Abstract: Face authentication for access control is a face
membership authentication which passes the person of the incoming
face if he turns out to be one of an enrolled person based on face
recognition or rejects if not. Face membership authentication belongs
to the two class classification problem where SVM(Support Vector
Machine) has been successfully applied and shows better performance
compared to the conventional threshold-based classification. However,
most of previous SVMs have been trained using image feature vectors
extracted from face images of each class member(enrolled
class/unenrolled class) so that they are not robust to variations in
illuminations, poses, and facial expressions and much affected by
changes in member configuration of the enrolled class
In this paper, we propose an effective face membership
authentication method based on SVM using class discriminating
features which represent an incoming face image-s associability with
each class distinctively. These class discriminating features are weakly
related with image features so that they are less affected by variations
in illuminations, poses and facial expression.
Through experiments, it is shown that the proposed face
membership authentication method performs better than the threshold
rule-based or the conventional SVM-based authentication methods and
is relatively less affected by changes in member size and membership.
Abstract: Power consumption of nodes in ad hoc networks is a
critical issue as they predominantly operate on batteries. In order to
improve the lifetime of an ad hoc network, all the nodes must be
utilized evenly and the power required for connections must be
minimized. In this project a link layer algorithm known as Power
Aware medium Access Control (PAMAC) protocol is proposed
which enables the network layer to select a route with minimum total
power requirement among the possible routes between a source and a
destination provided all nodes in the routes have battery capacity
above a threshold. When the battery capacity goes below a
predefined threshold, routes going through these nodes will be
avoided and these nodes will act only as source and destination.
Further, the first few nodes whose battery power drained to the set
threshold value are pushed to the exterior part of the network and the
nodes in the exterior are brought to the interior. Since less total
power is required to forward packets for each connection. The
network layer protocol AOMDV is basically an extension to the
AODV routing protocol. AOMDV is designed to form multiple
routes to the destination and it also avoid the loop formation so that it
reduces the unnecessary congestion to the channel. In this project, the
performance of AOMDV is evaluated using PAMAC as a MAC layer
protocol and the average power consumption, throughput and
average end to end delay of the network are calculated and the results
are compared with that of the other network layer protocol AODV.
Abstract: An optical fault monitoring in FTTH-PON using ACS
is demonstrated. This device can achieve real-time fault monitoring
for protection feeder fiber. In addition, the ACS can distinguish
optical fiber fault from the transmission services to other customers
in the FTTH-PON. It is essential to use a wavelength different from
the triple-play services operating wavelengths for failure detection.
ACS is using the operating wavelength 1625 nm for monitoring and
failure detection control. Our solution works on a standard local area
network (LAN) using a specially designed hardware interfaced with a
microcontroller integrated Ethernet.
Abstract: Energy consumption is an important design issue for
Mobile Subscriber Station (MSS) in the standard IEEE 802.16e.
Because mobility of MSS implies that energy saving becomes an
issue so that lifetime of MSS can be extended before re-charging.
Also, the mechanism in efficiently managing the limited energy is
becoming very significant since a MSS is generally energized by
battery. For these, sleep mode operation is recently specified in the
MAC (Medium Access Control) protocol. In order to reduce the
energy consumption, we focus on the sleep-mode and wake-mode of
the MAC layer, which are included in the IEEE 802.16 standards [1-
2].
Abstract: This paper proposes a VPN Accelerator Board
(VPN-AB), a virtual private network (VPN) protocol designed for
trust channel security system (TCSS). TCSS supports safety
communication channel between security nodes in internet. It
furnishes authentication, confidentiality, integrity, and access control
to security node to transmit data packets with IPsec protocol. TCSS
consists of internet key exchange block, security association block,
and IPsec engine block. The internet key exchange block negotiates
crypto algorithm and key used in IPsec engine block. Security
Association blocks setting-up and manages security association
information. IPsec engine block treats IPsec packets and consists of
networking functions for communication. The IPsec engine block
should be embodied by H/W and in-line mode transaction for high
speed IPsec processing. Our VPN-AB is implemented with high speed
security processor that supports many cryptographic algorithms and
in-line mode. We evaluate a small TCSS communication environment,
and measure a performance of VPN-AB in the environment. The
experiment results show that VPN-AB gets a performance throughput
of maximum 15.645Gbps when we set the IPsec protocol with
3DES-HMAC-MD5 tunnel mode.
