一种用于5G机动专网的D2D接入认证技术

终端直通(D2D)作为5G的关键技术,在5G机动专网上具有广阔的应用前景,但D2D的安全性是该技术面临的重要挑战.本文先分析5G机动专网下的D2D网络架构和面临的安全威胁与需求,提出了一种基于5G-AKA的身份注册、DH密钥交换的身份认证与密钥协商方法,再通过对协议的性能分析,证明该方法可以实现数据机密性和完整性保护,...     

On the security and improvement of privacy‐preserving 3‐factor authentication scheme for TMIS

The telecare medicine information system (TMIS) enables patients from different regions to remotely share the same telecare services, which significantly enhances the quality and effectiveness of medical treatment. On the other hand, patients' electronic health records usually involve their privacy information, they thus hesitate to directly transmit these information in TMIS over the public network due to the threat of privacy disclosure. The authenticated key agreement, as a core building of securing communications over the public network, is considered to be necessary for strengthening the security of TMIS. Recently, we note Zhang et al introduced a 3‐factor authenticated key agreement scheme for TMIS and asserted that the proposed scheme can resist various well‐known attacks. Unfortunately, in this paper, we point out that the scheme of Zhang et al cannot achieve the claimed security guarantees. Specifically, their scheme is vulnerable to offline password/identity guessing attack and user/server impersonation attack. To conquer the above security pitfalls, we put forward a new 3‐factor authenticated key agreement scheme with privacy preservation for TMIS. The security evaluation and performance discussion indicate that our scheme can be free from those well‐known and classical attacks including offline guessing attack and impersonation attack, without increasing additional computation cost when compared with related works. Consequently, the new authentication scheme would be more desirable for securing communications in TMIS.     

MDPA: multidimensional privacy‐preserving aggregation scheme for wireless sensor networks

In this paper, we propose a novel multidimensional privacy‐preserving data aggregation scheme for improving security and saving energy consumption in wireless sensor networks (WSNs). The proposed scheme integrates the super‐increasing sequence and perturbation techniques into compressed data aggregation, and has the ability to combine more than one aggregated data into one. Compared with the traditional data aggregation schemes, the proposed scheme not only enhances the privacy preservation in data aggregation, but also is more efficient in terms of energy costs due to its unique multidimensional aggregation. Extensive analyses and experiments are given to demonstrate its energy efficiency and practicability. Copyright © 2009 John Wiley & Sons, Ltd.     

A secure mutual authentication scheme with non‐repudiation for vehicular ad hoc networks

Vehicular ad hoc networks (VANETs) have been a research focus in recent years. VANETs are not only used to enhance the road safety and reduce the traffic accidents earlier but also conducted more researches in network value‐added service. As a result, the security requirements of vehicle communication are given more attention. In order to prevent the security threat of VANETs, the security requirements, such as the message integrity, availability, and confidentiality are needed to be guaranteed further. Therefore, a secured and efficient verification scheme for VANETs is proposed to satisfy these requirements and reduce the computational cost by combining the asymmetric and symmetric cryptology, certificate, digital signature, and session key update mechanism. In addition, our proposed scheme can resist malicious attacks or prevent illegal users' access via security and performance analysis. In summary, the proposed scheme is proved to achieve the requirements of resist known attacks, non‐repudiation, authentication, availability, integrity, and confidentiality. Copyright © 2015 John Wiley & Sons, Ltd.     

Lightweight authentication protocol for e-health clouds in IoT-based applications through 5G technology

Modern information technology has been utilized progressively to store and distribute a large amount of healthcare data to reduce costs and improve medical facilities. In this context, the emergence of e-Health clouds offers novel opportunities, like easy and remote accessibility of medical data. However, this achievement produces plenty of new risks and challenges like how to provide integrity, security, and confidentiality to the highly susceptible e-Health data. Among these challenges, authentication is a major issue that ensures that the susceptible medical data in clouds is not available to illegal participants. The smart card, password and biometrics are three factors of authentication which fulfill the requirement of giving high security. Numerous three-factor ECC-based authentication protocols on e-Health clouds have been presented so far. However, most of the protocols have serious security flaws and produce high computation and communication overheads. Therefore, we introduce a novel protocol for the e-Health cloud, which thwarts some major attacks, such as user anonymity, offline password guessing, impersonation, and stolen smart card attacks. Moreover, we evaluate our protocol through formal security analysis using the Random Oracle Model (ROM). The analysis shows that our proposed protocol is more efficient than many existing protocols in terms of computation and communication costs. Thus, our proposed protocol is proved to be more efficient, robust and secure.     

IP2DM: integrated privacy‐preserving data management architecture for smart grid V2G networks

With the development of battery vehicles, vehicle‐to‐grid (V2G) networks are becoming more and more important in smart grid. Although battery vehicles are environmentally friendly and flexible to use two‐way communication and two‐way electricity flow, they also raise privacy‐preservation challenges, such as location and movement privacy. On the one hand, utility companies have to monitor the grid and analyze user data to control the power production, distribution, scheduling, and billing process, while typical users need to access their data later online. On the other hand, users are not willing to provide their personal data because they do not trust the system security of the utility companies where their data stored, and it may potentially expose their privacy. Therefore, in this paper, we study data management of V2G networks in smart grid with privacy‐preservation to benefit both the customers and the utility companies. Both data aggregation and data publication of V2G networks are protected in the proposed architecture. To check its security, we analyze this architecture in several typical V2G networks attacks. We conduct several experiments to show that the proposed architecture is effective and efficient, and it can enhance user privacy protection while providing enough information for utility companies to analyze and monitor the grid. Copyright © 2016 John Wiley & Sons, Ltd.     

Privacy‐preserving authentication schemes for vehicular ad hoc networks: a survey

Vehicular ad hoc networks (VANETs) are expected in improving road safety and traffic conditions, in which security is essential. In VANETs, the authentication of the vehicular access control is a crucial security service for both inter‐vehicle and vehicle–roadside unit communications. Meanwhile, vehicles also have to be prevented from the misuse of the private information and the attacks on their privacy. There is a number of research work focusing on providing the anonymous authentication with preserved privacy in VANETs. In this paper, we specifically provide a survey on the privacy‐preserving authentication (PPA) schemes proposed for VANETs. We investigate and categorize the existing PPA schemes by their key cryptographies for authentication and the mechanisms for privacy preservation. We also provide a comparative study/summary of the advantages and disadvantages of the existing PPA schemes. Lastly, the open issues and future objectives are identified for PPA in VANETs. Copyright © 2014 John Wiley & Sons, Ltd.     

Efficient device‐to‐device discovery and access procedure for 5G cellular network

A large number of new data‐consuming applications are emerging, and many of them involve mobile users. In the next generation of wireless communication systems, device‐to‐device (D2D) communication is introduced as a new paradigm to offload the increasing traffic to the user equipment. Before the traffic transmission, D2D discovery and access procedure is the first important step which needs to be completed. In this paper, our goal is to design a device discovery and access scheme for the fifth generation cellular networks. We first present two types of device discovery and access procedures. Then we provide performance analysis based on the Markov process model. In addition, we present numerical simulation on the Vienna Matlab platform. The simulation results demonstrate the viability of the proposed scheme. Copyright © 2015 John Wiley & Sons, Ltd.     

一种5G异构云无线接入网络的D2D资源分配算法

为了解决设备对设备(Device-to-Device,D2D)资源共享带来的信号干扰问题,提出了一种5G异构云无线接入网络的D2D通信资源分配算法.在保证服务质量的前提下,将宏用户设备的频谱资源分配给D2D和中继用户设备,并且把资源分配问题看作一对一的匹配博弈.采用婚姻匹配理论,得到初始的匹配方案.在初始匹配的基础上,提出了一种遵循卡尔多-希克斯(Kaldor-Hicks)原则的资源交换策略,以提高系统的吞吐量.仿真结果表明,该资源分配算法收敛较快,与现有方案相比,能使系统吞吐量提升15％以上,能给系统用户带来约10％的增益,并且有较强抗信道干扰能力.     

Throughput enhanced scheduling (TES) scheme for ultra‐dense networks

This paper proposes two novel packet scheduling schemes, called as throughput enhanced scheduling (TES) and TES plus (TES+), for future ultra‐dense networks. These schemes introduce two novel parameters to the scheduling decision making and reformulate the parameters used by the state‐of‐the‐art schemes. The aim is to have a more balanced weight distribution between delay and throughput‐related parameters at scheduling decisions. Also include a new telecommunications related parameter into scheduling decision making that has not been studied by popular schedulers. The performance of novel schemes is compared with well‐known schemes—proportional fairness (PF), exponential/proportional fairness (EXP/PF), and M‐LWDF. For performance evaluation, five performance metrics—average spectral efficiency and delay, quality of service (QoS) violation ratio, jitter, and Jain's fairness index—are investigated. The simulation results show that proposed schemes can outperform all the compared scheduling schemes.     

An efficient k‐Means authentication scheme for digital certificates revocation validation in vehicular ad hoc networks

Vehicular ad hoc networks are emerging as a promising approach to improve traffic safety and provide a wide range of wireless applications to drivers and passengers on the road. In order to perform reliable and trusted vehicular communications, one requirement is to ensure peer vehicle credibility by means of validating digital certificate attached to messages that are transmitted by other vehicles. However, in vehicular communication systems, certificate validation is more time consuming than in traditional networks because each vehicle receives a large number of messages in a short period. Another concern is the unsuccessful delivery of information between vehicles and other entities on the road due to their high mobility rate. For these reasons, we seek new solutions that will aid in speeding up the process of certificate validation. In this article, we propose a certificate revocation status validation scheme using the concept of clustering from data mining that can meet the aforementioned requirements. We employ the technique of k‐Means clustering to boost the efficiency of certificate validation, thereby enhancing the security of a vehicular ad hoc network. Additionally, a comprehensive security analysis for this scheme is presented; the analysis shows that this scheme can effectively improve the validation of certificates and thus increase the communication security in vehicular ad hoc networks. Copyright © 2012 John Wiley & Sons, Ltd.     

Distributed radio access technology selection for adaptive networks in high‐speed,B3G infrastructures

Wireless systems migrate towards the era of ‘Beyond the 3rd Generation’ (B3G). A fundamental facilitator of this vision is the evolution of high speed, adaptive networks, needed for better handling the offered demand and improving resource utilization. Adaptive networks dynamically select their configuration, in order to optimally adapt to the changing environment requirements and conditions. This paper presents optimization functionality that can be used to support network adaptability (cognition‐reconfigurability) in a B3G context. The paper starts from the business case that justifies the need for placing research onto adaptive networks and then continues with the management functionality for (re)configuration decisions, which is targeted to the dynamic selection of the appropriate radio access technologies (RATs). RAT selection is modelled through an optimization problem called (RAT, Demand and QoS‐Assignment problem—RDQ‐A), the solution of which assigns in a distributed manner the available RATs to adaptive Base Station transceivers and the demand (users) to these transceivers and to QoS levels, respectively. The RDQ‐A optimization problem is decoupled in several sub‐problems and is implemented in phases corresponding to the aforementioned assignments, while efficient custom greedy algorithms are mobilized in each phase for obtaining the optimum assignment. Finally, indicative results from the application of the proposed functionality to a simulated network are presented. Copyright © 2006 John Wiley & Sons, Ltd.     

SDN/NFV‐based handover management approach for ultradense 5G mobile networks

With the great increase of connected devices and new types of applications, mobile networks are witnessing exponential growth of traffic volume. To meet emerging requirements, it is widely agreed that the fifth‐generation mobile network will be ultradense and heterogeneous. However, the deployment of a high number of small cells in such networks poses challenges for the mobility management, including frequent, undesired, and ping‐pong handovers, not to mention issues related to increased delay and failure of the handover process. The adoption of software‐defined networking (SDN) and network function virtualization (NFV) technologies into 5G networks offers a new way to address the above‐mentioned challenges. These technologies offer tools and mechanisms to make networks flexible, programmable, and more manageable. The SDN has global network control ability so that various functions such as the handover control can be implemented in the SDN architecture to manage the handover efficiently. In this article, we propose a Software‐Defined Handover (SDHO) solution to optimize the handover in future 5G networks. In particular, we design a Software‐Defined Handover Management Engine (SDHME) to handle the handover control mechanism in 5G ultradense networks. The SDHME is defined in the application plane of the SDN architecture, executed by the control plane to orchestrate the data plane. Simulation results demonstrate that, compared with the conventional LTE handover strategy, the proposed approach significantly reduces the handover failure ratio and handover delay.     

Mobile device‐centric access point monitoring scheme for handover decision triggering in heterogeneous networks

Because of the low throughput and the high packet error rate in wireless communications, the network traffic often converges at access points (APs), which take a role of connecting wired and wireless communication interfaces, and APs are usually bottleneck points in wireless networks. In heterogeneous networks, various networks are around mobile devices. Furthermore, today's mobile devices have various wireless network capabilities. Thus, mobile devices should be able to understand network situations autonomously and use a wide range of network options in heterogeneous networks. However, since current mobile devices cannot know the connected AP's network condition, they continue to use the AP, which provides poor‐quality networks even though there are other available APs and networks nearby. To resolve the aforementioned problems, we propose MAPS , the low‐power AP monitoring scheme for handover decision triggering in heterogeneous networks. Using MAPS , a mobile device can trigger a handover decision properly through predicting the connected AP's network condition accurately without any cooperation from other devices. Furthermore, MAPS does not require any modification on existing network systems, and the mobile device can use MAPS with simple application installation. Through diverse simulations, actual experiments, and power consumption analysis, we validate that MAPS can detect the busy AP effectively and is suitable for mobile devices because of low power consumption.     

Use cases and scenarios of 5G integrated satellite‐terrestrial networks for enhanced mobile broadband: The SaT5G approach

This paper presents initial results available from the European Commission Horizon 2020 5G Public Private Partnership Phase 2 project “SaT5G” (Satellite and Terrestrial Network for 5G). 1 After describing the concept, objectives, challenges, and research pillars addressed by the SaT5G project, this paper elaborates on the selected use cases and scenarios for satellite communications positioning in the 5G usage scenario of enhanced mobile broadband.     

