Desenvolvimento e implantação do BDCC - banco de dados comum de credenciamento para controle de acesso pela autoridade aduaneira no porto de Santos. / Development and implementation of BDCC - Common Database Registration for Customs authority access control in port of Santos.

Abreu, Vander Serra de

27 May 2015

O presente trabalho de pesquisa demonstra o estágio atual de controle, monitoramento e registro da entrada e saída de pessoas e veículos em áreas controladas pela Alfândega da Secretaria da Receita Federal nos Portos Brasileiros, órgão máximo destacado segundo a constituição federal e a Lei 12.815 de 2013 para tal controle. Será apresentado o projeto de desenvolvimento do sistema BDCC Banco de Dados Comum de Credenciamento, sistema implantado pela Associação Brasileira de Terminais e Recintos Alfandegados ABTRA em atendimento à Portaria ALF/STS n.200 da Receita Federal do Porto de Santos que possibilitou um controle único dos acessos, com base nas portarias ALF/STS n. 73 e 200 e aperfeiçoou os processos aproveitando investimentos já realizados pelos Recintos Alfandegados no atendimento ao código internacional de proteção de navios e instalações ISPS CODE com o desenvolvimento dos sistemas SSPP, Supervia, DTe, PSP, SGTC e Portolog. / This research work demonstrates the current state control, monitoring and recording the entry and exit of people and vehicles controlled by the Customs Bureau of Internal Revenue in Brazilian Ports, the highest body highlighted áreas under federal Constitution and Law 12.815 of 2013 for such control highlighting existing systems installed using as case the Port of Santos. Will be presented the project BDCC Banco de Dados Comum de Credenciamento, system implemented by the ABTRA Brazilian Association Of terminals and Customs in compliance with Ordinance ALF/STS n.200 of Federal Revenue Port of Santos that enabled an unified control of the access based on the ALF entrances / STS n. 73 and 200 and optimized the processes leveraging the investments already made by Bonded precincts in meeting the international code of protection of ships and facilities ISPS CODE and the SSPP, DTe, PSP, SGTC and Portolog systems.

Access control

Alfândega

Controle de acesso

Customs

Database

Gerenciamento de projeto

ISPS-CODE

ISPS-Code

Port of Santos

Portos - Santos (SP)

Project management

Receita Federal

RFB

Segmentation and segregation mechanisms and models to secure the integration of Industrial control Systems (ICS) with corporate system / Mécanismes et modèles de segmentation et de ségrégation pour sécuriser l'intégration des systèmes de contrôle industriel (ICS) avec les systèmes d'entreprise

