Tesi sul tema "Multi-Layer communications"

Thesis (Ph. D.) -- University of Maryland, College Park, 2006.
Thesis research directed by: Electrical Engineering. Title from t.p. of PDF. Includes bibliographical references. Published by UMI Dissertation Services, Ann Arbor, Mich. Also available in paper.

Cette thèse étudie les optimisations d’allocation de ressources dans le lien retour de systèmes satellites à faisceaux multipleslimités par les interférences et pouvant être vus comme des systèmes MIMO virtuels. Cette thèse se focalise sur lesinterférences générées par les utilisateurs positionnés dans différents faisceaux et transmettant en même temps et avec lamême fréquence. Le nombre de fréquences (couleurs) présent dans le système satellite modifie la bande passante et de cefait la capacité du système. Quand ce nombre est réduit, par ex. une seule couleur, le niveau d’interférences augmente maisla bande passante dans chaque faisceau est plus grande. Il y a donc un compromis entre nombre de couleurs et niveaud’interférences. L’influence du canal satellite est tout d’abord évaluée en analysant le taux d’erreur obtenu avec diversestechniques de suppression d’interférences. La thèse s’oriente ensuite vers la théorie de l’information et étudie l’impact dunombre de couleurs sur les débits totaux. La détection multi-utilisateurs est prise en compte pour dériver les débitsutilisateurs et en particulier le critère max-min est appliqué, montrant une amélioration du niveau d’équité. Les différentsrésultats sont utilisés pour optimiser l’allocation des ressources mais l’ordonnancement pour des systèmes MIMO à grandeéchelle représente une tâche difficile, le domaine de recherche étant de taille prohibitive. De ce fait cette thèse étudie aussides algorithmes heuristiques à complexité réduite, basés sur la théorie des graphes, visant à trouver des ordonnancementssous-optimaux. Enfin le nombre de faisceaux et d’utilisateurs pris en compte pour l’ordonnancement sont étudiés pourproposer de nouveaux algorithmes satisfaisant des contraintes de qualité de service
This Ph.D. investigates resource management optimisations in the return-link of interference-limited multi-beam satellitesystems which can be seen as virtual MIMO systems. It focuses on the interference that users located in different beamsgenerate towards each other, when transmitting data at the same time and on the same frequency. The number offrequencies (colours) present in the satellite system rules the overall bandwidth and therefore the system capacity. Whenthe number of colours becomes low, e.g. considering one colour, the level of interference increases dramatically but thebandwidth available in each beam gets higher. Hence there is a tradeoff between number of colours and level ofinterference. The influence of the satellite channel is first studied by analysing the BER obtained through interferencecancellation techniques. The Ph.D. then moves towards information theory and investigates the impact of the colours onthe achievable sum rates. MUD schemes are then used to derive the per-user rates, and the max-min criterion is applied tothe user rates showing an improvement of the level of fairness between users. The different outcomes are used to optimisethe resource management. However, scheduling for large scale MIMO systems, as in the return-links of satellitecommunications, represents a challenging task, since the search space is prohibitive large. For this reason this Ph.D. alsoinvestigates low complexity heuristic algorithms based on graph theory with the aim of finding sub-optimal schedules.Finally, the number of spot beams and the number of users considered for scheduling are studied so as to propose newalgorithms aiming to satisfy quality of service constraints

Dans les réseaux mobiles du future, un déploiement plus dense des points d’accés radio est prévu pour satisfaire la demande accrue de débit, mais les terminaux utilisateurs peuvent être affectés par une interférence inter-cellulaire plus forte. Par chance, la centralisation des traitements de signal en bande de base dans l’achitecture Cloud RAN (C-RAN) offre la possibilité de la coordination et du traitement conjoint de plusieurs cellules. Pour réellement permettre de déployer ces techniques, une étude bout-à-bout du CRAN est nécessaire selon plusieurs aspects, notamment l’architecture fonctionnelle, la stratégie de coordination, l’implémentation du traitement de signal multiutilisateur et les optimisations possibles pour un fonctionnement plus efficace.Dans cette thèse, nous proposons en premier une architecture qui définit le placement des fonctions du traitement en bande de base entre les unités distribuées et le serveur central. Le but de ce design est de permettre la réalisation des fonctions multi-utilisateurs en transmettant avec la moins de débit possible sur les liens de fronthaul reliant les différentes entités. Dans un second temps, nous présentons comment il est possible de coordiner les différentes cellules servies par le C-RAN en utilisant le concept de réseaux définis par logiciels adapté pour les réseaux d’accès radio. Nous avons mis en place un prototype démontrant la faisabilité de la méthode de contrôle proposée. Finalement, nous étudions l’allocation adaptative du débit sur les liens de fronthaul transportant les symboles numériques quantifiés des utilisateurs en besoin de traitement multi-cellulaire sur la voie montante pour exploiter l’interférence entre eux. Nous proposons un modèle d’optimisation qui inclut le coût des transmissions fronthaul pour maximiser ainsi le gain obtenu par l’opérateur du réseau où la communication multiutilisateur a lieu. Nous réalisons l’optimisation pour différents modèles de coût et en utilisants deux types de données: d’abord les estimations de canal supposées parfaites et disponibles en temps réel, puis seulement les statistiques du canal. Nous montrons que la méthode d’optimisation proposée permet d’exploiter plus efficacement les liens de fronthaul dans l’architecture précedemment définie
In future mobile networks denser deployment of radio access points is planned to satisfy demand of higher throughput, but an increased number of mobile users can suffer from inter-cell interference. Fortunately, the centralization of base-band processing offered by Cloud Radio Access Network (C-RAN) architecture enables coordination and joint physical layer processing between cells. To make practical deployment of these techniques possible, we have to study C-RAN in an end-to-end view regarding several aspects: the functional architecture of a deployment, the multi-cell coordination strategy, the implementation of multi-user signal processing and possibilities for optimization to increase operational efficiency.In this thesis, first, we propose an architecture defining the placement of base-band processing functions between the distributed remote units and the central processing unit. The aim of this design is to enable multi-cell processing both on the uplink and the downlink while requiring low data rate between the involved entities. Secondly, we study how low latency coordination can be realized inside the central unit using software defined networking adapted to radio access networks. Our demonstration through a real-time prototype deployment shows the feasibility of the proposed control framework. Finally, we investigate adaptive allocation of fronthaul rate that is used for transferring quantized base-band symbols for users participating in uplink multi-cell reception in order to exploit interference between them. We propose an optimization model that includes the cost of fronthaul tranmissions and aims to maximize the gain of network operators from multi-user transmissions in C-RAN. We solve the optimization problem for different fronthaul pricing models, in a scenario where real-time and accurate channel estimates are available and in another where only channel statistics are exploited. Using our method - fitting in the architecture that we have defined - cost efficiency of fronthaul usage can be significantly improved

Les réseaux sans-fil sont de plus en plus utilisés. La popularité de ces réseaux est due au fait que ces réseaux permettent de créer, modifier et étendre facilement un réseau informatique. Les réseaux sans-fil sont également particulièrement nécessaires pour relier des équipements mobiles tels que des montres connectées, voitures connectées, drones. Les réseaux sans-fil sont également utilisés dans le secteur du transport et de la sécurité pour relier les trains avec le centre de contrôle ou les caméras avec le centre d'enregistrement. Toutefois, contrairement aux réseaux filaires, dans les réseaux sans-fil, les transmissions ne sont pas isolées dans des câbles, mais transmises en utilisant généralement des antennes omnidirectionnelles. Pour ces raisons, il est plus facile d'écouter et d'émettre sans autorisation sur ces réseaux - les rendent ainsi plus vulnérables à certains types d'attaques. Dans cette thèse, nous nous sommes intéressés à la détection des trois différentes attaques sur les réseaux sans-fil IEEE 802.11 (Wi-Fi). Les trois attaques sont l'attaque par faux point d'accès et deux attaques de déni de service : notamment l'attaque par déauthentication et l'attaque par brouillage. Dans la littérature scientifique, les méthodes existantes proposent de détecter ces attaques de manière isolée et en analysant uniquement un ou deux indicateurs.Nous proposons une méthode utilisant des algorithmes de classification pour créer un modèle, capable de détecter les trois attaques en analysant quatre indicateurs simultanément. Le modèle peut également détecter les attaques lorsqu'elles sont réalisées de manière indépendante ou lorsqu'elles sont cumulées entre elles. Concernant les données utilisées pour créer le modèle, sur les trois types de trames qui peuvent être émis sur un réseau Wi-Fi, nous avons considéré exclusivement, les trames de gestion et plus particulièrement les trames de beacon. Les trames de beacon sont régulièrement émises même en l'absence de trafic utilisateur, ce qui rend le modèle plus efficace. Nous avons aussi considéré des variations concernant le débit du réseau (absence de trafic, trafic léger, moyen et intense) et la puissance du signal de brouillage (puissance forte, moyenne et faible). Les résultats montrent que le modèle arrive à détecter les attaques par faux point d'accès, par déauthentication, par brouillage (faible et moyenne puissance) avec grande précision et l'attaque par brouillage de forte puissance, avec une précision satisfaisante. Nous avons pu nettement augmenter la précision de détection de cette dernière variation en prenant en compte les trames de beacon d'un deuxième point d'accès éloigné du réseau. Enfin, nous avons aussi considéré le cas particulier des transmissions Wi-Fi sur la bande 5 GHz et les faux points d'accès fantômes
Wireless networks are nowadays indispensable components of telecommunication infrastructures. They offer flexibility, mobility and rapid expansion of telecommunication infrastructures. They are also particularly needed to connect mobile devices such as connected cars, watches and drones. Wireless networks are also used in the transport and security sector to connect trains and cameras to monitoring systems. However, in contrary to wired networks in which transmission are isolated in wires, in wireless networks, transmissions are emitted using omnidirectional antennas. This makes wireless networks more vulnerable to unauthorised listening, emission and some specific attacks. In this thesis, we have worked on the detection of three different types of attacks on IEEE 802.11 (Wi-Fi) networks. The three attacks are fake access points and two denial of service attacks namely, deauthentication and jamming attacks. In scientific literature, these three attacks are detected independently and using one or two indicators.We propose a method that uses classification algorithms to create a model that can detect the three attacks by analysing four indicators simultaneously. The model can detect the attacks when they are perpetuated independently and also when they are combined. Concerning data used to create the model, among the three different types of frames that can be transmitted on Wi-Fi networks, we have considered only management frames and more particularly, beacon frames. Beacon frames are sent at regular interval and even in the absence of user traffic. Therefore, basing the detection on the analysis of beacon frames leads to a more efficient detection. In this thesis, we have also considered variations in data rates (absence of user traffic, light, moderate and intense user traffic) and in jamming power (low, moderate and high jamming power). Results show that the model can detect fake access points, deauthentication and jamming attacks (low and moderate power) with high precision. The jamming attack with intense power is detected with satisfying precision. By considering the beacon frames of a farther second access point of the network, we have been able to increase detection precision in the latter case. Finally, we have considered special cases such as Wi-Fi transmissions in the 5 GHz band and the phantom fake access point attack

Le domaine des transports intelligents repose sur une infrastructure robuste de communication véhiculaire, essentielle à la gestion du trafic, à la surveillance des routes, à l'accessibilité à l'Internet des objets (IoT) et aux informations des conducteurs/passagers. Alors que la norme conventionnelle IEEE802.11p a longtemps dominé ce domaine, l'avènement de la 5G et de ses successeurs marque un changement de paradigme.Cette thèse représente une exploration complète des technologies 5G et au-delà spécifiquement adaptées aux exigences uniques de la communication véhicule-à-tout (V2X). L'objectif principal est une analyse méticuleuse de la technologie Non-Orthogonal Multiple Access (NOMA) et des schémas de modulation multiporteuse (MCM) dans le contexte des applications V2X de nouvelle génération. Au cœur de cette exploration se trouve la recherche de stratégies de conception PHY/MAC (couches physique et de contrôle d'accès au support) transversales visant à élever les performances.Le parcours de recherche commence par une vue d'ensemble introductive, plongeant dans le contexte historique et la pertinence des communications V2X, accompagnée d'un examen des diverses exigences des groupes de cas d'utilisation V2X. Ce travail préliminaire combine des connaissances issues d'organisations normatives et des dernières publications, offrant une vue d'ensemble complète du paysage historique de la communication véhiculaire.Ensuite, la thèse navigue dans le paysage contemporain, mettant l'accent sur l'application des technologies 5G aux différents cas d'utilisation V2X. Elle cartographie la relation entre les groupes de cas d'utilisation V2X et les technologies habilitantes tout en explorant l'architecture hiérarchique 5G V2X. Cette exploration fait le lien entre les exigences actuelles de communication, les normes existantes et les directions de recherche ouvertes ainsi que les défis imminents.Le cœur de la thèse tourne autour de l'exploration des implications des schémas NOMA et MCM dans les applications V2X de prochaine génération. La culmination de cette recherche se manifeste dans un paradigme de conception transversale axé sur l'amélioration des performances et de l'adaptabilité des systèmes de communication cellulaires véhiculaires à tout (C-V2X). En disséquant les mécanismes NOMA au sein des couches physique et de contrôle d'accès au support (PHY/MAC), cette étude démontre des améliorations substantielles des performances de débit par rapport aux systèmes d'accès multiple orthogonal (OMA) conventionnels.Les résultats de cette thèse aspirent à contribuer à des solutions avancées pour les futurs systèmes de transport autonomes et connectés, avec un accent spécifique sur l'amélioration des performances des couches physique et d'accès au support dans des scénarios V2X sophistiqués
The realm of intelligent transportation hinges upon robust vehicular communication infrastructure, vital for traffic management, road monitoring, Internet of Things (IoT) accessibility, and driver/passenger information. While the conventional IEEE802.11p standard has long dominated this domain, the advent of 5G and its successors marks a paradigm shift.This thesis represents a comprehensive exploration of 5G and beyond technologies specifically tailored to the unique demands of Vehicle-to-Everything (V2X) communication. The primary aim is a meticulous analysis of Non-Orthogonal Multiple Access (NOMA) technology and Multi-Carrier Modulation (MCM) schemes within the context of next-generation V2X applications. Central to this exploration is the pursuit of cross-layer PHY/MAC (Physical Layer/Medium Access Control) design strategies aimed at elevating performance benchmarks.The research journey begins with an introductory overview, delving into the historical context and relevance of V2X communications, accompanied by an examination of the diverse requirements across V2X use case groups. This foundational groundwork combines insights from normative organizations and the latest literature, providing a comprehensive overview of the historical landscape of vehicular communication.Subsequently, the thesis navigates the contemporary landscape, emphasizing the application of 5G enabling technologies to various V2X use cases. It maps the relationship between V2X Use Case Groups and Enabling Technologies while exploring the Hierarchical 5G V2X high-level architecture. This exploration bridges current communication requirements and existing standards with open research directions and impending challenges.The core of the thesis revolves around the exploration of NOMA and MCM schemes' implications within next-generation V2X applications. The culmination of this research manifests in a cross-layer design paradigm focusing on the enhancement of performance and adaptability within cellular vehicle-to-everything (C-V2X) communication systems. By dissecting NOMA mechanisms within the Physical/Medium Access Control (PHY/MAC) layers, this study demonstrates substantial throughput performance improvements compared to conventional Orthogonal Multiple Access (OMA) systems.The outcomes of this thesis aspire to contribute advanced solutions for future autonomous and connected transport systems, with a specific emphasis on the enhancement of physical and medium access layer performance within sophisticated V2X scenarios

