The increase of authenticating solutions based on RADIUS servers questions the complexity of their administration whose security and confidentiality are often at fault especially within Cloud Computing architectures. More specifically, it raises the concern of server administration in a secure environment for both the granting access’ company and its clients. This paper aims to solve this issue by proposing an innovative paradigm based on a grid of smart cards built on a context of SSL smart cards. We believe that EAP-TLS server smart cards offer the security and the simplicity required for an administration based on distributed servers. We specify the design of a RADIUS server in which EAP messages are fully processed by SSL smart cards. We present the scalability of this server linked to smart card grids whose distributed computation manages the concurrence of numerous authenticating sessions. Lastly, we relate the details of the first experimental results obtained with the RADIUS server and an array composed of 32 Java cards, and demonstrate the feasibility and prospective scalability of this architecture.
{"title":"An Innovative Solution for Cloud Computing Authentication: Grids of EAP-TLS Smart Cards","authors":"P. Urien, Estel Marie, Christophe Kiennert","doi":"10.1109/ICDT.2010.12","DOIUrl":"https://doi.org/10.1109/ICDT.2010.12","url":null,"abstract":"The increase of authenticating solutions based on RADIUS servers questions the complexity of their administration whose security and confidentiality are often at fault especially within Cloud Computing architectures. More specifically, it raises the concern of server administration in a secure environment for both the granting access’ company and its clients. This paper aims to solve this issue by proposing an innovative paradigm based on a grid of smart cards built on a context of SSL smart cards. We believe that EAP-TLS server smart cards offer the security and the simplicity required for an administration based on distributed servers. We specify the design of a RADIUS server in which EAP messages are fully processed by SSL smart cards. We present the scalability of this server linked to smart card grids whose distributed computation manages the concurrence of numerous authenticating sessions. Lastly, we relate the details of the first experimental results obtained with the RADIUS server and an array composed of 32 Java cards, and demonstrate the feasibility and prospective scalability of this architecture.","PeriodicalId":322589,"journal":{"name":"2010 Fifth International Conference on Digital Telecommunications","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130862100","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A concerted fight against botnets is needed in order to avoid them from becoming a serious threat to global security in the forthcoming years. Zombie detection is currently performed at the host and/or network levels, but these options have important drawbacks: antivirus, firewalls and anti-spyware are not effective against this threat because they are not able to detect hosts that are compromised via new or target specific malicious software and were not designed to protect the network from external attacks or vulnerabilities that are already present inside the local area network. To overcome these limitations, we propose a new botnet detection approach based on the identification of traffic patterns: since each network application, whether it is licit or illicit, has a characteristic traffic pattern that can uniquely identify it, the detection framework will rely on an Artificial Neural Network to identify the licit and illicit patterns. After the identification phase, the system will generate alarms to the system administrator, that can trigger the most appropriate security actions, like blocking the corresponding IP addresses, putting them under a deeper surveillance or acting over some suspicious network segment. A general detection framework was developed in order to incorporate the detection methodology itself, as well as the data collection and storage modules and all the necessary management functions. Some performance tests were already carried out on the proposed system and the results obtained show that the system is stable and fast and the detection approach is efficient, since it provides high detection rates with low computational overhead.
{"title":"A Botnet Detection System Based on Neural Networks","authors":"A. Nogueira, P. Salvador, Fábio Blessa","doi":"10.1109/ICDT.2010.19","DOIUrl":"https://doi.org/10.1109/ICDT.2010.19","url":null,"abstract":"A concerted fight against botnets is needed in order to avoid them from becoming a serious threat to global security in the forthcoming years. Zombie detection is currently performed at the host and/or network levels, but these options have important drawbacks: antivirus, firewalls and anti-spyware are not effective against this threat because they are not able to detect hosts that are compromised via new or target specific malicious software and were not designed to protect the network from external attacks or vulnerabilities that are already present inside the local area network. To overcome these limitations, we propose a new botnet detection approach based on the identification of traffic patterns: since each network application, whether it is licit or illicit, has a characteristic traffic pattern that can uniquely identify it, the detection framework will rely on an Artificial Neural Network to identify the licit and illicit patterns. After the identification phase, the system will generate alarms to the system administrator, that can trigger the most appropriate security actions, like blocking the corresponding IP addresses, putting them under a deeper surveillance or acting over some suspicious network segment. A general detection framework was developed in order to incorporate the detection methodology itself, as well as the data collection and storage modules and all the necessary management functions. Some performance tests were already carried out on the proposed system and the results obtained show that the system is stable and fast and the detection approach is efficient, since it provides high detection rates with low computational overhead.","PeriodicalId":322589,"journal":{"name":"2010 Fifth International Conference on Digital Telecommunications","volume":"64 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131404763","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
H. Michail, A. Gregoriades, Vassilis Kelefouras, Apostolis Kotsiolis, Dimitra Papagianopoulou, C. Goutis
E.U. has set a special goal for 2010 which is the adoption, by at least 25%, of IPv6. IPv6 incorporates the usage of IPSec which provides cryptographic services to every data packet which is transmitted via Internet. This means that there is a major need for High Speed designs of IPSec protocol. It has been shown that the limiting factor of IPSec performance is the incorporated hash function. Hash functions, form a special family of cryptographic algorithms that satisfy current requirements for security, confidentiality and validity for several applications in technology. In this paper we propose a hardware design and implementation that increases throughput and frequency significantly and at the same time keeps the area small enough for the hash function RIPEMD-160. This technique involves the application of partial unrolling and spatial pre-computation. The proposed technique leads to an implementation with 35% higher throughput than the conventional one.