Abstract: Recently, there have been considerable efforts towards the convergence between P2P and Grid computing in order to reach a solution that takes the best of both worlds by exploiting the advantages that each offers. Augmenting the peer-to-peer model to the services of the Grid promises to eliminate bottlenecks and ensure greater scalability, availability, and fault-tolerance. The Grid Information Service (GIS) directly influences quality of service for grid platforms. Most of the proposed solutions for decentralizing the GIS are based on completely flat overlays. The main contributions for this paper are: the investigation of a novel resource discovery framework for Grid implementations based on a hierarchy of structured peer-to-peer overlay networks, and introducing a discovery algorithm utilizing the proposed framework. Validation of the framework-s performance is done via simulation. Experimental results show that the proposed organization has the advantage of being scalable while providing fault-isolation, effective bandwidth utilization, and hierarchical access control. In addition, it will lead to a reliable, guaranteed sub-linear search which returns results within a bounded interval of time and with a smaller amount of generated traffic within each domain.
Abstract: New generation mobile communication networks have
the ability of supporting triple play. In order that, Orthogonal
Frequency Division Multiplexing (OFDM) access techniques have
been chosen to enlarge the system ability for high data rates
networks. Many of cross-layer modeling and optimization schemes
for Quality of Service (QoS) and capacity of downlink multiuser
OFDM system were proposed. In this paper, the Maximum Weighted
Capacity (MWC) based resource allocation at the Physical (PHY)
layer is used. This resource allocation scheme provides a much better
QoS than the previous resource allocation schemes, while
maintaining the highest or nearly highest capacity and costing similar
complexity. In addition, the Delay Satisfaction (DS) scheduling at the
Medium Access Control (MAC) layer, which allows more than one
connection to be served in each slot is used. This scheduling
technique is more efficient than conventional scheduling to
investigate both of the number of users as well as the number of
subcarriers against system capacity. The system will be optimized for
different operational environments: the outdoor deployment scenarios
as well as the indoor deployment scenarios are investigated and also
for different channel models. In addition, effective capacity approach
[1] is used not only for providing QoS for different mobile users, but
also to increase the total wireless network's throughput.
Abstract: As privacy becomes a major concern for consumers
and enterprises, many research have been focused on the privacy
protecting technology in recent years. In this paper, we present a
comprehensive approach for usage access control based on the notion
purpose. In our model, purpose information associated with a given
data element specifies the intended use of the subjects and objects in
the usage access control model. A key feature of our model is that it
allows when an access is required, the access purpose is checked
against the intended purposes for the data item. We propose an
approach to represent purpose information to support access control
based on purpose information. Our proposed solution relies on usage
access control (UAC) models as well as the components which based
on the notions of the purpose information used in subjects and
objects. Finally, comparisons with related works are analyzed.
Abstract: Access control is a critical security service in Wire- less
Sensor Networks (WSNs). To prevent malicious nodes from joining
the sensor network, access control is required. On one hand, WSN
must be able to authorize and grant users the right to access to the
network. On the other hand, WSN must organize data collected by
sensors in such a way that an unauthorized entity (the adversary)
cannot make arbitrary queries. This restricts the network access only
to eligible users and sensor nodes, while queries from outsiders will
not be answered or forwarded by nodes. In this paper we presentee
different access control schemes so as to ?nd out their objectives,
provision, communication complexity, limits, etc. Using the node
density parameter, we also provide a comparison of these proposed
access control algorithms based on the network topology which can
be flat or hierarchical.
Abstract: Bluetooth is a personal wireless communication
technology and is being applied in many scenarios. It is an emerging
standard for short range, low cost, low power wireless access
technology. Current existing MAC (Medium Access Control)
scheduling schemes only provide best-effort service for all masterslave
connections. It is very challenging to provide QoS (Quality of
Service) support for different connections due to the feature of
Master Driven TDD (Time Division Duplex). However, there is no
solution available to support both delay and bandwidth guarantees
required by real time applications. This paper addresses the issue of
how to enhance QoS support in a Bluetooth piconet. The Bluetooth
specification proposes a Round Robin scheduler as possible solution
for scheduling the transmissions in a Bluetooth Piconet. We propose
an algorithm which will reduce the bandwidth waste and enhance the
efficiency of network. We define token counters to estimate traffic of
real-time slaves. To increase bandwidth utilization, a back-off
mechanism is then presented for best-effort slaves to decrease the
frequency of polling idle slaves. Simulation results demonstrate that
our scheme achieves better performance over the Round Robin
scheduling.