In this work, a multilayer security solution for digital communication systems is provided by considering the joint effects of physical-layer security channel codes with application-layer cryptography. We address two problems: first, the cryptanalysis of error-prone ciphertext; second, the design of a practical physical-layer security coding scheme. To our knowledge, the cryptographic attack model of the noisy-ciphertext attack is a novel concept. The more traditional assumption that the attacker has the ciphertext is generally assumed when performing cryptanalysis. However, with the ever-increasing amount of viable research in physical-layer security, it now becomes essential to perform the analysis when ciphertext is unreliable. We do so for the simple substitution cipher using an information-theoretic framework, and for stream ciphers by characterizing the success or failure of fast-correlation attacks when the ciphertext contains errors. We then present a practical coding scheme that can be used in conjunction with cryptography to ensure positive error rates in an eavesdropper's observed ciphertext, while guaranteeing error-free communications for legitimate receivers. Our codes are called stopping set codes, and provide a blanket of security that covers nearly all possible system configurations and channel parameters. The codes require a public authenticated feedback channel. The solutions to these two problems indicate the inherent strengthening of security that can be obtained by confusing an attacker about the ciphertext, and then give a practical method for providing the confusion. The aggregate result is a multilayer security solution for transmitting secret data that showcases security enhancements over standalone cryptography.

Cette thèse étudie les problèmes d’optimisation bi-objectifs des communications dans les réseaux de capteurs hétérogènes du point de vue de la portée de transmission. Le premier critère considéré est nécessairement l'énergie qu’il s’agit d'économiser pour maximiser la durée de vie du réseau. Le second critère, primordial dans le cas des applications en temps réel, est le délai d'acheminement des données. Pour résoudre le problème d’optimalité de la diffusion, nous proposons une formulation en nombres entiers, un algorithme d’approximation, une méta-heuristique et une heuristique permettant de trouver ou s’approcher de l’optimal pour les objectifs considérés.Pour le cas du routage, nous proposons une approche cross-layer via un programme linéaire en nombre entiers entre les couches MAC et Liaison de données permettant de calculer l'optimal et ainsi d'avoir un point de comparaison pour les futures heuristiques ayant les mêmes objectifs
This thesis studies the problems of bi-objective optimization of communications in heterogeneous wireless sensor networks from the point of view of the transmission range. The first criterion considered is necessarily the energy consumption that needs to be reduced in order to maximize the network lifetime. The second criterion is the data transmission delay, which is essential for real-time applications.To solve the optimality problem of the broadcast, we propose an integer linear program, an approximation algorithm, a meta-heuristic and a heuristic. All these techniques allow us to find or to approximate the optimal solutions for the considered objectives.For the routing case, we propose a cross-layer approach via an integer linear program between the MAC and Data Link layers. Our method calculates the optimal solution, which represents a point of comparison for future heuristics having the same goals

This dissertation addresses multi-layer optimization aspects of multiple input multiple output (MIMO) and deep learning-based communication systems. The initial focus is on the rate optimization for multi-user MIMO (MU-MIMO) configurations; specifically, multiple access channel (MAC) and interference channel (IC). First, the ergodic sum rates of MIMO MAC and IC configurations are determined by jointly integrating the error and overhead effects due to channel estimation (training) and feedback into the rate optimization. Then, we investigated methods that will increase the achievable rate for parallel Gaussian IC (PGIC) which is a special case of MIMO IC where there is no interference between multiple antenna elements. We derive a generalized iterative waterfilling algorithm for power allocation that maximizes the ergodic achievable rate. We verified the sum rate improvement with our proposed scheme through extensive simulation tests. Next, we introduce a novel physical layer scheme for single user MIMO spatial multiplexing systems based on unsupervised deep learning using an autoencoder. Both transmitter and receiver are designed as feedforward neural networks (FNN) and constellation diagrams are optimized to minimize the symbol error rate (SER) based on the channel characteristics. We first evaluate the SER in the presence of a constant Rayleigh-fading channel as a performance upper bound. Then, we quantize the Gaussian distribution and train the autoencoder with multiple quantized channel matrices. The channel is provided as an input to both the transmitter and the receiver. The performance exceeds that of conventional communication systems both when the autoencoder is trained and tested with single and multiple channels and the performance gain is sustained after accounting for the channel estimation error. Moreover, we evaluate the performance with increasing number of quantization points and when there is a difference between training and test channels. We show that the performance loss is minimal when training is performed with sufficiently large number of quantization points and number of channels. Finally, we develop a distributed and decentralized MU-MIMO link selection and activation protocol that enables MU-MIMO operation in wireless networks. We verified the performance gains with the proposed protocol in terms of average network throughput.
Doctor of Philosophy

La presencia de topologías multi-salto en comunicaciones inalámbricas de todo tipo es cada vez más apreciable, esperándose además que esta tendencia se mantenga en un futuro cercano. A pesar de que inicialmente fueran concebidos para solventar la falta de infraestructura subyacente en ciertos escenarios concretos, estos despliegues han acaparado el interés de diferentes actores del ámbito de las comunicaciones (incluyendo los operadores), con lo que es razonable pensar que su relevancia irá creciendo paulatinamente. De hecho, existen diversas iniciativas en algunos foros de estandarización que de alguna manera corroboran este hecho. Hay que tener en cuenta, por otro lado, otros factores adicionales (como la eclosión que se ha producido en el campo de las redes de sensores inalámbricos) que seguramente fomentarán el uso de estas topologías.A pesar de la creciente actividad en el ámbito de los despliegues multi-salto, sigue siendo necesario establecer, de manera cuantitativa, cuáles son sus posibles beneficios, tanto para los usuarios finales de los sistemas de comunicación, como para los operadores, especialmente teniendo en cuenta el elevado grado de heterogeneidad que también caracterizará las redes inalámbricas.Por otro lado, en lo que se refiere a los algoritmos y protocolos a ser empleados sobre este tipo de topologías, y a pesar de la intensa labor de investigación que sobre ellos se ha realizado recientemente, queda aún un número relevante de aspectos a analizar. En primer lugar, el mero hecho de que sus requerimientos y retos iniciales hayan variado de manera sustancial puede, y debe, influenciar sus principios básicos. Además, es necesario acometer verificaciones de los mismos sobre plataformas reales y, así mismo, asegurar que las evaluaciones que se realicen con técnicas de simulación utilicen modelos reales que permitan reflejar de manera fidedigna las condiciones que se dan en la realidad.Esta Tesis afronta, en primer lugar, la evaluación cuantitativa de la mejora que es posible alcanzar al utilizar topologías inalámbricas multi-salto para extender despliegues de red más tradicionales. Un primer aspecto que es razonable considerar es la ampliación de la cobertura que se consigue; en este caso se ha realizado un análisis que sigue un doble enfoque, analítico y mediante técnicas de simulación, para determinar es la ganancia que se logra. Se ha partido de dos modelos de red complementarios entre sí, asumiendo en el primero de ellos una falta total de planificación previa, mientras que en el segundo se utiliza un emplazamiento óptimo de los elementos de conexión a la red. Se ha comprobado que, a pesar de sus características claramente antagónicas, los resultados obtenidos con ambos escenarios son similares entre sí. Además, se concluye que, a pesar de que la ampliación de la cobertura que se alcanza es muy relevante, es posible establecer un límite razonable para el número máximo de saltos a emplear, ya que la mejoría adicional al incrementar la longitud de la ruta deja de ser apreciable a partir del mismo. Este aspecto se podría aprovechar para influir en el diseño de las técnicas de encaminamiento a emplear sobre este tipo de topologías.Se analizan también otras mejoras adicionales, utilizando un escenario en el que predomina sobremanera la heterogeneidad de los elementos de conexión a la red, e integrando las extensiones multi-salto con un algoritmo de selección de acceso genérico, que permite modular el peso que tienen las diferentes entidades (tanto el terminal de usuario como la propia red), así como diversos parámetros y restricciones a considerar, a la hora de determinar la alternativa de conexión óptima. Se comprueba que, tanto para los usuarios, gracias a la mejora de la calidad del servicio que perciben, como para la red, que incrementa el tráfico que es capaz de cursar, el uso de comunicaciones multi-salto puede resultar altamente atractivo.En segundo lugar, también se afronta la mejora de las técnicas de encaminamiento que tradicionalmente se emplean sobre las redes multi-salto, basadas en minimizar el número de saltos entre los dos extremos de la comunicación. Para ello, y utilizando el paradigma de Cross-Layer Optimisation, se propone una versión mejorada del protocolo DSR, denominada SADSR, que emplea la información relativa a la calidad de los enlaces subyacentes para modular el algoritmo de selección de ruta. Destacar que se acomete una verificación experimental de dicha propuesta, contestando, de este modo, a una de las reivindicaciones más importantes en este campo. Los resultados obtenidos permiten inferir que las prestaciones de la propuesta realizada en el marco de esta Tesis son superiores a los de la versión original del DSR.A pesar del evidente valor que las validaciones empíricas aportan, tienen la limitación de que es complicado establecer topologías con un número elevado de nodos, o acometer experimentos con una pauta repetitiva para determinar un comportamiento promedio. Es por ello que también se acomete un análisis mediante técnicas de simulación, en el que se compara SADSR con la versión original del DSR, así como con otras propuestas que han acaparado el interés por parte de la comunidad científica. Los resultados que se derivan a raíz de la evaluación llevada a cabo no hacen sino corroborar lo que ya adelanta la verificación experimental, ya que las prestaciones del SADSR son muy superiores a las del resto de alternativas analizadas.Para llevar a cabo el análisis anterior es fundamental el uso de un modelo de canal que refleje, con el mayor grado de exactitud posible, un comportamiento realista. Para ello, en la Tesis se afronta el diseño, implementación y posterior integración en la plataforma Network Simulator de BEAR, un modelo de canal basado en filtrado auto-regresivo, que se caracteriza principalmente por emular la aparición de errores a ráfagas que se observa en entornos reales. En ese sentido, se parte de un extenso conjunto de medidas que permite corroborar el correcto funcionamiento de la propuesta.
The presence of multi-hop topologies within all types of wireless communications is becoming more and more common, and this tendency is expected to be maintained in the near future. Although they were originally conceived to compensate the lack of subjacent infrastructure in certain scenarios, these deployments have attracted the interest of different actors in the wireless communications value chain (including network operators) and thus it is logical to think that their relevance will gradually increase. In fact, there already exist some standardization initiatives which corroborate this point to some extent. Furthermore, other additional factors, such as the rapid growth which has been seen in wireless sensor technologies, also strengthen the use of these topologies..In spite of the growing activity in the multi-hop deployment field, it is still necessary to establish, in a quantitative way, their potential benefits, both for the end-users of the communication systems, as well as for the operators, considering, in addition, the high degree of heterogeneity which will characterize wireless networks in the future.On the other hand, as far as algorithms and protocols to be used over this type of topology are concerned, and despite the intense research which has been conducted into them, there is still a large number of issues to be tackled. First, the simple fact that their initial requirements and challenges have been modified can, and must, influence their basic principles. In addition, it becomes necessary to address their validation on real platforms and, on the other hand, to ensure that simulation-based evaluations of their performance make use of realistic models which accurately reflect the conditions which are observed in real scenarios.This dissertation tackles, on the one hand, the quantitative evaluation of the improvements which are achievable when using multi-hop topologies to extend legacy network deployments. One first aspect which is logical to consider is the increase in the coverage which is brought about. In this sense, a two-fold approach has been followed, employing both an analytical as well as a simulation-based analysis, to establish what the gain is. Two network models have been used, being complementary to each other; the first one assumes a complete lack of network planning for the deployment of the access elements, while the second one assumes an optimum distribution of them. Although their characteristics are completely different, the results are somehow similar for both cases. Furthermore, it can be concluded that, despite the coverage extension which can be obtained, it is indeed possible to establish a reasonable limit on the maximum number of hops to be used, since the improvement becomes less relevant for higher values. This aspect could influence the design of routing techniques to be used over this type of topology.Furthermore, other additional benefits have been also analyzed, using a network deployment in which the presence of heterogeneity (multi-access) is evident. The multi-hop extensions have been integrated within a generic access selection algorithm which enables the modification of the weights which are assigned to the different entities (both the end-user terminals and the network) as well as to the set of parameters and constraints to be considered when selecting the most appropriate access alternative. It is concluded that for both the end-users, who improve their perception of the quality of service, and the network, which is able to increase the overall amount of traffic possible to be handled, multi-hop extensions are certainly beneficial.In addition, the dissertation also tackles the improvement of the routing techniques which are traditionally employed over multi-hop networks, which are based on minimizing the number of hops between the two sides of the communication. To accomplish this, and using the Cross-Layer Optimisation paradigm, an improved version of the DSR protocol is proposed, namely SADSR. It uses information about the subjacent link qualities to modulate the route selection algorithm. It is worth highlighting that a fully empirical (on a real platform) validation has been conducted, addressing one of the most pressing demands within this field. The results obtained allow us to infer that the proposal made in the framework of this dissertation is clearly outperforming the original DSR version.Although the added value provided by empirical validations is unquestionable, they also have some limitations. First, they normally do not favour the establishment of large topologies, or to undertake repetitive experiments aimed at finding an average behaviour. In this sense, a simulation-based analysis is also used so as to compare the SADSR with the original DSR version as well as with other proposals which have recently attracted interest from the scientific community. The results obtained by the validation carried out on a real platform are confirmed, since the performance brought about by the SADSR is somewhat higher than that of the other strategies.In order to perform the previous analysis the use of a realistic channel model, able to capture with a high degree of accuracy the behaviour exhibited on real platforms, is mandatory. To fulfil this requirement, the dissertation also tackles the design, implementation, and integration within the Network Simulator platform of BEAR, a channel model based on auto-regressive filtering. It is mainly characterized by being able to emulate the bursty presence of errors which is observed over real channels. The design is based on an extensive set of measurements which is used to assess the validity of the proposal.

Thesis (Ph. D.)--Electrical and Computer Engineering, Georgia Institute of Technology, 2008.
Committee Chair: Ingram, Mary Ann; Committee Member: Andrew, Alfred; Committee Member: Copeland, John; Committee Member: Owen, Henry; Committee Member: Sivakumar, Raghupathy.

In this thesis we investigate the design of transmission resource allocation in current and future wireless communication systems. We focus on systems with multiple antennas and characterize their performance from an information-theoretic viewpoint. The goal of this work is to provide practical transmission and resource allocation strategies taking into account imperfections in estimating the wireless channel, as well as the broadcast nature of the wireless channel. In the first part of the thesis, we consider training-based transmission schemes in which pilot symbols are inserted into data blocks to facilitate channel estimation. We consider one-way training-based systems with and without feedback, as well as two-way training-based systems. Two-way training enables both the transmitter and the receiver to obtain the channel state information (CSI) through reverse training and forward training, respectively. In all considered cases, we derive efficient strategies for transmit time and/or energy allocation among the pilot and data symbols. These strategies usually have analytical closed-form expressions and can achieve near optimal capacity performance evidenced by extensive numerical analysis. In one-way training-based systems without feedback, we consider both spatially independent and correlated channels. For spatially independent channels, we provide analytical bounds on the optimal training length and study the optimal antenna con¯guration that maximizes an ergodic capacity lower bound. For spatially correlated channels, we provide simple pilot and data transmission strategies that are robust under least-favorable channel correlation conditions. In one-way training-based systems with feedback, we study channel gain feedback (CGF), channel covariance feedback (CCF) and hybrid feedback. For spatially independent channels with CGF, we show that the solutions to the optimal training length and energy coincide with those for systems without feedback. For spatially correlated channels with CCF, we propose a simple transmission scheme, taking into account the fact that the optimal training length is at most as large as the number of transmit antennas. We then provided solution to the optimal energy allocation between pilot and data transmissions, which does not depend on the channel spatial correlation under a mild condition. Our derived resource allocation strategies in CGF and CCF systems are extended to hybrid CCF-CGF systems. In two-way training-based systems, we provide analytical solutions to the transmit power distribution among the different training phases and the data transmission phase. These solutions are shown to have near optimal symbol error rate (SER) and capacity performance. We find that the use of two-way training can provide noticeable performance improvement over reverse training only when the system is operating at moderate to high signal-to-noise ratio (SNR) and using high-order modulations. While this improvement from two-way training is insignificant at low SNR or low-order modulations. In the second part of the thesis, we consider transmission resource allocation in security-constrained systems. Due to the broadcast nature of the wireless medium, security is a fundamental issue in wireless communications. To guarantee secure communication in the presence of eavesdroppers, we consider a multi-antenna transmission strategy which sends both an information signal to the intended receiver and a noise-like signal isotropically to confuse the eavesdroppers. We study the optimal transmit power allocation between the information signal and the artificial noise. In particular, we show that equal power allocation is a near optimal strategy for non-colluding eavesdroppers, while more power should be used to generate the artificial noise for colluding eavesdroppers. In the presence of channel estimation errors, we find that it is better to create more artificial noise than to increase the information signal strength.

Les prévisions relatives trafic de données au sein des systèmes de communications sans-fil suggèrent une croissance exponentielle, principalement alimentée par l’essor de transferts vidéo mobiles. Etant donné la nature soudaine et fluctuante des demandes de transfert vidéo, il faut dès à présent réfléchir à de nouveaux algorithmes d’allocation de ressources performants. En effet, les algorithmes en couche physique traditionnels, qui réalisent de l’allocation de ressources sous l’hypothèse classique que les transmetteurs sont toujours saturés avec des bits d’information, risquent à l’avenir de s’avérer inefficients. Pour cette raison, les algorithmes de demain se doivent d’être dynamiques, dans le sens où ils seront capables de prendre en compte la nature stochastique des fluctuations du trafic de données et qu’ils intégreront des informations issus de processus de couches supérieures.L’idée centrale de cette thèse est de développer des algorithmes, travaillant avec des informations issues de la couche PHY et de la couche NET, dans un scénario Multi-cells et MIMO (Multiple Inputs, Multiple Outputs).Plus particulièrement, nous considérons un réseau de stations de base (BS) équipés avec plusieurs antennes, chargés de servir plusieurs terminaux mobiles équipés d’une seule antenne (UT) dans leurs cellules respectives. Ce qui nous différencie des travaux précédents, c’est que nous tenons compte de l’aléa avec lequel des demandes de transferts peuvent arriver et que, pour cette raison, nous modélisons la formation de queue de données au niveau des stations de base. Dans cette disposition, nous développons plusieurs algorithmes multicouches, réalisant de l’allocation de ressources décentralisée, et ce, dans une optique d’efficacité énergétique. En particulier, il s’agit ici de réaliser des algorithmes réalisant du beamforming de façon décentralisée et capables de contrôler des fluctuations de trafic, des algorithmes optimisant l’efficacité énergétique sous une contrainte de qualité de service moyenne, des algorithmes de planification décentralisés dans des scénarios multi-cellulaires. Dans cette perspective, nous choisissons de recourir non seulement à des outils d’optimisation de la théorie de Lyapunov, mais également à la théorie des matrices aléatoires et à la théorie du contrôle stochastique
Future wireless communication systems are expected to see an explosion in the wireless traffic which is mainly fueled by mobile video traffic. Due to the time varying and bursty nature of video traffic, wireless systems will see a widerrange of fluctuations in their traffic patterns. Therefore, traditional physical layer based algorithms which perform resource allocation under the assumption that the transmitters are always saturated with information bits, might no longer be efficient. It is, thus, important to design dynamic resource allocation algorithms which can incorporate higher layer processes and account for the stochastic nature of the wireless traffic.The central idea of this thesis is to develop cross-layer design algorithmsbetween the physical and the network layer in a multiple input multiple output (MIMO) multi-cell setup. Specifically, we consider base stations (BSs) equipped with multiple antennas serving multiple single antenna user terminals (UTs) in their respective cells. In contrast to the previous works, we consider the randomness in the arrival of information bits and hence account for the queuing at the BSs. With this setup, we develop various cross-layer based resource allocation algorithms. We incorporate two important design considerations namely decentralized design and energy efficiency. In particular, we focus on developing decentralized beamforming and traffic flow controller design, energy efficient design under time average QoS constraints and decentralized scheduling strategy in a multi-cell scenario. To this end, we use tools from Lyapunov optimization, random matrix theory and stochastic control theory

The ever-increasing demand for private and sensitive data transmission over wireless networks has made security a crucial concern in the current and future large-scale, dynamic, and heterogeneous wireless communication systems. To address this challenge, wireless researchers have tried hard to continuously analyze the jamming threats and come up with improved countermeausres. In this research, we have analyzed the jamming-vulnerabilities of the leading multi-carrier communication systems, Orthogonal Frequency Division Multiplexing (OFDM) and Single-Carrier Frequency Division Multiple Access (SC-FDMA). In order to lay the necessary theoretical groundwork, first we derived the analytical BER expressions for BPSK/QPSK and analytical upper and lower bounds for 16-QAM for OFDMA and SC-FDMA using Pilot Symbol Assisted Channel Estimation (PSACE) techniques in Rayleigh slow-fading channel that takes into account channel estimation error as well as pilot-jamming effect. From there we advanced to propose more novel attacks on the Cyclic Prefix (CP) of SC-FDMA. The associated countermeasures developed prove to be very effective to restore the system. We are first to consider the effect of frequency-selectivity and fading correlation of channel on the achievable rates of the legitimate system under pilot-spoofing attack. With respect to jamming mitigation techniques, our approaches are more focused on Anti-Jamming (AJ) techniques rather than Low Probability of Intercept (LPI) methods. The Channel State Information (CSI) of the two transceivers and the CSI between the jammer and the target play critical roles in ensuring the effectiveness of jamming and nulling attacks. Although current literature is rich with different channel estimation techniques between two legitimate transceivers, it does not have much to offer in the area of channel estimation from jammer's perspective. In this dissertation, we have proposed novel, computationally simple, deterministic, and optimal blind channel estimation techniques for PSK-OFDM as well as QAM-OFDM that estimate the jammer channel to the target precisely in high Signal-to-Noise (SNR) environment from a single OFDM symbol and thus perform well in mobile radio channel. We have also presented the feasibility analysis of estimating transceiver channel from jammer's perspective at the transmitter as well as receiver side of the underlying OFDM system.
Ph. D.

Thesis (M. S.)--Electrical and Computer Engineering, Georgia Institute of Technology, 2009.
Committee Chair: Madhavan Swaminathan; Committee Member: Andrew F. Peterson; Committee Member: David C. Keezer; Committee Member: Saibal Mukhopadyay; Committee Member: Suresh Sitaraman.

Les réseaux sans fil multi-saut (WMN : Wireless multi-hop Networks) sont passés du stade de simple curiosité pour revêtir aujourd'hui un intérêt certain aussi bien du point de vue de la communauté de recherche que des opérateurs de réseaux et services. En analysant les services et applications fournis au sein des réseaux WMNs, nous pouvons constater que certaines applications telles que la visioconférence, la VoIP, etc sont sensibles au délai et nécessitent une certaine qualité de service (QoS). D'autres applications telles que le transfert de fichier, le streaming vidéo, etc. sont gourmands en terme d'utilisation de bande passante. Par conséquent, les architectures de communication des réseaux WMNs doivent intégrer des mécanismes de routage efficaces et adaptés pour répondre aux besoins des services et applications envisagés. Dans cette thèse, Nous nous intéressons à la problématique du routage dans les réseaux WMNs. Notre objectif est de proposer une nouvelle approche de routage qui prend en compte différents métriques de coûts. Tout d'abord, nous avons montré que le routage sous contraintes multiples est un problème NP complet et que trois étapes sont nécessaires à la conception d'une nouvelle solution de routage: (i) modélisation de l'interférence, (ii) l'estimation de la de la bande passante restante, (iii) l'estimation du délai à un saut. Suivant cette vision, nous avons proposé deux variantes du protocole de routage OLSR (SP-OLSR, S2P-OLSR) se basant sur la métrique SINR. Les résultats des simulations ont montré l'intérêt de la proposition dans un contexte de communication vocale (VoIP). Ensuite, nous avons proposé un algorithme d'estimation d'interférence à 2 sauts (2-HEAR) afin d'estimer la bande passante disponible. Puis, et sur la base de cet algorithme, nous avons proposé une nouvelle métrique de routage pour les WMNs: Estimated Balanced Capacity (EBC) en vue de parvenir à l'équilibrage de charge entre des différents flux. La dernière question abordée dans cette thèse est celle de l'estimation du délai à un saut. La solution proposée donne une borne du délai en se basant sur un modèle de file d'attente de type G/G/1. Enfin, nous avons englobé toutes les précédentes contributions pour mettre en place une nouvelle approche de routage hybride sous contraintes multiples. Ce protocole comporte une partie proactive utilisant la nouvelle métrique de routage (EBC) et une partie réactive qui permet de prendre en compte le délai relative à une connexion donné
There is a growing interest in wireless multi-hop networks (WMNs) since there are promising in opening new business opportunity for network operators and service providers. This research field aims at providing wireless communication means to carry different types of applications (FTP, Web browsing, video streaming, in addition to VoIP). Such applications have different constraints and their specific requirements in terms of Quality of Service (QoS) or performance metrics (delay jitter, end-to-end delay). We examine, in this thesis, the problem of routing in WMNs. Our main goal is to propose a new multi-metrics routing capable to fit these particular needs. In this thesis, we make several contributions toward WMN multi-constrained routing. First, we show that the multi-constrained path finding problem is NP-Complete and inherently a cross-layer issue, and that three steps are necessary to design the multi-metric routing protocol: (i) modeling of the inferring signal, (ii) estimation of the remaining bandwidth, (iii) estimation of the one-hop delay. Second, moving in such direction, we propose two enhanced versions of the OLSR routing protocol. The suggested protocols consider the SINR as a routing metric to build a reliable topology graph. Performance evaluation shows that utilizing such routing metric helps to improve significantly the VoIP application quality in the context of ad hoc network while maintaining a reasonable overhead cost. Third, we have proposed a 2-Hop interference Estimation Algorithm (2-HEAR) in order to estimate the available bandwidth. Then, and based on such algorithm, we have proposed a novel routing metric for WMNs: Estimated Balanced Capacity (EBC) in order to achieve load-balancing among the different flows. The next issue tackled in this thesis is the one-hop delay estimation, the one-hop delay is estimated by means of an analytical model based on G/G/1 queue. Finally, we have encompassed all the previous contributions to address our main goal, i.e. the design of a multi-constrained routing protocol for WMNs. A hybrid routing protocol is then proposed. This protocol is a junction of two parts : a proactive part that makes use of the previously estimated constraint, and a reactive part, which is triggered ”on demand” when news applications are expressed

Wireless sensor networks (WSNs) are distributed networks comprising small sensing devices equipped with a processor, memory, power source, and often with the capability for short range wireless communication. These networks are used in various applications, and have created interest in WSN research and commercial uses, including industrial, scientific, household, military, medical and environmental domains. These initiatives have also been stimulated by the finalisation of the IEEE 802.15.4 standard, which defines the medium access control (MAC) and physical layer (PHY) for low-rate wireless personal area networks (LR-WPAN). Future applications may require large WSNs consisting of huge numbers of inexpensive wireless sensor nodes with limited resources (energy, bandwidth), operating in harsh environmental conditions. WSNs must perform reliably despite novel resource constraints including limited bandwidth, channel errors, and nodes that have limited operating energy. Improving resource utilisation and quality-of-service (QoS), in terms of reliable connectivity and energy efficiency, are major challenges in WSNs. Hence, the development of new WSN applications with severe resource constraints will require innovative solutions to overcome the above issues as well as improving the robustness of network components, and developing sustainable and cost effective implementation models. The main purpose of this research is to investigate methods for improving the performance of WSNs to maintain reliable network connectivity, scalability and energy efficiency. The study focuses on the IEEE 802.15.4 MAC/PHY layers and the carrier sense multiple access with collision avoidance (CSMA/CA) based networks. First, transmission power control (TPC) is investigated in multi and single-hop WSNs using typical hardware platform parameters via simulation and numerical analysis. A novel approach to testing TPC at the physical layer is developed, and results show that contrary to what has been reported from previous studies, in multi-hop networks TPC does not save energy. Next, the network initialization/self-configuration phase is addressed through investigation of the 802.15.4 MAC beacon interval setting and the number of associating nodes, in terms of association delay with the coordinator. The results raise doubt whether that the association energy consumption will outweigh the benefit of duty cycle power management for larger beacon intervals as the number of associating nodes increases. The third main contribution of this thesis is a new cross layer (PHY-MAC) design to improve network energy efficiency, reliability and scalability by minimising packet collisions due to hidden nodes. This is undertaken in response to findings in this thesis on the IEEE 802.15.4 MAC performance in the presence of hidden nodes. Specifically, simulation results show that it is the random backoff exponent that is of paramount importance for resolving collisions and not the number of times the channel is sensed before transmitting. However, the random backoff is ineffective in the presence of hidden nodes. The proposed design uses a new algorithm to increase the sensing coverage area, and therefore greatly reduces the chance of packet collisions due to hidden nodes. Moreover, the design uses a new dynamic transmission power control (TPC) to further reduce energy consumption and interference. The above proposed changes can smoothly coexist with the legacy 802.15.4 CSMA/CA. Finally, an improved two dimensional discrete time Markov chain model is proposed to capture the performance of the slotted 802.15.4 CSMA/CA. This model rectifies minor issues apparent in previous studies. The relationship derived for the successful transmission probability, throughput and average energy consumption, will provide better performance predictions. It will also offer greater insight into the strengths and weaknesses of the MAC operation, and possible enhancement opportunities. Overall, the work presented in this thesis provides several significant insights into WSN performance improvements with both existing protocols and newly designed protocols. Finally, some of the numerous challenges for future research are described.

Cette thèse a pour objectif de proposer des améliorations pour le standard de l’Internet des Objets (IoT) LoRa selon deux axes : 1) la modification du récepteur classique pour améliorer les performances de démodulation en présence d’un canal multi-trajets et 2) proposer une sécurisation de la couche physique pour renforcer la confidentialité des transmissions. Pour le premier axe, une étude de l’impact des canaux multi-trajets est proposée et débouche sur le calcul de l’expression analytique du taux d’erreur symbole LoRa. Fort de cette étude, le récepteur améliore LoRa RAKE exploitant de façon constructive l’énergie des trajets est conçu et évalué pour le scénario réaliste d’un canal multi-trajets à répliques proches du trajet direct avec prise en compte de la synchronisation. Pour le second axe, une étude de l’impact des brouilleurs classiques Band et Tone Jamming est réalisée et montre les performances sous-optimales de ces brouilleurs. Ainsi, un schéma d’auto-brouillage de la forme d’onde LoRa est proposé, réduisant fortement les capacités de démodulation des intercepteurs, renforçant ainsi le niveau de confidentialité de la transmission. Le Peak-to-Average Power Ratio (PAPR) généré par ce schéma est étudié et une méthode de réduction de ce dernier est proposée. Enfin, des expérimentations sur des matériels de type Software Defined Radio (SDR) sont menées et démontrent la viabilité du schéma d’auto-brouillage
This thesis aims to propose enhancements for the LoRa Internet of Things (IoT) standard in order to 1) improve thedemodulation performances in the presence of multi-path channels and 2) develop security mechanisms at the physical layer to strengthen the secrecy of communications.For the first line of contribution, a study of the impact of multi-path channels is conducted and a closed-form expression of the symbol error rate is derived. Capitalizing on this study, the enhanced LoRa RAKE receiver leveraging constructively the paths energy is proposed, for the realistic scenario of channel replicashaving delays close to the main path while taking into account synchronization. For the second line of contribution, the impact of traditional Band and Tone jammers on the LoRa demodulation is investigated and highlights the sub-optimal performances of such jammers. Then, a waveform self-jamming scheme is proposed, considerably reducing demodulation capabilities of interceptors thus further enhancing the secrecy of communications. The induced Peak-to-Average Power Ratio (PAPR) by the scheme is analyzed and a mitigation technique is proposed. Finally, experiments on Software Defined Radio (SDR) equipment are achieved and demonstrate the sustainability of this self-jamming scheme

The thesis focuses on the privacy of communication that can be ensured by means of the physical layer, i.e., by appropriately chosen coding and resource allocation schemes. The fundamentals of physical-layer security have been already formulated in the 1970s by Wyner (1975), Csiszár and Körner (1978). But only nowadays we have the technical progress such that these ideas can find their way in current and future communication systems, which has driven the growing interest in this area of research in the last years. We analyze two physical-layer approaches that can ensure the secret transmission of private information in wireless systems in presence of an eavesdropper. One is the direct transmission of the information to the intended receiver, where the transmitter has to simultaneously ensure the reliability and the secrecy of the information. The other is a two-phase approach, where two legitimated users first agree on a common and secret key, which they use afterwards to encrypt the information before it is transmitted. In this case, the secrecy and the reliability of the transmission are managed separately in the two phases. The secrecy of the transmitted messages mainly depends on reliable information or reasonable and justifiable assumptions about the channel to the potential eavesdropper. Perfect state information about the channel to a passive eavesdropper is not a rational assumption. Thus, we introduce a deterministic model for the uncertainty about this channel, which yields a set of possible eavesdropper channels. We consider the optimization of worst-case rates in systems with multi-antenna Gaussian channels for both approaches. We study which transmit strategy can yield a maximum rate if we assume that the eavesdropper can always observe the corresponding worst-case channel that reduces the achievable rate for the secret transmission to a minimum. For both approaches, we show that the resulting max-min problem over the matrices that describe the multi-antenna system can be reduced to an equivalent problem over the eigenvalues of these matrices. We characterize the optimal resource allocation under a sum power constraint over all antennas and derive waterfilling solutions for the corresponding worst-case channel to the eavesdropper for a constraint on the sum of all channel gains. We show that all rates converge to finite limits for high signal-to-noise ratios (SNR), if we do not restrict the number of antennas for the eavesdropper. These limits are characterized by the quotients of the eigenvalues resulting from the Gramian matrices of both channels. For the low-SNR regime, we observe a rate increase that depends only on the differences of these eigenvalues for the direct-transmission approach. For the key generation approach, there exists no dependence from the eavesdropper channel in this regime. The comparison of both approaches shows that the superiority of an approach over the other mainly depends on the SNR and the quality of the eavesdropper channel. The direct-transmission approach is advantageous for low SNR and comparably bad eavesdropper channels, whereas the key generation approach benefits more from high SNR and comparably good eavesdropper channels. All results are discussed in combination with numerous illustrations
Der Fokus dieser Arbeit liegt auf der Abhörsicherheit der Datenübertragung, die auf der Übertragungsschicht, also durch geeignete Codierung und Ressourcenverteilung, erreicht werden kann. Die Grundlagen der Sicherheit auf der Übertragungsschicht wurden bereits in den 1970er Jahren von Wyner (1975), Csiszár und Körner (1978) formuliert. Jedoch ermöglicht erst der heutige technische Fortschritt, dass diese Ideen in zukünftigen Kommunikationssystemen Einzug finden können. Dies hat in den letzten Jahren zu einem gestiegenen Interesse an diesem Forschungsgebiet geführt. In der Arbeit werden zwei Ansätze zur abhörsicheren Datenübertragung in Funksystemen analysiert. Dies ist zum einen die direkte Übertragung der Information zum gewünschten Empfänger, wobei der Sender gleichzeitig die Zuverlässigkeit und die Abhörsicherheit der Übertragung sicherstellen muss. Zum anderen wird ein zweistufiger Ansatz betrachtet: Die beiden Kommunikationspartner handeln zunächst einen gemeinsamen sicheren Schlüssel aus, der anschließend zur Verschlüsselung der Datenübertragung verwendet wird. Bei diesem Ansatz werden die Abhörsicherheit und die Zuverlässigkeit der Information getrennt voneinander realisiert. Die Sicherheit der Nachrichten hängt maßgeblich davon ab, inwieweit zuverlässige Informationen oder verlässliche Annahmen über den Funkkanal zum Abhörer verfügbar sind. Die Annahme perfekter Kanalkenntnis ist für einen passiven Abhörer jedoch kaum zu rechtfertigen. Daher wird hier ein deterministisches Modell für die Unsicherheit über den Kanal zum Abhörer eingeführt, was zu einer Menge möglicher Abhörkanäle führt. Die Optimierung der sogenannten Worst-Case-Rate in einem Mehrantennensystem mit Gaußschem Rauschen wird für beide Ansätze betrachtet. Es wird analysiert, mit welcher Sendestrategie die maximale Rate erreicht werden kann, wenn gleichzeitig angenommen wird, dass der Abhörer den zugehörigen Worst-Case-Kanal besitzt, welcher die Rate der abhörsicheren Kommunikation jeweils auf ein Minimum reduziert. Für beide Ansätze wird gezeigt, dass aus dem resultierenden Max-Min-Problem über die Matrizen des Mehrantennensystems ein äquivalentes Problem über die Eigenwerte der Matrizen abgeleitet werden kann. Die optimale Ressourcenverteilung für eine Summenleistungsbeschränkung über alle Sendeantennen wird charakterisiert. Für den jeweiligen Worst-Case-Kanal zum Abhörer, dessen Kanalgewinne einer Summenbeschränkung unterliegen, werden Waterfilling-Lösungen hergeleitet. Es wird gezeigt, dass für hohen Signal-Rausch-Abstand (engl. signal-to-noise ratio, SNR) alle Raten gegen endliche Grenzwerte konvergieren, wenn die Antennenzahl des Abhörers nicht beschränkt ist. Die Grenzwerte werden durch die Quotienten der Eigenwerte der Gram-Matrizen beider Kanäle bestimmt. Für den Ratenanstieg der direkten Übertragung ist bei niedrigem SNR nur die Differenz dieser Eigenwerte maßgeblich, wohingegen für den Verschlüsselungsansatz in dem Fall keine Abhängigkeit vom Kanal des Abhörers besteht. Ein Vergleich zeigt, dass das aktuelle SNR und die Qualität des Abhörkanals den einen oder anderen Ansatz begünstigen. Die direkte Übertragung ist bei niedrigem SNR und verhältnismäßig schlechten Abhörkanälen überlegen, wohingegen der Verschlüsselungsansatz von hohem SNR und vergleichsweise guten Abhörkanälen profitiert. Die Ergebnisse der Arbeit werden umfassend diskutiert und illustriert

Le thème général du sujet tourne autour de l'optimisation inter-couche des réseaux de capteurs basés sur la technologie ultra large bande ULB (UWB, Ultra Wide Band) moyennant des solutions protocolaires permettant d'un côté de répondre au besoin de qualité de service QdS à critères multiples dans les réseaux de capteurs sans fil et d'autre côté d'assurer le partage et l'allocation efficace les ressources disponibles (spectrale et temporelle) ainsi que l'optimisation de la consommation d'énergie dans des tels réseaux. Le domaine d'application cible choisi dans le présent travail est les systèmes de suivi des patients au sein d'un réseau de capteurs déployé en hôpital intelligent (WHSN, Large-scale Wireless Hospital Sensor Network). Dans ce contexte, nous avons proposé le modèle UWBCAS pour assurer le partage des ressources spectrales entre les PANs. Puis, nous avons conçu et implémenté un protocole MAC multi-canal multi-créneau de temps avec support de qualité de service, PMCMTP, pour assurer une allocation conjointe des canaux de fréquence et des créneaux de temps au sein de chaque réseau PAN. Enfin nous avons proposé l'algorithme JSAR qui traite à la fois les problèmes d'ordonnancement des cycles d'activités des membres du réseau dans le but d'optimiser la consommation d'énergie, d'allocation efficace des canaux de fréquence et des créneaux de temps afin d'améliorer le taux d'utilisation des ressources et les performances du réseau et de routage avec support de QdS à critères multiples afin de répondre aux besoins des applications supportées
The general context of the present memory is about the cross-layer optimization of wireless sensors networks based on ultra wide band technology UWB. The proposed solutions ensure the share and the efficient allocation of spectral and temporal resources, the optimization of the energy consumption and the support of multi-constraints quality of services QoS. The most challenging issue is providing a tradeoff between the resource efficiency and the multiconstrained QoS support. For this purpose, we proposed a new Wireless Hospital Sensor Network (WHSN) three-tiered architecture in order to support large-scale deployment and to improve the network performance. Then we designed a channel allocation scheme (UWBCAS,)and a prioritized multi-channel multi-time slot MAC protocol (PMCMTP) to enhance network performance and maximize the resource utilization. Finally, we proposed a joint duty cycle scheduling, resource allocation and multi-constrained QoS routing algorithm (JSAR) which simultaneously combines, a duty cycle scheduling scheme for energy saving, a resource allocation scheme for efficient use of frequency channels and time slots, and an heuristic for multi-constrained routing protocol

Le thème général du sujet tourne autour de l'optimisation inter-couche des réseaux de capteurs basés sur la technologie ultra large bande ULB (UWB, Ultra Wide Band) moyennant des solutions protocolaires permettant d'un côté de répondre au besoin de qualité de service QdS à critères multiples dans les réseaux de capteurs sans fil et d'autre côté d'assurer le partage et l'allocation efficace les ressources disponibles (spectrale et temporelle) ainsi que l'optimisation de la consommation d'énergie dans des tels réseaux. Le domaine d'application cible choisi dans le présent travail est les systèmes de suivi des patients au sein d'un réseau de capteurs déployé en hôpital intelligent (WHSN, Large-scale Wireless Hospital Sensor Network). Dans ce contexte, nous avons proposé le modèle UWBCAS pour assurer le partage des ressources spectrales entre les PANs. Puis, nous avons conçu et implémenté un protocole MAC multi-canal multi-créneau de temps avec support de qualité de service, PMCMTP, pour assurer une allocation conjointe des canaux de fréquence et des créneaux de temps au sein de chaque réseau PAN. Enfin nous avons proposé l'algorithme JSAR qui traite à la fois les problèmes d'ordonnancement des cycles d'activités des membres du réseau dans le but d'optimiser la consommation d'énergie, d'allocation efficace des canaux de fréquence et des créneaux de temps afin d'améliorer le taux d'utilisation des ressources et les performances du réseau et de routage avec support de QdS à critères multiples afin de répondre aux besoins des applications supportées
The general context of the present memory is about the cross-layer optimization of wireless sensors networks based on ultra wide band technology UWB. The proposed solutions ensure the share and the efficient allocation of spectral and temporal resources, the optimization of the energy consumption and the support of multi-constraints quality of services QoS. The most challenging issue is providing a tradeoff between the resource efficiency and the multiconstrained QoS support. For this purpose, we proposed a new Wireless Hospital Sensor Network (WHSN) three-tiered architecture in order to support large-scale deployment and to improve the network performance. Then we designed a channel allocation scheme (UWBCAS,)and a prioritized multi-channel multi-time slot MAC protocol (PMCMTP) to enhance network performance and maximize the resource utilization. Finally, we proposed a joint duty cycle scheduling, resource allocation and multi-constrained QoS routing algorithm (JSAR) which simultaneously combines, a duty cycle scheduling scheme for energy saving, a resource allocation scheme for efficient use of frequency channels and time slots, and an heuristic for multi-constrained routing protocol

LBIC is a technique for scanning the local quantum efficiency of solar cells. This kind of measurements needs a highly specialized, and time critical controlling software. In 1996 the client, professor Markus Rinio, constructed an LBIC system, and wrote the controlling software as a Turbo-Pascal 7.0 application, running under the MS-DOS 6.22 operating system. By now (2018) both the software and several hardware components are in dire need to be modernized. This thesis thoroughly describes several important aspects of this work, and the considerations needed for a successful result. This includes both very foundational choices about the software architecture, the choice of suitable operating system, the threading model, and the adaptation to new hardware with vastly different behavior. The project also included a new hardware module for position reports and instrument triggering, as well as several adaptations to transform the DOS-based LBIC software into a pleasant modern GUI application.

abstract: There are many wireless communication and networking applications that require high transmission rates and reliability with only limited resources in terms of bandwidth, power, hardware complexity etc.. Real-time video streaming, gaming and social networking are a few such examples. Over the years many problems have been addressed towards the goal of enabling such applications; however, significant challenges still remain, particularly, in the context of multi-user communications. With the motivation of addressing some of these challenges, the main focus of this dissertation is the design and analysis of capacity approaching coding schemes for several (wireless) multi-user communication scenarios. Specifically, three main themes are studied: superposition coding over broadcast channels, practical coding for binary-input binary-output broadcast channels, and signalling schemes for two-way relay channels. As the first contribution, we propose an analytical tool that allows for reliable comparison of different practical codes and decoding strategies over degraded broadcast channels, even for very low error rates for which simulations are impractical. The second contribution deals with binary-input binary-output degraded broadcast channels, for which an optimal encoding scheme that achieves the capacity boundary is found, and a practical coding scheme is given by concatenation of an outer low density parity check code and an inner (non-linear) mapper that induces desired distribution of "one" in a codeword. The third contribution considers two-way relay channels where the information exchange between two nodes takes place in two transmission phases using a coding scheme called physical-layer network coding. At the relay, a near optimal decoding strategy is derived using a list decoding algorithm, and an approximation is obtained by a joint decoding approach. For the latter scheme, an analytical approximation of the word error rate based on a union bounding technique is computed under the assumption that linear codes are employed at the two nodes exchanging data. Further, when the wireless channel is frequency selective, two decoding strategies at the relay are developed, namely, a near optimal decoding scheme implemented using list decoding, and a reduced complexity detection/decoding scheme utilizing a linear minimum mean squared error based detector followed by a network coded sequence decoder.
Dissertation/Thesis
Ph.D. Electrical Engineering 2011

In order to establish a secure connections in the wireless environment, cryptographic methods may require an exchange of a key or secret. Fortunately, the environment provides randomness due to multi-path fading that can be exploited by physical-layer security algorithms to help establish this shared secret. However, in some cases, multi-path fading might be absent or negligible; therefore, we look for artificial ways to increase randomness. In this thesis, we explore antenna radiation variation by altering the phase between two antennas as a means of creating artificial fading. We construct a model of the antenna gain variation by analyzing the radiation pattern and run Monte-Carlo simulations to compare our approach to a base case with only multi-path fading. We then empirically collect data in order to confirm our analysis. Finally, we incorporate this model in a prominent security algorithm to demonstrate the improvements in security possible through such an approach.

碩士
國立成功大學
電機工程學系
89
The major purport of using progressive multi-layer reconfiguration is efficient using idle server resource in the Internet to perform our parallel program. After the reconfiguration mechanism invoking the thread migration, the unnecessary page sharing will increase and induce more communication thus reduce the performance. For solving this problem, we propose communication minimization. Through copyset adjustment and other improvement mechanisms, we reduce the overhead, which is caused by redundant communication, and make the whole reconfiguration mechanism more completely. In the SMP DSM, we have to conquer the problem of collecting thread’s access pattern, and then we can have the complete information to execute the mechanism for communication minimization. Besides, we implement two distributed thread migration methods, and make the reconfiguration mechanism take advantage of both the load balance and communication minimization. In the least experiment results, we observe combination the Diffusion Thread Migration and the mechanism of communication minimization can lead us to the best system performance. 表格目錄 III 圖目錄 IV 第一章 簡介 1 1.1 DSM簡介 1 1.2 研究動機 1 1.3 問題分析與討論 3 第二章 研究背景 5 2.1 TEAMSTER之介紹 5 2.2 PMR之介紹 6 2.3 相關研究 9 第三章 PMR通訊減量之設計 10 3.1 引線分頁共享資訊收集之設計 11 3.2 通訊減量之策略 12 第四章 系統實現 16 4.1 追蹤引線分頁共享資訊的方法 16 4.2 COPYSET ADJUSTMENT的方法 19 4.3 引線搬移模組和系統支援 21 第五章 效能測試 24 5.1 應用程式之介紹 24 5.2 測試結果與分析 26 第六章 結論與未來工作 32 參考文獻 33

碩士
大同大學
資訊工程學系(所)
94
Testing automation can be improved and tested the deficiency on artificially in the tradition, such as the questions , such as environmental equipment and tool ,etc., in addition, automation is tested can also shorten the time needed to test by a wide margin , can improve the accuracy of judging on the test result even more. Traditional artificial test is had, often test the analysis of the data, test erecting and such questions as the equipment must be asked of the environment, because reduce preparation degree tested, have increased the time spent of testing too. It be able to be in the test of short time that automation tests tools to hope to make the greatest working efficiency in Cheng, effective automation is tested can shorten real test time , can reduce the unnecessary fault while testing , and can solve the artificial test job that can't carry out , make the efficiency tested improve. This page will be proposed, if utilize the existing tool to solve relevant Protocol of network to test the blind spot on, and the method of testing. Link Aggregation will be test Protocol that this text will be discussed mainly , how to solve Link Aggregation present test difficult problem, how to shorten and test time and improve the accuracy tested, it will be the focal point that this text will be discussed .

碩士
國立交通大學
電控工程研究所
99
A broadcast interconnects method for 3D-IC applications is implemented by using common conduction layer. Die-to-Die Multi-signaling communication mechanism with common conduction layer has shorter communication distance. Compared with wireless or wire interconnect. Our communication distance is 2um. The shorter distance means that it can resist the neighborhood noise and increase the IO density for packaging. Moreover, chip thinning, together with device scaling, will further improve the density and performance of the vertical I/Os. As a result, because of the larger I/O count possible in 3D integration and the short length of the interconnections, it is expected that the vertical I/Os between stacked chips will be able to provide the high data bandwidth required by Moore’s law with the benefit of low-power signaling. We also use alignment method for detecting position error. In our design, a buffer stage may be needed between the circuit blocks in different layers, since common conduction layer usually have a much larger Parasitic Resistance than interconnects of circuits. This interconnect has energy efficiency of 0.18 pJ/bit at 2Gbps. The proposed broadcast interconnects method is implemented in TSMC 0.18um process for demonstration of this architecture.

This thesis presents a cross-layer design and optimization for emerging wideband wireless networks supporting multimedia applications, considering the interactions of the wireless channel characteristics, the physical and link layer protocols, and the user-perceived Quality-of-Service (QoS). As wireless channels are error-prone and broadcast in nature, both the error control mechanisms and the Media Access Control (MAC) protocols are critical for resource utilization and QoS provisioning. How to analyze, design and optimize the high-rate wireless networks by considering the characteristics of the propagation channels and wideband communication technologies is an open, challenging issue. In this thesis, we consider two important wideband wireless systems, the Ultra-Wideband (UWB) and the Orthogonal Frequency-Division Multiplexing (OFDM) systems. First, we propose the packet-level channel models based on Finite State Markov Chains (FSMCs) for the two systems, which present the statistical properties of the propagation channels and the transmission systems. Second, by incorporating the proposed packet-level channel models, we develop analytical frameworks for quantifying the performance of the high-rate wireless networks, combining the channel fading, physical- and link-layer error-control mechanisms and MAC protocols. Third, to mitigate the impact of channel fading and impairments, a cross-layer joint error-control mechanism is proposed. In addition, we also investigate the impact of channel fading on the video streaming applications, and propose a simple admission control algorithm to ensure QoS. As considering the physical-layer characteristics is critical for ensuring QoS and efficiency of resource utilization, the packet-level channel models, cross-layer analytical frameworks, networking protocols and simulation methodologies proposed in this dissertation are essential for future proliferation of high-rate wireless networks.

Wireless networks have received considerable attention recently due to the high user demand for wireless services and the emergence of new applications. This thesis focuses on the problem of information dissemination in a class of wireless networks known as the multi-way relay channel. Physical layer network coding is considered to increase the throughput in these networks. First, an algorithm is proposed that increases the full data exchange throughput by 33% compared to traditional routing. This gain arises from providing common knowledge to users and exploiting this knowledge to restrain some users from transmitting. Second, for complex field network coding, a transmission scheme is designed that ensures the receipt of a QAM constellation at the relay. This requires precoding the user symbols to make all possible combinations distinguishable at the relay. Using this approach, the throughput of data exchange is 1/2 symbol per user per channel use. The error performance of both schemes is derived analytically for AWGN channels.
Graduate

M. Tech. Electrical Engineering
It is widely believed that the implementation of multi-user multiple-input multiple- output (MU-MIMO) technology at the radio access portion of current and future wireless networks would positively impact on the performance of such networks. This however demands the design of efficient multi-user scheduling algorithms at the data link layer. One algorithm that is known to be throughput optimal is the opportunistic scheduler. This work takes a cross-layer approach in designing a scheduler that takes into account both the channel and queue states of users. We propose a scheduling algorithm referred to as the Maximum Throughput Scheduler (MTS). The MTS explicitly expresses network throughput as the utility function. Through simulations, we show that the MTS outperforms other schedulers in terms of network throughput.

碩士
國立交通大學
電機學院IC設計產業專班
95
A procedure is for SoC verification process in wireless communication system. The most concern in wireless communication system is interactive between base stations and mobile stations. In other words, this is not enough for SoC verification to verify a single base station or mobile station, especially under the pressure of time-to-market and design complexity. Therefore, how to verify the interactive of wireless communication system fast and completely in the early process of design flow is the key point. This paper introduces an ESL tool, including HW/SW co-design, system architecture exploit, and co-simulation/verification, to establish a cross-layer multi-node environment for verifying the interactive and analyzing the system performance. The fundamental design concept is a system level design abstraction, so it can conveniently provide precise analysis results of a system performance in the early process of design flow.

碩士
朝陽科技大學
資訊與通訊系
106
This thesis proposes a scheduling architecture with commonality, portability, and scalability for the diverse application requirements in wireless communications. The proposed architecture conforms to 3GPP LTE (Long Term Evolution) standards supporting resource schedule to meet QoS (Quality of Service) requirements for both transmission directions of UL (Up Link) and DL (Down Link) between eNodeB (i.e., LTE base station) and UEs (i.e., LTE terminal devices). Furthermore, the thesis presents a design of relay function for multi-UAV communication for military purposes and evaluates its performance in an implemented simulation environment. The proposed design of relay function is based on the popular and commonly used LTE technology. Accordingly, the implementation can be low-cost and performance-efficient. Bandwidth requirements are classified into two types of GT (Guaranteed) and BE (Best Effort) by the implemented scheduler. Accordingly, transmission of control data using GT bandwidth has a higher scheduling priority than that of multimedia message (e.g., image, picture or video stream) with BE bandwidth. As such, bandwidth allocation for control data can be adequate to avoid UAV crash due to missing packet of control data. Consequently, by utilizing the proposed relay function, UAVs can be dispatched to areas that cannot reach before to monitor environment and collect information, and then transmit data messages backward to a ground console in real time.

Governments, military, corporations, financial institutions and others exchange a great deal of confidential information using Internet these days. Protecting such confidential information and ensuring their integrity and origin authenticity are of paramount importance. There exist protocols and solutions at different layers of the TCP/IP protocol stack to address these security requirements. Application level encryption viz. PGP for secure mail transfer, TLS based secure TCP communication, IPSec for providing IP layer security are among these security solutions. Due to scalability, wide acceptance of the IP protocol, and its application independent character, the IPSec protocol has become a standard for providing Internet security. The IPSec provides two protocols namely the Authentication header (AH) and the Encapsulating Security Payload (ESP). Each protocol can operate in two modes, viz. transport and tunnel mode. The AH provides data origin authentication, connectionless integrity and anti replay protection. The ESP provides all the security functionalities of AH along with confidentiality. The IPSec protocols provide end-to-end security for an entire IP datagram or the upper layer protocols of IP payload depending on the mode of operation. However, this end-to-end model of security restricts performance enhancement and security related operations of intermediate networking and security devices, as they can not access or modify transport and upper layer headers and original IP headers in case of tunnel mode. These intermediate devices include routers providing Quality of Service (QoS), TCP Performance Enhancement Proxies (PEP), Application level Proxy devices and packet filtering firewalls. The interoperability problem between IPSec and intermediate devices has been addressed in literature. Transport friendly ESP (TF-ESP), Transport Layer Security (TLS), splitting of single IPSec tunnel into multiple tunnels, Multi Layer IPSec (ML-IPSec) are a few of the proposed solutions. The ML-IPSec protocol solves this interoperability problem without violating the end-to-end security for the data or exposing some important header fields unlike the other solutions. The ML-IPSec uses a multilayer protection model in place of the single end-to-end model. Unlike IPSec where the scope of encryption and authentication applies to the entire IP datagram, this scheme divides the IP datagram into zones. It applies different protection schemes to different zones. When ML-IPSec protects a traffic stream from its source to its destination, it first partitions the IP datagram into zones and applies zone-specific cryptographic protections. During the flow of the ML-IPSec protected datagram through an authorized intermediate gateway, certain type I zones of the datagram may be decrypted and re-encrypted, but the other zones will remain untouched. When the datagram reaches its destination, the ML-IPSec will reconstruct the entire datagram. The ML-IPSec protocol, however suffers from the problem of static configuration of zones and zone specific cryptographic parameters before the commencement of the communication. Static configuration requires a priori knowledge of routing infrastructure and manual configuration of all intermediate nodes. While this may not be an issue in a geo-stationary satellite environment using TCP-PEP, it could pose problems in a mobile or distributed environment, where many stations may be in concurrent use. The ML-IPSec endpoints may not be trusted by all intermediate nodes in a mobile environment for manual configuration without any prior arrangement providing the mutual trust. The static zone boundary of the protocol forces one to ignore the presence of TCP/IP datagrams with variable header lengths (in case of TCP or IP headers with OPTION fields). Thus ML-IPSec will not function correctly if the endpoints change the use of IP or TCP options, especially in case of tunnel mode. The zone mapping proposed in ML-IPSec is static in nature. This forces one to configure the zone mapping before the commencement of the communication. It restricts the protocol from dynamically changing the zone mapping for providing access to intermediate nodes without terminating the existing ML-IPSec communication. The ML-IPSec endpoints can off course, configure the zone mapping with maximum number of zones. This will lead to unnecessary overheads that increase with the number of zones. Again, static zone mapping could pose problems in a mobile or distributed environment, where communication paths may change. Our extension to the ML-IPSec protocol, called Dynamic Multi Layer IPSec (DML-IPSec) proposes a multi layer variant with the capabilities of dynamic zone configuration and sharing of cryptographic parameters between IPSec endpoints and intermediate nodes. It also accommodates IP datagrams with variable length headers. The DML-IPSec protocol redefines some of the IPSec and ML-IPSec fundamentals. It proposes significant modifications to the datagram processing stage of ML-IPSec and proposes a new key sharing protocol to provide the above-mentioned capabilities. The DML-IPSec supports the AH and ESP protocols of the conventional IPSec with some modifications required for providing separate cryptographic protection to different zones of an IP datagram. This extended protocol defines zone as a set of non-overlapping and contiguous partitions of an IP datagram, unlike the case of ML-IPSec where a zone may consist of non-contiguous portions. Every zone is provided with cryptographic protection independent of other zones. The DML-IPSec categorizes zones into two separate types depending on the accessibility requirements at the intermediate nodes. The first type of zone, called type I zone, is defined on headers of IP datagram and is required for examination and modification by intermediate nodes. One type I zone may span over a single header or over a series of contiguous headers of an IP datagram. The second type of zone, called type II zone, is meant for the payload portion and is kept secure between endpoints of IPSec communications. The single type II zone starts immediately after the last type I zone and spans till the end of the IP datagram. If no intermediate processing is required during the entire IPSec session, the single type II zone may cover the whole IP datagram; otherwise the single type II zone follows one or more type I zones of the IP datagram. The DML-IPSec protocol uses a mapping from the octets of the IP datagram to different zones, called zone map for partitioning an IP datagram into zones. The zone map contains logical boundaries for the zones, unlike physical byte specific boundaries of ML-IPSec. The physical boundaries are derived on-the-fly, using either the implicit header lengths or explicit header length fields of the protocol headers. This property of the DML-IPSec zones, enables it to accommodate datagrams with variable header lengths. Another important feature of DML-IPSec zone is that the zone maps need not remain constant through out the entire lifespan of IPSec communication. The key sharing protocol may modify any existing zone map for providing service to some intermediate node. The DML-IPSec also redefines Security Association (SA), a relationship between two endpoints of IPSec communication that describes how the entities will use security services to communicate securely. In the case of DML-IPSec, several intermediate nodes may participate in defining these security protections to the IP datagrams. Moreover, the scope of one particular set of security protection is valid on a single zone only. So a single SA is defined for each zone of an IP datagram. Finally all these individual zonal SA’s are combined to represent the security relationship of the entire IP datagram. The intermediate nodes can have the cryptographic information of the relevant type I zones. The cryptographic information related to the type II zone is, however, hidden from any intermediate node. The key sharing protocol is responsible for selectively sharing this zone information with the intermediate nodes. The DML-IPSec protocol has two basic components. The first one is for processing of datagrams at the endpoints as well as intermediate nodes. The second component is the key sharing protocol. The endpoints of a DML-IPSec communication involves two types of processing. The first one, called Outbound processing, is responsible for generating a DML-IPSec datagram from an IP datagram. It first derives the zone boundaries using the zone map and individual header field lengths. After this partitioning of IP datagram, zone wise encryption is applied (in case of ESP). Finally zone specific authentication trailers are calculated and appended after each zone. The other one, Inbound processing, is responsible for generating the original IP datagram from a DML-IPSec datagram. The first step in the inbound processing, the derivation of zone boundary, is significantly different from that of outbound processing as the length fields of zones remain encrypted. After receiving a DML-IPSec datagram, the receiver starts decrypting type I zones till it decrypts the header length field of the header/s. This is followed by zone-wise authentication verification and zone-wise decryption. The intermediate nodes processes an incoming DML-IPSec datagram depending on the presence of the security parameters for that particular DML-IPSec communication. In the absence of the security parameters, the key sharing protocol gets executed; otherwise, all the incoming DML-IPSec datagrams get partially decrypted according to the security association and zone mapping at the inbound processing module. After the inbound processing, the partially decrypted IP datagram traverses through the networking stack of the intermediate node . Before the IP datagram leaves the intermediate node, it is processed by the outbound module to reconstruct the DML-IPSec datagram. The key sharing protocol for sharing zone related cryptographic information among the intermediate nodes is the other important component of the DML-IPSec protocol. This component is responsible for dynamically enabling intermediate nodes to access zonal information as required for performing specific services relating to quality or security. Whenever a DML-IPSec datagram traverses through an intermediate node, that requires access to some of the type I zones, the inbound security database is searched for cryptographic parameters. If no entry is present in the database, the key sharing protocol is invoked. The very first step in this protocol is a header inaccessible message from the intermediate node to the source of the DML-IPSec datagram. The intermediate node also mentions the protocol headers that it requires to access in the body portion of this message. This first phase of the protocol, called the Zone reorganization phase, is responsible for deciding the zone mapping to provide access to intermediate nodes. If the current zone map can not serve the header request, the DML-IPSec endpoint reorganizes the existing zone map in this phase. The next phase of the protocol, called the Authentication Phase is responsible for verifying the identity of the intermediate node to the source of DML-IPSec session. Upon successful authentication, the third phase, called the Shared secret establishment phase commences. This phase is responsible for the establishment of a temporary shared secret between the source and intermediate nodes. This shared secret is to be used as key for encrypting the actual message transfer of the DML-IPSec security parameters at the next phase of the protocol. The final phase of the protocol, called the Security parameter sharing phase, is solely responsible for actual transfer of the security parameters from the source to the intermediate nodes. This phase is also responsible for updation of security and policy databases of the intermediate nodes. The successful execution of the four phases of the key sharing protocol enables the DML-IPSec protocol to dynamically modify the zone map for providing access to some header portions for intermediate nodes and also to share the necessary cryptographic parameters required for accessing relevant type I zones without disturbing an existing DML-IPSec communication. We have implemented the DML-IPSec for ESP protocol according to the definition of zones along with the key sharing algorithm. RHEL version 4 and Linux kernel version 2.6.23.14 was used for the implementation. We implemented the multi-layer IPSec functionalities inside the native Linux implementation of IPSec protocol. The SA structure was updated to hold necessary SA information for multiple zones instead of single SA of the normal IPSec. The zone mapping for different zones was implemented along with the kernel implementation of SA. The inbound and outbound processing modules of the IPSec endpoints were re-implemented to incorporate multi-layer IPSec capability. We also implemented necessary modules for providing partial IPSec processing capabilities at the intermediate nodes. The key sharing protocol consists of some user space utilities and corresponding kernel space components. We use ICMP protocol for the communications required for the execution of the protocol. At the kernel level, pseudo character device driver was implemented to update the kernel space data structures and necessary modifications were made to relevant kernel space functions. User space utilities and corresponding kernel space interface were provided for updating the security databases. As DML-IPSec ESP uses same Security Policy mechanism as IPSec ESP, existing utilities (viz. setkey) are used for the updation of security policy. However, the configuration of the SA is significantly different as it depends on the DML-IPSec zones. The DML-IPSec ESP implementation uses the existing utilities (setkey and racoon) for configuration of the sole type II zone. The type I zones are configured using the DML-IPSec application. The key sharing protocol also uses this application to reorganize the zone mapping and zone-wise cryptographic parameters. The above feature enables one to use default IPSec mechanism for the configuration of the sole type II zone. For experimental validation of DML-IPSec, we used the testbed as shown in the above figure. An ESP tunnel is configured between the two gateways GW1 and GW2. IN acts as an intermediate node and is installed with several intermediate applications. Clients C11 and C21 are connected to GW1 and GW2 respectively. We carried out detailed experiments for validating our solution w.r.t firewalling service. We used stateful packet filtering using iptables along with string match extension at IN. First, we configured the firewall to allow only FTP communication (using port information of TCP header and IP addresses of Inner IP header ) between C11 and C21. In the second experiment, we configured the firewall to allow only Web connection between C11 and C21 using the Web address of C11 (using HTTP header, port information of TCP header and IP addresses of Inner IP header ). In both experiments, we initiated the FTP and WEB sessions before the execution of the key sharing protocol. The session could not be established as the access to upper layer headers was denied. After the execution of the key sharing protocol, the sessions could be established, showing the availability of protocol headers to the iptables firewall at IN following the successful key sharing. We use record route option of ping program to validate the claim of handling datagrams with variable header lengths. This option of ping program records the IP addresses of all the nodes traversed during a round trip path in the IP OPTION field. As we used ESP in tunnel mode between GW1 and GW2, the IP addresses would be recorded inside the encrypted Inner IP header. We executed ping between C11 and C21 and observed the record route output. Before the execution of the key sharing protocol, the IP addresses of IN were absent in the record route output. After the successful execution of key sharing protocol, the IP addresses for IN were present at the record route output. The DML-IPSec protocol introduces some processing overhead and also increases the datagram size as compared to IPSec and ML-IPSec. It increases the datagram size compared to the standard IPSec. However, this increase in IP datagram size is present in the case of ML-IPSec as well. The increase in IP datagram length depends on the number of zones. As the number of zone increases this overhead also increases. We obtain experimental results about the processing delay introduced by DML-IPSec processing. For this purpose, we executed ping program from C11 to C21 in the test bed setup for the following cases: 1.ML-IPSec with one type I and one type II zone and 2. DML-IPSec with one type I and one type II zone. We observe around 10% increase in RTT in DML-IPSec with two dynamic zones over that of ML-IPSec with two static zones. This overhead is due to on-the-fly derivation of the zone length and related processing. The above experiment analyzes the processing delay at the endpoints without intermediate processing. We also analyzed the effect of intermediate processing due to dynamic zones of DML-IPSec. We used iptables firewall in the above mentioned experiment. The RTT value for DML-IPSec with dynamic zones increases by less than 10% over that of ML-IPSec with static zones. To summarize our work, we have proposed an extension to the multilayer IPSec protocol, called Dynamic Multilayer IPSec (DML-IPSec). It is capable of dynamic modification of zones and sharing of cryptographic parameters between endpoints and intermediate nodes using a key sharing protocol. The DML-IPSec also accommodates datagrams with variable header lengths. The above mentioned features enable any intermediate node to dynamically access required header portions of any DML-IPSec protected datagrams. Consequently they make the DML-IPSec suited for providing IPSec over mobile and distributed networks. We also provide complete implementation of ESP protocol and provide experimental validation of our work. We find that our work provides the dynamic support for QoS and security services without any significant extra overhead compared to that of ML-IPSec. The thesis begins with an introduction to communication security requirements in TCP/IP networks. Chapter 2 provides an overview of communication security protocols at different layers. It also describes the details of IPSec protocol suite. Chapter 3 provides a study on the interoperability issues between IPSec and intermediate devices and discusses about different solutions. Our proposed extension to the ML-IPSec protocol, called Dynamic ML-IPSec(DML-IPSec) is presented in Chapter 4. The design and implementation details of DML-IPSec in Linux environment is presented in Chapter 5. It also provides experimental validation of the protocol. In Chapter 6, we summarize the research work, highlight the contributions of the work and discuss the directions for further research.

Governments, military, corporations, financial institutions and others exchange a great deal of confidential information using Internet these days. Protecting such confidential information and ensuring their integrity and origin authenticity are of paramount importance. There exist protocols and solutions at different layers of the TCP/IP protocol stack to address these security requirements. Application level encryption viz. PGP for secure mail transfer, TLS based secure TCP communication, IPSec for providing IP layer security are among these security solutions. Due to scalability, wide acceptance of the IP protocol, and its application independent character, the IPSec protocol has become a standard for providing Internet security. The IPSec provides two protocols namely the Authentication header (AH) and the Encapsulating Security Payload (ESP). Each protocol can operate in two modes, viz. transport and tunnel mode. The AH provides data origin authentication, connectionless integrity and anti replay protection. The ESP provides all the security functionalities of AH along with confidentiality. The IPSec protocols provide end-to-end security for an entire IP datagram or the upper layer protocols of IP payload depending on the mode of operation. However, this end-to-end model of security restricts performance enhancement and security related operations of intermediate networking and security devices, as they can not access or modify transport and upper layer headers and original IP headers in case of tunnel mode. These intermediate devices include routers providing Quality of Service (QoS), TCP Performance Enhancement Proxies (PEP), Application level Proxy devices and packet filtering firewalls. The interoperability problem between IPSec and intermediate devices has been addressed in literature. Transport friendly ESP (TF-ESP), Transport Layer Security (TLS), splitting of single IPSec tunnel into multiple tunnels, Multi Layer IPSec (ML-IPSec) are a few of the proposed solutions. The ML-IPSec protocol solves this interoperability problem without violating the end-to-end security for the data or exposing some important header fields unlike the other solutions. The ML-IPSec uses a multilayer protection model in place of the single end-to-end model. Unlike IPSec where the scope of encryption and authentication applies to the entire IP datagram, this scheme divides the IP datagram into zones. It applies different protection schemes to different zones. When ML-IPSec protects a traffic stream from its source to its destination, it first partitions the IP datagram into zones and applies zone-specific cryptographic protections. During the flow of the ML-IPSec protected datagram through an authorized intermediate gateway, certain type I zones of the datagram may be decrypted and re-encrypted, but the other zones will remain untouched. When the datagram reaches its destination, the ML-IPSec will reconstruct the entire datagram. The ML-IPSec protocol, however suffers from the problem of static configuration of zones and zone specific cryptographic parameters before the commencement of the communication. Static configuration requires a priori knowledge of routing infrastructure and manual configuration of all intermediate nodes. While this may not be an issue in a geo-stationary satellite environment using TCP-PEP, it could pose problems in a mobile or distributed environment, where many stations may be in concurrent use. The ML-IPSec endpoints may not be trusted by all intermediate nodes in a mobile environment for manual configuration without any prior arrangement providing the mutual trust. The static zone boundary of the protocol forces one to ignore the presence of TCP/IP datagrams with variable header lengths (in case of TCP or IP headers with OPTION fields). Thus ML-IPSec will not function correctly if the endpoints change the use of IP or TCP options, especially in case of tunnel mode. The zone mapping proposed in ML-IPSec is static in nature. This forces one to configure the zone mapping before the commencement of the communication. It restricts the protocol from dynamically changing the zone mapping for providing access to intermediate nodes without terminating the existing ML-IPSec communication. The ML-IPSec endpoints can off course, configure the zone mapping with maximum number of zones. This will lead to unnecessary overheads that increase with the number of zones. Again, static zone mapping could pose problems in a mobile or distributed environment, where communication paths may change. Our extension to the ML-IPSec protocol, called Dynamic Multi Layer IPSec (DML-IPSec) proposes a multi layer variant with the capabilities of dynamic zone configuration and sharing of cryptographic parameters between IPSec endpoints and intermediate nodes. It also accommodates IP datagrams with variable length headers. The DML-IPSec protocol redefines some of the IPSec and ML-IPSec fundamentals. It proposes significant modifications to the datagram processing stage of ML-IPSec and proposes a new key sharing protocol to provide the above-mentioned capabilities. The DML-IPSec supports the AH and ESP protocols of the conventional IPSec with some modifications required for providing separate cryptographic protection to different zones of an IP datagram. This extended protocol defines zone as a set of non-overlapping and contiguous partitions of an IP datagram, unlike the case of ML-IPSec where a zone may consist of non-contiguous portions. Every zone is provided with cryptographic protection independent of other zones. The DML-IPSec categorizes zones into two separate types depending on the accessibility requirements at the intermediate nodes. The first type of zone, called type I zone, is defined on headers of IP datagram and is required for examination and modification by intermediate nodes. One type I zone may span over a single header or over a series of contiguous headers of an IP datagram. The second type of zone, called type II zone, is meant for the payload portion and is kept secure between endpoints of IPSec communications. The single type II zone starts immediately after the last type I zone and spans till the end of the IP datagram. If no intermediate processing is required during the entire IPSec session, the single type II zone may cover the whole IP datagram; otherwise the single type II zone follows one or more type I zones of the IP datagram. The DML-IPSec protocol uses a mapping from the octets of the IP datagram to different zones, called zone map for partitioning an IP datagram into zones. The zone map contains logical boundaries for the zones, unlike physical byte specific boundaries of ML-IPSec. The physical boundaries are derived on-the-fly, using either the implicit header lengths or explicit header length fields of the protocol headers. This property of the DML-IPSec zones, enables it to accommodate datagrams with variable header lengths. Another important feature of DML-IPSec zone is that the zone maps need not remain constant through out the entire lifespan of IPSec communication. The key sharing protocol may modify any existing zone map for providing service to some intermediate node. The DML-IPSec also redefines Security Association (SA), a relationship between two endpoints of IPSec communication that describes how the entities will use security services to communicate securely. In the case of DML-IPSec, several intermediate nodes may participate in defining these security protections to the IP datagrams. Moreover, the scope of one particular set of security protection is valid on a single zone only. So a single SA is defined for each zone of an IP datagram. Finally all these individual zonal SA’s are combined to represent the security relationship of the entire IP datagram. The intermediate nodes can have the cryptographic information of the relevant type I zones. The cryptographic information related to the type II zone is, however, hidden from any intermediate node. The key sharing protocol is responsible for selectively sharing this zone information with the intermediate nodes. The DML-IPSec protocol has two basic components. The first one is for processing of datagrams at the endpoints as well as intermediate nodes. The second component is the key sharing protocol. The endpoints of a DML-IPSec communication involves two types of processing. The first one, called Outbound processing, is responsible for generating a DML-IPSec datagram from an IP datagram. It first derives the zone boundaries using the zone map and individual header field lengths. After this partitioning of IP datagram, zone wise encryption is applied (in case of ESP). Finally zone specific authentication trailers are calculated and appended after each zone. The other one, Inbound processing, is responsible for generating the original IP datagram from a DML-IPSec datagram. The first step in the inbound processing, the derivation of zone boundary, is significantly different from that of outbound processing as the length fields of zones remain encrypted. After receiving a DML-IPSec datagram, the receiver starts decrypting type I zones till it decrypts the header length field of the header/s. This is followed by zone-wise authentication verification and zone-wise decryption. The intermediate nodes processes an incoming DML-IPSec datagram depending on the presence of the security parameters for that particular DML-IPSec communication. In the absence of the security parameters, the key sharing protocol gets executed; otherwise, all the incoming DML-IPSec datagrams get partially decrypted according to the security association and zone mapping at the inbound processing module. After the inbound processing, the partially decrypted IP datagram traverses through the networking stack of the intermediate node . Before the IP datagram leaves the intermediate node, it is processed by the outbound module to reconstruct the DML-IPSec datagram. The key sharing protocol for sharing zone related cryptographic information among the intermediate nodes is the other important component of the DML-IPSec protocol. This component is responsible for dynamically enabling intermediate nodes to access zonal information as required for performing specific services relating to quality or security. Whenever a DML-IPSec datagram traverses through an intermediate node, that requires access to some of the type I zones, the inbound security database is searched for cryptographic parameters. If no entry is present in the database, the key sharing protocol is invoked. The very first step in this protocol is a header inaccessible message from the intermediate node to the source of the DML-IPSec datagram. The intermediate node also mentions the protocol headers that it requires to access in the body portion of this message. This first phase of the protocol, called the Zone reorganization phase, is responsible for deciding the zone mapping to provide access to intermediate nodes. If the current zone map can not serve the header request, the DML-IPSec endpoint reorganizes the existing zone map in this phase. The next phase of the protocol, called the Authentication Phase is responsible for verifying the identity of the intermediate node to the source of DML-IPSec session. Upon successful authentication, the third phase, called the Shared secret establishment phase commences. This phase is responsible for the establishment of a temporary shared secret between the source and intermediate nodes. This shared secret is to be used as key for encrypting the actual message transfer of the DML-IPSec security parameters at the next phase of the protocol. The final phase of the protocol, called the Security parameter sharing phase, is solely responsible for actual transfer of the security parameters from the source to the intermediate nodes. This phase is also responsible for updation of security and policy databases of the intermediate nodes. The successful execution of the four phases of the key sharing protocol enables the DML-IPSec protocol to dynamically modify the zone map for providing access to some header portions for intermediate nodes and also to share the necessary cryptographic parameters required for accessing relevant type I zones without disturbing an existing DML-IPSec communication. We have implemented the DML-IPSec for ESP protocol according to the definition of zones along with the key sharing algorithm. RHEL version 4 and Linux kernel version 2.6.23.14 was used for the implementation. We implemented the multi-layer IPSec functionalities inside the native Linux implementation of IPSec protocol. The SA structure was updated to hold necessary SA information for multiple zones instead of single SA of the normal IPSec. The zone mapping for different zones was implemented along with the kernel implementation of SA. The inbound and outbound processing modules of the IPSec endpoints were re-implemented to incorporate multi-layer IPSec capability. We also implemented necessary modules for providing partial IPSec processing capabilities at the intermediate nodes. The key sharing protocol consists of some user space utilities and corresponding kernel space components. We use ICMP protocol for the communications required for the execution of the protocol. At the kernel level, pseudo character device driver was implemented to update the kernel space data structures and necessary modifications were made to relevant kernel space functions. User space utilities and corresponding kernel space interface were provided for updating the security databases. As DML-IPSec ESP uses same Security Policy mechanism as IPSec ESP, existing utilities (viz. setkey) are used for the updation of security policy. However, the configuration of the SA is significantly different as it depends on the DML-IPSec zones. The DML-IPSec ESP implementation uses the existing utilities (setkey and racoon) for configuration of the sole type II zone. The type I zones are configured using the DML-IPSec application. The key sharing protocol also uses this application to reorganize the zone mapping and zone-wise cryptographic parameters. The above feature enables one to use default IPSec mechanism for the configuration of the sole type II zone. For experimental validation of DML-IPSec, we used the testbed as shown in the above figure. An ESP tunnel is configured between the two gateways GW1 and GW2. IN acts as an intermediate node and is installed with several intermediate applications. Clients C11 and C21 are connected to GW1 and GW2 respectively. We carried out detailed experiments for validating our solution w.r.t firewalling service. We used stateful packet filtering using iptables along with string match extension at IN. First, we configured the firewall to allow only FTP communication (using port information of TCP header and IP addresses of Inner IP header ) between C11 and C21. In the second experiment, we configured the firewall to allow only Web connection between C11 and C21 using the Web address of C11 (using HTTP header, port information of TCP header and IP addresses of Inner IP header ). In both experiments, we initiated the FTP and WEB sessions before the execution of the key sharing protocol. The session could not be established as the access to upper layer headers was denied. After the execution of the key sharing protocol, the sessions could be established, showing the availability of protocol headers to the iptables firewall at IN following the successful key sharing. We use record route option of ping program to validate the claim of handling datagrams with variable header lengths. This option of ping program records the IP addresses of all the nodes traversed during a round trip path in the IP OPTION field. As we used ESP in tunnel mode between GW1 and GW2, the IP addresses would be recorded inside the encrypted Inner IP header. We executed ping between C11 and C21 and observed the record route output. Before the execution of the key sharing protocol, the IP addresses of IN were absent in the record route output. After the successful execution of key sharing protocol, the IP addresses for IN were present at the record route output. The DML-IPSec protocol introduces some processing overhead and also increases the datagram size as compared to IPSec and ML-IPSec. It increases the datagram size compared to the standard IPSec. However, this increase in IP datagram size is present in the case of ML-IPSec as well. The increase in IP datagram length depends on the number of zones. As the number of zone increases this overhead also increases. We obtain experimental results about the processing delay introduced by DML-IPSec processing. For this purpose, we executed ping program from C11 to C21 in the test bed setup for the following cases: 1.ML-IPSec with one type I and one type II zone and 2. DML-IPSec with one type I and one type II zone. We observe around 10% increase in RTT in DML-IPSec with two dynamic zones over that of ML-IPSec with two static zones. This overhead is due to on-the-fly derivation of the zone length and related processing. The above experiment analyzes the processing delay at the endpoints without intermediate processing. We also analyzed the effect of intermediate processing due to dynamic zones of DML-IPSec. We used iptables firewall in the above mentioned experiment. The RTT value for DML-IPSec with dynamic zones increases by less than 10% over that of ML-IPSec with static zones. To summarize our work, we have proposed an extension to the multilayer IPSec protocol, called Dynamic Multilayer IPSec (DML-IPSec). It is capable of dynamic modification of zones and sharing of cryptographic parameters between endpoints and intermediate nodes using a key sharing protocol. The DML-IPSec also accommodates datagrams with variable header lengths. The above mentioned features enable any intermediate node to dynamically access required header portions of any DML-IPSec protected datagrams. Consequently they make the DML-IPSec suited for providing IPSec over mobile and distributed networks. We also provide complete implementation of ESP protocol and provide experimental validation of our work. We find that our work provides the dynamic support for QoS and security services without any significant extra overhead compared to that of ML-IPSec. The thesis begins with an introduction to communication security requirements in TCP/IP networks. Chapter 2 provides an overview of communication security protocols at different layers. It also describes the details of IPSec protocol suite. Chapter 3 provides a study on the interoperability issues between IPSec and intermediate devices and discusses about different solutions. Our proposed extension to the ML-IPSec protocol, called Dynamic ML-IPSec(DML-IPSec) is presented in Chapter 4. The design and implementation details of DML-IPSec in Linux environment is presented in Chapter 5. It also provides experimental validation of the protocol. In Chapter 6, we summarize the research work, highlight the contributions of the work and discuss the directions for further research.