Enhancing energy-efficient sleep scheduling for Narrowband Internet of Things devices in coordinated 5G networks within smart environments

This research project takes on a crucial role in the quickly changing field of integrated 5G networks inside smart environments by concentrating on the creation of an extremely effective sleep scheduling system designed especially for Narrowband Internet of Things (NB-IoT) devices. This work introduces a unique method for precisely controlling the nodes' sleep schedules through the use of convolutional neural network (CNN) architecture, which optimizes both energy usage and operating patterns. The principal goal still stands to guarantee the extended lifetime of operation and dependability of NB-IoT devices in the larger framework of intelligent ecosystems driven by synchronized 5G networks. To achieve its objectives, the research explores a number of complex domains and employs cutting-edge technologies and techniques, such as CNN-based pattern recognition. This method's real-time component is essential since it allows for prompt modifications to sleep schedules in order to optimize energy savings. Further boosting the devices' effectiveness and flexibility is continuous contact with a central server, which guarantees that the devices are updated with the most recent data and instructions. Essentially, the main objective of this study is to greatly increase the energy economy and operational lifetime of NB-IoT devices, which will allow for stable and long-lasting IoT deployments in the context of 5G networks in intelligent settings. This advancement is not only a boon for businesses and industries leveraging IoT technology but also a substantial step toward building smarter, more energy-efficient, and resilient smart ecosystems that benefit society as a whole.     

X‐Region: A framework for location privacy preservation in mobile peer‐to‐peer networks

While enjoying various LBS (location‐based services), users also face the threats of location privacy disclosure. This is because even if the communications between users and LBS providers can be encrypted and anonymized, the sensitive information inside LBS queries may disclose the exact location or even the identity of a user. The existing research on location privacy preservation in mobile peer‐to‐peer (P2P) networks assumed that users trust each other and directly share location information with each other. Nonetheless, this assumption is not practical for most of the mobile P2P scenarios, for example, an adversary can pretend to be a normal user and collect the locations of other users. Aiming at this issue, this paper presents x‐region as a solution to preserve the location privacy in a mobile P2P environment where no trust relationships are assumed amongst mobile users. The main idea is to allow users to share a blurred region known as x‐region instead of their exact locations so that one cannot distinguish any user from others inside the region. We propose a theoretical metric for measuring the anonymity property of x‐region, together with three algorithms for generating an x‐region, namely, benchmark algorithm, weighted expanding algorithm, and aggressive weighted expanding algorithm. These algorithms achieve the anonymity and QoS requirements with different strategies. Our experiments verify the performance of the algorithms against three key metrics. Copyright © 2013 John Wiley & Sons, Ltd.     

TOPSIS‐based approach for network slice selection in 5G mobile systems

Fifth‐generation (5G) mobile networks can be perceived as highly manageable systems that provide increased performance while supporting a variety of services with widely diverse requirements. Recently, network slicing has been proposed by academia and industry as a resource provisioning technique capable to meet these requirements with reduced operating costs while opening new horizons for network efficiency. The aim of network slice selection function (NSSF) is an optimal selection of network instances serving the users, based on local configuration, and other available information including radio access networks (RANs) performances in the registration area. In this paper, NSSF based on Technique for Order Preference by Similarity to Ideal Solution (TOPSIS) is proposed. Here, the network slices are treated as alternatives while their performance indicators are considered as the criteria for decision making. The influences of various alternative techniques, taking into account all the three stages of decision making process, that is, normalization, weighting, and ranking, are analyzed through the rank reversal phenomenon and computational complexity. Simulation results reveal that the proposed techniques can significantly improve the network slice selection procedure.     

Two‐sided matching framework for optimal user association in 5G multi‐RAT UDNs

Recently, academic and industrial research communities are paying more explicit attention to the 5G multiple radio access technology ultra‐dense networks (5G multi‐RAT UDNs) for boosting network capacity, especially in UD urban zones. To this aim, in this paper, we intend to tackle the user association problem in 5G multi‐RAT UDNs. By considering the decoupled uplink/downlink access (DUDA), we divide our user association problem into two distinct subproblems representing, respectively, the uplink and the downlink channels. Next, we formulated each one as a nonlinear optimization problem with binary variables. Then, to solve them, we were restricted by the hard complexity, as well as the hard feasibility of centralized user association schemes. Thus, to resolve our user association problem in a reasonable time and distributed manner, we formulated each subproblem as a many‐to‐one matching game based on matching theory. Next, we provide two fully distributed association algorithms to compute the uplink and downlink stable matching among user equipments (UEs) and base stations (BSs). Simulation results corroborate our theoretical model and show the effectiveness and improvement of our achieved results in terms of the overall network performance, quality of service (QoS), and energy efficiency (EE) of UEs.