{"title":"HW/SW Co-design Integrating High-Speed Authentication Module for IPSec/IPv6","authors":"H. Michail, A. Gregoriades, Vassilis Kelefouras, Apostolis Kotsiolis, Dimitra Papagianopoulou, C. Goutis","doi":"10.1109/ICDT.2010.33","DOIUrl":"https://doi.org/10.1109/ICDT.2010.33","url":null,"abstract":"E.U. has set a special goal for 2010 which is the adoption, by at least 25%, of IPv6. IPv6 incorporates the usage of IPSec which provides cryptographic services to every data packet which is transmitted via Internet. This means that there is a major need for High Speed designs of IPSec protocol. It has been shown that the limiting factor of IPSec performance is the incorporated hash function. Hash functions, form a special family of cryptographic algorithms that satisfy current requirements for security, confidentiality and validity for several applications in technology. In this paper we propose a hardware design and implementation that increases throughput and frequency significantly and at the same time keeps the area small enough for the hash function RIPEMD-160. This technique involves the application of partial unrolling and spatial pre-computation. The proposed technique leads to an implementation with 35% higher throughput than the conventional one.","PeriodicalId":322589,"journal":{"name":"2010 Fifth International Conference on Digital Telecommunications","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132837553","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abstract- This work studies the prefilter bandwidth effects on the symbol synchronizer based on clock sampling.The prefilter bandwidth B is changed between three values, namely B1=• (infinite), B2=2.tx and B3=1.tx, where tx is the transmission rate.We use also the sequential symbol synchronizer based on clock sampling, with the variant discrete and continuous. Each variant has two versions which are the manual and the automatic.The objective is to study the prefilter bandwidth with the four symbol synchronizers and to evaluate their output jitter UIRMS (Unit Interval Root Mean Square) versus input SNR (Signal to Noise Ratio).
{"title":"Prefilter Bandwidth Effects in Sequential Symbol Synchronizers Based on Clock Sampling","authors":"A. Reis, J. F. Rocha, A. Gameiro, J. P. Carvalho","doi":"10.1109/ICDT.2010.39","DOIUrl":"https://doi.org/10.1109/ICDT.2010.39","url":null,"abstract":"Abstract- This work studies the prefilter bandwidth effects on the symbol synchronizer based on clock sampling.The prefilter bandwidth B is changed between three values, namely B1=• (infinite), B2=2.tx and B3=1.tx, where tx is the transmission rate.We use also the sequential symbol synchronizer based on clock sampling, with the variant discrete and continuous. Each variant has two versions which are the manual and the automatic.The objective is to study the prefilter bandwidth with the four symbol synchronizers and to evaluate their output jitter UIRMS (Unit Interval Root Mean Square) versus input SNR (Signal to Noise Ratio).","PeriodicalId":322589,"journal":{"name":"2010 Fifth International Conference on Digital Telecommunications","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114760556","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
G. Muhammad, Y. Alotaibi, M. Alsulaiman, M. N. Huda
In this paper, we propose a system for environment recognition using selected MPEG-7 audio low level descriptors together with conventional mel-frequency cepstral coefficients (MFCC). The MPEG-7 descriptors are first ranked based on Fisher’s discriminant ratio. Then principal component analysis is applied on top ranked 30 MPEG-7 descriptors to obtain 13 features. These 13 features are appended with MFCC features to complete the feature set of the proposed system. Gaussian mixture models (GMMs) are used as classifier. The system is evaluated using ten different environment sounds. The experimental results show a significant improvement in recognition performance of the proposed system over MFCC or full MPEG-7 descriptor based systems. For example, the best performance is achieved in Restaurant environment where MFCC, full MPEG-7, and the proposed method give 90%, 94%, and 96% accuracy, respectively.