Abstract: A wide spectrum of systems require reliable
personal recognition schemes to either confirm or determine the
identity of an individual person. This paper considers multimodal
biometric system and their applicability to access control,
authentication and security applications. Strategies for feature
extraction and sensor fusion are considered and contrasted. Issues
related to performance assessment, deployment and standardization
are discussed. Finally future directions of biometric systems
development are discussed.
Abstract: It is important problems to increase the detection rates
and reduce false positive rates in Intrusion Detection System (IDS).
Although preventative techniques such as access control and
authentication attempt to prevent intruders, these can fail, and as a
second line of defence, intrusion detection has been introduced. Rare
events are events that occur very infrequently, detection of rare
events is a common problem in many domains. In this paper we
propose an intrusion detection method that combines Rough set and
Fuzzy Clustering. Rough set has to decrease the amount of data and
get rid of redundancy. Fuzzy c-means clustering allow objects to
belong to several clusters simultaneously, with different degrees of
membership. Our approach allows us to recognize not only known
attacks but also to detect suspicious activity that may be the result of
a new, unknown attack. The experimental results on Knowledge
Discovery and Data Mining-(KDDCup 1999) Dataset show that the
method is efficient and practical for intrusion detection systems.
Abstract: In this study, we propose a network architecture for
providing secure access to information resources of enterprise
network from remote locations in a wireless fashion. Our proposed
architecture offers a very promising solution for organizations which
are in need of a secure, flexible and cost-effective remote access
methodology. Security of the proposed architecture is based on
Virtual Private Network technology and a special role based access
control mechanism with location and time constraints. The flexibility
mainly comes from the use of Internet as the communication medium
and cost-effectiveness is due to the possibility of in-house
implementation of the proposed architecture.
Abstract: Biometric techniques are gaining importance for
personal authentication and identification as compared to the
traditional authentication methods. Biometric templates are
vulnerable to variety of attacks due to their inherent nature. When a
person-s biometric is compromised his identity is lost. In contrast to
password, biometric is not revocable. Therefore, providing security
to the stored biometric template is very crucial. Crypto biometric
systems are authentication systems, which blends the idea of
cryptography and biometrics. Fuzzy vault is a proven crypto
biometric construct which is used to secure the biometric templates.
However fuzzy vault suffer from certain limitations like nonrevocability,
cross matching. Security of the fuzzy vault is affected
by the non-uniform nature of the biometric data. Fuzzy vault when
hardened with password overcomes these limitations. Password
provides an additional layer of security and enhances user privacy.
Retina has certain advantages over other biometric traits. Retinal
scans are used in high-end security applications like access control to
areas or rooms in military installations, power plants, and other high
risk security areas. This work applies the idea of fuzzy vault for
retinal biometric template. Multimodal biometric system
performance is well compared to single modal biometric systems.
The proposed multi modal biometric fuzzy vault includes combined
feature points from retina and fingerprint. The combined vault is
hardened with user password for achieving high level of security.
The security of the combined vault is measured using min-entropy.
The proposed password hardened multi biometric fuzzy vault is
robust towards stored biometric template attacks.
Abstract: Centrally controlled authentication and authorization services can provide enterprise with an increase in security, more flexible access control solutions and an increased users' trust. By using redirections, users of all Web-based applications within an organization are authenticated at a single well known and secure Web site and using secure communication protocol. Users are first authenticated at the central server using their domain wide credentials before being redirected to a particular Web-based application. The central authentication server will then provide others with pertinence authorization related particulars and credentials of the authenticated user to the specific application. The trust between the clients and the server hosts is established by secure session keys exchange. Case- studies are provided to demonstrate the usefulness and flexibility of the proposed solution.
Abstract: Energy efficient protocol design is the aim of current
researches in the area of sensor networks where limited power
resources impose energy conservation considerations. In this paper
we care for Medium Access Control (MAC) protocols and after an
extensive literature review, two adaptive schemes are discussed. Of
them, adaptive-rate MACs which were introduced for throughput
enhancement show the potency to save energy, even more than
adaptive-power schemes. Then we propose an allocation algorithm
for getting accurate and reliable results. Through a simulation study
we validated our claim and showed the power saving of adaptive-rate
protocols.