Es-Salhi, Khaoula

11 July 2019

Sécuriser des systèmes industriels, et en particulier des systèmes intégrés au système d'information, devient l'une des préoccupations les plus urgentes qui inquiètent non seulement tous les acteurs industriels mais aussi les gouvernements. Un nombre très important d'entités industrielles et d'infrastructures sont si critiques que toute cyber attaque réussie contre ces entités peut causer d'énormes dégâts aux entreprises, à l'environnement et plus gravement à la sécurité nationale et à la sûreté des personnes. Cette thèse étudie l'intégration des systèmes ICS avec les systèmes d'entreprise d'un point de vue sécurité. Notre objectif est d'étudier les vulnérabilités de sécurité des systèmes industriels intégrés et de proposer des modèles et des mécanismes pour améliorer leur sécurité et les protéger contre les attaques complexes. Après avoir réalisé une étude approfondie sur les vulnérabilités des systèmes ICS intégrés (IICS) et les solutions de sécurité existantes, nous nous sommes concentrés sur l'étude de la technique de défense en profondeur et son applicabilité aux systèmes ICS intégrés. Nous avons alors défini une nouvelle méthode générique de segmentation pour les IICS, SONICS, qui permet de simplifier la segmentation des IICS en se concentrant uniquement sur les aspects qui sont réellement significatifs pour la segmentation. Nous avons ensuite développé une version améliorée de SONICS, RIICS, une méthode de segmentation pour les systèmes IICS qui comble les lacunes de SONICS en se concentrant sur le risque en plus des spécificités techniques et industrielles. Pour compléter la méthode de segmentation, nous avons étudié les solutions de ségrégation et de contrôle d'accès. Nous avons proposé un nouveau modèle de contrôle de flux basé sur DTE (Domain Type Enforcement) pour les systèmes ICS intégrés. / Securing ICS systems, and especially integrated ones, is becoming one of the most urgent issues that disquiets not only all industrial actors but also governments. Very important number of industrial entities and infrastructures are so critical that any non contained cyber attack on these entities can cause huge damage to business, to environment and more gravely to national security and people safety.This thesis studies the integration of ICS with Corporate systems from a security standpoint. Our goal is to study integrated ICS systems security vulnerabilities and suggest models and mechanisms to improve their security and protect them against ceyberattacks. After conducting a study on the vulnerabilities of integrated ICS systems (IICS) and the existing security solutions, we focused on the study of defence in depth technique and its applicability to integrated ICS systems. We defined a new generic segmentation method for IICS, SONICS, which simplifies the segmentation of IICS by focusing only on spects that are really significant for segmentation. We next developed an improved version of SONICS, RIICS (Risk based IICS Segmentation), a segmentation method for IICS systems that fills the SONICS gaps by focusing on risk on top of technical and industrial specifications. To complement the segmentation method, we studied segregation and access control solutions. We proposed a new DTE-based l (Domain Type Enforcement) flow control model for integrated ICS systems.

Systèmes de contrôle industriel

Segmentation

Ségrégation

Contrôle d'accès

Domain-type enforcement

Integration

Industrial control systems

Segmentation

Segregation

Access control

Domain-type enforcement

004

Le couplage de données et la protection de la vie privée informationnelle sous l'article 8 de la Charte canadienne /

Arès, Sébastien

January 2005

No description available.

Statistical matching

Privacy, Right of -- Canada

應用剖面技術支援病人隱私偏好的系統框架 / An aspect-based approach to supporting patients' privacy preferences

李浩誠, Lee, Hao Cheng

Unknown Date

近來，隨著電子病歷的日漸普及，大眾對病人隱私的關注也隨之增加。在現行的醫療資訊系統 (Healthcare Information System, HIS) 中，透過適當的權限控管機制以保障電子病歷隱私是相當普遍的作法。然而，此機制並沒有考慮到病人對於隱私資訊用途的偏好不同。因此，擴充現行醫療資訊系統的權限控管機制，以處理病人隱私偏好的需求相當迫切。 針對此議題，我們認為剖面導向程式設計 (Aspect-Oriented Programming) 技術可以成為其解決方案的重要一環。本研究試著實作一個剖面導向的管理框架，在無需大幅度改寫系統的前提之下，能夠和現有的醫療資訊系統整合，達到讓病人自訂及管理隱私偏好。該框架和現行系統的關係是鬆散耦合 (loosely coupled) 的，因此，能夠輕易地用來擴充現行的系統，以便達到支援病人自定隱私偏好的目的。 / Electronic health records are getting more and more popular these days, however, concerns for patients' privacy also increase greatly. Currently, it's not unusual for Healthcare Information System (HIS) to adopt a proper access control mechanism to protect patients' electronic health records. Nonetheless, this design did not consider the requirements of supporting patients’ preferences regarding the use of their privacy information. Hence, it is desirable to extend the original access control system to handle patients' privacy preferences. For this issue, we argue that Aspect-Oriented Programming (AOP) can be an important part of the solutions. This thesis presents an aspect-based preference management framework that collects and manages patients' preferences. It can be integrated with the existing HIS to support patients' privacy preferences without rewriting from scratch. The proposed mechanisms are loosely coupled with the underlying system. It is therefore easier to use it to improve existing systems to support patients’ privacy preferences.