{"title":"Environment Recognition Using Selected MPEG-7 Audio Features and Mel-Frequency Cepstral Coefficients","authors":"G. Muhammad, Y. Alotaibi, M. Alsulaiman, M. N. Huda","doi":"10.1109/ICDT.2010.10","DOIUrl":"https://doi.org/10.1109/ICDT.2010.10","url":null,"abstract":"In this paper, we propose a system for environment recognition using selected MPEG-7 audio low level descriptors together with conventional mel-frequency cepstral coefficients (MFCC). The MPEG-7 descriptors are first ranked based on Fisher’s discriminant ratio. Then principal component analysis is applied on top ranked 30 MPEG-7 descriptors to obtain 13 features. These 13 features are appended with MFCC features to complete the feature set of the proposed system. Gaussian mixture models (GMMs) are used as classifier. The system is evaluated using ten different environment sounds. The experimental results show a significant improvement in recognition performance of the proposed system over MFCC or full MPEG-7 descriptor based systems. For example, the best performance is achieved in Restaurant environment where MFCC, full MPEG-7, and the proposed method give 90%, 94%, and 96% accuracy, respectively.","PeriodicalId":322589,"journal":{"name":"2010 Fifth International Conference on Digital Telecommunications","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116877909","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper a positioning algorithm, based on the utilization of the receiving antenna properties is presented. The algorithm can be applied in Time of Flight (TOF) based localization systems with closely spaced receiving antennas additionally to the time estimation. In this work we present the practical measurements. But better result may be achieved using optimal receiving antennas and antenna spacing. The aim of the paper is to verify the concept in Ultra-Wideband by practical measurements.
{"title":"Indoor Localization with Closely Spaced Vivaldi Antennas in Ultra-Wideband","authors":"W. Gerok, T. Kaiser","doi":"10.1109/ICDT.2010.14","DOIUrl":"https://doi.org/10.1109/ICDT.2010.14","url":null,"abstract":"In this paper a positioning algorithm, based on the utilization of the receiving antenna properties is presented. The algorithm can be applied in Time of Flight (TOF) based localization systems with closely spaced receiving antennas additionally to the time estimation. In this work we present the practical measurements. But better result may be achieved using optimal receiving antennas and antenna spacing. The aim of the paper is to verify the concept in Ultra-Wideband by practical measurements.","PeriodicalId":322589,"journal":{"name":"2010 Fifth International Conference on Digital Telecommunications","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116953957","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. Ding, Yu-Shiang Sheng, Chia-Shou Tu, Chi-Wei Huang, Jr-Sheng Su
In the past years, the service of digital home almost focuses on the automatic surveillance, automatic controlling and health-care. Currently, how to provide an automatic interconnection and control for different devices on the heterogeneous home network is a very pressing problem. In this paper, we implement a systemic design to connect the heterogeneous networks and devices in the home automation network (HAN). The all devices of remote family can be easy controlled, found, and communicated without manual setting by local family. Simulation results show that the proposed system is a better mechanism for digital home and smart appliances.
{"title":"The Management of Device Group for Home Automation Network","authors":"J. Ding, Yu-Shiang Sheng, Chia-Shou Tu, Chi-Wei Huang, Jr-Sheng Su","doi":"10.1109/ICDT.2010.16","DOIUrl":"https://doi.org/10.1109/ICDT.2010.16","url":null,"abstract":"In the past years, the service of digital home almost focuses on the automatic surveillance, automatic controlling and health-care. Currently, how to provide an automatic interconnection and control for different devices on the heterogeneous home network is a very pressing problem. In this paper, we implement a systemic design to connect the heterogeneous networks and devices in the home automation network (HAN). The all devices of remote family can be easy controlled, found, and communicated without manual setting by local family. Simulation results show that the proposed system is a better mechanism for digital home and smart appliances.","PeriodicalId":322589,"journal":{"name":"2010 Fifth International Conference on Digital Telecommunications","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133991998","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we evaluate the voice traffic performance of an OFDM (Orthogonal Frequency Division Multiplexing) wireless access system. We propose an algorithm for serving handover calls with higher priority than new calls, considering different AMC (adaptive modulation and coding) modes. The purpose is to efficiently utilize the scarce radio resources in order to improve the system performance.