The thesis focuses on the privacy of communication that can be ensured by means of the physical layer, i.e., by appropriately chosen coding and resource allocation schemes. The fundamentals of physical-layer security have been already formulated in the 1970s by Wyner (1975), Csiszár and Körner (1978). But only nowadays we have the technical progress such that these ideas can find their way in current and future communication systems, which has driven the growing interest in this area of research in the last years. We analyze two physical-layer approaches that can ensure the secret transmission of private information in wireless systems in presence of an eavesdropper. One is the direct transmission of the information to the intended receiver, where the transmitter has to simultaneously ensure the reliability and the secrecy of the information. The other is a two-phase approach, where two legitimated users first agree on a common and secret key, which they use afterwards to encrypt the information before it is transmitted. In this case, the secrecy and the reliability of the transmission are managed separately in the two phases. The secrecy of the transmitted messages mainly depends on reliable information or reasonable and justifiable assumptions about the channel to the potential eavesdropper. Perfect state information about the channel to a passive eavesdropper is not a rational assumption. Thus, we introduce a deterministic model for the uncertainty about this channel, which yields a set of possible eavesdropper channels. We consider the optimization of worst-case rates in systems with multi-antenna Gaussian channels for both approaches. We study which transmit strategy can yield a maximum rate if we assume that the eavesdropper can always observe the corresponding worst-case channel that reduces the achievable rate for the secret transmission to a minimum. For both approaches, we show that the resulting max-min problem over the matrices that describe the multi-antenna system can be reduced to an equivalent problem over the eigenvalues of these matrices. We characterize the optimal resource allocation under a sum power constraint over all antennas and derive waterfilling solutions for the corresponding worst-case channel to the eavesdropper for a constraint on the sum of all channel gains. We show that all rates converge to finite limits for high signal-to-noise ratios (SNR), if we do not restrict the number of antennas for the eavesdropper. These limits are characterized by the quotients of the eigenvalues resulting from the Gramian matrices of both channels. For the low-SNR regime, we observe a rate increase that depends only on the differences of these eigenvalues for the direct-transmission approach. For the key generation approach, there exists no dependence from the eavesdropper channel in this regime. The comparison of both approaches shows that the superiority of an approach over the other mainly depends on the SNR and the quality of the eavesdropper channel. The direct-transmission approach is advantageous for low SNR and comparably bad eavesdropper channels, whereas the key generation approach benefits more from high SNR and comparably good eavesdropper channels. All results are discussed in combination with numerous illustrations.
Der Fokus dieser Arbeit liegt auf der Abhörsicherheit der Datenübertragung, die auf der Übertragungsschicht, also durch geeignete Codierung und Ressourcenverteilung, erreicht werden kann. Die Grundlagen der Sicherheit auf der Übertragungsschicht wurden bereits in den 1970er Jahren von Wyner (1975), Csiszár und Körner (1978) formuliert. Jedoch ermöglicht erst der heutige technische Fortschritt, dass diese Ideen in zukünftigen Kommunikationssystemen Einzug finden können. Dies hat in den letzten Jahren zu einem gestiegenen Interesse an diesem Forschungsgebiet geführt. In der Arbeit werden zwei Ansätze zur abhörsicheren Datenübertragung in Funksystemen analysiert. Dies ist zum einen die direkte Übertragung der Information zum gewünschten Empfänger, wobei der Sender gleichzeitig die Zuverlässigkeit und die Abhörsicherheit der Übertragung sicherstellen muss. Zum anderen wird ein zweistufiger Ansatz betrachtet: Die beiden Kommunikationspartner handeln zunächst einen gemeinsamen sicheren Schlüssel aus, der anschließend zur Verschlüsselung der Datenübertragung verwendet wird. Bei diesem Ansatz werden die Abhörsicherheit und die Zuverlässigkeit der Information getrennt voneinander realisiert. Die Sicherheit der Nachrichten hängt maßgeblich davon ab, inwieweit zuverlässige Informationen oder verlässliche Annahmen über den Funkkanal zum Abhörer verfügbar sind. Die Annahme perfekter Kanalkenntnis ist für einen passiven Abhörer jedoch kaum zu rechtfertigen. Daher wird hier ein deterministisches Modell für die Unsicherheit über den Kanal zum Abhörer eingeführt, was zu einer Menge möglicher Abhörkanäle führt. Die Optimierung der sogenannten Worst-Case-Rate in einem Mehrantennensystem mit Gaußschem Rauschen wird für beide Ansätze betrachtet. Es wird analysiert, mit welcher Sendestrategie die maximale Rate erreicht werden kann, wenn gleichzeitig angenommen wird, dass der Abhörer den zugehörigen Worst-Case-Kanal besitzt, welcher die Rate der abhörsicheren Kommunikation jeweils auf ein Minimum reduziert. Für beide Ansätze wird gezeigt, dass aus dem resultierenden Max-Min-Problem über die Matrizen des Mehrantennensystems ein äquivalentes Problem über die Eigenwerte der Matrizen abgeleitet werden kann. Die optimale Ressourcenverteilung für eine Summenleistungsbeschränkung über alle Sendeantennen wird charakterisiert. Für den jeweiligen Worst-Case-Kanal zum Abhörer, dessen Kanalgewinne einer Summenbeschränkung unterliegen, werden Waterfilling-Lösungen hergeleitet. Es wird gezeigt, dass für hohen Signal-Rausch-Abstand (engl. signal-to-noise ratio, SNR) alle Raten gegen endliche Grenzwerte konvergieren, wenn die Antennenzahl des Abhörers nicht beschränkt ist. Die Grenzwerte werden durch die Quotienten der Eigenwerte der Gram-Matrizen beider Kanäle bestimmt. Für den Ratenanstieg der direkten Übertragung ist bei niedrigem SNR nur die Differenz dieser Eigenwerte maßgeblich, wohingegen für den Verschlüsselungsansatz in dem Fall keine Abhängigkeit vom Kanal des Abhörers besteht. Ein Vergleich zeigt, dass das aktuelle SNR und die Qualität des Abhörkanals den einen oder anderen Ansatz begünstigen. Die direkte Übertragung ist bei niedrigem SNR und verhältnismäßig schlechten Abhörkanälen überlegen, wohingegen der Verschlüsselungsansatz von hohem SNR und vergleichsweise guten Abhörkanälen profitiert. Die Ergebnisse der Arbeit werden umfassend diskutiert und illustriert.

We study the problem of joint congestion control, routing and MAC layer scheduling in multi-hop wireless mesh networks, where the nodes in the network are subjected to energy expenditure rate constraints. As wireless scenario does not allow all the links to be active all the time, only a subset of given links can be active simultaneously. We model the inter-link interference using the link contention graph. All the nodes in the network are power-constrained and we model this constraint using energy expenditure rate matrix. Then we formulate the problem as a network utility maximization (NUM) problem. We notice that this is a convex optimization problem with affine constraints. We apply duality theory and decompose the problem into two sub-problems namely, network layer congestion control and routing problem, and MAC layer scheduling problem. The source adjusts its rate based on the cost of the least cost path to the destination where the cost of the path includes not only the prices of the links in it but also the prices associated with the nodes on the path. The MAC layer scheduling of the links is carried out based on the prices of the links. The optimal scheduler selects that set of non-interfering links, for which the sum of link prices is maximum. We study the effects of energy expenditure rate constraints of the nodes on the maximum possible network utility. It turns out that the dominant of the two constraints namely, the link capacity constraint and the node energy expenditure rate constraint affects the network utility most. Also we notice the fact that the energy expenditure rate constraints do not affect the nature of optimal link scheduling problem. Following this fact, we study the problem of distributed link scheduling. Optimal scheduling requires selecting independent set of maximum aggregate price, but this problem is known to be NP-hard. We first show that as long as scheduling policy selects the set of non-interfering links, it can not go unboundedly away from the optimal solution of network utility maximization problem. Then we proceed and evaluate a simple greedy scheduling algorithm. Analytical bounds on performance are provided and simulations indicate that the greedy heuristic performs well in practice.

We study the problem of joint congestion control, routing and MAC layer scheduling in multi-hop wireless mesh networks, where the nodes in the network are subjected to energy expenditure rate constraints. As wireless scenario does not allow all the links to be active all the time, only a subset of given links can be active simultaneously. We model the inter-link interference using the link contention graph. All the nodes in the network are power-constrained and we model this constraint using energy expenditure rate matrix. Then we formulate the problem as a network utility maximization (NUM) problem. We notice that this is a convex optimization problem with affine constraints. We apply duality theory and decompose the problem into two sub-problems namely, network layer congestion control and routing problem, and MAC layer scheduling problem. The source adjusts its rate based on the cost of the least cost path to the destination where the cost of the path includes not only the prices of the links in it but also the prices associated with the nodes on the path. The MAC layer scheduling of the links is carried out based on the prices of the links. The optimal scheduler selects that set of non-interfering links, for which the sum of link prices is maximum. We study the effects of energy expenditure rate constraints of the nodes on the maximum possible network utility. It turns out that the dominant of the two constraints namely, the link capacity constraint and the node energy expenditure rate constraint affects the network utility most. Also we notice the fact that the energy expenditure rate constraints do not affect the nature of optimal link scheduling problem. Following this fact, we study the problem of distributed link scheduling. Optimal scheduling requires selecting independent set of maximum aggregate price, but this problem is known to be NP-hard. We first show that as long as scheduling policy selects the set of non-interfering links, it can not go unboundedly away from the optimal solution of network utility maximization problem. Then we proceed and evaluate a simple greedy scheduling algorithm. Analytical bounds on performance are provided and simulations indicate that the greedy heuristic performs well in practice.

Network coding has emerged as an attractive alternative to routing because of the through put improvement it provides by reducing the number of channel uses. In a wireless scenario, in addition, further improvement can be obtained through Physical layer Network Coding (PNC), a technique in which nodes are allowed to transmit simultaneously, instead of transmitting in orthogonal slots. In this thesis, the design and analysis of network coding schemes are considered, for wireless two-way relaying, multi-user Multiple Access Relay Channel (MARC) and wireline networks. In a wireless two-way relay channel with PNC, the simultaneous transmissions of user nodes result in Multiple Access Interference (MAI) at there lay node. The harmful effect of MAI is the presence of signal set dependent deep channel fade conditions, called singular fade states, under which the minimum distance of the effective constellation at the relay become zero. Adaptively changing the network coding map used at the relay according to channel conditions greatly reduces the impact of this MAI. In this work, we obtain these adaptive PNC maps, which are finite in number ,by completing partially filled Latin Squares and using graph vertex coloring. Having obtained the network coding maps, the set of all possible channel realizations is quantized into a finite number of regions, with a specific network coding map chosen in a particular region and such a quantization is obtained analytically for 2λ-PSK signal set. The performance of the adaptive PNC scheme for two-way relaying is analyzed and tight high SNR upper bounds are obtained for the average end-to-end symbol error probability, in terms of the average error probability of a point-to-point fading channel. The adaptive PNC scheme is generalized for two-way relaying with multiple antennas at the nodes. As an alternative to the adaptive PNC scheme for two-way relaying, a Distributed Space Time Coding (DSTC) scheme is proposed, which effectively re-moves the effect of singular fade states at the transmitting nodes itself without any Channel State Information at the Transmitter (CSIT), and without any need to change the PNC map as a function of channel fade conditions. It is shown that the singular fade states can be viewed equivalently as vector subspaces of C2, which are referred to as the singular fade subspaces. DSTC design criterion to minimize the number of singular fade subspaces and maximize the coding gain is formulated and explicit low decoding complexity DSTC designs are provided. For the K-user MARC, in which K source nodes want to transmit messages to a destination node D with the help of are lay node R, a new PNC scheme is proposed. Use of a many-to-one PNC map with conventional minimum squared Euclidean distance decoding at D, results in a loss of diversity order due to error propagation from the relay node. To counter this, we propose a novel low complexity decoder which offers the maximum diversity order of two. Next, we consider wire line networks and explore the connections between linear network coding, linear index coding and discrete polymatroids, which are the multi-set analogue of matroids. We define a discrete polymatroidal network and show that a fractional vector linear solution over a field Fq exists for a network if and only if the network is discrete polymatroidal with respect to a discrete polymatroid representable over Fq.An algorithm to construct networks starting from certain class of discrete polymatroids is provided. Every representation over Fq for the discrete polymatroid, results in a fractional vector linear solution over Fq for the constructed network. It is shown that a linear solution to an index coding problem exists if and only if there exists a representable discrete polymatroid satisfying certain conditions which are determined by the index coding problem considered. El Rouayheb et. al. showed that the problem of finding a multi-linear representation for a matroid can be reduced to finding a perfect linear index coding solution for an index coding problem obtained from that matroid. Multi-linear representation of a matroid can be viewed as a special case of representation of an appropriate discrete polymatroid. We generalize the result of El Rouayheb et. al. by showing that the problem of finding a representation for a discrete polymatroid can be reduced to finding a perfect linear index coding solution for an index coding problem obtained from that discrete polymatroid.

Network coding has emerged as an attractive alternative to routing because of the through put improvement it provides by reducing the number of channel uses. In a wireless scenario, in addition, further improvement can be obtained through Physical layer Network Coding (PNC), a technique in which nodes are allowed to transmit simultaneously, instead of transmitting in orthogonal slots. In this thesis, the design and analysis of network coding schemes are considered, for wireless two-way relaying, multi-user Multiple Access Relay Channel (MARC) and wireline networks. In a wireless two-way relay channel with PNC, the simultaneous transmissions of user nodes result in Multiple Access Interference (MAI) at there lay node. The harmful effect of MAI is the presence of signal set dependent deep channel fade conditions, called singular fade states, under which the minimum distance of the effective constellation at the relay become zero. Adaptively changing the network coding map used at the relay according to channel conditions greatly reduces the impact of this MAI. In this work, we obtain these adaptive PNC maps, which are finite in number ,by completing partially filled Latin Squares and using graph vertex coloring. Having obtained the network coding maps, the set of all possible channel realizations is quantized into a finite number of regions, with a specific network coding map chosen in a particular region and such a quantization is obtained analytically for 2λ-PSK signal set. The performance of the adaptive PNC scheme for two-way relaying is analyzed and tight high SNR upper bounds are obtained for the average end-to-end symbol error probability, in terms of the average error probability of a point-to-point fading channel. The adaptive PNC scheme is generalized for two-way relaying with multiple antennas at the nodes. As an alternative to the adaptive PNC scheme for two-way relaying, a Distributed Space Time Coding (DSTC) scheme is proposed, which effectively re-moves the effect of singular fade states at the transmitting nodes itself without any Channel State Information at the Transmitter (CSIT), and without any need to change the PNC map as a function of channel fade conditions. It is shown that the singular fade states can be viewed equivalently as vector subspaces of C2, which are referred to as the singular fade subspaces. DSTC design criterion to minimize the number of singular fade subspaces and maximize the coding gain is formulated and explicit low decoding complexity DSTC designs are provided. For the K-user MARC, in which K source nodes want to transmit messages to a destination node D with the help of are lay node R, a new PNC scheme is proposed. Use of a many-to-one PNC map with conventional minimum squared Euclidean distance decoding at D, results in a loss of diversity order due to error propagation from the relay node. To counter this, we propose a novel low complexity decoder which offers the maximum diversity order of two. Next, we consider wire line networks and explore the connections between linear network coding, linear index coding and discrete polymatroids, which are the multi-set analogue of matroids. We define a discrete polymatroidal network and show that a fractional vector linear solution over a field Fq exists for a network if and only if the network is discrete polymatroidal with respect to a discrete polymatroid representable over Fq.An algorithm to construct networks starting from certain class of discrete polymatroids is provided. Every representation over Fq for the discrete polymatroid, results in a fractional vector linear solution over Fq for the constructed network. It is shown that a linear solution to an index coding problem exists if and only if there exists a representable discrete polymatroid satisfying certain conditions which are determined by the index coding problem considered. El Rouayheb et. al. showed that the problem of finding a multi-linear representation for a matroid can be reduced to finding a perfect linear index coding solution for an index coding problem obtained from that matroid. Multi-linear representation of a matroid can be viewed as a special case of representation of an appropriate discrete polymatroid. We generalize the result of El Rouayheb et. al. by showing that the problem of finding a representation for a discrete polymatroid can be reduced to finding a perfect linear index coding solution for an index coding problem obtained from that discrete polymatroid.