剖面導向技術

隱私

醫療資訊系統

權限控管

AOP

privacy

Health Information System

access control

Comparative Study of Network Access Control Technologies

Qazi, Hasham Ud Din

January 2007

<p>This thesis presents a comparative study of four Network Access Control (NAC) technologies; Trusted Network Connect by the Trusted Computing group, Juniper Networks, Inc.’s Unified Access Control, Microsoft Corp.’s Network Access Protection, and Cisco Systems Inc.’s Network Admission Control. NAC is a vision, which utilizes existing solutions and new technologies to provide assurance that any device connecting to a network policy domain is authenticated and is subject to the network’s policy enforcement. Non-compliant devices are isolated until they have been brought back to a complaint status. We compare the NAC technologies in terms of architectural and functional features they provide.</p><p>There is a race of NAC solutions in the marketplace, each claiming their own definition and terminology, making it difficult for customers to adopt such a solution, resulting in much uncertainty. The NAC paradigm can be classified into two categories: the first category embraces open standards; the second follows proprietary standards. By selecting these architectures, we cover a representative set of proprietary and open standards-based NAC technologies.</p><p>This study concludes that there is a great need for standardization and interoperability of NAC components and that the four major solution proposals that we studied fall short of the desired interoperability. With standards, customers have the choice to adopt solution components from different vendors, selecting, what is commonly referred to as the best of breed. One example for a standard technology that all four NAC technologies that we studied did adopt is the IEEE’s 802.1X port-based access control technology. It is used to control endpoint device access to the network.</p><p>One shortcoming that most NAC architectures (with the exception of Trusted Network Connect) have in common, is the lack of a strong root-of-trust. Without it, clients’ compliance measurements cannot be trusted by the policy server whose task is to assess each client’s policy compliance.</p>

NAC

Network Access Control

Trusted Platform Module

Trusted Computing Group

Trusted Network Connect

Network Access Protection

Network Admission Control

802.1X

root of trust

Computer science

Datavetenskap

Human factors and wireless network applications : more bits and better bits

Wikstrand, Greger

January 2006

I avhandlingen beskrivs ett hypotetiskt system som kan användas av mobila användare, bland andra taxichaufförer, som exempelvis vill följa en viktig fotbollsmatch. Flera faktorer ställer till problem: Ibland står bilen still och föraren har inget annat att tänka på än matchen. Ibland kör denne runt med en kund som inte vill bli störd av matchen. Dessutom kan det vara svårt att titta på rörliga bilder och köra bil samtidigt. I och med att bilen körs runt har man också olika bra anslutning till Internet vid olika tillfällen – det kan variera mellan inget alls, en dålig GSM/GPRS förbindelse (8 kbps) och en snabb WLAN anslutning (100 Mbps). I avhandlingen presenteras en tre-lagers modell som kan användas för att beskriva den här typen av applikationers kvalitet. Modellen delas in i tre lager: nätverk, applikation och användare/använding. Det sistnämnda lagret ligger utanför det tekniska systemet och definieras av att det är där de verkliga informationsutbytet sker. På applikationsnivån samlas data in, packas och packas upp i samband med nätverkstransport och visas sedan för användaren. Det är också här som eventuell interaktion sker med användaren. Nätverkslagret är ansvarigt för ändamålsenlig transport av data. De tre lagren är ömsesidigt beroende av varandra. Dålig prestanda på ettlager påverkar de andra lagren och tvärtom. Tre studier har genomförts av hur problem på nätverkslagret i form av begränsad bandbredd och hög fördöjning påverkar användarna. Låg bandbredd ger låg videokvalitet vilket inte uppskattas av användarnamnen genom att skifta till animeringar som fungerar med lägre bandbredd kan man ändå få användarna nöjda. Om användarna måste välja mellandålig videokvalitet och animeringar väljer de som ser sig som fotbollskunniga det förstnämnda och de som ser sig som okunniga men dock fotbollsfans väljer det sistnämnda. Men i en annan studie där användarna spelade bluffstopp mot varandra över ett datanätverk fick vi ett annat resultat. Där var det negativt med högre videokvalitet (bilder per sekund). En förklaring kan vara att användarna distraherades mer av högre bildfrekvens. I den tredje studien studerades vad som händer i Pong om man läggerin fördröjningar i spelet. Sedan tidigare visste man att det blir svårare attspela med fördröjningar – särskilt om man inte märker dem. Vi ställde ossfrågan om man kan kompensera för dem genom att informera användarna om dem. Det visade sig att användare som får information med i vårtfall en prediktiv visning lättare anpassar sin mentala insats till uppgiftens svårighetsgrad. Det är alltså inte bara möjligt utan ibland också önskvärt att utnyttja en lägre bandbredd från användarens perspektiv. Med det sagt finns det ändå i långt fler situationer där det är bättre med bättre nätverksprestanda. Pongspelet var roligare med lägre delay. Videon uppfattades som bättre medhögre bandbredd i den förstnämnda studien. Multicast, där ett paket skickas till flera användare i stället för att de skafå varsin, identiska paket, är ett viktigt verktyg för att få bättre prestanda i videoapplikationer. Tyvärr är det inbyggda stödet för multicast i den viktiga IEEE 802.11 standardfamiljen för trådlösa nätverk mycket outvecklat. Ettstort problem är att det inte går att veta om ett paket har kommit fram eller om det har försvunnit i en, mycket trolig, krock. Vi har vidareutvecklat och anpassat en föga känd krockdetektionsmekanism från 80-talet för använding i IEEE 802.11 nätverk. Den anpassade algoritmen kallar vi EMCD vilket är en förkortning för ‘‘Early Multicast Collision Detection’’ eller tidig krockupptäckt för multicast. Vi har presenterat en nysannolikhetsbaserad modell för att beräkna algoritmens prestanda undermaximal belastning. Modellen som har verifierats genom simuleringar kanäven användas för att beräkna optimala parametrar för algoritmen. Algoritmen har visats kraftigt reducera risken för oupptäckta kollisioner och reducerar den tid som går åt för dem. EMCD-algoritmen inspirerade till att utveckla en ytterligare algoritm som inte bara kan upptäcka utan också undvika kollisioner: PREMA som står för ‘‘Prioritized Repeated Eliminations Multiple Access’’ eller prioriterad kanal-åtkomst med upprepade eliminationer. Det finns två viktiga skillnader mellanhur de fungerar. I EMCD bygger kollisionsdetektionen på rektangelfördelade slumptal och en enda upptäcktsomgång. I PREMA används i stället geometriskt fördelade slumptal och upprepade omgångar. Effekten blir att man med stor säkerhet får en enda vinnare. även för PREMA presenteras en sannolikhetskalkylsbaserad prestandaanalys för maxlastfallet vilken stöds av simuleringar. Samma formler kan användas för att approximativt skatta prestanda i EY-NPMA som är en närliggande algoritm. Den var tänkt att använda i Hiperlan/1; en standard som aldrig fick något kommersiellt genombrott. Använder man den modell som vi presenterar i avhandlingens sista studiekan man med ganska god noggrannhet beräkna optimala parametrar för EY-NPMA med en beräkningsinsats O(mY S) mot O(mES×mY S) för tidigare kända algoritmer. / Imagine a taxi driver wanting to watch a football game while working. Events in the game cannot be predetermined, the driver's available attentional resources vary and network connections change from non-existing to excellent, so it will be necessary to develop a viewing application that can adapt to circumstances. This thesis presents a system model and sketches a framework for design and run time adaptations. The model has three layers: user/usage, application and network. Quality of service metrics are proposed for each layer. A particular emphasis is placed on the difference between the user/usage layer and the application layer. Satisfaction at the former means a job well done, a match played to your liking etc. Satisfaction at the latter means good picture quality, nice colours etc. The thesis continues by identifying and describing elements required to build the system used by the taxi driver. Three studies are presented where either bandwidth or delay are varied at the network level. Video is better the higher the bandwidth; animations can be used as a complement. They are shown to be better than low quality video but worse than high quality video for watching a football game. Better video in the form of higher frame rates turned out to be worse for playing a card game over the Internet. A possible explanation is the distraction experienced when the image is updated constantly. Another result of our studies is that users can adapt their mental effort to the actual load when given feedback on the network delay affecting a computer game. The results mentioned above show that it is possible to compensate for poor network performance. For the user, improved network performance is generally more satisfactory. Early multicast collision detection is a method for improved multicast performance in high load IEEE 802.11 networks. Prioritised repeated eliminations multiple access is a method for multicast and other traffic which can be used alone or in an IEEE 802.11 network. Probabilistic performance analysis and simulations show that both protocols drastically reduce the time spent in collisions and improve throughput compared to IEEE 802.11. Some of the formulae are applied to EY-NPMA as well; they are used to estimate performance and to estimate optimal operating parameters more efficiently than with previously known methods.

Human factors

Mobile multimedia

Access protocols

Computer network performance

Quality of service

Video conferencing

Computer games

Streaming video

Medium access control

Collision detection

Reliable multicast

Computer science

Datavetenskap

A framework for system fingerprinting

Radhakrishnan, Sakthi Vignesh

29 March 2013

The primary objective of the proposed research is to develop a framework for smart and robust fingerprinting of networked systems. Many fingerprinting techniques have been proposed in the past, however most of these techniques are designed for a specific purpose, such as Operating System (OS) fingerprinting, Access Point (AP) fingerprinting, etc. Such standalone techniques often have limitations which render them dysfunctional in certain scenarios or against certain counter measures. In order to overcome such limitations, we propose a fingerprinting framework that can combine multiple fingerprinting techniques in a smart manner, using a centralized decision making engine. We believe that any given scenario or a counter measure is less likely to circumvent a group of diverse fingerprinting techniques, which serves as the primary motivation behind the aforementioned method of attack. Another major portion of the thesis concentrates on the design and development of a device and device type fingerprinting sub-module (GTID) that has been integrated into the proposed framework. This sub-module used statistical analysis of packet inter arrival times (IATs) to identify the type of device that is generating the traffic. This work also analyzes the performance of the identification technique on a real campus network and propose modifications that use pattern recognition neural networks to improve the overall performance. Additionally, we impart capabilities to the fingerprinting technique to enable the identification of 'Unknown' devices (i.e., devices for which no signature is stored), and also show that it can be extended to perform both device and device type identification.

Access control

Device type fingerprinting

Device fingerprinting

System Fingerprinting

GTID

Security framework

Computer networks Security measures

Leveraging Cognitive Radio Networks Using Heterogeneous Wireless Channels

Liu, Yongkang

January 2013

The popularity of ubiquitous Internet services has spurred the fast growth of wireless communications by launching data hungry multimedia applications to mobile devices. Powered by spectrum agile cognitive radios, the newly emerged cognitive radio networks (CRN) are proposed to provision the efficient spectrum reuse to improve spectrum utilization. Unlicensed users in CRN, or secondary users (SUs), access the temporarily idle channels in a secondary and opportunistic fashion while preventing harmful interference to licensed primary users (PUs). To effectively detect and exploit the spectrum access opportunities released from a wide spectrum, the heterogeneous wireless channel characteristics and the underlying prioritized spectrum reuse features need to be considered in the protocol design and resource management schemes in CRN, which plays a critical role in unlicensed spectrum sharing among multiple users. The purpose of this dissertation is to address the challenges of utilizing heterogeneous wireless channels in CRN by its intrinsic dynamic and diverse natures, and build the efficient, scalable and, more importantly, practical dynamic spectrum access mechanisms to enable the cost-effective transmissions for unlicensed users. Note that the spectrum access opportunities exhibit the diversity in the time/frequency/space domain, secondary transmission schemes typically follow three design principles including 1) utilizing local free channels within short transmission range, 2) cooperative and opportunistic transmissions, and 3) effectively coordinating transmissions in varying bandwidth. The entire research work in this dissertation casts a systematic view to address these principles in the design of the routing protocols, medium access control (MAC) protocols and radio resource management schemes in CRN. Specifically, as spectrum access opportunities usually have small spatial footprints, SUs only communicate with the nearby nodes in a small area. Thus, multi-hop transmissions in CRN are considered in this dissertation to enable the connections between any unlicensed users in the network. CRN typically consist of intermittent links of varying bandwidth so that the decision of routing is closely related with the spectrum sensing and sharing operations in the lower layers. An efficient opportunistic cognitive routing (OCR) scheme is proposed in which the forwarding decision at each hop is made by jointly considering physical characteristics of spectrum bands and diverse activities of PUs in each single band. Such discussion on spectrum aware routing continues coupled with the sensing selection and contention among multiple relay candidates in a multi-channel multi-hop scenario. An SU selects the next hop relay and the working channel based upon location information and channel usage statistics with instant link quality feedbacks. By evaluating the performance of the routing protocol and the joint channel and route selection algorithm with extensive simulations, we determine the optimal channel and relay combination with reduced searching complexity and improved spectrum utilization. Besides, we investigate the medium access control (MAC) protocol design in support of multimedia applications in CRN. To satisfy the quality of service (QoS) requirements of heterogeneous applications for SUs, such as voice, video, and data, channels are selected to probe for appropriate spectrum opportunities based on the characteristics and QoS demands of the traffic along with the statistics of channel usage patterns. We propose a QoS-aware MAC protocol for multi-channel single hop scenario where each single SU distributedly determines a set of channels for sensing and data transmission to satisfy QoS requirements. By analytical model and simulations, we determine the service differentiation parameters to provision multiple levels of QoS. We further extend our discussion of dynamic resource management to a more practical deployment case. We apply the experiences and skills learnt from cognitive radio study to cellular communications. In heterogeneous cellular networks, small cells are deployed in macrocells to enhance link quality, extend network coverage and offload traffic. As different cells focus on their own operation utilities, the optimization of the total system performance can be analogue to the game between PUs and SUs in CRN. However, there are unique challenges and operation features in such case. We first present challenging issues including interference management, network coordination, and interworking between cells in a tiered cellular infrastructure. We then propose an adaptive resource management framework to improve spectrum utilization and mitigate the co-channel interference between macrocells and small cells. A game-theory-based approach is introduced to handle power control issues under constrained control bandwidth and limited end user capability. The inter-cell interference is mitigated based upon orthogonal transmissions and strict protection for macrocell users. The research results in the dissertation can provide insightful lights on flexible network deployment and dynamic spectrum access for prioritized spectrum reuse in modern wireless systems. The protocols and algorithms developed in each topic, respectively, have shown practical and efficient solutions to build and optimize CRN.

cognitive radio

routing

cognitive radio networks

radio resource management

dynamic spectrum access

medium access control

interference management

multi-channel

multi-hop

opportunistic routing

Electrical and Computer Engineering

Diseño de un sistema de control de acceso en redes heterogéneas con privacidad basado en Kerberos

Pereñíguez García, Fernando

26 May 2011

Esta tesis doctoral aborda el problema de la definición de movimientos rápidos sin interrupciones (seamless handoffs) en redes heterogéneas de próxima generación (NGNs) mediante definición de un proceso de distribución de claves seguro, que habilite un proceso de re-autenticación rápida a la vez que un acceso autenticado anónimo y que no se pueda trazar. Concretamente, el sistema de control de acceso desarrollado ofrece un conjunto de características que, hasta la fecha, no han confluido en una misma solución: (1) aplicable a las futuras redes NGN basadas en EAP; (2) reducción de la latencia introducida por el proceso de autenticación en entornos móviles, con independencia del tipo de handoff realizado por el usuario; (3) que el proceso cumpla fuertes requisitos de seguridad; (4) fácil despliegue en redes existentes; (5) compatibilidad con las actuales tecnologías estandarizadas; y (6) soporte de protección de privacidad del usuario. / This PhD thesis deals with the problem of defining fast movements without interruptions (seamless handoffs) in the next generation of heterogeneous networks. This objective is achieved through a secure key distribution process, which enables a fast re-authentication process providing both user anonymity and untraceability. The developed access control system offers a set of features not covered so far by a single solution: (1) applicable for EAP-based NGNs; (2) reduction of the authentication latency in mobile environments irrespective of the type of handoff performed by the user; (3) provision of strong security properties; (4) easy deployment in current networks; (5) compatibility with current standardized technologies; and (6) user privacy support.

Redes próxima generación

movilidad transparente

control de acceso

privacidad

EAP

Kerberos

Next generation networks

seamless mobility

network access control

privacy

Ingeniería Telemática

004

Design and analysis of medium access control protocols for ad hoc and cooperative wireless networks

Alonso Zárate, Jesús

25 February 2009

La presente tesis doctoral contribuye a la incesante evolución de las comunicaciones inalámbricas. Se centra en el diseño de protocolos de acceso al medio (MAC) para redes ad hoc y redes inalámbricas cooperativas. En una primera parte introductoria se presenta un minucioso estado del arte y se establecen las bases teóricas de las contribuciones presentadas en la tesis. En esta primera parte introductoria se definen las principales motivaciones de la tesis y se plantean los objetivos. Después, las contribuciones de la tesis se organizan en dos grandes bloques, o partes. En la primera parte de esta tesis se diseña, analiza y evalúa el rendimiento de un novedoso protocolo MAC de alta eficiencia llamado DQMAN (Protocolo MAC basado en colas distribuidas para redes ad hoc). Este protocolo constituye la extensión y adaptación del protocolo DQCA, diseñado para redes centralizadas, para operar en redes sin infraestructura. En DQMAN se introduce un nuevo paradigma en el campo del acceso al medio para redes distribuidas: la integración de un algoritmo de clusterización espontáneo y dinámico basado en una estructura de master y esclavo junto con un protocolo MAC de alta eficiencia diseñado para redes centralizadas. Tanto el análisis teórico como las simulaciones por ordenador presentadas en esta tesis muestran que DQMAN mejora el rendimiento del actual estándar IEEE 802.11. La principal característica de DQMAN es que se comporta como un protocolo de acceso aleatorio cuando la carga de tráfico es baja y cambia automática y transparentemente a un protocolo de reserva a medida que el tráfico de la red aumenta. Además, su rendimiento es prácticamente independiente del número de usuarios simultáneos de la red, lo cual es algo deseable en redes que nacen para cubrir una necesidad espontánea y no pueden ser planificadas. El hecho de que algoritmo de clusterización se base en un acceso aleatorio permite la coexistencia e intercomunicación de usuarios DQMAN con usuarios basados en el estándar IEEE 802.11. Este estudio se presenta en esta primera parte de la tesis y es fundamental de cara a una posible explotación comercial de DQMAN. La metodología presentada en esta tesis mediante el cual se logra extender la operación de DQCA a entornos ad hoc sin infraestructura puede ser utilizada para adaptar cualquier otro protocolo centralizado. Con el objetivo de poner de manifiesto esta realidad, la primera parte de la tesis concluye con el diseño y evaluación de DPCF como una extensión distribuida del modo de coordinación centralizado (PCF) del estándar IEEE 802.11 para operar en redes distribuidas. La segunda parte de la tesis se centra en el estudio de un tipo específico de técnicas cooperativas: técnicas cooperativas de retransmisión automática (C-ARQ). La idea principal de las técnicas C-ARQ es que cuando un paquete de datos se recibe con bits erróneos, se solicita retransmisión, no a la fuente de datos, si no a cualquiera de los usuarios que escuchó la transmisión original. Estos usuarios se convierten en espontáneos retransmisores que permiten mejorar la eficiencia de la comunicación. A pesar de que este tipo de esquema puede obtener diversidad de cooperación, el hecho de implicar a más de un usuario en una comunicación punto a punto requiere una coordinación que hasta ahora ha sido obviada en la literatura, asumiendo que los retransmisores pueden coordinarse perfectamente para retransmitir uno detrás de otro. En esta tesis se analiza y evalúa el coste de coordinación impuesto por la capa MAC y se identifican los principales retos de diseño que las técnicas C-ARQ imponen al diseño de la capa MAC. Además, se presenta el diseño y análisis de dos novedosos protocolos MAC para C-ARQ: DQCOOP y PRCSMA. El primero se basa en DQMAN y constituye una extensión de este para operar en esquemas C-ARQ, mientras que el segundo constituye la adaptación del estándar IEEE 802.11 para poder ejecutarse en un esquema C-ARQ. El rendimiento de estos esquemas se compara en esta tesis tanto con esquemas no cooperativos como con esquemas ideales cooperativos donde se asume que el MAC es ideal. Los resultados principales muestran que el diseño eficiente de la capa MAC es esencial para obtener todos los beneficios potenciales de los esquemas cooperativos. / This thesis aims at contributing to the incessant evolution of wireless communications. The focus is on the design of medium access control (MAC) protocols for ad hoc and cooperative wireless networks. A comprehensive state of the art and a background on the topic is provided in a first preliminary part of this dissertation. The motivations and key objectives of the thesis are also presented in this part. Then, the contributions of the thesis are divided into two fundamental parts. The first part of the thesis is devoted to the design, analysis, and performance evaluation of a new high-performance MAC protocol. It is the Distributed Queueing MAC Protocol for Ad hoc Networks (DQMAN) and constitutes an extension and adaptation of the near-optimum Distributed Queueing with Collision Avoidance (DQCA) protocol, designed for infrastructure-based networks, to operate over networks without infrastructure. DQMAN introduces a new access paradigm in the context of distributed networks: the integration of a spontaneous, dynamic, and soft-binding masterslave clustering mechanism together with a high-performance infrastructure-based MAC protocol. Theoretical analysis and computer-based simulation show that DQMAN outperforms IEEE 802.11 Standard. The main characteristic of the protocol is that it behaves as a random access control protocol when the traffic load is low and it switches smoothly and automatically to a reservation protocol as the traffic load grows. In addition, its performance is almost independent of the number of users of a network. The random-access based clustering algorithm allows for the coexistence and intercommunication of stations using DQMAN with the ones just based on the legacy IEEE 802.11 Standard. This assessment is also presented in this first part of the dissertation and constitutes a key contribution in the light of the commercial application of DQMAN. Indeed, the rationale presented in this first part of the thesis to extend DQCA and become DQMAN to operate over distributed networks can be used to extend the operation of any other infrastructure-based MAC protocol to ad hoc networks. In order to exemplify this, a case study is presented to conclude the first part of the thesis. The Distributed Point Coordination Function (DPCF) MAC protocol is presented as the extension of the PCF of the IEEE 802.11 Standard to be used in ad hoc networks. The second part of the thesis turns the focus to a specific kind of cooperative communications: Cooperative Automatic Retransmission Request (C-ARQ) schemes. The main idea behind C-ARQ is that when a packet is received with errors at a receiver, a retransmission can be requested not only from the source but also to any of the users which overheard the original transmission. These users can become spontaneous helpers to assist in the failed transmission by forming a temporary ad hoc network. Although such a scheme may provide cooperative diversity gain, involving a number of users in the communication between two users entails a complicated coordination task that has a certain cost. This cost has been typically neglected in the literature, assuming that the relays can attain a perfect scheduling and transmit one after another. In this second part of the thesis, the cost of the MAC layer in C-ARQ schemes is analyzed and two novel MAC protocols for C-ARQ are designed, analyzed, and comprehensively evaluated. They are the DQCOOP and the Persistent Relay Carrier Sensing Multiple Access (PRCSMA) protocols. The former is based on DQMAN and the latter is based on the IEEE 802.11 Standard. A comparison with non-cooperative ARQ schemes (retransmissions performed only from the source) and with ideal CARQ (with perfect scheduling among the relays) is included to have actual reference benchmarks of the novel proposals. The main results show that an efficient design of the MAC protocol is crucial in order to actually obtain the benefits associated to the C-ARQ schemes.

Cooperative communications

Medium access control

Protocols

MAC protocols

DQCA

DQMAN

IEEE 802.11

PRCSMA

DQCOOP

Performance

Performance evaluation

Wireless networks

Ad hoc networks

Cooperative ARQ

C-ARQ

621.3