G (4th Generation) coverage extension, and rural communication; ad hoc networks provide an intelligent, robust, flexible and cost effective solution for the wireless communication needs. As in centralized wireless systems, ad hoc networks are also expected to support high data rates, low delays, and large node density in addition to many other QoS (Quality of Service) requirements. However, due to unique ad hoc network characteristics, spectrum scarcity, computational limit of current state-of-the-art technology, power consumption, and memory; meeting QoS requirements is very challenging in ad hoc networks. Studies have shown cross layer to be very effective in enhancing QoS performance under spectrum scarcity and other constraints. In this dissertation, our main goal is to enhance performance (e.g., throughput, delay, scalability, fairness) by developing novel cross layer techniques in single-hop single channel general ad hoc networks. Our dissertation mainly consists of three main sections. In the first section, we identify major challenges intrinsic to ad hoc networks that affect QoS performance under spectrum constraint (i.e., single channel). In the later parts of the dissertation, we investigate and propose novel distributed techniques for ad hoc networks to tackle identified challenges. Different from our main goal, albeit closely related; in the first section we propose a conceptual cross layer frame work for interaction control and coordination. In this context, we identify various functional blocks, and show through simulations that global and local perturbations through parametric correlation can be used for performance optimization. In the second section, we propose MAC (Medium Access Control) scheduling approaches for omni-directional antenna environment to enhance throughput, delay, scalability and fairness performance under channel fading conditions. First, we propose a novel cooperative ratio-based MAC scheduling scheme for finite horizon applications. In this scheduling scheme, each node cooperatively adapts access probability in every window based on its own and neighbors` backlogs and channel states to enhance throughput, scalability and fairness performance. Further, in the second section, we propose two novel relay based MAC scheduling protocols (termed as 2rcMAC and IrcMAC) that make use of relays for reliable transmission with enhanced throughput and delay performance. The proposed protocols make use of spatial diversity due to relay path(s) provided they offer higher data rates compared to the direct path. Simulation results confirm improved performance compared to existing relay based protocols. In the third section, we make use of directional antenna technology to enhance spatial reuse and thus increase network throughput and scalability in ad hoc networks. In this section, we introduce problems that arise as a result of directional communication. We consider two such problems and propose techniques that consequently lead to throughput, delay and scalability enhancement. Specifically, we consider destination location and tracking problem as our first problem. We propose a novel neighbor discovery DMAC (Directional MAC) protocol that probabilistically searches for the destination based on elapsed time, distance, average velocity and beam-width. Results confirm improved performance compared to commonly used random sector and last sector based directional MAC protocols. Further, we identify RTS/CTS collisions as our second problem which leads to appreciable throughput degradation in ad hoc networks. In this respect, we investigate and propose a fully distributed asynchronous polarization based DMAC protocol. In this protocol, each node senses its neighborhood on both linear polarization channels and adapts polarization to enhance throughput and scalability. Throughput and delay comparisons against the basic DMAC protocol clearly show throughput, scalability and delay improvements.

cooperative scheduling

directional medium access control

polarization

Rayleigh fading

relay communication

American Studies

Arts and Humanities

Electrical and Computer Engineering

Beam-Enabled Acoustic Link Establishment (BEALE) for underwater acoustic networks

Watkins, Karen Piecara

31 October 2013

There is growing interest in developing reliable, high performance, underwater acoustic networks (UWANs). However, the acoustic communication channel, with its slow sound propagation, high signal attenuation, and low bandwidth, presents significant challenges to network designers. One advantage offered by the acoustic channel is the ability to form directional communication beams, which improve signal strength and reduce interference. The work presented here describes a novel medium access control protocol for UWANs designated Beam-Enabled Acoustic Link Establishment (BEALE). BEALE addresses the inherent challenges of the acoustic channel by incorporating two techniques: link-level scheduling and dynamic directional beam steering. BEALE neighbors exchange packets based on a link-level schedule negotiated between the two nodes. This scheduling allows nodes to steer transmit and receive beams in the appropriate direction at the appropriate time while minimizing control overhead. Using steered, directional beams increases the gain between sender and receiver, reduces the senders interference with other nodes, and, at the receiver, rejects possible interference from other nodes and noise sources common in the ocean, resulting in increased spatial reuse. The core protocol has been modeled in a UWAN simulator developed specifically for this research. The results demonstrate significant improvement in throughput and packet loss over two benchmark UWAN random access protocols when evaluated over a variety of spatial node topologies and traffic patterns. The core BEALE protocol is further enhanced herein by a Half-Duplex Sliding Window algorithm. The HDX Sliding window is shown through point-to-point simulation to markedly improve bandwidth utilization and error rate in large Bandwidth Delay Product (BDP) situations. Extension of the HDX Sliding Window to more complex multi-flow, two-way and multi-hop cases requires an additional level of communication coordination provided by the BEALE Sliding Window Scheduler presented here. The functional challenges and novel concept of the scheduler are described in detail. The BEALE protocol performance promotes a rich list of potential future research, such as rigorous characterization of the BEALE Sliding Window Scheduler, BEALE accommodation of mobile nodes, conceptual operability of a BEALE-enabled network of a central multi-beam sink node supporting large numbers of simple source nodes, and rate adaptation. / text

Underwater acoustic networks

Communication networks

Medium access control (MAC)

Beamforming

Directional beams

Link-level scheduling

Sliding window

Half-duplex link