{"title":"Handover Performance Analysis in Mobile Systems with Adaptive Modulation and Coding","authors":"Adriana Kalaydzhieva, B. Tsankov","doi":"10.1109/ICDT.2010.27","DOIUrl":"https://doi.org/10.1109/ICDT.2010.27","url":null,"abstract":"In this paper, we evaluate the voice traffic performance of an OFDM (Orthogonal Frequency Division Multiplexing) wireless access system. We propose an algorithm for serving handover calls with higher priority than new calls, considering different AMC (adaptive modulation and coding) modes. The purpose is to efficiently utilize the scarce radio resources in order to improve the system performance.","PeriodicalId":322589,"journal":{"name":"2010 Fifth International Conference on Digital Telecommunications","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122202421","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Javier Garcia Rodrigo, R. P. Leal, Encarna Pastor Martín
Peer-to-Peer applications for real-time video and continuous media streaming, known as Peer-to-Peer IP Television, have become a common way to distribute contents via IP networks. This leads to a significant traffic increase produced by the fast expansion of these kinds of applications. The paper proposes a model and several scenarios to simulate a representative Peer-to-Peer IP Television mesh-pull like architecture in terms of functionality and users behaviour in open networks. Overlay and underlay networks simulations have been performed using Oversim and OMNet++ tools respectively. The results show an excess of bandwidth consumed by the dispersion of end users that is a critical problem because of unnecessary traffic burden in the network core.
{"title":"Peer-to-Peer IPTV Service Impact on Network Traffic","authors":"Javier Garcia Rodrigo, R. P. Leal, Encarna Pastor Martín","doi":"10.1109/ICDT.2010.32","DOIUrl":"https://doi.org/10.1109/ICDT.2010.32","url":null,"abstract":"Peer-to-Peer applications for real-time video and continuous media streaming, known as Peer-to-Peer IP Television, have become a common way to distribute contents via IP networks. This leads to a significant traffic increase produced by the fast expansion of these kinds of applications. The paper proposes a model and several scenarios to simulate a representative Peer-to-Peer IP Television mesh-pull like architecture in terms of functionality and users behaviour in open networks. Overlay and underlay networks simulations have been performed using Oversim and OMNet++ tools respectively. The results show an excess of bandwidth consumed by the dispersion of end users that is a critical problem because of unnecessary traffic burden in the network core.","PeriodicalId":322589,"journal":{"name":"2010 Fifth International Conference on Digital Telecommunications","volume":"255 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115779190","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Demóstenes Zegarra, J. Sousa, Bruno H. C. Faria, Eduardo Costa Alfaia
Cellular network operators have as main objectives the personalization of the offered services to their subscribers in an individual way or for groups with the same preferences. In this paper a new Personalized Recommendation System Architecture based on the geographic localization of the cellular users is described over which different services or solutions can be offered. For the mechanism of the users data collection, the Cell Broadcast technology is used, forming groups of users with similar preferences according association algorithms. This system also considers different presence levels (available, busy and absent) of the cellular users as an additional decision factor for sending or not the recommendation message and using for this purpose a application server connected to IMS (IP Multimedia Subsystem). A feedback mechanism based on the user satisfaction degree is also considered, to improve the efficiency of the system.
{"title":"Recommendation System Based on Location and Presence Information of Users in a Mobile Network","authors":"Demóstenes Zegarra, J. Sousa, Bruno H. C. Faria, Eduardo Costa Alfaia","doi":"10.1109/ICDT.2010.25","DOIUrl":"https://doi.org/10.1109/ICDT.2010.25","url":null,"abstract":"Cellular network operators have as main objectives the personalization of the offered services to their subscribers in an individual way or for groups with the same preferences. In this paper a new Personalized Recommendation System Architecture based on the geographic localization of the cellular users is described over which different services or solutions can be offered. For the mechanism of the users data collection, the Cell Broadcast technology is used, forming groups of users with similar preferences according association algorithms. This system also considers different presence levels (available, busy and absent) of the cellular users as an additional decision factor for sending or not the recommendation message and using for this purpose a application server connected to IMS (IP Multimedia Subsystem). A feedback mechanism based on the user satisfaction degree is also considered, to improve the efficiency of the system.","PeriodicalId":322589,"journal":{"name":"2010 Fifth International Conference on Digital Telecommunications","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130310546","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: