Communications in Computer and Information Science
193
Ajith Abraham Jaime Lloret Mauri John F. Buford Junichi Suzuki Sabu M. Thampi (Eds.)
Advances in Computing and Communications First International Conference, ACC 2011 Kochi, India, July 22-24, 2011 Proceedings, Part IV
13
Volume Editors Ajith Abraham Machine Intelligence Research Labs (MIR Labs) Auburn, WA, USA E-mail:
[email protected] Jaime Lloret Mauri Polytechnic University of Valencia Valencia, Spain E-mail:
[email protected] John F. Buford Avaya Labs Research Basking Ridge, NJ, USA E-mail:
[email protected] Junichi Suzuki University of Massachusetts Boston, MA, USA E-mail:
[email protected] Sabu M. Thampi Rajagiri School of Engineering and Technology Kochi, India E-mail:
[email protected]
ISSN 1865-0929 e-ISSN 1865-0937 e-ISBN 978-3-642-22726-4 ISBN 978-3-642-22725-7 DOI 10.1007/978-3-642-22726-4 Springer Heidelberg Dordrecht London New York Library of Congress Control Number: Applied for CR Subject Classification (1998): C.2, H.4, I.2, H.3, D.2, J.1, K.6.5
© Springer-Verlag Berlin Heidelberg 2011 This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, reproduction on microfilms or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer. Violations are liable to prosecution under the German Copyright Law. The use of general descriptive names, registered names, trademarks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. Typesetting: Camera-ready by author, data conversion by Scientific Publishing Services, Chennai, India Printed on acid-free paper Springer is part of Springer Science+Business Media (www.springer.com)
Preface
The First International Conference on Advances in Computing and Communications (ACC 2011) was held in Kochi during July 22–24, 2011. ACC 2011 was organized by Rajagiri School of Engineering & Technology (RSET) in association with the Association of Computing Machinery (ACM)- SIGWEB, Machine Intelligence Research Labs (MIR Labs), International Society for Computers and Their Applications, Inc. (ISCA), All India Council for Technical Education (AICTE), Indira Gandhi National Open University (IGNOU), Kerala State Council for Science, Technology and Environment (KSCSTE), Computer Society of India (CSI)- Div IV and Cochin Chapter, The Institution of Electronics and Telecommunication Engineers (IETE), The Institution of Engineers (India) and Project Management Institute (PMI),Trivandrum, Kerala Chapter. Established in 2001, RSET is a premier professional institution striving for holistic excellence in education to mould young, vibrant engineers. ACC 2011 was a three-day conference which provided an opportunity to bring together students, researchers and practitioners from both academia and industry. ACC 2011 was focused on advances in computing and communications and it attracted many local and international delegates, presenting a balanced mixture of intellects from the East and from the West. ACC 2011 received 592 research papers from 38 countries including Albania, Algeria, Bangladesh, Brazil, Canada, Colombia, Cyprus, Czech Republic, Denmark, Ecuador, Egypt, France, Germany, India, Indonesia, Iran, Ireland, Italy, Korea, Kuwait, Malaysia, Morocco, New Zealand, P.R. China, Pakistan, Rwanda, Saudi Arabia, Singapore, South Africa, Spain, Sri Lanka, Sweden, Taiwan, The Netherlands, Tunisia, UK, and USA. This clearly reflects the truly international stature of ACC 2011. All papers were rigorously reviewed internationally by an expert technical review committee comprising more than 300 members. The conference had a peerreviewed program of technical sessions, workshops, tutorials, and demonstration sessions. There were several people that deserve appreciation and gratitude for helping in the realization of this conference. We would like to thank the Program Committee members and additional reviewers for their hard work in reviewing papers carefully and rigorously. After careful discussions, the Program Committee selected 234 papers (acceptance rate: 39.53%) for presentation at the conference. We would also like to thank the authors for having revised their papers to address the comments and suggestions by the referees. The conference program was enriched by the outstanding invited talks by Ajith Abraham, Subir Saha, Narayan C. Debnath, Abhijit Mitra, K. Chandra Sekaran, K. Subramanian, Sudip Misra, K.R. Srivathsan, Jaydip Sen, Joyati Debnath and Junichi Suzuki. We believe that ACC 2011 delivered a high-quality, stimulating and enlightening technical program. The tutorials covered topics of
VI
Preface
great interest to the cyber forensics and cloud computing communities. The tutorial by Avinash Srinivasan provided an overview of the forensically important artifacts left behind on a MAC computer. In his tutorial on “Network Forensics,” Bhadran provided an introduction to network forensics, packet capture and analysis techniques, and a discussion on various RNA tools. The tutorial on Next-Generation Cloud Computing by Pethuru Raj focused on enabling technologies in cloud computing. The ACC 2011 conference program also included five workshops: International Workshop on Multimedia Streaming (MultiStreams 2011), Second International Workshop on Trust Management in P2P Systems (IWTMP2PS 2011), International Workshop on Cloud Computing: Architecture, Algorithms and Applications (CloudComp 2011), International Workshop on Identity: Security, Management and Applications (ID2011) and International Workshop on Applications of Signal Processing (I-WASP 2011). We thank all the workshop organizers as well as the Workshop Chair, El-Sayed El-Alfy, for their accomplishment to bring out prosperous workshops. We would like to express our gratitude to the Tutorial Chairs Patrick Seeling, Jaydeep Sen, K.S. Mathew, and Roksana Boreli and Demo Chairs Amitava Mukherjee, Bhadran V.K., and Janardhanan P.S. for their timely expertise in reviewing the proposals. Moreover, we thank Publication Chairs Pruet Boonma, Sajid Hussain and Hiroshi Wada for their kind help in editing the proceedings. The large participation in ACC2011 would not have been possible without the Publicity Co-chairs Victor Govindaswamy, Arun Saha and Biju Paul. The proceedings of ACC 2011 are organized into four volumes. We hope that you will find these proceedings to be a valuable resource in your professional, research, and educational activities whether you are a student, academic, researcher, or a practicing professional. July 2011
Ajith Abraham Jaime Lloret Mauri John F. Buford Junichi Suzuki Sabu M. Thampi
Organization
ACC 2011 was jointly organized by the Department of Computer Science and Engineering and Department of Information Technology, Rajagiri School of Engineering and Technology (RSET), Kochi, India, in cooperation with ACM/SIGWEB.
Organizing Committee Chief Patrons Fr. Jose Alex CMI Fr. Antony Kariyil CMI
Manager, RSET Director, RSET
Patron J. Isaac, Principal
RSET
Advisory Committee A. Krishna Menon A.C. Mathai Fr. Varghese Panthalookaran Karthikeyan Chittayil Vinod Kumar, P.B. Biju Abraham Narayamparambil Kuttyamma A.J. Asha Panicker K. Rajendra Varmah P.R. Madhava Panicker Liza Annie Joseph Varkey Philip Fr. Joel George Pullolil R. Ajayakumar Varma K. Poulose Jacob H.R. Mohan, Chairman Soman S.P., Chairman S. Radhakrishnan, Chairman
RSET RSET RSET RSET RSET RSET RSET RSET RSET RSET RSET RSET RSET KSCSTE Cochin University of Science & Technology Div IV, Computer Society of India (CSI) Computer Society of India (CSI), Cochin Chapter Kerala State Centre, The Institution of Engineers (India)
VIII
Organization
Steering Committee John F. Buford Rajkumar Buyya Mukesh Singhai John Strassner Junichi Suzuki Ramakrishna Kappagantu Achuthsankar S. Nair
Avaya Labs Research, USA University of Melbourne, Australia University of Kentucky, USA Pohang University of Science and Technology, Republic of Korea University of Massachusetts, Boston, USA IEEE India Council Centre for Bioinformatics, Trivandrum, India
Conference Chair Sabu M. Thampi
Rajagiri School of Engineering and Technology, India
ACC 2011 Program Committee Chairs General Co-chairs Ajith Abraham Chandra Sekaran K. Waleed W. Smari
Machine Intelligence Research Labs, Europe National Institute of Technology Karnataka, India University of Dayton, Ohio, USA
Program Co-chairs Jaime Lloret Mauri Thorsten Strufe Gregorio Martinez
Polytechnic University of Valencia, Spain Darmstadt University of Technology, Germany University of Murcia, Spain
Special Sessions and Workshops Co-chairs El-Sayed El-Alfy Silvio Bortoleto Tutorial Co-chairs Patrick Seeling Jaydeep Sen K.S. Mathew Roksana Boreli
King Fahd University of Petroleum and Minerals, Saudi Arabia Positivo University, Brazil
University of Wisconsin - Stevens Point, USA Tata Consultancy Services, Calcutta, India Rajagiri School of Engineering and Technology, India National ICT Australia Ltd., Australia
Organization
Demo Co-chairs Amitava Mukherjee Bhadran V.K. Janardhanan P.S.
IX
IBM Global Business Services, India Centre for Development of Advanced Computing, Trivandrum, India Rajagiri School of Engineering and Technology, India
Publicity Co-chairs Victor Govindaswamy Arun Saha Biju Paul
Publication Co-chairs Pruet Boonma Sajid Hussain Hiroshi Wada
Texas A&M University, USA Fujitsu Network Communications, USA Rajagiri School of Engineering and Technology, India
Chiang Mai University, Thailand Fisk University, USA University of New South Wales, Australia
ACC 2011 Technical Program Committee A. Hafid Abdallah Shami Abdelhafid Abouaissa Abdelmalik Bachir Abdelouahid Derhab Abhijit Mitra Ad˜ ao Silva Adel Ali Ahmed Mehaoua Ai-Chun Pang Ajay Gupta Alberto Dainotti Alessandro Leonardi Alex Galis Alexey Vinel Ali Abedi Alicia Trivi˜ no Cabrera Alireza Behbahani Alois Ferscha Al-Sakib Khan Pathan Amar Prakash Azad Amirhossein Alimohammad Amit Agarwal
Network Research Lab, University of Montreal, Canada The University of Western Ontario, Canada University of Haute Alsace, France Imperial College London, UK CERIST, Algeria Indian Institute of Technology Guwahati, India University of Aveiro, Portugal University Technology Malaysia University of Paris Descartes, France National Taiwan University, Taiwan Western Michigan University, USA University of Naples “Federico II”, Italy University of Catania, Italy University College London, UK Saint Petersburg Institute, Russia University of Maine, USA Universidad de M´ alaga, Spain University of California, Irvine, USA University of Linz, Austria International Islamic University, Malaysia INRIA, France University of Alberta, Canada Indian Institute of Technology, Roorkee, India
X
Organization
Amitava Mukherjee Anand Prasad Andreas Maeder Ankur Gupta Antonio Coronato Antonio Pescap´e Ant´ onio Rodrigues Anura P. Jayasumana Arnab Bhattacharya Arun Saha Arvind Swaminathan Ashley Thomas Ashraf Elnagar Ashraf Mahmoud Ashwani Singh Athanasios Vasilakos Atilio Gameiro Aydin Sezgin Ayman Assra Aytac Azgin B. Sundar Rajan Babu A.V. Babu B.V. Babu Raj E. Balagangadhar G. Bathula Borhanuddin Mohd. Ali Brijendra Kumar Joshi Bruno Crispo C.-F. Cheng Chang Wu Yu Charalampos Tsimenidis Chih-Cheng Tseng Chi-Hsiang Yeh Chitra Babu Chittaranjan Hota Chonho Lee Christian Callegari Christos Chrysoulas Chuan-Ching Sue Chung Shue Chen
IBM Global Business Services, India NEC Corporation, Japan NEC Laboratories Europe, Germany Model Institute of Engineering and Technology, India ICAR-CNR, Naples, Italy University of Naples Federico II, Italy IT / Instituto Superior T´ecnico, Portugal Colorado State University, USA Indian Institute of Technology, Kanpur, India Fujitsu Network Communications, USA Qualcomm, USA Secureworks Inc., USA Sharjah University, UAE KFUPM, Saudi Arabia Navtel Systems, France University of Western Macedonia, Greece Telecommunications Institute/Aveiro University, Portugal Ulm University, Germany McGill University, Canada Georgia Institute of Technology, USA Indian Institute of Science, India National Institute of Technology, Calicut, India BITS-Pilani, Rajasthan, India Sun College of Engineering and Technology, India Columbia University, USA Universiti Putra Malaysia Military College, Indore, India Universit` a di Trento, Italy National Chiao Tung University, Taiwan Chung Hua University, Taiwan Newcastle University, UK National Ilan University, Taiwan Queen’s University, Canada SSN College of Engineering, Chennai, India BITS Hyderabad Campus, India Nanyang Technological University, Singapore University of Pisa, Italy Technological Educational Institute, Greece National Cheng Kung University, Taiwan TREC, INRIA, France
Organization
Chun-I. Fan Chutima Prommak Dali Wei Danda B. Rawat Daniele Tarchi Davide Adami Deepak Garg Demin Wang Dennis Pfisterer Deyun Gao Dharma Agrawal Dhiman Barman Di Jin Dimitrios Katsaros Dimitrios Vergados Dirk Pesch Djamel Sadok Eduardo Cerqueira Eduardo Souto Edward Au Egemen Cetinkaya Elizabeth Sherly El-Sayed El-Alfy Emad A. Felemban Eric Renault Errol Lloyd Ertan Onur Faouzi Bader Faouzi Kamoun Fernando Velez Filipe Cardoso Florian Doetzer Francesco Quaglia Francine Krief Frank Yeong-Sung Lin Gianluigi Ferrari Giuseppe Ruggeri Grzegorz Danilewicz Guang-Hua Yang Guo Bin
XI
National Sun Yat-sen University, Taiwan Suranaree University of Technology, Thailand Jiangsu Tianze Infoindustry Company Ltd, P.R. China Old Dominion University, USA University of Bologna, Italy CNIT Pisa Research Unit, University of Pisa, Italy Thapar University, India Microsoft Inc., USA University of L¨ ubeck, Germany Beijing Jiaotong University, P.R. China University of Cincinnati, USA Juniper Networks, USA General Motors, USA University of Thessaly, Greece National Technical University of Athens, Greece Cork Institute of Technology, Ireland Federal University of Pernambuco, Brazil Federal University of Para (UFPA), Brazil Federal University of Amazonas, Brazil Huawei Technologies, P.R. China University of Kansas, USA IIITM-Kerala, India King Fahd University, Saudi Arabia Umm Al Qura University, Saudi Arabia TELECOM & Management SudParis, France University of Delaware, USA Delft University of Technology, The Netherlands CTTC, Spain WTS, UAE University of Beira Interior, Portugal ESTSetubal/Polytechnic Institute of Setubal, Portugal ASKON ConsultingGroup, Germany Sapienza Universit` a di Roma, Italy University of Bordeaux, France National Taiwan University, Taiwan University of Parma, Italy University “Mediterranea” of Reggio Calabria, Italy Poznan University of Technology, Poland The University of Hong Kong, Hong Kong Institut Telecom SudParis, France
XII
Organization
Hadi Otrok Hamid Mcheick Harry Skianis Hicham Khalife Himal Suraweera Hiroshi Wada Hong-Hsu Yen Hongli Xu Houcine Hassan Hsuan-Jung Su Huaiyu Dai Huey-Ing Liu Hung-Keng Pung Hung-Yu Wei Ian Glover Ian Wells Ibrahim Develi Ibrahim El rube Ibrahim Habib Ibrahim Korpeoglu Ilja Radusch Ilka Miloucheva Imad Elhajj Ivan Ganchev Iwan Adhicandra Jalel Ben-othman Jane-Hwa Huang Jaydeep Sen Jiankun Hu Jie Yang Jiping Xiong Jos´e de Souza Jose Moreira Ju Wang Juan-Carlos Cano Judith Kelner Julien Laganier Jussi Haapola K. Komathy Ka Lok Hung Ka Lok Man Kaddar Lamia Kainam Thomas
Khalifa University, UAE Universit´e du Qu´ebec `a Chicoutimi, Canada University of the Aegean, Greece ENSEIRB-LaBRI, France Singapore University of Technology and Design, Singapore University of New South Wales, Australia Shih-Hsin University, Taiwan University of Science and Technology of China, P.R. China Technical University of Valencia, Spain National Taiwan University, Taiwan NC State University, USA Fu-Jen Catholic University, Taiwan National University of Singapore NTU, Taiwan University of Strathclyde, UK Swansea Metropolitan University, UK Erciyes University, Turkey AAST, Egypt City University of New York, USA Bilkent University, Turkey Technische Universit¨at Berlin, Germany Media Technology Research, Germany American University of Beirut, Lebanon University of Limerick, Ireland The University of Pisa, Italy University of Versailles, France National Chi Nan University, Taiwan Tata Consultancy Services, Calcutta, India RMIT University, Australia Cisco Systems, USA Zhejiang Normal University of China Federal University of Cear´ a, Brazil IBM T.J. Watson Research Center, USA Virginia State University, USA Technical University of Valencia, Spain Federal University of Pernambuco, Brazil Juniper Networks Inc., USA University of Oulu, Finland Easwari Engineering College, Chennai, India The Hong Kong University, Hong Kong Xi’an Jiaotong-Liverpool University, China University of Versailles Saint Quentin, France Hong Kong Polytechnic University
Organization
Kais Mnif Kang Yong Lee Katia Bortoleto Kejie Lu Kemal Tepe Khalifa Hettak Khushboo Shah Kotecha K. Kpatcha Bayarou Kumar Padmanabh Kyriakos Manousakis Kyung Sup Kwak Li Zhao Li-Chun Wang Lin Du Liza A. Latiff Luca Scalia M Ayoub Khan Maaruf Ali Madhu Kumar S.D. Madhu Nair Madhumita Chatterjee Mahamod Ismail Mahmoud Al-Qutayri Manimaran Govindarasu Marcelo Segatto Maria Ganzha Marilia Curado Mario Fanelli Mariofanna Milanova Mariusz Glabowski Mariusz Zal Masato Saito Massimiliano Comisso Massimiliano Laddomada Matthias R. Brust Mehrzad Biguesh Michael Alexander Michael Hempel Michael Lauer Ming Xia Ming Xiao Mohamed Ali Kaafar
XIII
High Institute of Electronics and Communications of Sfax, Tunisia ETRI, Korea Positivo University, Brazil University of Puerto Rico at Mayaguez, USA University of Windsor, Canada Communications Research Centre (CRC), Canada Altusystems Corp, USA Institute of Technology, Nirma University, India Fraunhofer Institute, Germany General Motors, India Telcordia Technologies, USA Inha University, Korea Microsoft Corporation, USA National Chiao Tung University, Taiwan Technicolor Research and Innovation Beijing, P.R. China University Technology Malaysia University of Palermo, Italy C-DAC, Noida, India Oxford Brookes University, UK National Institute of Technology, Calicut, India University of Kerala, India Indian Institute of Technology Bombay, India Universiti Kebangsaan Malaysia Khalifa University, UAE Iowa State University, USA Federal University of Esp´ırito Santo, France University of Gdansk, Poland University of Coimbra, Portugal DEIS, University of Bologna,Italy University of Arkansas at Little Rock, USA Poznan University of Technology, Poland Poznan University of Technology, Poland University of the Ryukyus, Japan University of Trieste, Italy Texas A&M University-Texarkana, USA University of Central Florida, USA Queen’s University, Canada Scaledinfra Technologies GmbH, Austria University of Nebraska - Lincoln, USA Vanille-Media, Germany NICT, Japan Royal Institute of Technology, Sweden INRIA, France
XIV
Organization
Mohamed Cheriet Mohamed Eltoweissy Mohamed Hamdi Mohamed Moustafa Mohammad Banat Mohammad Hayajneh Mohammed Misbahuddin Mustafa Badaroglu Naceur Malouch Nakjung Choi, Alcatel-Lucent Namje Park Natarajan Meghanathan Neeli Prasad Nen-Fu Huang Nikola Zogovic Nikolaos Pantazis Nilanjan Banerjee Niloy Ganguly Pablo Corral Gonz´alez Patrick Seeling Paulo R.L. Gondim Peter Bertok Phan Cong-Vinh Pingyi Fan Piotr Zwierzykowski Pascal Lorenz Pruet Boonma Punam Bedi Qinghai Gao Rahul Khanna Rajendra Akerkar Raul Santos Ravishankar Iyer Regina Araujo Renjie Huang Ricardo Lent Rio G. L. D’Souza Roberto Pagliari Roberto Verdone Roksana Boreli
Ecole de Technologie Superieure, Canada Pacific Northwest National Laboratory, USA Carthage University, Tunisia Akhbar El Yom Academy, Egypt Jordan University of Science and Technology, Jordan UAEU, UAE C-DAC, India IMEC, Belgium Universit´e Pierre et Marie Curie, France Bell-Labs, Seoul, Korea Jeju University, South Korea Jackson State University, USA Center for TeleInFrastructure (CTIF), Denmark National Tsing Hua University, Taiwan University of Belgrade, Serbia Technological Educational Institution of Athens, Greece IBM Research, India Indian Institute of Technology, Kharagpur, India University Miguel Hern´ andez, Spain University of Wisconsin - Stevens Point, USA University of Bras´ılia, Brazil Royal Melbourne Institute of Technology (RMIT), Australia London South Bank University, UK Tsinghua University, P.R. China Poznan University of Technology, Poland University of Haute Alsace, France Chiang Mai University, Thailand University of Delhi, India Atheros Communications Inc., USA Intel, USA Western Norway Research Institute, Norway University of Colima, Mexico Intel Corp, USA Federal University of Sao Carlos, Brazil Washington State University, USA Imperial College London, UK St. Joseph Engineering College, Mangalore, India University of California, Irvine, USA WiLab, University of Bologna, Italy National ICT Australia Ltd., Australia
Organization
Ronny Yongho Kim Ruay-Shiung Chang Ruidong Li S. Ali Ghorashi Sahar Ghazal Said Soulhi Sajid Hussain Salah Bourennane Salman Abdul Moiz Sameh Elnikety Sanjay H.A. Sathish Rajasekhar Sergey Andreev Seshan Srirangarajan Seyed (Reza) Zekavat Sghaier Guizani Shancang Li Shi Xiao Siby Abraham Silvio Bortoleto Simon Pietro Romano Somayajulu D. V. L. N. Song Guo Song Lin Soumya Sen Stefano Ferretti Stefano Giordano Stefano Pesic Stefano Tomasin Stefanos Gritzalis Steven Gordon Suat Ozdemir Subir Saha Subramanian K. Sudarshan T.S.B. Sugam Sharma Surekha Mariam Varghese T. Aaron Gulliver Tao Jiang Tarek Bejaoui Tarun Joshi Theodore Stergiou
XV
Kyungil University, Korea National Dong Hwa University, Taiwan NICT, Japan Shahid Beheshti University, Iran University of Versailles, France Ericsson, Swedan Fisk University, USA Ecole Centrale Marseille, France CDAC, Bangalore, India Microsoft Research, USA Nitte Meenakshi Institute, Bangalore, India RMIT University, Australia Tampere University of Technology, Finland Nanyang Technological University, Singapore Michigan Technological University, USA UAE University, UAE School of Engineering, Swansea University, UK Nanyang Technological University, Singapore University of Mumbai, India Positivo University, Brazil University of Naples Federico II, Italy National Institute of Technology Warangal, India The University of British Columbia, Canada University of California, Riverside, USA University of Pennsylvania, USA University of Bologna, Italy University of Pisa, Italy Cisco Systems, Italy University of Padova, Italy University of the Aegean, Greece Thammasat University, Thailand Gazi University, Turkey Nokia Siemens Networks, India Advanced Center for Informatics and Innovative Learning, IGNOU, India Amrita Vishwa Vidyapeetham, Bangalore, India Iowa State University, USA M.A. College of Engineering, India University of Victoria, Canada Huazhong University of Science and Technology, P.R. China Mediatron Lab., Carthage University, Tunisia University of Cincinnati, USA Intracom Telecom, UK
XVI
Organization
Thienne Johnson Thomas Chen Tsern-Huei Lee Usman Javaid Vamsi Paruchuri Vana Kalogeraki Vehbi Cagri Gungor Velmurugan Ayyadurai Vicent Cholvi Victor Govindaswamy Vijaya Kumar B.P. Viji E Chenthamarakshan Vino D.S. Kingston Vinod Chandra S.S. Vivek Jain Vivek Singh Vladimir Kropotov Wael M El-Medany Waslon Lopes Wei Yu Wei-Chieh Ke Wendong Xiao Xiang-Gen Xia Xiaodong Wang Xiaoguang Niu Xiaoqi Jia Xinbing Wang Xu Shao Xueping Wang Yacine Atif Yali Liu Yang Li Yassine Bouslimani Ye Zhu Yi Zhou Yifan Yu Yong Wang Youngseok Lee Youssef SAID Yuan-Cheng Lai Yuh-Ren Tsai
University of Arizona, USA Swansea University, UK National Chiao Tung University, Taiwan Vodafone Group, UK University of Central Arkansas, USA University of California, Riverside, USA Bahcesehir University, Turkey University of Surrey, UK Universitat Jaume I, Spain Texas A&M University, USA Reva Institute of Technology and Management, Bangalore, India IBM T.J. Watson Research Center in New York, USA Hewlett-Packard, USA College of Engineering Thiruvananthapuram, India Robert Bosch LLC, USA Banaras Hindu University, India D-Link Russia, Russia University of Bahrain, Kingdom of Bahrain UFCG - Federal University of Campina Grande, Brazil Towson University, USA National Tsing Hua University, Taiwan Institute for Infocomm Research, Singapore University of Delaware, USA Qualcomm, USA Wuhan University, P.R. China Institute of Software, Chinese Academy of Sciences, P.R. China Shanghai Jiaotong University, P.R. China Institute for Infocomm Research, Singapore Fudan University, P.R. China UAE University, UAE University of California, Davis, USA Chinese Academy of Sciences, P.R. China University of Moncton, Canada Cleveland State University, USA Texas A&M University, USA France Telecom R&D Beijing, P.R. China University of Nebraska-Lincoln, USA Chungnam National University, Korea Tunisie Telecom/Sys’Com Lab,ENIT, Tunisia Information Management, NTUST, Taiwan National Tsing Hua University, Taiwan
Organization
Yu-Kai Huang Yusuf Ozturk Zaher Aghbari Zbigniew Dziong Zhang Jin Zhenghao Zhang Zhenzhen Ye Zhihua Cui Zhili Sun Zhong Zhou Zia Saquib
XVII
Quanta Research Institute, Taiwan San Diego State University, USA University of Sharjah, UAE University of Quebec, Canada Beijing Normal University, P.R. China Florida State University, USA iBasis, Inc., USA Taiyuan University of Science and Technology, China University of Surrey, UK University of Connecticut, USA C-DAC, Mumbai, India
ACC 2011 Additional Reviewers Akshay Vashist Alessandro Testa Amitava Ammar Rashid Anand Bjoern W. Schuller Chi-Ming Wong Danish Faizan Fatos Xhafa Hooman Tahayori John Jose Jyoti Singh Koushik Long Zheng Manpreet Singh Maria Striki Mohamad Zoinol Abidin Mohamed Dahmane Mohd Helmy Abd Wahab Mohd Riduan Bin Ahmad Mohd Sadiq Mudhakar Srivatsa Nan Yang Nurulnadwan Aziz Aziz
Telcordia Telchnologies, USA University of Naples Federico II, Italy Academy of Technology, India Auckland University of Technology, New Zealand MITS, India Technical University, Germany Jinwen University of Science and Technology, Taiwan NIC-INDIA, India UPC, Barcelona Tech, Spain Ryerson University, Canada IIT Madras, India Academy of Technology, India West Bengal University of Technology, India University of Aizu, Japan M.M. Engineering College, India Telcordia Technologies, Piscataway, USA Universiti Teknikal Malaysia Melaka, Malaysia University of Montreal,Canada Universiti Tun Hussein Onn Malaysia, Malaysia Universiti Teknikal Malaysia Melaka, Malaysia Jamia Millia Islamia, India IBM T.J. Watson Research Center, USA CSIRO, Australia Universiti Teknologi MARA, Malaysia
XVIII
Organization
Pooya Taheri R.C. Wang Roman Yampolskiy Shuang Tian Syed Abbas Ali Velayutham Yeong-Luh Ueng
University of Alberta, Canada NTTU, Taiwan University of Louisville, USA The University of Sydney, Australia Ajman University of Science & Technology, UAE Adhiparasakthi Engineering College, Melmaruvathur, India National Tsing Hua University, Taiwan
International Workshop on Identity: Security, Management and Applications (ID 2011)
General Chairs Paul Rodrigues (CTO, WSS, India) H.R. Vishwakarma (Secretary, Computer Society of India)
Hindustan University, India
VIT University, India
Program Chairs P. Krishna Reddy Sundar K.S. Srinivasa Ragavan S. Venkatachalam
IIIT, Hyderabad, India Education & Research, Infosys Technologies Limited, India Intel Inc, USA Jawaharlal Nehru Technological University, India
Organizing Chair Madhan Kumar Srinivasan
Education & Research, Infosys Technologies Limited, India
Organizing Co-chairs Abhi Saran Anireddy Niranjan Reddy Revathy Madhan Kumar
London South Bank University, UK University of Glamorgan, UK Education & Research, Infosys Technologies Limited, India
Technical Program Committee Arjan Durresi Arun Sivanandham Avinash Srinivasan Bezawada Bruhadeshwar Bhaskara Reddy AV Bipin Indurkhya
Indiana University Purdue University Indianapolis, USA Infosys Technologies Limited, India Bloomsburg University, USA IIIT, Hyderabad, India Infosys Technologies Limited, India IIIT, Hyderabad, India
XX
ID 2011
C. Sunil Kumar Chandrabali Karmakar Farooq Anjum Gudipati Kalyan Kumar Hamid Sharif Hui Chen Jie Li Kalaiselvam Lau Lung Lukas Ruf Manik Lal Das
Manimaran Govindarasu Narendra Ahuja Omar Pradeep Kumar T.S. Pradeepa Rajiv Tripathi Rakesh Chithuluri Sanjay Chaudhary
Santosh Pasuladi Satheesh Kumar Varma Saurabh Barjatiya Sreekumar Vobugari Suthershan Vairavel Tarun Rao Thomas Little Tim Strayer V. Balamurugan Vasudeva Varma Vinod Babu Yonghe Liu
Jawaharlal Nehru Technological University, India Infosys Technologies Limited, India On-Ramp Wireless, USA Excellence India, India University of Nebraska-Lincoln, USA Virginia State University, USA University of Tsukuba, Japan Infineon Technologies, Germany UFSC, Brazil Consecom AG, Switzerland Dhirubhai Ambani Institute of Information and Communication Technology (DA-IICT), India Iowa State University, USA University of Illinois, USA University of Jordan, Jordan Infosys Technologies Limited, India Wipro Technologies, India NIT, Allahabad, India Oracle, India Dhirubhai Ambani Institute of Information and Communication Technology (DA-IICT), India Jawaharlal Nehru Technological University, India IIIT, Pune, India IIIT, Hyderabad, India Education & Research, Infosys Technologies Limited, India CTS, India Infosys Technologies Limited, India Boston University, USA BBN Technologies, USA IBM, India IIIT, Hyderabad, India Giesecke & Devrient, Germany UT Arlington, USA
International Workshop on Applications of Signal Processing (I-WASP 2011)
Workshop Organizers Jaison Jacob Sreeraj K.P. Rithu James
Rajagiri School of Engineering and Technology, India Rajagiri School of Engineering and Technology, India Rajagiri School of Engineering and Technology, India
Technical Program Committee A. Vinod Aggelos Katsaggelos Bing Li Carlos Gonzalez Damon Chandler Egon L. van den Broek Feng Wu Hakan Johansson Joaquim Filipe Lotfi Senahdji Reyer Zwiggelkaar Xianghua Xie Yoshikazu Miyanaga
NTU, Singapore Northwestern University, USA University of Virginia, USA University of Castilla-La Mancha, Spain Oklahoma State University, USA University of Twente, The Netherlands Microsoft Research Asia, P.R. China University of Linkoping, Sweden EST-Setubal, Portugal Universit´e de Rennes 1, France Aberystwyth University, UK Swansea University, UK Hokkaido University, Japan
International Workshop on Cloud Computing: Architecture, Algorithms and Applications (CloudComp 2011)
Workshop Organizers Binu A. Biju Paul Sabu M. Thampi
Cochin University of Science and Technology, India Rajagiri School of Engineering and Technology, India Rajagiri School of Engineering and Technology, India
Technical Program Committee Antonio Puliafito Bob Callaway Chee Shin Yeo Chin-Sean Sum Ching-Hsien Hsu Drissa Houatra Deepak Unnikrishnan Jie Song Salah Sharieh Francesco Longo Fabienne Anhalt Gaurav Somani Haibing Guan Hongbo Jiang Hongkai Xiong Hui Zhang Itai Zilbershtein Jens Nimis Jie Song
University of Messina, Italy IBM, USA Institute of High-Performance Computing, Singapore National Institute of Information and Communications Technology, Japan Chung Hua University, Taiwan Orange Labs, France University of Massachusetts, USA Northeastern University, P.R. China McMaster University, Canada Universit´ a di Messina, Italy Ecole Normale Sup´erieure de Lyon–INRIA, France LNMIIT, Jaipur, India Shanghai Jiao Tong University, P.R. China Huazhong University of Science and Technology, P.R. China Shanghai Jiao Tong University, P.R China Nec Laboratories America, USA Avaya, Israel University of Applied Sciences, Germany Software College, Northeastern University, China
XXIV
CloudComp 2011
Jorge Carapinha Junyi Wang K. Chandra Sekaran Kai Zheng Krishna Sankar Laurent Amanton Luca Caviglione Lukas Ruf Massimiliano Rak Pallab Datta Pascale Vicat-Blanc Primet Prabu Dorairaj Shivani Sud Shuicheng Yan Siani Pearson Simon Koo Srikumar Venugopal Stephan Kopf Thomas Sandholm Umberto Villano Vipin Chaudhary Yaozu Dong Zhou Lan
PT Inova¸cao S.A. Telecom Group, Portugal National Institute of Information and Communications Technology, Japan NITK, India IBM China Research Lab, P.R. China Cisco Systems, USA Havre University, France National Research Council (CNR), Italy Consecom AG, Switzerland Second University of Naples, Italy IBM Almaden Research Center, USA INRIA, France NetApp Inc, India Intel Labs, USA National University of Singapore, Singapore HP Labs, UK University of San Diego, USA UNSW, Australia University of Mannheim, Germany Hewlett-Packard Laboratories, USA University of Sannio, Italy University at Buffalo, USA Intel Corporation, P.R. China National Institute of Information and Communications Technology, Japan
International Workshop on Multimedia Streaming (MultiStreams 2011)
Program Chairs Pascal Lorenz Fan Ye Trung Q. Duong
University of Haute Alsace, France IBM T.J. Watson Research Center, USA Blekinge Institute of Technology, Sweden
Technical Program Committee Guangjie Han Alex Canovas Brent Lagesse Chung Shue Chen Debasis Giri Mario Montagud Doreen Miriam Duduku V. Viswacheda Elsa Mac´ıas L´opez Eug´enia Bernardino Fernando Boronat Jen-Wen Ding Joel Rodrigues IT Jo-Yew Tham Marcelo Atenas Jorge Bernab´e Bao Vo Nguyen Hans-Juergen Zepernick Jose Maria Alcaraz Calero Juan Marin Perez Lei Shu Lexing Xie Marc Gilg Miguel Garcia Mohd Riduan Bin Ahmad
Hohai University, P.R. China Polytechnic University of Valencia, Spain Oak Ridge National Laboratory, USA INRIA-ENS, France Haldia Institute of Technology, India Universidad Polit´ecnica de Valencia, Spain Anna University, India University Malaysia Sabah, Malaysia University of Las Palmas de Gran Canaria, Spain Polytechnic Institute of Leiria, Portugal Instituto de Investigaci´ on para la Gesti´ on Integrada de Zonas Costeras, Spain National Kaohsiung University of Applied Sciences, Taiwan University of Beira Interior, Portugal A*STAR Institute for Infocomm Research, Singapore Universidad Politecnica de Valencia, Spain University of Murcia, Poland Posts and Telecommunications Institute of Technology, Vietnam Blekinge Institute of Technology, Sweden University of Murcia, Spain University of Murcia, Spain Osaka University, Japan The Australian National University, Australia University of Haute-Alsace, France Polytechnic University of Valencia, Spain Universiti Teknikal Malaysia, Malaysia
XXVI
MultiStreams 2011
Phan Cong-Vinh Alvaro Su´ arez-Sarmiento Song Guo Tin-Yu Wu Zhangbing Zhou Zuqing Zhu Juan M. S´ anchez Choong Seon Hong
London South Bank University, UK University of Las Palmas de Gran Canaria, Spain University of British Columbia, Canada Tamkang University, Taiwan Institut Telecom & Management SudParis, France Cisco System, USA University of Extremadura, Spain Kyung Hee University, Korea
Second International Workshop on Trust Management in P2P Systems (IWTMP2PS 2011)
Program Chairs Visvasuresh Victor Govindaswamy Jack Hu Sabu M. Thampi
Texas A&M University-Texarkana, USA Microsoft, USA Rajagiri School of Engineering and Technology, India
Technical Program Committee Haiguang Ioannis Anagnostopoulos Farag Azzedin Roksana Boreli Yann Busnel Juan-Carlos Cano Phan Cong-Vinh Jianguo Ding Markus Fiedler Deepak Garg Felix Gomez Marmol Paulo Gondim Steven Gordon Ankur Gupta Houcine Hassan Yifeng He Michael Hempel Salman Abdul Moiz Guimin Huang Renjie Huang Benoit Hudzia Helge Janicke
Fudan University, P.R. China University of the Aegean, Greece King Fahd University of Petroleum & Minerals, Saudi Arabia National ICT Australia, Australia University of Nantes, France Universidad Politecnica de Valencia, Spain London South Bank University, UK University of Luxembourg, Luxemburg Blekinge Institute of Technology, Sweden Thapar University, Patiala, India University of Murcia, Spain Universidade de Brasilia, Brazil Thammasat University, Thailand Model Institute of Engineering and Technology, India Universidad Politecnica de Valencia, Spain Ryerson University, Canada University of Nebraska-Lincoln, USA CDAC, India Guilin University of Electronic Technology, P.R. China Washington State University, USA SAP Research, UK De Montfort University, UK
XXVIII
IWTMP2PS 2011
Mohamed Ali Kaafar Eleni Koutrouli Stefan Kraxberger Jonathan Loo Marjan Naderan Lourdes Penalver Elvira Popescu Guangzhi Qu Aneel Rahim Yonglin Ren Andreas Riener Samir Saklikar Thomas Schmidt Fangyang Shen Thorsten Strufe Sudarshan Tsb Demin Wang Fatos Xhafa Jiping Xiong Chang Wu Yu
INRIA, France National University of Athens, Greece Graz University of Technology, Austria Middlesex University, UK Amirkabir University of Technology, Iran Valencia Polytechnic University, Spain UCV, Romania Oakland University, USA COMSATS Institute of Information Technology, Pakistan SITE, University of Ottawa, Canada University of Linz, Austria RSA, Security Division of EMC, India HAW Hamburg (DE), Germany Northern New Mexico College, USA TU Darmstadt, Germany Amrita School of Engineering, India Microsoft, USA UPC, Barcelona, Spain Zhejiang Normal University, P.R. China Chung Hua University, Taiwan
Table of Contents – Part IV
Position Papers Impact of Node Density on Node Connectivity in MANET Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G. Jisha and Philip Samuel Survey and Comparison of Frameworks in Software Architecture . . . . . . . S. Roselin Mary and Paul Rodrigues Two Layered Hierarchical Model for Cognitive Wireless Sensor Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K. Vinod Kumar, G. Lakshmi Phani, K. Venkat Sayeesh, Aparna Chaganty, and G. Rama Murthy 3D-CGIN: A 3 Disjoint Paths CGIN with Alternate Source . . . . . . . . . . . . Meenal A. Borkar and Nitin Architecture for Running Multiple Applications on a Single Wireless Sensor Network: A Proposal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Sonam Tobgay, Rasmus L. Olsen, and Ramjee Prasad
1 9
19
25
37
Feature Based Image Retrieval Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . P.U. Nimi and C. Tripti
46
Exploiting ILP in a SIMD Type Vector Processor . . . . . . . . . . . . . . . . . . . . Abel Palaty, Mohammad Suaib, and Kumar Sambhav Pandey
56
An Extension to Global Value Numbering . . . . . . . . . . . . . . . . . . . . . . . . . . . Saranya D. Krishnan and Shimmi Asokan
63
Data Privacy for Grid Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . N. Sandeep Chaitanya, S. Ramachandram, B. Padmavathi, S. Shiva Skandha, and G. Ravi Kumar
70
Towards Multimodal Capture, Annotation and Semantic Retrieval from Performing Arts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Rajkumar Kannan, Frederic Andres, Fernando Ferri, and Patrizia Grifoni A New Indian Model for Human Intelligence . . . . . . . . . . . . . . . . . . . . . . . . Jai Prakash Singh Stepping Up Internet Banking Security Using Dynamic Pattern Based Image Steganography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P. Thiyagarajan, G. Aghila, and V. Prasanna Venkatesan
79
89
98
XXX
Table of Contents – Part IV
A Combinatorial Multi-objective Particle Swarm Optimization Based Algorithm for Task Allocation in Distributed Computing Systems . . . . . . Rahul Roy, Madhabananda Das, and Satchidananda Dehuri
113
Enhancement of BARTERCAST Using Reinforcement Learning to Effectively Manage Freeriders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G. Sreenu, P.M. Dhanya, and Sabu M. Thampi
126
A Novel Approach to Represent Detected Point Mutation . . . . . . . . . . . . . Dhanya Sudarsan, P.R. Mahalingam, and G. Jisha
137
Anonymous and Secured Communication Using OLSR in MANET . . . . . A.A. Arifa Azeez, Elizabeth Isaac, and Sabu M. Thampi
145
Bilingual Translation System for Weather Report (For English and Tamil) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S. Saraswathi, M. Anusiya, P. Kanivadhana, and S. Sathiya
155
Design of QRS Detection and Heart Rate Estimation System on FPGA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Sudheer Kurakula, A.S.D.P. Sudhansh, Roy Paily, and S. Dandapat
165
Multi-document Text Summarization in E-Learning System for Operating System Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S. Saraswathi, M. Hemamalini, S. Janani, and V. Priyadharshini
175
Improving Hadoop Performance in Handling Small Files . . . . . . . . . . . . . . Neethu Mohandas and Sabu M. Thampi
187
Studies of Management for Dynamic Circuit Networks . . . . . . . . . . . . . . . . Ana Elisa Ferreira, Anilton Salles Garcia, and Carlos Alberto Malcher Bastos
195
International Workshop on Identity: Security, Management and Applications (ID 2011) Game Theoretic Approach to Resolve Energy Conflicts in Ad-Hoc Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Juhi Gupta, Ishan Kumar, and Anil Kacholiya
205
Software Secureness for Users: Significance in Public ICT Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C.K. Raju and P.B.S. Bhadoria
211
Vector Space Access Structure and ID Based Distributed DRM Key Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ratna Dutta, Dheerendra Mishra, and Sourav Mukhopadhyay
223
Table of Contents – Part IV
Multiple Secrets Sharing with Meaningful Shares . . . . . . . . . . . . . . . . . . . . . Jaya and Anjali Sardana
XXXI
233
On Estimating Strength of a DDoS Attack Using Polynomial Regression Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B.B. Gupta, P.K. Agrawal, A. Mishra, and M.K. Pattanshetti
244
Finding New Solutions for Services in Federated Open Systems Interconnection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Zubair Ahmad Khattak, Jamalul-lail Ab Manan, and Suziah Sulaiman
250
Duplicate File Names-A Novel Steganographic Data Hiding Technique . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Avinash Srinivasan and Jie Wu
260
A Framework for Securing Web Services by Formulating an Collaborative Security Standard among Prevailing WS-* Security Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M. Priyadharshini, R. Baskaran, Madhan Kumar Srinivasan, and Paul Rodrigues
269
Improved Web Search Engine by New Similarity Measures . . . . . . . . . . . . Vijayalaxmi Kakulapati, Ramakrishna Kolikipogu, P. Revathy, and D. Karunanithi
284
International Workshop on Applications of Signal Processing (I-WASP 2011) Recognition of Subsampled Speech Using a Modified Mel Filter Bank . . . Kiran Kumar Bhuvanagiri and Sunil Kumar Kopparapu
293
Tumor Detection in Brain Magnetic Resonance Images Using Modified Thresholding Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C.L. Biji, D. Selvathi, and Asha Panicker
300
Generate Vision in Blind People Using Suitable Neuroprosthesis Implant of BIOMEMS in Brain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B. Vivekavardhana Reddy, Y.S. Kumara Swamy, and N. Usha
309
Undecimated Wavelet Packet for Blind Speech Separation Using Independent Component Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ibrahim Missaoui and Zied Lachiri
318
A Robust Framework for Multi-object Tracking . . . . . . . . . . . . . . . . . . . . . . Anand Singh Jalal and Vrijendra Singh
329
XXXII
Table of Contents – Part IV
SVM Based Classification of Traffic Signs for Realtime Embedded Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Rajeev Kumaraswamy, Lekhesh V. Prabhu, K. Suchithra, and P.S. Sreejith Pai A Real Time Video Stabilization Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . Tarun Kancharla and Sanjyot Gindi
339
349
Object Classification Using Encoded Edge Based Structural Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Aditya R. Kanitkar, Brijendra K. Bharti, and Umesh N. Hivarkar
358
Real Time Vehicle Detection for Rear and Forward Collision Warning Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Gaurav Kumar Yadav, Tarun Kancharla, and Smita Nair
368
PIN Generation Using Single Channel EEG Biometric . . . . . . . . . . . . . . . . Ramaswamy Palaniappan, Jenish Gosalia, Kenneth Revett, and Andrews Samraj
378
International Workshop on Cloud Computing: Architecture, Algorithms and Applications (CloudComp 2011) A Framework for Intrusion Tolerance in Cloud Computing . . . . . . . . . . . . Vishal M. Karande and Alwyn R. Pais Application of Parallel K-Means Clustering Algorithm for Prediction of Optimal Path in Self Aware Mobile Ad-Hoc Networks with Link Stability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Likewin Thomas and B. Annappa Clouds’ Infrastructure Taxonomy, Properties, and Management Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Imad M. Abbadi A Deduced SaaS Lifecycle Model Based on Roles and Activities . . . . . . . . Jie Song, Tiantian Li, Lulu Jia, and Zhiliang Zhu Towards Achieving Accountability, Auditability and Trust in Cloud Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ryan K.L. Ko, Bu Sung Lee, and Siani Pearson Cloud Computing Security Issues and Challenges: A Survey . . . . . . . . . . . Amandeep Verma and Sakshi Kaushal A Deadline and Budget Constrained Cost and Time Optimization Algorithm for Cloud Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Venkatarami Reddy Chintapalli
386
396
406 421
432 445
455
Table of Contents – Part IV
XXXIII
International Workshop on Multimedia Streaming (MultiStreams 2011) A Bit Modification Technique for Watermarking Images and Streaming Video . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Kaliappan Gopalan
463
Efficient Video Copy Detection Using Simple and Effective Extraction of Color Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . R. Roopalakshmi and G. Ram Mohana Reddy
473
Mobile Video Service Disruptions Control in Android Using JADE . . . . . Tatiana Gualotu˜ na, Diego Marcillo, Elsa Mac´ıas L´ opez, and Alvaro Su´ arez-Sarmiento
481
Performance Analysis of Video Protocols over IP Transition Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hira Sathu and Mohib A. Shah
491
Performance Comparison of Video Protocols Using Dual-Stack and Tunnelling Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hira Sathu, Mohib A. Shah, and Kathiravelu Ganeshan
501
IPTV End-to-End Performance Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . Priya Gupta, Priyadarshini Londhe, and Arvind Bhosale A Color Image Encryption Technique Based on a SubstitutionPermutation Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J. Mohamedmoideen Kader Mastan, G.A. Sathishkumar, and K. Bhoopathy Bagan
512
524
Second International Workshop on Trust Management in P2P Systems (IWTMP2PS 2011) Comment on the Improvement of an Efficient ID-Based RSA Mutlisignature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Chenglian Liu, Marjan Kuchaki Rafsanjani, and Liyun Zheng A Secure Routing Protocol to Combat Byzantine and Black Hole Attacks for MANETs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jayashree Padmanabhan, Tamil Selvan Raman Subramaniam, Kumaresh Prakasam, and Vigneswaran Ponpandiyan A Convertible Designated Verifible Blind Multi-signcryption Scheme . . . . Subhalaxmi Das, Sujata Mohanty, and Bansidhar Majhi
534
541
549
XXXIV
Table of Contents – Part IV
Middleware Services at Cloud Application Layer . . . . . . . . . . . . . . . . . . . . . Imad M. Abbadi
557
Attribute Based Anonymity for Preserving Privacy . . . . . . . . . . . . . . . . . . . Sri Krishna Adusumalli and V. Valli Kumari
572
An Anonymous Authentication and Communication Protocol for Wireless Mesh Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jaydip Sen
580
Data Dissemination and Power Management in Wireless Sensor Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M. Guerroumi, N. Badache, and S. Moussaoui
593
Performance Evaluation of ID Assignment Schemes for Wireless Sensor Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Rama Krishna Challa and Rakesh Sambyal
608
Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
617
Impact of Node Density on Node Connectivity in MANET Routing Protocols G. Jisha1 and Philip Samuel2 1
Department of Information Technology, Rajagiri School of Engineering and Technology, Kochi, India-682039 2 Information Technology, School of Engineering, Cochin University of Science and Technology, Kochi, India-682022
[email protected],
[email protected]
Abstract. The functioning of routing protocols in Mobile Ad-hoc Networks depends on factors like node mobility, node failure, broken paths, node connectivity and node density. These factors make the network dynamic. Due to the change in node connectivity, availability of link for data transfer data may vary. This paper discusses about Mobile Ad-Hoc environment with varying node density and its effect on node connectivity among MANET routing protocols. The performance of two routing protocols like DSDV from proactive routing protocols, AODV from reactive routing protocols are analyzed and compared. Quantitative metrics like normalized overhead, packet delivery ratio, number of control packets are evaluated using the Network Simulator NS-2. This paper helps in identifying the impact of varying node densities on the node connectivity in Mobile Ad-Hoc networks. The result of performance comparison can also be helpful in the design of new routing protocols based on topological characteristics. Keywords: MANET, DSDV, AODV, Node Connectivity, Node Density.
1 Introduction A Mobile Ad-hoc network is a temporary or short period dynamic network used in battlefields, conference, rescue operation, multimedia games. These networks comprises of a group of wireless mobile nodes which communicate each other without any fixed infrastructure. Routing in MANET is a challenging task as the topology of such networks keeps on changing due to various factors like node mobility, change in the node status and change in node density. Here the nodes act as both host and receiver, who forward packets to other mobile host. Individual node has limited processing capacity but is capable of supporting distributed approach through coordination effort in a network [12]. Initially the node will not have prior knowledge of its neighboring nodes or the topology of the entire network. The nodes sends beacons to neighboring nodes, and listens to the broadcasting message from A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 1–8, 2011. © Springer-Verlag Berlin Heidelberg 2011
2
G. Jisha and P. Samuel
neighboring nodes to find the list of current neighbors. This process continues till the node knows about all other nodes and also when a change in the topology of the network is detected. Thus through these neighbors, the nodes can communicate to other nodes outside its coverage area to maintain node connectivity in the network [3]. Knowledge of topological characteristics like connectivity, coverage, maximum inter-node distance and node degree helps in the design of new distributed protocol and also for evaluating the performance of existing routing protocols [12]. The factors that complicate the analysis of the topological characteristics are node mobility and node density [8], [9]. Paolo Santi and Douglas M Blough have discussed the conditions that are needed to ensure that a deployed network is connected initially and remains connected as node migrates [8]. Certain Routing Protocols are found to perform better in densely connected network than in sparse network [1]. There is a lot of work done for evaluating the performance of MANET Routing Protocols under different topological characteristics [1], [12], [2], [8], [9]. In our paper we have evaluated performance of MANET routing protocols under varying node density and how it affects the node connectivity. This paper analyzes the performance of routing protocols designed for MANET under different node density and its impact on node connectivity. The second sections of this paper discuss the routing protocols designed for MANET and the performance metrics used. The third section discusses the impact of node density in proactive and reactive routing protocols with a comparative evaluation. The forth section presents the environment for simulations in NS-2 for comparing the effect of node density on these two protocols. The fifth section discusses the simulation result and the last section concludes the paper.
2 Routing Protocols and Performance Metrics Mobile Ad-hoc Routing Protocol is a rule or standard that tells the mobile nodes in the network which way to route the packets. Effective routing protocols are needed to handle dynamic topology, a major problem in MANET routing protocol. Various routing protocols were proposed in the past, depending on routing information, updating mechanism and temporal information used for routing, routing topology and utilization of specific resources [4]. Protocols designed for MANET deal with high power consumption, low bandwidth and high error rates which are the typical limitations of these networks [5]. Main two classifications considered are Proactive Routing Protocols and Reactive Routing Protocols. Proactive Routing protocols stores information about nodes in the network to transfer data between different nodes in the network. These protocols constantly update node information and may react to change in the network topology even if no traffic is affected by the topology modification. This could create unnecessary overhead. Reactive Routing Protocols establish routes between nodes only when they is a request to required to route data packets. There is no updating of every possible route in the network instead it focuses on routes that are being used or being set up. Both qualitative and quantitative metrics are needed to evaluate the performance of a routing protocol [7]. Qualitative properties of MANET routing protocol includes
Impact of Node Density on Node Connectivity in MANET Routing Protocols
3
distributed operation, loop freedom, demand based operation, proactive operation, security, sleep period operation, unidirectional link support. Quantitative metrics used are end-to-end data throughput and delay, Route acquisition time, Percentage out-oforder delivery, Efficiency. The other parameters that should be varied are network size, network connectivity, and topological rate of change, link capacity, and fraction of unidirectional links, traffic patterns, Mobility, Fraction and frequency of sleeping nodes [6], [7]. This paper evaluates two routing protocols DSDV from Proactive Routing Protocols and AODV from Reactive Routing Protocols. Quantitative distributed operation, demand based operation, proactive based operation, sleep period operation, unidirectional link support. Qualitative measures used are number of routing packets used, normalized overhead, packet delivery ratio. Two main parameters that are verified to check the performance are network connectivity and node density. All qualitative measures are verified at different node densities.
3 Impact of Node Density on Routing Protocols-Comparative Evaluation A variety of performance metrics are discussed to determine the performance and robustness of MANET routing protocols [7]. The goal is to compare the routing protocols on the basis of qualitative and quantitative measures. Topological parameters like node density and node connectivity are also considered for comparing MANET routing protocols. 3.1 Impact of Node Density on Proactive Routing Protocol In Proactive routing protocols every nodes maintain the routing information by periodic updating of routes. Proactive routing protocols maintain up-to-date routing information between every node in the network. The dynamic change in topology results change in routing table. Proactive protocol update routing table when there is any change in the topology due to change in node density. Change in the number of nodes reflect in more overhead for such networks due to the updating of routing table by the nodes when new nodes are added or existing nodes are disconnected. Destination Sequence distance vector (DSDV) is the protocol considered under proactive category Destination Sequenced Distance Vector (DSDV) Destination Sequenced Distance Vector is a table- driven proactive protocol modified from Bellman Ford algorithm. DSDV is one of the mostly accepted routing protocols under the category of proactive routing protocol developed by C. Perkins and P. Bhagwat in 1994[5]. The main contribution of this algorithm was to solve the routing loop problem. Every mobile node in the network maintains a routing table in which all the possible destination within the network and the number of hops to each destination are recorded. Each entry in the routing table contains a sequence number,
4
G. Jisha and P. Samuel
the sequence numbers will be even if a link is present otherwise an odd number is used. The number is generated by the destination and the sender needs to send out the next update with this number [4]. DSDV periodically send routing control packets to neighbors for updating routing table [12]. Selection of routes: Latest sequence numbers are used if a router receives new information. Route with a better metric is used if the sequence number is the same as the one in the table. Stale entries and the routes using those nodes with stale entries as next hops are deleted. Advantages: DSDV is a hop by hop distance vector routing protocol suitable for creating ad-hoc networks with small node density. It selects the shortest path based on the number of hops to the destination. Loop freedom is eliminated. Use simple route update protocol. Routing table is maintained on each network. Sequence number is used for making decision. Network Connectivity of the network found to increase due to various paths between the nodes. Breakage of an intermediate node may not affect the connectivity if the node density is high. Disadvantages: Use of battery power and small bandwidth even when the network is idle, due to the regular updating of its routing tables. Periodic updating in transmissions limits the number of nodes that can be connected to the network. Not suitable for highly dynamic networks, as a new sequence number is necessary whenever the topology changes due to the increase in number of nodes. Routing overhead is directly related with the number of nodes in the network. 3.2 Impact of Node Density in Reactive Routing Protocols Reactive Routing Protocol does not maintain network topology information. Necessary path is obtained by a connection establishment process. The Routing information are not exchanged periodically. In case of reactive routing protocols the overhead for route calculation is less when compared to Proactive routing protocols in case of increase in node density. Ad-Hoc On Demand Distance Vector Routing Protocol (AODV) AODV, an extension of DSDV is a reactive routing protocol implemented for mobile ad-hoc networks. AODV is combination of DSR, a reactive routing protocol and DSDV, a proactive routing protocol. It has the basic on demand mechanism of Route Discovery and Route maintenance of DSR and the use of hop by hop routing sequence number and periodic beacons from DSDV. When a source node wants to send information to destination node and does not have a route to destination, it starts the route finding process starts the route finding process. It generates a RREQ and broadcast to its neighbors. The route request is forwarded by intermediate nodes. A reverse path is created for itself from destination. When the request reaches a node with a route to destination it generates a RREP containing number of hops required to reach destination. RREP is routed along the reverse path. Each node maintains is own sequence number and broadcast id. To maintain routes the nodes survey the link
Impact of Node Density on Node Connectivity in MANET Routing Protocols
5
status of their next hop neighbor in active routes. If the destination or some intermediate node move, steps are used to update the routing table of all neighbors [4],[11]. Features: • Combines the features of both DSR and DSDV • Route discovery and route maintenance from DSR • Hop by Hop routing ,sequence numbers and periodic beacon from DSDV Advantage: Maximum utilization of bandwidth. Simple. Node acts as router and maintains a simple routing table, Maintains effective routing information and current routing information, Loop free, Coping up with dynamic topology and broken links, Highly Scalable when compared with DSDV. Disadvantage: No reuse of routing information, vulnerable to misuse, high route discovery latency, overhead on bandwidth. When number of node increases initially throughput increase as large number of routes are available, after a certain limit throughput becomes stable[4]. 3.3 Discussion on MANET Routing Protocols Using Various Performance Metrics After the discussion of the two MANET routing protocols namely, DSDV, AODV. A comparative discussion using various performance metrics are made to judge the performance and suitability of these routing protocols. Both qualitative and quantitative metrics are used. • • • •
•
•
Distributed Operation: DSDV maintains routes between every pair of nodes in the network, while AODV finds path between nodes whenever the route is required. Broadcasting: In DSDV, for updating the routing tables, broadcasting is done periodically to maintain routing updates. In AODV, only hello messages are broadcasted to its neighbors to maintain node connectivity. Node Density: When node density varies DSDV is affected more than AODV as DSDV has to maintain connectivity between every node. Bandwidth: The periodic updating of routing tables for each node results in wastage of bandwidth in DSDV. But, Bandwidth is effectively used with AODV, as it propagates only hello messages to its neighbors and RREQ and RREP are broadcasted only on-demand. Route Maintenance: For sending data to a particular destination, there is no need to find a route as DSDV routing protocol maintains all the routes in the routing tables for each node. While AODV has to find a route before sending a data. Routing Overhead: Overhead in DSDV is more when the network is large and it becomes hard to maintain the routing tables at every node. But, in AODV overhead is less as it maintains small tables to maintain local connectivity.
6
G. Jisha and P. Samuel
•
Node Mobility: DSDV cannot handle mobility at high speeds due to lack of alternative routes hence routes in routing table is stale. While in AODV it does not affect much, as it find the routes on demand.
4 Simulation Result and Observations We evaluate the performance of MANET protocols using measurements obtained through both simulation and implementation. Simulations help to measure the effectiveness of routing protocols under varying node densities. Simulation is performed using Network Simulator NS-2 [10]. NS-2 is an object oriented simulator developed as a part of the VINT project at the University of California in Berkeley. The simulator is event-driven and runs in a non real time fashion. The main purpose of NS-2 is for evaluating the existing network’s performance or the performance of newly designed components Simulation Design: The basic configuration is that our testing is in a square of 500*500 with nodes ranging from 5 to 50. The traffic source used is CBR (Constant Bit Rate), 512 bytes as data packets, sending rate is 4pkts/second, Radio-propagation model used is TwoRayGround, MAC Type is 802_11,a\Ad-Hoc routing protocols tested are DSDV, AODV. Simulation Result: Number of nodes is the varying parameter as it plays an important role in performance Figure 1, 2, 3 shows various performance parameters versus number of nodes. a) Packet delivery rate: Packet delivery rate is the amount of packets successively received by the destination node over the total number of packets send throughout the simulation .With varying node densities packet delivery rate in DSDV and AODV increases with increase in number of nodes
Fig. 1. Number of Nodes Vs Packet delivery ratio
Impact of Node Density on Node Connectivity in MANET Routing Protocols
7
Fig. 2. Number of Nodes Vs Normalized Overhead
b) Normalized Overhead: Number of routing packets over the number of packets successfully received at the destination. c) Number of Routing Packets : Routing Packets(RP) is used to refer the routing related packets like route request, route reply, route error that are received by various nodes. Number of RP received is different from number of packets sent. Nodes on receiving such packets broadcast these packets to the neighboring nodes. Here the number of routing packets is compared with the number of nodes to measure the node connectivity.
Fig. 3. Number of Nodes Vs Number of Routing Packets
5 Conclusion We have presented a detailed performance comparison of important routing protocols for mobile ad-hoc networks. DSDV and AODV are the two protocols taken for comparison. Routing Protocols were studied in detail and their features advantages,
8
G. Jisha and P. Samuel
disadvantages were discussed. Then a comparative study on the basis of quantitative and qualitative measures including the parameters node connectivity and node density are also studied. Both reactive and proactive protocols perform well in case of packet delivery when number of nodes increase in the network which shows node connectivity. In case of Normalized overhead both DSDV and AODV shows increase in overhead with increase in number of nodes. Number of routing packets shows a decrease with increase in Node density. AODV gets more affected by change in node density than DSDV. Future works may evaluate more routing protocols with different metrics which will be helpful for those who are trying to design a new or improved version of any existing routing protocol. More works can address issues related to topological characteristics of mobile ad-hoc networks.
References 1. Schult, N., Mirhakkak, M., LaRocca, D.: Routing in Mobile Ad Hoc Networks. IEEE, Los Alamitos (1999) 2. Goel, A., Sharma, A.: Performance Analysis of Mobile Ad-hoc Network Using AODV Protocol. International Journal of Computer Science and Security (IJCSS) 3(5), 334 (1999) 3. Adam, N., Ismail, M.Y., Addullah, J.: Effect of Node Density on Performance of Three MANET Routing Protocols. In: 2010 International Conference on Electronic Devices, Systems and Applications (ICEDSA 2010). IEEE, Los Alamitos (2010) 4. Siva Ram Murthy, C., Manoj, B.S.: AdHoc Wireless Networks Architectures and Protocols, 2nd edn., pp. 321–347. Pearson Education, London 5. Royer, E.M., Toh, C.-K.: A Review of Current Routing Protocols for AdHoc Mobile Wireless Networks. IEEE Personal Communications, 46 (1999) 6. Arun Kumar, B.R., Reddy, L.C., Hiremath, P.S.: Performance Comparison of Wireless Mobile Ad-Hoc Network Routing Protocols. International Journal of Computer Science and Network Security 8(6), 337 (2008) 7. Corson, S.: Mobile Ad hoc Networking (MANET): Routing Protocol Performance Issues and Evaluation Considerations, RFC2501 8. Santi, P., Blough, D.M.: An Evaluation of Connectivity in Mobile Wireless AdHoc Networks. In: Proceedings of the International Conference on Dependable Systems and Networks (DSN 2002). IEEE, Los Alamitos (2002) 9. Deepa, S., Kadhal Nawaz, D.M.: A Study on the Behavior of MANET Routing Protocols with Variying Densities and Dynamic Mobility Patterns. IJCA Special Issue on Mobile Ad-hoc Networks, MANET 2010, 124 (2010) 10. Greis’, M.: Tutorial for the UCB/LBNL/VINT Network Simulator ns 11. Perkins, C., Royer, E.M.: Ad hoc On demand distance vector (AODV) routing (Internet draft) (August 1998) 12. Bagchi, S., Cabuk, S., Lin, L., Malhotra, N., Shroff, N.: Analysis of Topological Characteristics of Unreliable Mobile Wireless AdHoc Network (1999)
Survey and Comparison of Frameworks in Software Architecture S. Roselin Mary1 and Paul Rodrigues2 1
Department of Computer science and Engineering at Anand Institute of Higher Technology, Chennai 603103, India 2 Department of Information Technology, Hindustan University, Chennai 603103, India
[email protected],
[email protected]
Abstract. The development of various architectural frameworks and models in the field of software architecture shows the importance of the need for such a governing structure for growing and developed organizations. To create or to choose the right and suitable architecture frame work for any organization, the comparative study of all the frameworks and models must be analyzed. This paper technically analyzes various well known frameworks based on their views/perspectives, kind of architecture they deal with, characteristics, system development methodology, system modeling technique and business modeling technique and also explains their advantages and weakness. Frameworks that we consider are Zachman framework, TEAF, FEAF, TOGAF, DODAF and ISO/RM-ODP. Keywords: Framework, Software Architecture, Views.
1 Introduction Complexity of any system can be understood with the help of the architecture of that system. Planning is required when a system becomes more complex. Architecture is the combination of process and product of planning, designing and constructing space that reflects functional, social and aesthetic considerations [1]. It also encompasses project planning, cost estimation and constructing administration. In civil engineering, architecture deals with the relationship between complexity and planning for buildings and cities. Customers and builders may have different views and different perspectives of their own interest. [2]. Similarly, the same concept can be used for software which is called software architecture. Building a very complex, critical and highly distributed system requires the interconnected components that are basic building blocks and the views of end user, designer, developer and tester. The research work of Dijkstra in 1968 and David Parnas in the early 1970’s identified the concept of Software Architecture at first. Software architecture is known for the design and implementation of the high-level structure of the software. It is the connection of architectural elements in some wellchosen forms to achieve the major functionality and performance requirements of the system and to achieve non- functional requirements such as reliability, scalability, portability, and availability [4]. Software frameworks indicate the locations in the A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 9–18, 2011. © Springer-Verlag Berlin Heidelberg 2011
10
S. Roselin Mary and P. Rodrigues
architecture where application programmers may make the adaptations for a specific functionality [5]. A software framework is an abstraction in which common code providing generic functionality can be selectively overridden or specialized by user code. Instead of concentrating on the low level details of a working system, the designers and programmers can concentrate only on the software requirements so as to reduce overall development time [6]. Even though ‘software architecture’ is relatively new to the field, the basic principles of this field have been applied since the mid 1980’s. Seeing the evolution of Software architecture from the algorithm’s era will clearly show us the various stages it has crossed and the concepts it has borrowed from others to get a shaped form. The following sections briefly describe the evolution and evaluation of Software architecture. Section 2 describes the evolution from algorithm to Zachman’s framework and Zachman framework to Service oriented Architecture. Section 3 describes the classification of frameworks and lists out the comparison criteria of frameworks. Frameworks are evaluated in section 4 using the criteria listed out in the section 3.
2 Evolution of Software Architectural Frameworks 2.1 Evolution from 1920’s to 1995 In 1928, an Algorithm was partially formulated to solve a problem by a finite sequence of instructions. To plan computer programs by having a visual representation of the instruction flow, Von Neumann developed ‘Flow Chart’ in 1947.He got the idea from the flow process chart(1921) and multi flow chart(1944)which were used mostly in the area of electrical engineering. Later, ‘Control Flow Diagram’ (CFD) was developed in 1950’s to describe the control flow of a business process and program. The representation of flow of control was not enough to view the complex systems and it was not an easy job to design one for it. It did not give a high level view of the work and immediate access of particular points. So ‘Block Diagram’ was developed in late 1950’s to understand the complete system by dividing it into smaller sections or blocks. A particular function will be done by each block and the connection between the blocks will be shown in a diagram. In the mid time, the historical development of abstraction in the field of computer science and programming made a turning point in the field of software architecture. The introduction of Abstract data types in the late 1960’s, paved a way to group data structures that have similar behavior and to group certain data types and modules of one or more programming languages that have similar semantics. The notion of Abstract data types lead to a software design technique called ‘Modular Programming’ that introduced the concept of modules in software. Modules represent a separation of concerns. They maintain the logical boundaries between components. This concept was introduced in 1968. In 1977, the adoption of layered architecture based on the modular programming led to the ‘Three Schema Approach’ to build information systems using three different views in systems development. By breaking up an application into tiers, developers
Survey and Comparison of Frameworks in Software Architecture
11
had to modify only a specific layer rather than rewrite the entire application over. And thus it helped to create a flexible and reusable application. By evolving the three schema model into layers of six perspectives, John Zachman developed ‘The Zachman Framework’ in 1987. It still plays an important role in the era of ‘Enterprise Architecture’ and influenced frameworks DODAF, TOGAF, TEAF and FEAF. The modified version of Zachman Framework with more number of views was released in 1993. In 1995, the 4+1 view model was developed by Kruchten. The purpose of Views used in these models was to analyze the complex systems, and to list out the elements of the problem and the solution around the domains of expertise. A view of a system is the representation of the system from the perspective of a viewpoint. This viewpoint on a system focuses on specific concerns of the system. It provides a simplified model with the elements related to the concerns of the viewpoint and hides other details [2] [4]. This section deals how the framework and view point evolved from the algorithm through several stages. It clearly portrays that the introduction of ADT and layered approach paved a way towards the frameworks era. The next subsection deals how the various standard architectural frameworks evolved. 2.2 Evolution from 1995 to 2010 The necessity of frameworks in defense side applications and the encouragement of U.S government to new architecture led to the C4ISR Architecture Framework in 1996. In 2003, ‘The Department of Defense Architecture Framework (DODAF)’ was released which restructured the C4ISR framework ver2.0 [7][8].This version was later restructured and released as ‘The Department of Defense Architecture Framework (DODAF)’ in 2003 [7] [8]. ‘The Open Group Architecture Framework (TOGAF)’ was developed by the members of open architecture forums in 1995. Recently in 2009, TOGAF Version 9 was released [9]. The ‘Federal enterprise Architecture Framework (FEAF)’ was developed in 1999 by the Federal Government to integrate its myriad agencies and functions under a single common and enterprise architecture [10]. ‘Treasury Enterprise Architecture Framework (TEAF)’ was developed by the US Department of Treasury and published in July 2000.It was used to support the Treasury’s business processes in terms of products [11]. Based on the distributed processing developments and using the concepts of abstraction, composition and emergence, a reference model RM-ODP was developed by Andrew Herbert in 1984. A set of UML profiles were included in ODP and UML4ODP was introduced in 2004 [12].In 2001, Aspect oriented programming came out by getting the principles of OOPS. It led to the Aspect oriented software development later in 2002.As an opposition to the distributed processing and Modular programming, the ‘Service Oriented Architecture (SOA)’ came out and IBM announced ‘Service Oriented Modeling Architecture (SOMA)’ as the first publicly announced SOA related methodology in 2004. Based on this concept, the SOMF ver 1.1 was released by Michael Bell to provide tactical and strategic solutions to enterprise problems [13] [14].
12
S. Roselin Mary and P. Rodrigues
This section clearly portrays the independent development of frameworks based on the Zachman framework, OOPS concept and Event driven concept. The application of UML on RM-ODP derived a new framework. By analyzing the concept and structure of various frameworks and combining those appropriately with some existing technology will yield a better framework. The frameworks dealt in the forthcoming sections are most widely used by the commercial and Government departments. So, it is necessary to classify and compare them. The next section deals the classification and comparison of frameworks based on few parameters
3 Classification and Comparison Criteria 3.1 Classification of Frameworks Frameworks were developed under the interests of people in different fields for various purposes. They evolved by keeping their base on different concepts in different directions. To establish a new organization with the implementation of architectural framework or to introduce the frameworks to an existing organization for streamlining their tasks, it is necessary to look up the environment where these frameworks were developed and used and adopt those architectural frameworks to the new environment. So, it is necessary to classify them as whether they were developed by standard bodies or individual interests or by private agencies. The frameworks developed by standard bodies fall under the standard category and others fall under the non standard category. And also they are subcategorized based on their usage in commercial or Government purposes. Frameworks developed and used for the Government departments and for Defense side applications are classified under the Government frameworks. Frameworks used for commercial purpose are classified under the commercial frameworks. The Open Distributed model ISO RM-ODP falls under the standard and commercial frameworks. DODAF, FEAF and TEAF which were developed for the U.S Government agencies fall under the standard and government frameworks. The well accepted and most widely used frameworks, TOGAF and Zachman frameworks are used by both the commercial and government agencies. Even though TOGAF and Zachman frameworks are falling under the non-standard category, mapping of these frameworks to DODAF, FEAF and other standard frameworks yielded good products in the industry. The classification described in this section will be very useful for the customer to choose the suitable framework quickly for his organization based on the job nature. The next subsection deals the comparison parameters that can be used by the customer to choose an appropriate tool. 3.2 Comparison Criteria In this paper, we have taken the survey of few frameworks which are most widely used. The parameters used for comparison in existing surveys are not suitable for a
Survey and Comparison of Frameworks in Software Architecture
13
customer to choose the tool. So, the methodologies, techniques and tools used in these frameworks are considered for the comparison .Parameters used for the comparison in this paper is listed below. 1. Views / View points: Total number of views defined in the framework 2. Domain: It deals about the domain of applications and services the particular framework focuses on. 3. Origin: It deals about for whom the framework was developed and in which area the framework was well suited 4. Focus: It describes the focus of the framework i.e. business, cost, quality and so on. 5. Phase of SDLC: It discusses in which stage of the software life cycle the particular framework can be used widely. 6. System development methodology: A system development methodology is like a framework to structure, plan, and control the process of developing an information system. Lots of such frameworks have come up over the years, each with its own recognized strengths and weaknesses. It is not mandatory to use one system development methodology for all projects. Based on the technical, organizational, project and team considerations, each of the available methodologies can be followed in specific kind of projects. Mostly used methodologies are Rational Unified process (RUP), Dynamic system development Method (DSDM), Rapid Application Development (RAD), Iterative Application Development (IAD), Linear Application Development (LAD) and Extreme programming (XP). 7. System modeling Technique: The working principle of the system is revealed in System modeling. These techniques help us examine how the different components in a system work together to produce a particular result. The tools used for system modeling are UML, Flow chart, OMG-Model driven Architecture, Interface Definition Language and Object oriented programming. 8. Business Modeling Technique: A business model explains the functions of the process being modeled. The nature of the process can be visualized, defined, understood and validated by representing its activities and flows. Available techniques are flow chart, functional flow block diagram, control flow diagram, Gantt chart, PERT diagram, and Integration Definition (IDEF). Recently evolved methods are Unified Modeling Language (UML) and Business Process Modeling Notation (BPN). 9. Advantages: It deals with the benefits of using the particular framework. 10.Weakness: It deals with the drawbacks of the framework. The following section deals the well known frameworks and lists out their comparison criteria.
4 Evaluation of Various Frameworks 4.1 Zachman Framework The Zachman Framework describes a complex thing in different ways using different types of descriptions. It provides thirty-six categories to describe anything completely. It has six different views (Planner's View (Scope), Owner's View (Enterprise or
14
S. Roselin Mary and P. Rodrigues
Business Model), and Designer’s View (Information Systems Model), Builder’s view, Subcontractor View, actual system view) to facilitate each player to view the system in their own particular way. The domain of this framework is mainly on Categorizing Deliverables. It is well suited for Manufacturing Industries. It focuses mainly on Business process. It can be used in the Planning stage or Design stage of SDLC [15]. Organization’s own system development methodology can be followed if they apply this framework. System modeling technique such as OMG-Model driven Architecture or Organization’s own technique can be followed. BPML is used as the business modeling technique for this framework. It provides improved professional communication within community and understanding the reasons for and risks of not developing any one architectural representation. It provides variety of tools and/or methodologies [26]. But, it has few weak points also. It may lead to more documentation depending on the cases and it may guide to a process-heavy approach to development. It isn’t well accepted by all the developers. It seems in its first appearance as a top-down approach to developers. It is biased towards traditional and data-centric techniques. 4.2 NATO Architecture Framework/C4ISR/DODAF The Department of Defense Architecture Framework (DoDAF) provides the organization of enterprise Architecture (EA) into consistent views. It is well suited for large complicated systems and interoperability challenges. DoDAF provides multiple views, each of which describes various aspects of the architecture. They are Overarching All View (AV), Operational View (OV), Systems View (SV), and Technical Standards View (TV)."Operational views" used here deal with the external customer's operating domain. It focuses mainly on Architecture data and Business process. It is used in the Process or Planning stage of SDLC. The Framework does not advice the use of any one system development methodology. It depends on the organization’s decision. If the system to be developed is larger, then UML tools are likely to be the best choice for system modeling and IDEF family for business modeling. It defines a common approach for describing, presenting, and comparing DoD enterprise architectures. Common principles, assumptions and terminologies are used and across the organizational boundaries architecture descriptions can be compared. It reduces Deployment costs and reinvention of same system [7]. The weakness of DoDAF is no common ontology of architecture elements in the framework. Baseline (current) and objective (target) architectures and business financial plans are not addressed. Usage of architectures to measure effectiveness is not dealt here [23]. 4.3 TOGAF The Open Group Architecture Framework (TOGAF) provides a comprehensive approach to the design, planning, implementation, and governance of enterprise information architecture. TOGAF identifies many views to be modeled in an architecture development process. It includes Business Architecture Views, Information Systems Architecture views, Technology Architecture views and Composite views. The domain of this framework mainly focuses on Business, data and applications. This framework is developed due to the motivation in Defence side framework. It focuses
Survey and Comparison of Frameworks in Software Architecture
15
mainly on Business process, Data, applications and Technology. It is used in the Process or Planning stage of SDLC. Rational Unified process (RUP) is used as the system development Methodology. UML, BPMN are widely used for system modeling and IDEF is used for business modeling. It has increased transparency of accountability. It provides controlled risk, protection of assets, proactive control and Value creation [21]. But, it is weak on Information Architecture, planning methods and governance framework [9]. It needs lots of Detail. And it can lead startup efforts into too much too soon [22]. 4.4 TEAF Treasury Enterprise Architecture Framework (TEAF) was developed by the US Department of the Treasury and published in July 2000 to support Treasury’s business processes in terms of products. This framework guides the development and redesign of the business processes for various bureaus. It is based on the Zachman Framework. It provides four different views. They are Functional Views, Information View, Organizational View and Infrastructure View. It has a domain on Business processes. It focuses mainly on Business process. It is used in the communication or Planning stage of SDLC [11] [15]. It does not refer to any specific system development methodology. It depends on the organization’s decision [20]. Flow chart, UML can be used as system modeling technique and IDEF and ERD can be used as business modeling techniques. It provides guidance to the treasury bureaus and offices in satisfying OMB and other federal requirements. It Supports Treasury bureaus and offices based on their individual priorities and strategic plans. It leads to Treasury-wide interoperability and reusability [11]. The TEAF does not contain a detailed description of how to generate the specification documents (work products) that are suggested for each cell of the TEAF Matrix [19]. 4.5 FEAF Federal Enterprise Architecture (FEA) was developed for the Federal Government to provide a common methodology for information technology (IT) acquisition, use, and disposal in various government enterprises. It was built to develop a common taxonomy and ontology to describe IT resources. The FEAF provides documenting architecture descriptions of high-priority areas. It guides to describe architectures for functional segments in the multi-organization manner of the Federal Government. Like zachman framework, FEAF also has five different views (Planner’s View, Owner’s View, Designer’s View, Builder’s View and Subcontractor’s View) in its framework. It has a domain on provision of services [15]. This framework is well suited for Enterprise Architecture planning. It focuses mainly on Business process, Data, Application and Technology. It is used in the Communication or Planning stage of SDLC [15]. Rational Unified process (RUP) is used as the system development Methodology. UMLis widely used for system modeling and BPML is used for business modeling. It serves customer needs better, faster, and cost effectively. It Promotes Federal interoperability and promotes Agency resource sharing. It reduces costs for Federal and Agency. It improves ability to share information and supports capital IT investment planning in Federal and Agency [10]. The weakness of FEAF is that the Federal
16
S. Roselin Mary and P. Rodrigues
Government can risk allocating too much time and resources to an enterprise architecture description effort yielding potentially little return at significant cost. The Federal Enterprise Architecture program requires technical and acquisition expertise. The Federal IT community must keep its eyes on the basic principles rather than near-term objectives and achievements. The Federal Government has to pay up-front for the right to exercise options in the future. Concern over territoriality and loss of autonomy may impede the Federal Enterprise Architecture effort due to long-term, realignment of Agency functions and responsibilities. It is hard to have common, cross-Agency models and standards to ensure interoperability [10]. 4.6 ISO RM-ODP The ISO Reference Model for Open Distributed Processing provides a framework standard to support the distributed processing in heterogeneous platforms. Object modeling approach is used to describe the systems in distributed environment. The five viewpoints described by RM-ODP are enterprise viewpoint, information viewpoint, computational viewpoint, engineering viewpoint and technology viewpoint. It has a domain on information sharing in distributed environment. This framework is well suited for major computing and telecommunication companies. It focuses mainly on Business process, Technical Functionality and Solution. It is used in the Processing and communication stage of SDLC. Object oriented method and IAD can be used as the system development methodology. UML and OMG are widely used for system modeling and BPML is used for business modeling. It provides lot of details for the analysis phases of the development of applications. It provides the platform to integrate the requirements from different languages consistently. It provides a set of established reasoning patterns to identify the fundamental entities of the system and the relations among them. It provides the appropriate degrees of abstraction and precision for building useful system specifications. It provides a set of mechanisms and common services to build robust, efficient and competitive applications, interoperable with other systems [17]. RM-ODP has the problem of inter-view and inter-view consistency. A number of cross-view checks have to be done to maintain consistency. Yet, these checks don’t guarantee the consistency [16].
6 Conclusion This paper summarizes the frameworks based on the important criteria used in industry side or business side applications and it discusses the benefits and drawbacks of each framework. These points will invoke the user to choose the suitable framework for their industry, organization and business based on their requirement. Users can easily identify the supporting tools available for the frameworks of their choice. On analyzing the work term ‘Focus’, we can easily conclude that all the frameworks developed mainly focus on business and IT solutions. In future, we can enhance the frameworks to focus on quality through effective mapping of frameworks. We can map ancient Indian architecture styles and patterns to the familiar Frameworks to yield new frameworks that will focus on quality.
Survey and Comparison of Frameworks in Software Architecture
17
References 1. Conely, W.: About Architecture (2009), http://www.ehow.com/about_4565949_architecture.html 2. Roger Session: A Comparison of Top Four Enterprise –Architecture Methodologies, ObjectWatch, Inc. (May 2007), http://www.objectwatch.com/white_papers.htm 3. Bass, L., Clements, P., Kazman, R.: What is software Architecture? In: Software Architecture in Practice, ch.2, 2nd edn., pp. 19-45. Addison Wesley, Reading (2003) 4. Kruchten, P.: Architectural Blueprints – The “4+1” View model of software Architecture. IEEE Softw. 12, 42–50 (1995) 5. Shan, T.C.: Taxonomy of Java Web Application Frameworks. In: Conf. Rec. 2006 IEEE Int. Conf. e-Business Engg., pp. 378–385 (2006) 6. HighBeam Research: Software Framework (2008), http://www.reference.com/browse/Software_framework 7. U.S. Dept. of Defense: DoD Architecture Framework Version 1.5. (April 23, 2007), http://www.cio-nii.defense.gov/docs/DoDAF_Volume_II.pdf 8. Kobryn, C., Sibbald, C.: Modeling DODAF Complaint Architectures. (October 25, 2004), http://www.uml-forum.com/dots/White_Paper_ Modeling_DoDAF_UML2.pdf 9. The Open Group: Module 2 TOGAF9 Components (2009), http://www.opengroup.org/togaf/ 10. U.S. Chief Information officers (CIO) Council: Federal Enterprise Architecture Framework Version 1.1 (September 1999), http://www.cio.gov/documents/fedarch1.pdf 11. U.S. Treasury Chief Information officer Council: Treasury Enterprise Architecture Framework Version 1 (July 2000), http://www.treas.gov/cio 12. Ignacio, J.: UML4ODP PLUGIN – User guide Version 0.9., Atenea Research Group, Spain (2009), http://issuu.com/i72jamaj/docs/uml4odp_plugin 13. Bell, Michael: Introduction to Service-Oriented Modeling. In: Service-Oriented Modeling: Service Analysis, Design, and Architecture. Wiley & Sons, Chichester (2009) 14. Buckalew, P. M.: Service Oriented Architecture (2009), http://www.pmbuckalew.com/soa.htm 15. schekkerman, J.: A comparative survey of Enterprise Architecture Frameworks. Institute for Enterprise Architecture Developments, Capgemini (2003), http://www.enterprisearchitecture.info 16. Maier, M., Rechtin, E.: Architecture Frameworks. In: The Art of Systems Architecting, 2nd edn., pp. 229–250. CRC Press, Florida (2000) 17. Vallecillo, A.: RM-ODP: The ISO Reference Model for Open Distributed Processing. ETSI Informática, Universidad de Málaga, http://www.enterprise-architecture. info/Images/Documents/RM-ODP.pdf 18. Liimatainen, K., Hoffmann, M., Heikkilä, J.: Overview of Enterprise Architecture work in 15 countries FEAR Research Project, Ministry of Finance, Finland (2007), http://www.vm.fi/julkaisut 19. Leist, S., Zellner, G.: Evaluation of Current Architecture Frameworks. University of Regensburg, Germany (2006), http://www.dcc.uchile.cl/~vramiro/d/p1546-leist.pdf
18
S. Roselin Mary and P. Rodrigues
20. Treasury Enterprise Architecture Framework, http://www.en.wikipedia.org/.../Treasury_Enterprise_ Architecture_Framework 21. What is TOGAF? http://www.articlebase.com/information-technologyarticles/what-is-togaf-626259.html 22. Westbrock, T.: Do Frameworks Really Matter?, EADirections (October 24, 2007), http://www.eadirections.com/.../ EAdirections%20Frameworks%20Breakout%20updated.pdf 23. Mosto, A.: DoD Architecture Framework Overview (May 2004), http://www.enterprise-architecture.info/Images/.../DODAF.ppt 24. Jim: Applicability of DODAF in Documenting Business Enterprise Architectures (August 9, 2008), http://www.thario.net/2008/08/applicability-ofdodaf-in-documenting.html 25. Ambler, S.: Extending the RUP with the Zachman Framework (2007), http://www.enterpriseunifiedprocess.com/essays/ ZachmanFramework.html 26. Zachman, J.A.: A Framework for Information Systems Architecture. IBM Syst. J. 26(3), 276–292 (1987) 27. Gulla, J., Legum, A.: Enterprise Architecture Tools project (2006), http://www.enterprise-architecture.info/EA_Tools.htm 28. May, N.: A survey of Software Architecture Viewpoint models (2005), http://mercuryit.swin.edu.au/ctg/AWSA05/Papers/may.pdf
Two Layered Hierarchical Model for Cognitive Wireless Sensor Networks K. Vinod Kumar1, G. Lakshmi Phani2, K. Venkat Sayeesh3, Aparna Chaganty4, and G. Rama Murthy4 4
1,2,3 National Institute of Technology Warangal, India Indian Institute of Information Technology, Design & manufacturing, Jabalpur, India 5 Communiation Research Centre, IIIT Hyderabad, India {vinodreddy.nitw,phani.l.gadde,sayeesh.nitw, aparna.214}@gmail.com,
[email protected]
Abstract. In recent years, we have seen tremendous growth in the applications of wireless sensor networks (WSNs) operating in unlicensed spectrum bands. However, there is evidence that existing unlicensed spectrum is becoming overcrowded. On the other hand, with recent advancements in Cognitive Radio technology, it is possible to apply the Dynamic Spectrum Access model in WSNs to get access to less congested spectrum, with better propagation characteristics. One of the predominant problems in Cognitive aided Sensor Networks is spectrum management. In this paper we propose an effective way of Co-operative spectrum management in a large environment. The key idea is to localize the sensor field by forming clusters such that each cluster in a way is independent of another. Intra-cluster communication takes place within the locally detected spectrum holes and inter-cluster communication takes place between cluster heads in a common spectrum hole. Thus forming a two-layered Cognitive aided Sensor Networks. Keywords: Wireless Sensor Networks, Cluster, Cluster heads, Cognitive Radio, Co-operative Spectrum detection.
1 Introduction Recent technological advancements have made the development of small, low-power, low-cost, multifunctional, distributed devices, which are capable of wireless communication, a reality. Such nodes which have the ability to local processing are called sensor nodes (motes).Limited amount of processing is only possible in a sensor node. Wireless Sensor networks are the key to gathering the information needed by industrial, smart environments, weather in buildings, utilities, home, automation, transportation systems, shipboard or elsewhere. Recent guerilla warfare counter measures need a distributed network of sensors that can be deployed using, e.g. an aircraft. In such applications cabling or, running wires is generally impractical. A sensor network is required which is fast to maintain and easy to install. A key feature for current WSN solutions is operation in unlicensed frequency bands, for instance, A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 19–24, 2011. © Springer-Verlag Berlin Heidelberg 2011
20
K.V. Kumar et al.
the worldwide available 2.4 GHz band. However, the same band is shared by other very successful wireless applications, such as Wi-Fi and Bluetooth, as well as other proprietary technologies. Therefore the unlicensed spectrum is becoming overcrowded. As a result, coexistence issues in unlicensed bands have been subject of extensive research. In addition, a large portion of the assigned spectrum is used sporadically. The spectrum usage is concentrated on certain portions of the spectrum while a significant amount of spectrum remains unutilized. The limited available spectrum and the inefficiency in the spectrum usage necessitate a new communication paradigm to exploit the existing wireless spectrum opportunistically. Dynamic Spectrum Access is proposed to solve these current spectrum inefficiency problems. DARPAs approach on Dynamic Spectrum Access network, the so-called NeXt Generation (xG) program aims to implement the policy based intelligent radios known as cognitive radios. Defined the first time by J.Miltola in 1999, cognitive radios are promising solutions to improve the utilizations of the radio spectrum. The central idea of cognitive radio is to periodically monitor the radio spectrum, intelligently detect occupancy in the spectrum and then opportunistically communicate over spectrum holes with minimal interference to active licensed users. Similar to the existing WSNs, a Cognitive Wireless Sensor Networks (CWSN) consists of many tiny and inexpensive sensors where each node operates on limited battery energy. In a WSN, each node both sends and receives data or it is in idle state. However, in a CWSN, there would be another state called sensing state where the sensor nodes sense the spectrum to find spectrum opportunities or spectrum holes. Adding cognition to a WSN provides many advantages. Sensor nodes in a CWSN can measure and provide accurate information at various locations within the network. Measurements made within the network provide the needed diversity to cope with multi-path fading. In addition, a CWSN could provide access not only to new spectrum (rather than the worldwide available 2.4 GHz band), but also to the spectrum with better propagation characteristics. In this paper we proposed a novel two layered approach co-operative for spectrum sensing. Rest of this paper is organized as follows related work in Section 2, our proposed approach in section 3 and conclusions in the section 4.
2 Related Work Nodes are grouped into distinct and non overlapping clusters. One of the node among a cluster is made has cluster head. This cluster-head collect sensor data from other nodes in the cluster and transfer the aggregate data to the base station. Since the data transfer to the base station dissipate much energy, so these cluster heads have some extra energy and more transmission range. i.e they are different from normal nodes. Since sensor nodes have limited power, power consumption is considered to be one of the most important issue. Thus care has to be taken in designing a protocol which consumes less power. Hence in a CWSN, more the sensors who participate in sensing, more energy is consumed. Thus, we tend to limit the sensing task to some sensors only. Spectrum sensing is a key task in a cognitive radio. It allows identification of spectral holes and helps in exploiting them efficiently. The most effective way of detecting spectrum holes is to detect the primary receivers in the range of secondary
Two Layered Hierarchical Model for Cognitive Wireless Sensor Networks
21
users (sensors). Practically it is difficult for a Cognitive Radio to have a direct measurement of the channel between the primary receiver and transmitter. So most of the research now-a-days focuses on primary transmitter detection based on the observations by the secondary user. In general, we can classify Spectrum Sensing techniques as Transmitter Detection, Co-operative Detection and Interference Detection A cognitive radio should be able to differentiate used and unused spectrum band. So it should be able to determine if a signal from primary transmitter is present in the spectrum. Transmitter detection approach is based on the detection of weak signals from the primary transmitter. Transmitter detection is based on a assumption that the locations of the primary receivers are unknown due to the absence of interactions between the primary users and the secondary users, moreover, transmitter detection model cannot prevent the hidden terminal problem and sometimes the secondary transmitter may not be able to detect the transmitter due to shadowing. While in the case of co-operative detection model the information from multiple secondary users is used for primary user detection. Co-operative detection is done in two methods: centralized and distributed. In centralized method, secondary base station collects all the sensing information from its users and detects the spectrum holes. While in distributed method secondary users exchange observations. Co-operative Spectrum sensing task in the CWSN sensing state, can be performed either by a distributed or centralized scheme. However, we use a centralized scheme for reasons explained earlier. In a centralized scheme, spectrum opportunities are detected by a single entity called network coordinator. The network coordinator broadcasts a channel switch command to indicate an alternate available channel. The alternate channel could be another licensed channel or an unlicensed channel in the ISM band. The broadcast message could be retransmitted by multiple nodes to reliably deliver the message. Typically, there exist two traffic load configurations in a CWSN: • Regular status report: each sensor sends regular status update to the coordinator. The information in such status updates depends on the particular application. • Control commands: control messages are sent by the coordinator. For example, in a heat control application, the coordinator sends commands to switch on/off the heaters. In most cases, due to multi path fading and co-relation shadowing, primary user detection is poor. Co-operative sensing is a method in which xG users co-operate with each other instead of competing. Cooperative detection among unlicensed users is theoretically more accurate since the uncertainty in a single user’s detection can be minimized. Cooperative detection schemes allow mitigating the multi-path fading and shadowing effects, which improves the detection probability in a heavily shadowed environment.
3 Motivation As discussed in the earlier section distributed sensing is a very useful technique for spectrum sensing. Consider a very large network where the primary users and secondary users co-exist sharing the spectrum. The secondary users sense the spectrum
22
K.V. Kumar et al.
at regular intervals of time. This time interval (dt) is decided by the permissible latency for the primary users. The secondary users sense the spectrum, detect the spectrum holes and use it without causing any harmful interference to the primary user. Since the secondary network in this scenario is wireless sensor network, it needs a single band of spectrum to communicate. The best suitable contiguous spectrum available for the whole network will have very small bandwidth while when we divide the network into smaller parts (cluster) ,the best available bands for each of the cluster will be relatively large. Consider the figure where we see 6 regions in a big network. The frequency band which is free to all the six areas is relatively very less when compared to the spectrum locally free within the region.
4 Our Contribution Our idea is to use the locally free spectrum for communication within a cluster. The whole network is divided into clusters and each cluster is headed by a coordinator node which has got extra abilities. The coordinator node will communicate with all the nodes in that particular cluster and Base station. All the data that is to be routed to the secondary Base Station will be sent first to the co-ordinator node and then the coordinator node communicates with the adjacent co-ordinator. There are two channels that a co-ordinator maintains with every node and the neighbouring co-ordinator nodes. They are: (1). Control channel and (2). Data Channel The control channel operates in unlicensed bands (2.4Ghz) and transfers only those packets which are related to the spectrum sensing activity. The data channel transfers the data to be routed to the Base Station via sensors. The data channel operates in the free spectrum bands that are decided centrally by the Base Station. Procedure: 1) The co-ordinator node senses (in regular intervals) the spectrum to detect the spectrum holes in that cluster and sends this sensing information via control channel to the adjacent co-ordinator node. Eventually the base station receives all the spectrum sensing information. 2) Based on the information the Base Station decides communication frequency in which the cluster should communicate in order to avoid harmful interference to the primary user. This information is also sent via control channel itself. 3) Once the co-ordinator node gets the information about the communicating frequency bands, it notifies the same to all the sensor nodes (secondary users) within the cluster. 4) Then all the sensors starts sending the sensing data to the co-ordinator in the data channel which operates in the locally free bands specified by the coordinator.
Two Layered Hierarchical Model for Cognitive Wireless Sensor Networks
23
Fig. 1. A sample Network with primary and secondary
Fig. 2. Control and Data links between nodes
5) The co-ordinator also forwards this information to the neighbouring co-ordinator. Finally, all the data reaches the Base station. 6) The nodes will route in the best available band (which changes from time to time) without causing interference to primary user.
24
K.V. Kumar et al.
5 Conclusion In this paper, we proposed a conceptual model of two layered architecture for Cognitive aided WSN. Considering the challenges raised by Wireless Sensor Networks, the use of Cognitive Radio appears as a crucial need to achieve satisfactory results in terms of efficient use of available spectrum and limited interference with the licensed users. As described in this paper, the development of the Cognitive Radio aided Sensor Network technology requires the involvement and interaction of many advanced techniques like cooperative sensing, interference management, cognitive radio reconfiguration management etc. Energy constraints are the main limitation of Cooperative Sensing which can be overcome placing some coordinator nodes with extra power. By doing so the network life time WSN will increase to a greater extent, also unutilized spectrum can be used more efficiently with good QoS. Also, each node maintains 2 channels which is an added advantage as the data and control channels are separated.
6 Future Work In this paper, we try to give a two layered hierarchy for the cooperative spectrum sensing. In future we would like to enhance the performance of these wireless sensors based cooperative sensing by implementing various methods of sensing and also under some problems like shadowing and fading. As future work we would like to implement this and find real time results for the proposed model.
References [1] Akyildiz, I.F., Lee, W.-Y., Vuran, M.C., Mohanty, S.: NeXt generation/dynamic spectrum access/cognitiveradio wireless networks: A survey. Computer Networks 50, 2127–2159 (2006) [2] Ganesan, G., Li, Y.G.: Cooperative spectrum sensing in cognitive radio: Part I: two user networks. IEEE Trans. Wireless Commun. 6, 2204–2213 (2007) [3] Akyildiz, I.F., Su, W., Sankarasubramaniam, Y., Gayirci, E.: A Survey on Sensor Networks. IEEE Communications Magazine (August 2002) [4] Mitola III, J., Maguire Jr., G.: Cognitive Radio: Making Software Radios More Personal. IEEE Personal Communications (see also IEEE Wireless Communications) 6(4), 13–18 (1999) [5] Haykin, S.: Cognitive radio: brain-empowered wireless communications. IEEE Journal on Selected Areas in Communications 23(2), 201–220 (2005)
3D-CGIN: A 3 Disjoint Paths CGIN with Alternate Source Meenal A. Borkar1 and Nitin2 1
Department of Computer Sciecnce and Engineering, Amrapali Institute of Technology and Sciences, Shiksha Nagar, Haldwani-263139, Uttarakhand, India
[email protected] 2 College of Information Science and Technology, The Peter Kiewit Institute, University of Nebraska at Omaha, Nebraksa-68182-0116, United States of America
[email protected]
Abstract. The performance of multiprocessor systems is greatly dependent on interconnections and their fault tolerance ability. Handling faults becomes very important to ensure steady and robust working. This paper introduces, a new CGIN with at least 3 disjoint paths. It uses an alternate source at the initial stage, due to which at least 3 disjoint paths can be ensured. The network provides multiple paths between any source and destination pair. The alternate source guarantees delivery of packets to the intended destination, even if two switches or links fail. The alternate source proves quite helpful in case of any fault at initial stage, or the source is busy. In such cases, the packets can be retransmitted through the alternate source to avoid delayed delivery or starvation, which was not being used in original CGIN. This network also provides the dynamic re-routing to tolerate faults. The paper further presents two very simple routing strategies – first for routing in fault free environment and second for routing in faulty environment. Keywords: Gamma Interconnection Network, CGIN, disjoint paths, fault tolerance, Distance tag routing, Destination tag routing, re-routing.
1 Introduction In a multiprocessor system, many processors and memory modules are tightly coupled together with an interconnection network. A properly designed interconnection network certainly improves the performance of such multiprocessor system. Multistage Interconnection Networks (MIN) are highly suitable for communication among tightly coupled nodes. For ensuring high reliability in complex systems, fault tolerance is an important issue. The Gamma Interconnection Network (GIN) is a class of MIN is popularly used in many multiprocessor systems. In a gamma interconnection network, there are multiple paths between any source and destination pair except when source and destination are same. To overcome this A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 25–36, 2011. © Springer-Verlag Berlin Heidelberg 2011
26
M.A. Borkar and Nitin
drawback, many new techniques have been introduced. These techniques have also improved the fault tolerance capability of the GIN. These networks are – Extra Stage Gamma Network, Monogamma Network, B-network, REGIN, CGIN, Balanced-GIN, PCGIN, FCGIN and 3DGIN. These network architectures use additional stages, backward links & alteration in connecting patterns to tolerate the faults. These networks also suggest the techniques to route packets towards destination in case of any occurrence of a fault(s). In this paper, we propose a new network, namely 3D-CGIN – a 3 Disjoint CGIN with alternate source. This network is capable of tolerating two switch or link faults, by providing alternate source. Its hardware complexity is approximately equal to PCGIN. We further propose a simple routing algorithm for packet delivery. This paper is organized as follows – Section 2 covers Background and Motivation for this architecture. Section 3 introduces 3D-CGIN and its Topology, Section 4 focuses on routing in fault free environment and re-routing techniques to tolerate faults. Section 5 provides comparison of 3D-CGIN with other networks. Concluding remarks are in section six, followed by acknowledgments and references.
2 Background and Motivation 2.1 The Gamma Interconnection Network (GIN) The Gamma Interconnection Network [1] is an interconnection network connecting N = 2n inputs to N outputs. It consists of log2(N) + 1 stages with N switches per stage. These switches are connected with each other using 3 x 3 crossbar switches. The input stage uses 1 x 3 crossbars, output stage uses 3 X 1 crossbar and all the intermediate switches use 3 x 3 crossbar. A typical Gamma Network is shown in fig. 1. The stages are linked together using “power of two” [2] and identify connections such that redundant paths exist. The path between any source to destination is represented using any one of the redundant forms of the difference between source and destination. These redundant forms are generated using Fully Redundant Binary Number System. A number system gives a method to express numeric values. In a r radix fully redundant binary number system, each digit has (2r – 1) representations, ranging in {(r-1), …..., -1, 0, 1, 2, ….., (r-1)}. These number systems are redundant in the sense that some values have multiple representations. All non-zero values will have multiple representations. A digit can take any of the three values: 1, 0 and -1. In a Gamma Network, a packet visits n routing points before reaching its destination. There are three possible connections at stage i – the packet from node j takes a straight path to deliver it to node j at stage i+1; or reach node (j – 2i)mod N by taking an upward link; or reach node (j + 2i)mod N by taking a downward link. A routing tag is attached with each packet, which guides the packet through the network. This routing tag is made up of n bits, where n = log2N. This tag denotes the modulo N difference between destination and source. For this difference, we generate redundant representations. Each representation denotes a connection pattern from source to destination.
3D-CGIN: A 3 Disjoint Paths CGIN with Alternate Source
27
In this network, at any switching element three different packets can arrive at the same time. At stage i any node j can receive input packet from following three nodes: j, (j - 2i+1 ) and (j + 2i+1 ). These three packets will have 0, 1 and -1 at the ith digit in the routing tag. This network provides multiple paths between any source and destination pair using the redundant number representation. However, it provides unique path when source is same as destination.
Fig. 1. The Gamma Interconnection Network
2.2 Cyclic Gamma Interconnection Network (CGIN) In n-stage Gamma Network, the connection pattern can be represented as 20, 21, 22, …..., 2n-1 . In CGIN [8] the connection patterns were altered by repeating any stage at initial and end connections. This alteration provided multiple disjoint paths, guaranteeing one arbitrary fault tolerance. It also guaranteed multiple paths between any pair of source and destination. The resulting network depicted cyclic nature. A CGINγn is a CGIN with n stages and the connecting patterns between first two stages and last two stages being 2γ where 0≤ γ ≤ (n-2). So, the connecting patterns between stages can be ordered as 2γ, 2γ+1, 2γ+2, …., 2n-3, 2n-2, 20, 21, 22, …...2γ-1, 2γ
28
M.A. Borkar and Nitin
The stages of CGINγn are numbered 0 to n and the connecting patterns are based on plus-minus 2( γ+i)(mod n-1) functions. Fig. 2 shows a typical CGIN03 . Each request in CGINγn , carries a routing tag of n digits. The weight of each digit is determined by the connecting pattern. For a tag digit di , the weight is determined by the formula : ±2( γ+i)(mod n-1) if di is ±1. The routing complexity of CGIN is same as that of GIN. CGIN reduces the pin count, as it uses 2γ instead of 2n-1 connecting pattern. It reduces the total layout area as well thus, achieving reduction in cost. CGIN uses the destination tag routing and re-routing to tolerate any arbitrary single fault. It does not provide strong re-routability. Strong re-routability implies that the packet can be re-routed at every stage. CGIN provides at least 2 disjoint paths between any pair of source and destination. However, packet delivery can fail, if the source is faulty.
Fig. 2. CGIN03
2.3 Review of Fault Tolerance Techniques Used in GIN In order to provide reliable interconnection between each source and destination, one needs to look into the availability of switching nodes and links. Generally, a switching element is said to be faulty if it is down due to non-functionality or is busy with
3D-CGIN: A 3 Disjoint Paths CGIN with Alternate Source
29
transfer of packets. There are two possible faults in the Gamma Network, either a SE i.e. switching element is faulty or a link connecting two SEs is faulty. When a SE is faulty, then either the Source or the SE at previous stage should take a decision about retransmission of packet or re-routing the packet through some intermediate SE. In case of a link failure, the node connected with it should be able to choose an alternate path to the destination. In the following section we discuss various techniques used to tolerate these faults. Fault Tolerance Techniques. We try to focus on the major attempts made to tolerate the faults and improve the performance as well as terminal reliability of the Gamma Network. The majority of the work is done by providing additional hardware or altering the connection patterns. Adding Extra Stage. Adding extra stage to the Gamma Network eliminates following two problems: first, the unique path between a source and destination when S = D and second, the number of paths for even tag value are less than the number of paths for odd tag values. To provide multiple paths for S = D, an extra stage is added to the Gamma Network. The connection pattern for this extra stage can be any stage of gamma network. The routing tag is again made up of three possible values 1, 0 and -1. By using an additional bit for the extra stage one can generate the multiple paths from source to destination. The routing tags are generated in similar manner as that of the Gamma Network. The routing algorithm is a simple extension of routing in Gamma Network. The Extra Stage Gamma Network [3] uses this concept to provide multiple paths; those could be followed to handle the faults. Providing Back Links. In any multiprocessor system, the memory requests from processing elements are generated randomly, hence the path or memory conflicts are inevitable. By increasing switch sizes the path conflicts may be reduced, but memory conflicts are still unavoidable. Providing extra buffer space will certainly reduce the memory conflicts, but the implementations become very costly. Therefore, some networks use Backward Links to provide multiple paths, to cater with path / memory conflicts. The B-network [4] is the network using this particular fault tolerant technique. In this technique, the requests blocked due to path / memory conflict, are simply send back one stage and from there a new path is selected for the packet. In this approach, the packet may follow any number of back links, and then may get forwarded to destination. Following are certain features observed with back links – 1) The backward links act as implicit buffers, 2) The backward links at the very last stage can handle the memory contention, which cannot be done by crossbars. Providing the Extra Link. Some network architectures use an additional link that may connect to some additional SE in next stage. The Balanced Gamma Network [5] uses this approach. It uses the distance tag routing. Two more modified GINs, namely, PCGIN [6] and FCGIN [6], make use of additional links at 0th stage. In PCGIN, all the nodes are connected to each other, forming a chain from 0 to N. Using this layout it ensures at least 2 disjoint paths between any source to destination pair. It uses backtracking to tolerate faults. On the other side, FCGIN, uses a fully chained approach at each stage to avoid backtracking. Due to chaining at every stage, it provides distributed control and dynamic rerouting, hence a better fault tolerance is provided. These networks are 1 - fault tolerant.
30
M.A. Borkar and Nitin
Changing the Interconnection Patterns. Due to ±2i interconnection patterns, GIN provides multiple paths for many sources to destination pairs. However, for certain Source and Destination it provides unique paths, which prove risky if a node fails. Then for certain pairs the communication becomes impossible. One can provide multiple disjoint paths for all source to destination pairs by altering the interconnections between any stage i and i+1. The Reliable Gamma Network (RGIN) [7], uses the altered interconnection patterns to provide multiple paths and disjoint paths. Another network, called Mono gamma Network [8] also uses the altered interconnections to provide multiple paths between any source to destination pair, but they are not disjoint in nature. In Cyclic Gamma Interconnection Network (CGIN), any interconnection pattern between any two stages can be repeated to provide multiple disjoint paths without increasing the hardware cost. As it uses, the repetition of connection pattern the pin count reduces. Balance modified GIN [9], reverses the connection patterns for upper links as compared with GIN, while keeping the connection patterns intact for lower and straight links. This approach balances the distances between any communicating pair. By Combining the Switching elements. 3DGIN [10] is a network which combines the switches to provide 3 disjoint paths. Here, the switches at initial stage are combined together. It ensures without one lookahead, less hardware cost, 3 Disjoint paths and two faults tolerance. We propose a new network, which is an alteration in CGIN, with an alternate link at stage 0. This network provides 3 disjoint paths in CGIN, with use of the alternate link.
3 3D-CGIN: A 3 Disjoint Paths CGIN 3.1 Network Architecture of 3D-CGIN 3D-CGIN is a cyclic Gamma Network, connecting N = 2n inputs to N outputs. It consists of log2N + 1 stages with N switching elements per stage. The number of input nodes in 3D-CGIN are divided in two parts, and an alternate link is used connecting the respective input nodes to each other. It means that the first node in first part is connected with first node in second part with alternate link and so on. The 0th stage switches are 2 X 3 crossbars, 1st and 2nd stage switches are 3 X 3 crossbars, output stage switches are 3 X 1 crossbars. The connecting patterns between different stages are done as per CGIN concept. The connections between stage 0 - 1 & 2 - 3 are done as per 20 patterns whereas the 21 pattern is used for connection between 1 – 2. Fig. 3 shows the topology of 3D-CGIN for N = 8. In 3D-CGIN, a packet visits n switches before reaching the destination. The stages are numbered 0 to n, from left to right. The connecting pattern between stages is given by plus-minus 2(γ+i)mod (n-1) functions. The jth switch at stage i, 0 ≤ i ≤ n, is connected with three switches at stage i+1 using three functions: fstraight (j) = j fup (j) = j - 2(γ+i)mod (n-1) mod N fdown (j) = j + 2(γ+i)mod (n-1) mod N
3D-CGIN: A 3 Disjoint Paths CGIN with Alternate Source
31
The function fstraight defines the switch to be visited if a straight link is chosen. The functions fup and fdown denote the switches visited if we choose up and down links respectively. Each request in 3D-CGIN also carries a routing tag of n digits. Each digit in tag can take any of the following three values: 0, 1 and -1. We can use both the distance tag routing and destination tag routing methods to route a packet to its intended destination. By distance we mean Distance = D – S (Mod N), where D is the destination and S is the source. Following formula is used, to generate the all possible routing tags representing the distance between source and destination: RTDistance = δij 20 ± δij 21 ± δij 20 .
(1)
The alternate source / link at stage 0 is used in following cases : 1) The source S is faulty / non operational, 2) Source S is busy with packets and the current request needs urgent processing, 3) the buffer of source S is full, due to which the request is required to wait. The routing algorithm should make a decision about it. Whenever the packet is transferred to alternate source the routing needs one extra hop processing.
Fig. 3. Topology of 3D-CGIN with N = 8
32
M.A. Borkar and Nitin
3.2 Multiple Disjoint Paths We can observe that the destination D at stage n is connected to three switches at stage n-1; D + 2γ (Mod N), D and D - 2γ (Mod N) respectively. Therefore, a path can reach to D through one of them. So, the total number of alternative paths between source S and destination D should be sum of all possible paths from S to these three switches. We can estimate these numbers by using the recurrence relation used in CGIN. If we consider the alternate source is also used for transmission then, the paths from it will prove additional to the original paths generated from S to D. It can be observed that, multiple paths are always present between every pair (S, D), and we can get at least 3 disjoint paths considering the alternate link. Theorem: There exist at least 3 disjoint paths in 3D-CGIN. Proof : In 3D-CGIN, for any source S at stage 0, three switches at stage 1 are connected : S-1(Mod 8), S and S+1 (Mod 8), where the distance between S and D is in range -1 ≤ D – S (Mod 8) ≤ 1. The S ± i (Mod 8) switches at stage 1 will be connected with S ± i (Mod 8) and ((S ± i ) ± 2 ) mod 8 switches at stage 2. Therefore, we can say that the source S at stage 0 is connected with ( S ± 1 )mod 8 and (( S ± 1 ) ± 2 ) mod 8 switches at stage 2, except for a switch where (D – S ) mod 8 = 4. That means, any source S will be connected with switches (S, S ± 1, S ± 2, S ± 3) mod 8 at stage n-1. A switch at stage n is reachable through 3 links from stage n-1. The links 1 and -1 will certainly lead to disjoint paths towards destination D. Source S is connected with destination D by two paths if (D – S) mod 8 = ± 1. There is exactly one path from S to D if (D – S) mod 8 ≠ ± 1, except where (D – S) mod 8 = ± 4. The same logic is applicable when we use the alternate source. We can further show that, between two disjoint paths from alternate source, at least one path will be always in existence that will never use the switches used by source S to D. Hence, we can guarantee at least 3 disjoint paths from any source S to destination D considering the paths from alternate source.
4 Routing in 3D-CGIN 4.1 Routing Algorithm Considering Fault at Initial Stage In this section, we present an algorithm / strategy for selecting proper link at every stage. This algorithm considers fault at stage 0, and in case of faulty switch it forwards the packet to alternate source using the alternate link. The algorithm do not assumes any fault in further stages. Algorithm 1. If the source S is faulty at 0th stage then forward the packet to alternate source for that node i.e. the node S = S+4. 2. If S=D then always follow a straight link till you reach destination.
3D-CGIN: A 3 Disjoint Paths CGIN with Alternate Source
33
3. The routing will be done as follows: a. Let S be the source and D be the destination then first calculate Difference = D–S b. Repeat following steps till we reach the destination: 1. If -1 >= Difference >= -4 then follow uplink, you will reach an intermediate switch, make it new source and again compute the Difference = D-S. 2. If 1 Ω
3 Algorithm 3.1 Setting Up a Dedicated Path Here, we considered a 6 nodes topology of an ad hoc network to be fixed. Fig. 1 shows one source node Si, one destination node Di and four intermediate nodes A, B, C, D.
Fig. 1. Six nodes topology with Si and Di as destination and source node and four intermediate nodes
Strategy profile for each node having 3x3 random matrices has been generated. For any action (i, j) of the node, say A, value of the matrix a (i, j) is the payoff to node A for that action. Here, action represents the power with which the node is transmitting packets. To establish a communication link, these matrices are generated for every participating node and equilibrium occurs when maxima of one node occurs at position (i, j) where maxima of other node occurs. The strategy matrix is very much crucial to keep the track over selfish nodes. The following algorithm is proposed: a) Each node that will be participating in the transmission generates a 2-D matrix which contains the set of actions. Selection of a particular action decides the outcome of the node. A payoff value is assigned corresponding to each action of the node.
208
J. Gupta, I. Kumar, and A. Kacholiya Table 1. Payoff Matrix Node B a11
a21
a12
a22
Node A
b) Each node will cross verify the matrices of the rest of the nodes for the best action. This value will be considered as the virtual currency [2]. Considering three intermediate nodes between source and destination the condition can be checked in MATLAB using if ((A(j,i) == max A(i)) && (B(j,i) == max B(i)) && (C(j,i) == max C(i)) && (D(j,i) == max D(i))) Where, A, B, C, D are the corresponding strategy matrices and max(A), max(B), max(C), max(D) contains the maximum values of the corresponding strategies. The case may occur that a particular node is not participating with its best possible action. Then this node will be provided certain time to improve its behavior. The payoff values of all the nodes involved in the transmission are asked from the user. On the basis of outcome, one value from the various payoff values is being selected. Corresponding to this payoff value, there will be an energy with which node will be transmitting forward. After all nodes agree to participate at their corresponding energy levels, a dedicated path is formed. After the formation of dedicated path the transmission starts taking place. 3.2 Identifying the Cheating Node Cheating node can be identified by maintaining a table for all (Si,Di) pair which will be available at every node. Transmission by node will not be considered when it acts as source. Table 2. From node
To node
Power to support edge
Number times node participated
A A B B C C D D
B D A C B D C A
10 9 10 8 8 12 12 9
0 4 0 0 0 5 4 6
of
Game Theoretic Approach to Resolve Energy Conflicts in Ad-Hoc Networks
209
First three columns show the topology, whereas fourth column shows the number of times a node has participated in routing. It can be concluded from the table that when the node does not participate in the routing, value of fourth column for that particular node becomes zero. Based on the involvement or the co-operation of the nodes in the network payoffs or some incentives are given to them. Table 2 will be evaluated after every periodic interval and when value for any node comes out to be zero repeatedly, it means that particular node is not participating in routing therefore; no payoff will be given to it. This is how, the path is determined from the source to the destination which consumes least energy. In our simulation node B is not participating. This table can also help in minimizing the over-utilization of a node. When value of any node in fourth column becomes large, it means that node is being over-utilized.
4 Implementation The implementation of this novel algorithm is done by using rand function to generate the strategy matrices. The algorithm has been implemented for 50 games/transmissions. If the
Fig. 2. Graph representing Nash Equilibrium of source node
Fig. 3. Graph representing Nash Equilibrium of destination node
210
J. Gupta, I. Kumar, and A. Kacholiya
energy of a particular node in the topology gets exhausted then there will be no more participation of the node in the game/transmission. Fig.1 and Fig.2 show the Nash Equilibrium points for the source and destination nodes respectively. Similarly, the Nash Equilibrium of all the other nodes can be plotted.
5 Conclusion Game theory is used in many situations where conflict and cooperation exist. In this paper, we propose a game model that can be used to optimize total energy of the network and to analyze selfish behavior of the node, if any. Using this approach the route/path is determined which requires least energy with maximum co-operation among the nodes. If the same node is participating again and again to forward the packet then all the paths that go through that particular node will get diminished soon due to the over utilization of the node in terms of energy. Therefore, the above described algorithm has taken into account this problem. The nodes which are participating will be provided some payoffs or incentives and the others which are not co-operating will not be allowed to transmit their own packets. Nash equilibrium is used to determine the path which consumes less energy to reach the destination after taking decisions from the payoff matrices. Strategy of Game theory can further be applied to determine the network parameters like throughput and delay etc.
References 1. Komali, R.S., MacKenzie, A.B.: Distributed Topology Control in Ad-Hoc Networks: A Game Theoretic Perspective. In: Proc. IEEE CCNC (2006) 2. Leino, J.: Applications of Game Theory in Ad Hoc Networks, Master’s thesis, Helsinky University (October 2003) 3. Xiao, Y., Shan, X., Yongen, Tsinghua University: Game Theory Models for IEEE 802.11 DCF in Wireless Ad Hoc Networks, IEEE Radio Communications (March 2005) 4. Roughgarden, T.: Selfish routing and price of anarchy. Lecture Notes. Stanford University, Stanford 5. Srinivasan, V., Nuggehalli, P., Chiasserini, C.F., Ramesh, R.R.: Cooperation in Wireless Ad Hoc Networks. In: IEEE INFOCOM (2003) 6. Narahari, Y.: Game Theory. Lecture Notes, Bangalore, India
Software Secureness for Users: Significance in Public ICT Applications C.K. Raju and P.B.S. Bhadoria Indian Institute of Technology, Kharagpur, India {ckraju,pbsb}@agfe.iitkgp.ernet.in
Abstract. Software secureness as experienced by a user has connotations that imply better control over information that is getting encoded. It also implies adherence to established protocols by the software and provision to inspect software sources for coding errors. The significance of some of these issues is evident in some reference manuals on Software Quality. Software secureness could be treated as a significant constituent in software quality which can be enhanced by altering the properties of the software applications, software environment and software implementation of protocols or data standards that are deployed in the software projects. Traditional approaches to Software Quality often provide a privileged position to developers of software projects, in providing them the freedom to fix the prerequisites and conditions that determine quality. In situations where software serves public interests or needs, software secureness should not contrast amongst the communities that use, develop, test or maintain the same software project. For most of the services in public domain, the user community is the one which is constitutionally the most empowered. Utilities that serve public needs may also involve processing of information of user communities. Therefore, software secureness must be evaluated from the viewpoint of the community of its users, even if it happens to be the least privileged in setting the prerequisites or conditions for software quality. A shift of this nature is necessary because a proprietary software environment may be completely transparent to its developer community, even while remaining opaque or insecure to its user community.
1
Introduction
Software Quality is a widely discussed and debated issue especially in the context of software engineering practices. Software processes differ from most other manufacturing processes, in that the products and processes are capable of getting modified, tested or developed by communities of users, maintainers or developers. If one is aware of the constituents that create software quality, then it becomes easier to enhance the quality. This article examines the issue, taking software secureness as a parameter for achieving software quality. It attempts to define and view secureness through correctness of software sources, fair implementation of protocols and through the nature of data formats that the software projects use. Initial reviews on software quality measures on software products had prompted A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 211–222, 2011. c Springer-Verlag Berlin Heidelberg 2011
212
C.K. Raju and P.B.S. Bhadoria
detailed studies on issues like as-is utility, portability and maintainability [4]. Significance of portability and maintainability has also been stressed in another software product quality model suggested by Dromey [6]. This situation presupposed availability of software as sources and details of protocols, as without accessibility to such sources, maintainability could be ruled out and portability gets impossible. Manuals in software quality make adequate references to adherence to use of data standards, fair implementation of protocols and transparency in coding of their implementation [2], [3], [1]. These manuals, while laying out specifications for achieving software quality, however, do not insist on the dichotomies that arise while applying quality conditions to user and developer domains. While developers working within proprietary software establishments can claim software quality by adhering to these manuals by virtue of having accessibility to software design and development processes, a majority of users who are out of purview of the development establishment and who would be the major consumers of software, are not in a position to guarantee software quality on their own. This unique contradictory situation insofar as the software users are concerned has even prompted a suggestion that open standards without insistence of open source software would render the whole claim of software quality inadequate [14]. Software sources often undergo changes while catering to evolving demands. Its management too would get complex, when the communities of users, developers or maintainers are allowed varying degree of permissions or restrictions in their access to software sources. Adherence to established protocols also requires that software is programmed to do, what it claims to do. Even more importantly, software should not be doing, what it is not supposed to do. The task of validating secureness, therefore, needs a fair amount of expertise in programming by the inspecting agency. It is known that errors or deviations from norms in software can be brought out if more people are allowed to inspect the sources [13]. Therefore, access to software sources is a critical factor in establishing secureness of software, especially for those software applications serving public interests or needs. The properties and nature of data formats used in public applications also need to be scrutinized for their linkages with software secureness. Data formats could be either standards or open formats where ownership have been relinquished. Data formats could also be proprietary which may have owners. When ownership of proprietary formats are in private possession, encoded information risk getting under perpetual control, especially if the private owners shun efforts to convert them into legitimate standards relinquishing ownership. In a draft legislation introduced in Republic of Peru [15], a few issues were referred. It was argued that public agencies have a natural obligation to guarantee permanent availability of information encoded, processed and stored while engaging with software applications. To ensure this, proprietary formats were not desirable for public systems. The significance, as per the bill was due to the fact that private information of citizens gets processed in such software systems,
Software Secureness for Users: Significance in Public ICT Applications
213
and the state as a legitimate custodian of such information has an obligation to safeguard its availability. Hence usage of data standards or open data formats which do not have owners needs to be mandatory part of any public software initiative. Software that has the data formats encoded in open data formats or data standards will enhance its secureness, as these could be retrieved or made available at any time in future. Accessibility to software sources allows inspection of the sources for fair implementation of software protocols and coding practices. The draft bill had promoted use of Free Software in public institutions [15]. A study [14] on effectiveness of open standards had pointed out that unless the implementation of such standards are carried out with open source projects, a precarious situation involving vendor lock-in might follow. In a case taken up for study here, the twin requirements that deal with accessibility to software sources and adherence to established data standards or open data formats were scrutinized and their suitability examined towards enhancing software secureness. The public software application is one that monitors a rural employment guarantee scheme introduced on a national scale in India. 1.1
National Rural Employment Guarantee Scheme (NREGS)
A government initiative to guarantee 100 days of employment on an annual basis to all rural households in India was legislated [7] in 2005. Commissioned as National Rural Employment Guarantee Scheme (NREGS), the programme was open to all households whose members were willing to offer unskilled labour. Though initially the programme was implemented in selected areas, it later got extended to all rural areas of India. The programme, rechristened as Mahatma Gandhi National Rural Employment Guarantee Scheme (MGNREGS), continues to be executed through all local self-government institutions in the Panchayat Raj System which predominantly addresses rural population. The enactment was subsequently amended to place all information about the scheme in public domain through a website. It later became a mandatory requirement [8] for the purpose of introducing transparency in all the transactions within the system. This monitoring scheme which has already commenced is planned to be in operation at over 240,000 rural self-government institutions in India. The software that fulfills this requirement has been developed by National Informatics Centre (NIC) and is made available to the rural local self-government institutions. Here, the data processed at rural local self-government institutions spread across the country will be received and stored at a central database repository. NREGASoft, the software developed for monitoring these activities is capable of operating in ’online mode’ as well as in ’offline mode’ [12]. In the online mode of operation, a dedicated internet connection needs to be established between the local self-government institution and the Ministry of Rural Development (Govt. of India) which hosts the central server. In the online mode, details of all activities are updated on a daily basis with the help of a browser application at the nodes. However, due to the enormity of data, the data-entry operations which even include marking of attendance of the workers at the various work
214
C.K. Raju and P.B.S. Bhadoria
sites are carried out in the offline mode. In the offline mode, data related to MGNREGS are entered by local self-government institutions and updated in a local database repository. Later, at a convenient time or from an alternate location, the incremental updates to local database are synchronized with the remote central repository, which is housed in the premises of Ministry of Rural Development, Government of India. NIC has developed a web-server application integrated with a hypertext scripting engine with the central database server [8], which allows ’online mode’ of operation. According to its principal developer [11], the first major award bagged by the project was Microsoft e-Governance Award 2006.
2
State of Software Sources and Data Formats
On analysis of NREGASoft it was observed that the central server which received information from rural local bodies was configured using proprietary software. The information received was stored in database in a proprietary format. The minimum essential configuration for becoming the client of the monitoring network, as per the manual [12], is listed in Table 1. Table 1. Ownership of Client Software Sources (Offline) Software
Nomenclature
Owned by
OS
Windows XP SP-2
Microsoft Inc
Web Server IIS Server Database
Microsoft Inc
MS SQL Server 2000 Microsoft Inc
Application NREGASoft
NIC
It can be seen that a software firm has exclusive ownership over the software environment which embeds the application software developed by NIC during execution. Users of this rural software application do not have access to software sources that are owned by this software firm, and hence software secureness of the environment for the users gets reduced. For both the offline mode and the online mode of operation, the server configuration is listed in Table 2. The secureness of the scripts that make up NREGASoft is dependent on access to its sources. NIC owns and maintains the scripts of NREGASoft. Since these scripts are made available to local self-government institutions, secureness of NREGASoft will be dependent on the extent of access to the scripts that is made available to the users. However, when a software application is embedded inside an insecure software environment, the software project will become insecure for its users. In a study carried out by Jones, it was pointed out that at the user end, it is almost impossible to build a meaningful software metrics even for identifying its inadequacies or highlighting its worthiness as good, bad or missing [9]. The study even went ahead and claimed a metric as hazardous which was unrelated to
Software Secureness for Users: Significance in Public ICT Applications
215
Table 2. Ownership of Server Software Sources Software
Nomenclature
OS
MS Windows Server Microsoft Inc
Web Server IIS Server Database
Owned by Microsoft Inc
MS SQL Server 2000 Microsoft Inc
Application NREGASoft
NIC
real economic productivity. Therefore for any software project to be completely secure to its users, it should be operated only in an environment that can extend secureness of any software that is in execution. From the database description used in the application, it is evident that information related to public is encoded in proprietary data format and is opaque to its users. Deprived of the neutrality that is required in data standards or open data formats and transparency in implementation of its encoding, the secureness of data diminishes. 2.1
Secureness through Access to Sources
In NREGASoft, the community of users is mostly those from the rural local bodies in India, belonging to different states and union territories in India. The developers and maintainers of the application of NREGASoft happen to be from National Informatics Center (NIC), which is a public agency under the administrative control of Government of India. The developers of the software environment of NREGASoft happen to be from a private software firm. In this proprietary software project it can be seen that the communities of users, developers and maintainers are not the same. NIC has some definite control over the sources (server scripts) it develops and maintains. The communities of users, which happen to be the members in local self government institutions, do not enjoy the same privileges for access to the sources as that of the maintainers. A proprietary developer of kernel and similar services related to Operating System may have complete control over the entire project. This is because user-level software applications get embedded inside a proprietary operating environment, which can oversee any aspect of its functioning. A recent study suggested that exposure to software sources would help in reducing the number of faults which can be taken as an important factor while creating a process metrics [10], but the dilemma of software secureness would continue, so long as sources are not made available to user community. Secureness of software is directly related to access and control over source code of software by the users. The software project may be secure enough to Microsoft Inc., who has access to all the code it develops. NIC’s sense of secureness, however, is limited to its control over the sources NIC has developed. Still lesser sense of secureness will prevail on the programmers and other users in rural local self-government institutions, who may have access to some portions
216
C.K. Raju and P.B.S. Bhadoria
of the program developed by NIC. For the common rural citizens in whose service the application is created, however, the application can never be declared secure. This is because there are no legal provisions that facilitate rural citizens to inspect, test or debug the code or entrust such inspection to third-parties as brought out in the draft bill introduced in Peru [15]. In a democracy, where state serves its people, excluding people from accessing software sources is akin to excluding masters of the state. The secureness of software vis--vis ordinary citizens, whose information is getting processed, is therefore not prominent in NREGASoft. 2.2
Secureness through Adherence to Data Standards
Software scenario is replete with instances of multiple choices for data formats available for the purposes of storage or processing in certain application domains. Wherever data formats have been declared as data standards or open data formats, it can be presumed that issues over ownership over such data standards too have been settled. This is primarily because data standards or open data formats are devoid of owners claiming exclusive rights over such formats. Data standards or open data formats play a vital role in ensuring interoperability of encoded data between systems as they become neutral to applications that use them. Retention of ownership or rights over some or all parts of standards would dent this neutrality, in the process rendering it a non-standard. Its status then would be as a proprietary data format. The scope of discussion on proprietary formats in which data are encoded and other related protocols used in NREGASoft is limited, as their implementation details are not available for inspection by any user, other than the firm that developed it. Additionally, there cannot be a fool-proof mechanism for validating any claims of adherence to protocols, as these are available only in binaries, mostly in a non-decodable format whose ownership entirely lies with a single agency. The licensing conditions, under which these utilities are made available to users, strictly prohibit any attempts to reverse-engineer or decode. Thus, the existing state of the art is severely limited in its scope for evaluation or scrutiny, from a technological perspective. The data encoded cannot be guaranteed to be available permanently [15]. Secureness of the system, therefore, is further compromised through the usage of proprietary formats and non-verifiable protocols. Operations from client-side have been categorized into two modes. In the offline mode, a local database is created and updated, from where data is updated with the central database server. Most of the software utilities are available only in binary formats. The state of client in offline mode is almost the same as that of server. Secureness of client, therefore, is poor as in the case with secureness of server. In the online mode, it will be a web-application which will be used to update the remote database. Here too, the encoding of data for storage in remote database will be carried out in proprietary formats.
Software Secureness for Users: Significance in Public ICT Applications
217
The tendency of software secureness to vary can be gauged from the interest shown by the owner of proprietary format to have it converted into a legitimate standard, relinquishing any kind of ownership. Absence of ownership over any part of format, if published as a standard, and made available for public use, would naturally mean that everyone has an equal share of ownership, enforcing neutrality. In the event of non-neutrality of encoding process, the format may need alteration to become a standard. In the case of NREGASoft, Microsoft Inc currently holds the ownership of proprietary data formats used in its systems. Hence, software secureness is severely restricted with regard to encoding of information. 2.3
A Framework That Indicates Secureness of Software
In a similar description, one can find a range associated with accessibility of software. At one end of the spectrum is making available software source codes with freedom to inspect, modify and publish, to the community that uses them. At the other end of the spectrum lie software, extended as binaries with two different variants. One variant is a type of software binaries with access to their respective sources with varying degrees of freedom over their usage to inspect, modify, alter, distribute or publish as in the case with Free Software or other Open Source projects. The other is extension of mere binaries of software with no access to their sources, denying the user community to build the binaries from their respective sources. Thus, inspection, modification, alteration etc are impossible. A framework that adequately represents this model of arrangement is produced in Figure 1. The first and fourth quadrants deal with sources of software code, with a difference. While sources and standards are available in public domain in the case of first quadrant, the sources and data formats used in the fourth quadrant are available only within the proprietary establishments that develop them. The secureness in the first quadrant is highest, which are enjoyed by users, developers, maintainers and testers. The secureness for software in fourth quadrant are however enjoyed by only developers and testers of proprietary software. Since users of proprietary software deal only with software binaries and proprietary formats, secureness of software is absent for users of proprietary software. Cases that deal with standards and binaries (with no access to source code) as well as cases that deal with proprietary formats and binaries (with access to source code) are both deviations from the usual norm, and hence their representation is not considered important in this framework. They are not testable too, by virtue of having binaries or proprietary formats, often legally protected from any detailed scrutiny. NREGASoft as a product independent of its environment lie in third quadrant, and the software environment that facilitates its functioning lie in the fourth quadrant. It is pertinent to note that users of NREGASoft have their software secureness seriously compromised. This analysis sets off an inquiry whether it is possible to elevate the secureness of software, and if so, what should be conditions that favour this transition.
218
C.K. Raju and P.B.S. Bhadoria
Fig. 1. A framework highlighting differing environments for Users, Developers and Maintainers
3
Software Monitoring Application with Enhanced Secureness
A scalable prototype for a local database management system that captures and stores information pertaining to MGNREGS was developed using Free Software applications during late 2009 and early 2010. The following software components described in Table 3 were deployed. Table 3. Alternate Software Specifications Software Operating System
Nomenclature GNU/Linux Ubuntu 9.10
Web Server
Apache 1.3.42
Database
MySQL 5.1.31
Webserver Scripts
PHP 5.2.12
Content Managing Software
Drupal 6.15
A scalable prototype was developed with Drupal and the essential functions of a work-activity were captured and made available as reports. Assessment of work requirements and its processing was carried out at Panskura-I, a block panchayat in East Medinipore district, West Bengal. Information generated through the reports, validated the functional aspects of the prototype at the developer’s
Software Secureness for Users: Significance in Public ICT Applications
219
level. In a rural application developed with Free Software, the transparency of the solution would be highest if the rural citizens are allowed to inspect the code that processes their information. This meant that making available packages in Free Software over an Operating System built over Free Software is inadequate. The entire sources of the database that created the application too need to be made transparent. The new conditions made the publishing of the Structured Query Language (SQL) database dump for the application under a GNU General Public License (GPLv3), imperative. A mere replication of a database, too, is inadequate if inspections are to be carried out. The metadata design pertaining to the database that processed all work activities of MGNREGS were made part of the original design. This meant that the application displayed, as part of its features, the database design too, with relations, entity relationship diagrams and detailed description of every attribute in all relations, and the forms that invoke these relations. Moreover, all future transactions that are committed on this database would also retain the same openness and transparency, when copied for distribution. An SQL dump would then cause not only the data captured through the application available for inspection, but also the semantics of its usage. Since access privileges are controlled by the MySQL database which is separated from the database meant for storing information related to MGNREGS, unauthorized intrusions are blocked. Releasing the SQL dump under a GNU General Public License would ensure that every amendment incorporated would need to be published if the solution is made available to another party. These measures would in no way affect the operational capabilities of the monitoring software and would enhance the relationship between software design quality, development effort and governance in open source projects as carried out in a study [5]. Rather, it would reinforce the requirements for transparency in all its operational details, which had been a condition for setting up an information processing and monitoring system [8]. The new way for replication was, thus, to install all the packages mentioned in Table 3 above, superimpose the SQL dump of backed up Drupal application database and install MGNREGS database in MySQL. The entire application would be recreated that would not only have the application, but also one that contains the design aspects too of the database. By implementing such a design, secureness of software was enhanced with ease of reproduction for the purpose of analysis or modification. The authentication codes were the only elements that were not part of the transparent package, for obvious reasons. For developers, updating of software tools as and when new releases are distributed is essential, as most Free Software projects evolve continuously. A new challenge, therefore, would be to make available newer releases of software to all the nodes. A version control system would ensure seamless integration of the application to any versions of the software environment. Software projects may involve user, developer, tester and maintainer communities. Here, one can find that the privileges of all the communities are almost
220
C.K. Raju and P.B.S. Bhadoria
Fig. 2. Varying software secureness in different software environments
the same with regard to access to software sources, which is crucial to ascertain adherence to established protocols and adherence to open data formats or data standards. The privileges of user communities, here, are better than those in NREGASoft. For the user community, secureness of software has been enhanced in Free Software application when compared to secureness of NREGASoft. To enhance the software secureness of NREGASoft, therefore, the conditions require that the solution be re-designed in a Free Software environment. Additionally, the proprietary formats in which encoding of public information is currently being carried out are to be abandoned in favour of open data formats or data standards, devoid of any ownership. To ensure that the application scripts too can never be closed for inspection, they too should be released under an open public license that prevents its closure in future. By having the software secureness of NREGASoft enhanced considerably to the user community, it can be safely presumed that software quality too would be improved as depicted in Fig 2. The authors would like to point out that while this software development work merely validates the claim that secureness of software with respect to the user community can be enhanced, the study does not claim that such development work is beyond the capabilities of private software development companies. On the contrary, the authors may even recommend entrusting such development work to leading software developers in the private sector in India to make use of their vast experience and access to human resources. This study, however, accords priority to the licenses under which the transfer of rights of software and sources ought to take place that would reveal the extent of secureness of software to its users.
Software Secureness for Users: Significance in Public ICT Applications
4
221
Conclusion
As a principle, software quality is associated with adherence to use of data standards, fair implementation of protocols and transparency in coding of their implementation. Software that adheres to these criteria extends secureness to the users, developers and maintainers of software. In many software projects, especially those that process information related to public citizens, the communities of developers, maintainers and users could be different. There exist possibilities wherein software which may appear secure to developer community could become insecure to user community. Software which are released only as binaries cannot be verified for their adherence to data standards, protocols or for rules associated with its implementation. It is therefore vital to ensure that any software that are to be assured for its quality, adheres to established data standards or published open formats (after relinquishing ownership, so that these could be taken up for converting into a standard). Additionally, releasing the software sources would ensure that implementation details of software are transparent and do not violate any existing protocols. Rigorous methods of control have been suggested in a software quality management system adopted from standards Australia [2], which insisted on review of code and documents to assure their compliance with design criteria. Additionally, in a constitutional setup under which such public software services are developed, operated and maintained, the user community is the one which is constitutionally the most empowered. Therefore in cases like these, software secureness should be evaluated from the viewpoint of users to ascertain software quality. NREGASoft, a software implementation for monitoring information processed in the employment guarantee scheme (MGNREGS) is found wanting in areas related to data standards and transparency in implementation as the current environment and software platforms are proprietary in nature. In order to enable the government in extending the necessary guarantees over processing of information related to public, adherence to published protocols and its encoding, NREGASoft should be re-designed to be implemented with Free Software using published data standards. This variation in design and implementation would eventually enhance the software secureness to the user community of the software, thereby accomplishing better software quality. The experiment carried out with Free Software as a case study by the author, further exemplifies that by resolving to release the database dump under a GNU General Public License (GPLv3), the legal mechanisms would help in retaining the transparency of implementation in future too.
References 1. IEEE Guide for Software Quality Assurance Planning. ANSI/IEEE Std 983-1986, 1–31 (1986) 2. IEEE standard for Software Quality Assurance Plans. IEEE Std 730.1-1989, 0–1 (1989)
222
C.K. Raju and P.B.S. Bhadoria
3. Software Quality Management System. part 1: Requirements. Adopted from Standards Australia. IEEE Std. 1298-1992; AS 3563.1-1991, 0–1 (1993) 4. Boehm, B., Brown, J., Lipow, M.: Quantitative evaluation of software quality. In: Proceedings of the 2nd International Conference on Software Engineering, pp. 592–605. IEEE Computer Society, Los Alamitos (1976) 5. Capra, E., Francalanci, C., Merlo, F.: An empirical study on the relationship between software design quality, development effort and governance in open source projects. IEEE Transactions on Software Engineering 34(6), 765–782 (2008) 6. Dromey, R.G.: A model for software product quality. IEEE Transactions on Software Engineering 21, 146–162 (1995) 7. Government of India: The National Rural Employment Guarantee Act NREGA 2005. Government Gazette, India (2005) 8. Government of India: Government Notification on Transparency in NREGA. Government Gazette, India, p. 9 (2008) 9. Jones, C.: Software Metrics: Good, Bad and Missing. IEEE Computer 27(9), 98– 100 (1994) ISSN:0018-9162 10. Khoshgoftaar, T.M., Liu, Y., Seliya, N.: A multiobjective module-order model for software quality enhancement. IEEE Transactions on Evolutionary Computation 8(6), 593–608 (2004) 11. Madhuri, S., Mishra, D.: Strengthening National Rural Employment Guarantee Scheme (NREGS) through E-Governance. In: E-Governance in Practice (2008) 12. NIC, Government of India: User manual of NREGA. MIS for National Rural Employment Guarantee Act (NREGA) 2005 (2007) 13. Raymond, E.S.: The Cathedral and the Bazaar: Musings on Linux and Open Source by an Accidental Revolutionary. O’Reilly, Sebastopol (2001) 14. Tiemann, M.: An objective definition of open standards. Computer Standards and Interfaces. Science Direct 28(5), 495–507 (2006) ISSN 0920-5489 15. Villaneuva, E.: Use of Free Software in Public Agencies. Bill No 1609, Republic of Peru (2001)
Vector Space Access Structure and ID Based Distributed DRM Key Management Ratna Dutta, Dheerendra Mishra, and Sourav Mukhopadhyay Department of Mathematics Indian Institute of Technology Kharagpur–721302, India {ratna,dheerendra,sourav}@maths.iitkgp.ernet.in
Abstract. We present an effective DRM architecture with multi distributors that facilitates client mobility and propose a family of flexible key management mechanisms for this system coupling Identity-Based Encryption (IBE) with vector space secret sharing. Our proposed DRM architecture provides scalability of business model and allows to make proper business strategies for different regions and cultures. The encrypted digital content sent by a package server can only be decrypted by the DRM client and is protected from attacks by other parties/servers in the system. Our key management protects the key used to encrypt a digital content during its delivery from the package server to the DRM client, not only from purchasers but also from the distribution servers and the license server. The IBE enables efficiency gains in computation time and storage over the existing certificate-based Public Key Infrastructure (PKI) based approaches as no certificate management and verification is needed by the entities in the system. Keywords: DRM, key management, content protection, security, vector space secret sharing, IBE.
1
Introduction
The widespread use of the Internet has greatly facilitated the distribution and exchange of information. Immediate access to content with low-cost delivery is one of the new benefits Internet-based distribution brings. However, digital content by nature is highly vulnerable to unauthorized distribution and use. This raises issues regarding intellectual property and copyright. After content is provided, no further protection is provided on that content. While these new technologies have the potential to open up new markets, the risk of abuse makes copyright owners reluctant to use them. Digital Rights Management (DRM) technologies ensure the protection of digital content after distribution, providing ways to exercise usage control on that content. The goal of DRM technology is to distribute digital contents in a manner that can protect and manage the rights of all parties involved. The core concept in DRM is the use of digital licenses. The consumer purchases a digital license granting certain rights to him instead of buying the digital content. A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 223–232, 2011. c Springer-Verlag Berlin Heidelberg 2011
224
R. Dutta, D. Mishra, and S. Mukhopadhyay
The content access is regulated with the help of a license that contains permissions, constraints and a content decryption key. Permissions are privileges or actions that a principal can be granted to exercise against some object under some constraints. Examples of permissions include printing, playing, copying, and embedding the content into other content items. Constraints are restrictions and conditions under which permissions are executed. Constraints may include expiration date, available regional zone, software security requirements, hardware security requirements, and watermarking requirements. A set of constraints can also include another set of constraints recursively, which means that the included set of constraints must also be satisfied. Current Digital Rights Management (DRM) systems support only two-party systems, involving the package server and purchaser [10], [2], [13], [7], [3]. However, DRM systems need to be sufficiently flexible to support existing business models and extensible to adapt to future models. The DRM architecture in multi-party multi-level setups has been used [8], [11], [14], [15] as an alternative to the traditional two-party DRM architecture. Our Contribution: In this paper, we design a DRM system which is suitable to more innovative and scalable business models considering a network with multi-distributors instead of single-distributor. A local distributor can better explore potentially unknown markets for the owner (package server) and make strategies according to the market. In addition, the distributors can also help in handling different pricing structures of media in different countries, and share with the owner any information on price or demand fluctuation cost. In our DRM system, the DRM client has the flexibility of choosing a distributor based on his own preference. The DRM client may be mobile and roam from one region to another. The DRM client may contact the distributor who is nearest to him by location or who offers promotions/discounts on the price or offers more commissions. We provide a secure and efficient key management scheme in our proposed DRM system using IBE [17] instead of certificate-based Public Key Infrastructure (PKI), coupling it with vector space secret sharing scheme. The IBE has the property that a user’s public key is an easily calculated function of his identity, such as his email address, while a user’s private key can be calculated for him by a trusted authority, called Private Key Generator (PKG). The identitybased public key cryptosystem needs verification of user’s identity only at the private key extraction phase. Consequently, the identity-based public key cryptography simplifies certificate management and verification and is an alternative for certificate-based PKI, especially when efficient key management and security are required. We obtain efficiency gains in computation time and storage over the existing certificate-based PKI approaches as no certificate management and verification are needed by the entities in our DRM system. Moreover, our construction is general as it uses a general monotone access structure and vector space secret sharing. These facilitates to constructs a family of flexible key distribution schemes.
Vector Space Access Structure
225
In our key management mechanism, the package server does not trust distribution servers or license server. The symmetric decryption key used to encrypt a digital content is delivered from the package server to the DRM client in a secure manner and is protected from its generation to consumption. Unlike current DRM systems which have focused on content protection from purchasers, our scheme protects the key not only from purchasers, but also from other principals such as the distribution servers and the license server. Consequently, the encrypted digital content sent by a package server can only be decrypted by the DRM client who has a valid license and no one else.
2 2.1
Preliminaries Common Components in DRM System
Despite different DRM vendors having different DRM implementations, names and ways to specify the content usage rules, the basic DRM process is the same. The entities involved in a DRM system are a package server, distribution server, license server and DRM client [12], [9]. In this model, a purchaser is not a service provider, he simply pays a fee to the DRM client and watches a movie or listens to a song. 2.2
Certificate-Based Vs. Identity-Based Cryptography
The certificate-based protocols work by assuming that each entity has a static (long term) public/private key pair, and each entity knows the public key of each other entity. The static public keys are authenticated via certificates issued by a certifying authority (CA) by binding users’ identities to static keys. When two entities wish to establish a session key, a pair of ephemeral (short term) public keys are exchanged between them. The ephemeral and static keys are then combined in a way so as to obtain the agreed session key. The authenticity of the static keys provided by signature of CA assures that only the entities who posses the static keys are able to compute the session key. Thus the problem of authenticating the session key is replaced by the problem of authenticating the static public keys which is solved by using CA, a traditional approach based on a Public Key Infrastructure (PKI). However, in a certificate-based system, the participants must first verify the certificate of the user before using the public key of the user. Consequently, the system requires a large amount of computing time and storage. In identity-based public key encryption, the public key distribution problem is eliminated by making each user’s public key derivable from some known aspect of his identity, such as his email address. When Alice wants to send a message to Bob, she simply encrypts her message using Bob’s public key which she derives from Bob’s identifying information. Bob, after receiving the encrypted message, obtains his private key from a third party called a Private Key Generator (PKG), after authenticating himself to PKG and can then decrypt the message. The private key that PKG generates on Bob’s query is a function of its master key and Bob’s identity.
226
R. Dutta, D. Mishra, and S. Mukhopadhyay
Shamir [17] introduced this concept of identity-based cryptosystem to simplify key management procedures in certificate-based public key infrastructure. The first pairing-based IBE scheme was proposed by Boneh and Franklin in 2001. Shortly after this, many identity-based cryptographic protocols were developed (see [4] for a survey) based on pairings and this is currently a very active area of research.The identity-based public key cryptosystem can be an alternative for certificate-based PKI, especially when efficient key management and moderate security are required. The advantages of ID-based encryption are significant. It makes maintaining authenticated public key directories unnecessary. Instead, a directory for authenticated public parameters of PKGs is required which is less burdensome than maintaining a public key directory since there are substantially fewer PKGs than total users. In particular, if everyone uses a single PKG, then everyone in the system can communicate securely and users need not to perform on-line lookup of public keys or public parameters. In an ID-based encryption scheme there are four algorithms – (i) Setup: Creates system parameters and master key, (ii) Extract: Uses master key to generate the private key corresponding to an arbitrary public key string ID, (iii) Encrypt: Encrypts messages using the public key ID, and (iv) Decrypt: Decrypts the message using the corresponding private key of ID. 2.3
Secret Sharing Schemes
Definition 2.1: (Access Structure) Let U = {U1 , . . . , Un } be a set of participants and D ∈ / U is the dealer or group manager. A collection Γ ⊆ 2U is monotone increasing if B ∈ Γ and B ⊆ C ⊆ U imply C ∈ Γ . An access structure is a monotone collection Γ of non-empty subsets of U. i.e., Γ ⊆ 2U \{∅}. The sets in Γ are called the authorized sets. A set B is called minimal set of Γ if B ∈ Γ , and for every C ⊂ B, C = B, it holds that C ∈ / Γ . The set of minimal authorized subsets of Γ is denoted by Γ0 and is called the basis of Γ . Since Γ consists of all subsets of U that are supersets of a subset in the basis Γ0 , Γ is determined uniquely as a function of Γ0 . More formally, we have Γ = {C ⊆ U : B ⊆ C, B ∈ Γ0 }. We say that Γ is the closure of Γ0 and write Γ = cl(Γ0 ). The family of nonauthorized subsets Γ = 2U \Γ is monotone decreasing, that is, if C ∈ Γ and B ⊆ C ⊆ U , then B ∈ Γ . The family of non-authorized subsets Γ is determined by the collection of maximal non-authorized subsets Γ 0 . Example. In case of a (t, n)-threshold access structure, the basis consists of all subsets of (exactly) t participants. i.e. Γ = {B ⊆ U : |B| ≥ t} and Γ0 = {B ⊆ U : |B| = t}. Definition 2.2: (Vector Space Access Structure) Suppose Γ is an access structure, and let (Zq )l denote the vector space of all l-tuples over Zq , where q is prime and l ≥ 2. Suppose there exists a function Φ : U ∪ {D} → (Zq )l which satisfies the property: B ∈ Γ if and only if the vector Φ(D) can be expressed as a linear combination of the vectors in the set {Φ(Ui ) : Ui ∈ B}. An access structure Γ is said to be a vector space access structure if it can be defined in the above way.
Vector Space Access Structure
3 3.1
227
Protocol Overview of the Proposed DRM Architechture
Entities involved in our DRM model are: package server P , n distribution servers D1 , . . . , Dn , license server L, DRM client C. The package server P appoints n distribution servers D1 , . . . , Dn in different regions to facilitate the distribution process. The DRM client C is mobile and moves from one region to another. C can download encrypted contents from its preferred distributor, say Di , which might be location wise nearest to C. The owner of the package server P has raw content and wants to protect it. None of the principals except P and the DRM client with a valid licence should know how to decrypt the content. 3.2
Overview of the Proposed Key Distribution
The commonly used cryptographic primitives in DRM systems are symmetric and public key encryption, digital signatures, one way hash functions, digital certificates etc. A high level description of our proposed key distribution scheme and the implementation specifications are provided below. Symmetric key algorithm: Symmetric encryption is used to encrypt raw digital content with a content key by the package server P to prevent illegal copying of digital content. We can make use of any existing symmetric key algorithm (such as DES-CBC). Public key algorithm: We split the content key into several partial content keys. These partial content keys are delivered using public key encryption to the license server L and the distribution servers D1 , . . . , Dn in such a way that neither the distribution servers nor the license server can generate the content key. Public key algorithm is also used to encrypt the digital license containing the partial content keys using the public key of the receiver, thereby enabling only the party holding the matching private key to extract the partial content keys. The party then can reassemble these partial content keys to compute the original content key and get access to the digital content. The components of our proposed DRM system which have a content decryption key are the package server P and the DRM client C with a valid license. It is very difficult to authenticate a purchaser. Purchasers are concerned about their privacy and anonymity. They simply need to pay a fee to watch a movie. Instead, the DRM client C is a service provider to purchaser and should be authenticated by the owner of the package server P . RSA 2048 bit is widely used public key encryption algorithm. To mitigate the bandwidth overhead, among several public key cryptography one may adopt Elliptic Curve Cryptography (ECC) [5], [1] due to its acceptable overhead. In our public key distribution, we use the setup of Identity-Based Encryption (IBE) instead of certificate-based setup to simplify certificate management and verification. A trusted PKG generates the private key of a server upon receiving its public identity (which may be some known aspect of its identity, such as its e-mail address). We use the private/public key pair thus generated for each entity in the system as the respective signing/verification key pair of the corresponding entity.
228
R. Dutta, D. Mishra, and S. Mukhopadhyay
Digital signatures: We use digital signatures for non-repudiable rights issuing. The license server digitally signs licenses of the digital content. Consequently, the play application on the DRM client’s device can verify the correctness of the usage rights and keep the signature as a proof of rights purchase. The signature scheme ECC-192 provides higher security level than RSA-1024 while the length of its signature is 48 bytes compared to 128 bytes of RSA-1024 [5]. 3.3
Secure Delivery of Content Key
We now describe in detail our proposed key distribution scheme. 1. Setup: 1.1) The principals of the package server P , the distribution servers Di , 1 ≤ i ≤ n and the license server L submit their public identities to PKG and obtain the corresponding private keys SP , SDi , 1 ≤ i ≤ n and SL respectively through a secure communication channel. PKG uses its master key MK to generate the principals’ private keys after verifying the validity of the principals’ public identities submitted to PKG. 1.2) The principal of the DRM client C submits its public identity IDC to the principal of the package server P and obtains the corresponding private key SC through a secure communication channel. P uses its own private key SP issued by PKG to generate the private key of C after verifying the validity of C’s public identity IDC submitted to P . 2. Key Delivery when Packaging the Content: The package server P creates the content key K to encrypt a raw digital content M using symmetric encryption while packaging M . P splits the content key K and distributes a different part of K to each of the license server L and the distribution servers Di , 1 ≤ i ≤ n. These servers in turn keep their respective partial content keys secret. We describe below the generation of the content key, the procedure of splitting the content key and the delivery of the partial content keys to different servers. 2.1) Let U be a set of N servers and P ∈ / U. Select n < N and take a subset {D1 , . . . , Dn } of distribution servers from U. All the operations take place in a finite field, GF(q), where q is a large prime number (q > N ). We consider a vector space secret sharing scheme realizing some access structure Γ over the set U. Suppose there exists a public function Φ : U ∪ {P } → GF(q)l satisfying the property Φ(P ) ∈ Φ(Ui ) : Ui ∈ B ⇔ B ∈ Γ, where l is a positive integer. In other words, Φ(P ) can be expressed as a linear combination of the vectors in the set {Φ(Ui ) : Ui ∈ B} if and only if B is an authorized subset. Then Φ defines Γ as a vector space access structure. 2.2) The package server P first chooses uniformly at random a vector v ∈ GF(q)l and computes the content key K = v.Φ(P ). 2.3) For 1 ≤ i ≤ n, P computes YDi = EncIDDi (v.Φ(Di )) using Di ’s public identity IDDi , generates signature σYDi = SigSP (YDi ) using P ’s own private key SP and sends YDi |σYDi to Di . 2.4) P chooses randomly a subset W ⊂ U \ {D1 , . . . , Dn } such that W ∈ Γ 0 , i.e. W is a maximal non-authorized subset with respect to Γ with minimal cardinality. P generates the set S = {(Uk , v.Φ(Uk )) : Uk ∈ W }. P computes
Vector Space Access Structure
229
YL = EncIDL (S) using L’s public identity IDL , signature σYL = SigSP (YL ) using P ’s own private key SP , and sends YL |σYL to L. 2.5) For 1 ≤ i ≤ n, Di on receiving YDi |σYDi , verifies the signature σYDi on YDi using P ’s public identity IDP . If verification succeeds, i.e. VerIDP (YDi , σYDi ) = true, then Di decrypts YDi using its private key SDi , recovers v.Φ(Di ) = DecSDi (YDi ) and stores v.Φ(Di ) to its secure database. 2.6) L upon receiving YL |σYL , verifies the signature σYL on YL using P ’s public identity IDP . If verification succeeds, i.e. VerIDP (YL , σYL ) = true, then L decrypts YL using its private key SL , recovers S = DecSL (YL ), where S is the set given by S = {(Uk , v.Φ(Uk )) : Uk ∈ W }. L stores S to its secure database. 3. Key Delivery when Content Service is Provided: Suppose a DRM client C requests the content service for encrypted content M from a distribution server, say Di , which is within nearest reach to C. The following steps are executed. 3.1) Di computes YC = EncIDC (v.Φ(Di )) using C’s public identity IDC , signature σYC = SigSDi (YC ) using Di ’s private key SDi , and sends YC |σYC to L. 3.2) L on receiving YC |σYC , verifies the signature σYC on YC using Di ’s public identity IDDi . If verification succeeds, i.e. VerIDDi (YC , σYC ) = true, L computes YL = EncIDC (S) using C’s public identity IDC , signature σYC |YL = SigSL (YC |YL ) using L’s own private key SL , and issues the license that contains YC |YL |σYC |YL together with rights, content URL, and related other information. 3.3) The DRM client C analyzes the licence issued by L, verifies σYC |YL on YC |YL using L’s public key IDL . If verification succeeds, C decrypts YC and YL using its own private key SC , and extracts the partial content keys v.Φ(Di ) = DecSC (YC ) and S = DecSC (YL ), where S = {(Uk , v.Φ(Uk )) : Uk ∈ W }. C then reassembles these partial content keys and extracts the original content as follows: Since W ∈ Γ 0 and Di ∈ / W , the set B = W ∪ {Di } ∈ Γ . Thus B is an authorized subset and one can write Φ(P ) = {k:Uk ∈B} Λk Φ(Uk ) for some Λk ∈ GF(q). Hence C knows Λk and v.Φ(U k ) for all k ∈ B and consequently can compute {k:Uk ∈B} Λk (v.Φ(Uk )) = v. {k:Uk ∈B} Λk Φ(Uk ) = v.Φ(P ) = K. Finally, C decrypts the encrypted content using the recovered content key K and can view (playback) M .
4
Security Analysis
We design our key management scheme keeping in mind the following specific security objectives. 1. Preventing insider attacks: Raw content should not be exposed to unintended parties with the help of an insider. 2. Minimizing attacks by outsiders: Unauthorized outsiders should not illegally obtain the content keys. 3. Protecting distribution channels for content key/license: The security of the following two distribution channels should be ensured. – the distribution channel between the distribution servers and the license server to transport the content key
230
R. Dutta, D. Mishra, and S. Mukhopadhyay
– the distribution channel between the DRM client, the distribution servers and the license server to transport the license. An attack on the (n + 1) partial content keys of the original content key K (which is used in symmetric key encryption for content protection by the package server) during delivery from the package server P to the distribution servers D1 , . . . , Dn and the license server L is prevented, because each piece of the (n+1) partial content keys of K is encrypted under a public key and delivered to a server who owns the matching private key. The (n + 1) partial content keys of K are separated and stored at different servers in such a way that, neither any of the distribution servers D1 , . . . , Dn nor the license server L has sufficient number of partial content keys to generate the original content key K by itself. The content key K is protected from an attack on the distribution servers or the license server, since the (n + 1) partial content keys of K is stored at different servers so that each server knows insufficient number of partial content keys to extract the original content key K. Moreover, since a distribution server encrypts its partial content key of K with the DRM client’s public key and sends it to the license server, the license server cannot decrypt it and consequently, cannot generate the original content key K. License server also encrypts its partial content key of K using the DRM client’s public key. Thus the partial content keys of K can only be decrypted by the DRM client who has the matching private key and no one else. The DRM client gets sufficient partial content keys after decryption and combines them to recover the original content key K. In summary, we achieve the following. 1. By splitting the content key, each of the distribution servers has a distinct partial content key. Thus if an insider attack on a server is successful, the partial content key obtained in the attack is insufficient to decrypt the DRM-enabled content. 2. For an outside attack to succeed, the attacker must break into the license server and any distribution server to obtain sufficient partial content keys. Thus the proposed scheme achieves multi-party security. 3. We use IBE and digital signature schemes to protect the content key/license distribution channel from impersonation attacks, replay attacks, man-in-themiddle attacks etc. Therefore, the security of the content key/license distribution channel depends on the security of the mechanisms IBE, digital signatures used for the key management. 4. Note that the content keys in the license file are transmitted to the client module under encryption with the client module’s public key. Consequently, entities other than the client module cannot retrieve the content key even when they have obtained the license file.
5
Performance Analysis
The process of authentication or verification of the identities of the parties is necessary in a DRM system to ensure that the packaged digital content is from
Vector Space Access Structure
231
the genuine authorized content distributor. In our design, digital certificates are not used to authenticate or verify the identity of the parties involved in the system unlike certificate-based public key infrastructure, thus saving large amount of computing time and storage. Instead, we use IBE that simplifies our key management mechanism. Our key management scheme enables the symmetric content key to be protected from the principals who manages the distribution servers and the license server. The digital content can thus be protected from attacks during the content distribution since the encrypted digital content is sent by the package server and only the DRM client can decrypt the digital content. Besides, we use IBE and digital signature instead of digital certificates. This simplifies the process of authentication or verification of the identities in the system. Our key management makes use of a general monotone access structure and vector space secret sharing which leads to a family of flexible key distribution schemes with effective performance. Our construction is general in the sense that it depends on a particular public mapping Φ and for different choices of Φ we obtain different key distribution schemes. The license server performs a range of tasks such as service monitoring, payment processing, license management and much information passes through it. License issuance and content key management involve time-consuming operations such as digital signature and public key encryption. Thus the license server could potentially become a bottleneck. However, the license server may consists of many subsystems arranged in a modular design that allows them to run independently to overcome this bottleneck. We have not addressed all these issues in this article and refer to Hwang et al.[8]. In our design, we mainly focus on ensuring security in content key management.
6
Conclusion
For a scalable business model of transacting digital assets, a multi-party DRM system is often necessary which involves more than one distributor, who can promote and distribute the content in regions unknown to the package server. We propose a key management scheme for a DRM system that involves more than one distributors with the DRM client’s flexibility of choosing a distributor according to his own preference. In our scheme, the package server does not trust the distribution servers or the license server. The encrypted digital content sent by a package server can only be decrypted by the DRM client who has a valid license and is protected from attacks by other parties/servers in the system. A general monotone decreasing access structure is used in our key distribution that leads to more flexible performance. Moreover, we use the IBE that incurs less computation cost and storage as certificate managements are not necessary and certificate verifications are no longer needed. These features make our DRM system suitable for more effective business models/applications with the flexibility in deciding a wide range of business strategies as compared to the existing works.
232
R. Dutta, D. Mishra, and S. Mukhopadhyay
References 1. ANSI X9.62, Public Key Cryptography for the Financial Services Industry. The Elliptic Curve Digital Signature Algorithm (1999) 2. Camp, L.J.: First Principles of Copyright for DRM Design. IEEE Internet Computing 7, 59–65 (2003) 3. Cohen, J.E.: DRM and Privacy. Communications of the ACM 46(4) (April 2003) 4. Dutta, R., Barua, R., Sarkar, P.: Pairing Based Cryptographic Protocols: A Survey. Manuscript (2004), http://eprint.iacr.org/2004/064 5. BlueKrypt: Cryptographic Key Length Recommendation, http://www.keylength.com/en/3/ 6. Grimen, G., Monch, C., Midtstraum, R.: Building Secure Software- based DRM systems. In: NIK 2006 (2006) 7. Hartung, F., Ramme, F.: Digital Rights Management and Watermarking of Multimedia Content for M-Commerce Applications. IEEE Comm. 38, 78–84 (2000) 8. Hwang, S.O., Yoon, K.S., Jun, K.P., Lee, K.H.: Modeling and implementation of digital rights. Journal of Systems and Software 73(3), 533–549 (2004) 9. Jeong, Y., Yoon, K., Ryou, J.: A Trusted Key Management Scheme for Digital Rights Management. ETRI Journal 27(1), 114–117 (2005) 10. Lee, J., Hwang, S., Jeong, S., Yoon, K., Park, C., Ryou, J.: A DRM Framework for Distribution Digital Contents through the Internet. ETRI Journal 25, 423–436 (2003) 11. Liu, X., Huang, T., Huo, L.: A DRM Architecture for Manageable P2P Based IPTV System. In: IEEE Conference on Multimedia and Expo., pp. 899–902 (July 2007) 12. Liu, Q., Safavi-Naini, R., Sheppard, N.P.: Digital Rights Management for Content Distribution. In: Proceedings of Australasian Information Security Workshop Conference on ACSW Frontiers 2003, vol. 21 (January 2003) 13. Mulligan, D.K., Han, J., Burstein, A.J.: How DRM- Based Content Delivery Systems Disrupt Expectations of Personal Use. In: Proc. 2003 ACM Works. Digital Rights Management, pp. 77–88 (October 2003) 14. Rosset, V., Filippin, C.V., Westphall, C.M.: A DRM Architecture to Distribute and Protect Digital Content Using Digital Licenses. Telecommunication, 422–427 (July 2005) 15. Sachan, A., Emmanuel, S., Das, A., Kankanhalli, M.S.: Privacy Preserving Multiparty Multilevel DRM Architecture. In: IEEE Consumer Communications and Networking Conference (CCNC) (January 2009) 16. Shamir, A.: How to Share a Secret. Communications of the ACM 22(11), 612–613 (1979) 17. Shamir, A.: Identity-Based Cryptosystems and Signature Schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)
Multiple Secrets Sharing with Meaningful Shares Jaya and Anjali Sardana Deptt. of Electronics and Computer Engg Indian Institute of Technology Roorkee Roorkee – 247667, Uttarakhand, India
[email protected],
[email protected]
Abstract. Traditional Visual Cryptography method produces random shares which is susceptible to attackers. Some methods have been proposed to generate innocent-looking shares so that attacker cannot get doubtful by looking at the random pattern of the share. They look like a valid image and the adversary cannot judge whether it is a secret share or not. However many of them use additional data structure and take much time in encoding the secret. In this paper, we propose a method which produces meaningful shares for color images without the need of any additional data structure and takes less time for encoding. The share size does not vary with the number of colors present in the secret image. The method is further extended to share multiple secrets together to reduce the overhead of keeping too many shares. Keywords: Visual cryptography schemes (VCS), share, pixel expansion, contrast, stacking.
1 Introduction In 1994, Naor and Shamir [1] proposed a new cryptographic area called visual cryptography based on the concept of secret-sharing. It divides an image into a collection of shares and requires threshold number of shares to retrieve the original image. Initially the model could be used only for black-and-white images but was further extended to support grey-level and color images. There are some interesting extensions of the original model. One of them is to generate innocent-looking shares so that attacker cannot get doubtful by looking at the random pattern of the share. Another extension is to encode multiple secret images together so that overhead of keeping too many shares can be reduced. The hacker can get suspicious by looking at the random looking shares and can guess that a secret message has been encoded. To remove this problem, Naor and Shamir [1] proposed a method to produce innocent looking shares to conceal the secret message. Chang et al. [3] proposed a method to generate two shares for hiding a secret two-tone image. Shares are embedded into two gray-level cover images by the proposed embedding scheme. Chang et al [4] suggested a scheme for color image hiding using a color index table. Chang and Yu [5] came with an A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 233–243, 2011. © Springer-Verlag Berlin Heidelberg 2011
234
Jaya and A. Sardana
approach to provide a more efficient way to hide a gray image (256-colors) in different shares. The size of the shares does not change with the number of colors appearing in the secret image. Wu et al. [6] formulated a method in which size of each embedding image is about 1/k of that of the secret image (k- threshold), avoiding the need for much storage space and transmission time. Qualities of both the recovered secret image and he embedding images that contain the hidden shadows are acceptable. Tsai et al. [7] developed a method to support true-color secret image with size constraint on shares. To share multiple secret images, many shares need to be generated and it takes a lot of time during transmissions. This is not efficient and hence, some methods have been proposed to hide more secret images into two share images. Droste [8] proposed a scheme to share more than one secret among a set of shares. Wu and Chen [9] developed a VCS to share two secret images together using two circle shares. First secret can be obtained by stacking the two shares and second secret by rotating share 1 by a rotation angle and then stacking it with share 2. The scheme was extended by Shyu et al. [10] so that multiple secrets can be shared. Share 2 is rotated with n different angles and stacked with share 1 to get n secret images. Feng et al. [11] proposed another scheme to hide n secrets and to reveal the secrets by stacking the share images at n aliquot angles. This scheme is more general than the previously discussed two schemes. The paper is organized as follows: Section 2 reviews the basic schemes needed for the proposed method. Section 3 presents the proposed method. Section 4 analyzes the performance of the method. Section 5 contains the experimental results for the verification of the scheme.
2 Related Work 2.1 (2,2) Visual Cryptography Scheme A (2,2)-VCS scheme divides the original image into 2 shares and secret image is recreated by stacking both the shares. Secret image is viewed as a collection of white and black pixels. Each share contains collections of m black and white subpixels where each collection represents a particular original pixel. The resulting picture can be thought as a [n x m] Boolean matrix S = [si,j]. si,j = 1 if the j-th subpixel in the i-th share is black. si,j = 0 if the j-th subpixel in the i-th share is white. The algorithm, in Figure 1, describes how to encode a single pixel. One of the two subpixels in P is black and the other is white in both the shares. The possibilities "black-white" and "white-black" are equally likely, independent of the corresponding pixel in the secret image. So the shares do not provide any information as whether the original pixel to be encoded is black or white and hence proves the security of the scheme.
Multiple Secrets Sharing with Meaningful Shares
235
Fig. 1. Encoding and stacking of a single pixel
2.2 Hou’s Scheme Hou [2] proposed three VCS for color images. In all the three schemes, secret image is decomposed to three primitive color images – cyan, magenta and yellow first, then halftoning of those three images is done and finally the encryption is performed. First scheme, the four-share color VCS generates one black mask randomly as the fourth share which contains as many 2x2 blocks as the number of pixels in the secret image. The second method expands each pixel of a halftone image into a 2x2 block on two sharing images and fills it with cyan, magenta, yellow and transparent, respectively. Using these four colors, two shares can generate various colors with different permutations. To reduce the trouble of having four shares as in method 1, and to have a better image quality than in method 2, third scheme was developed which applies basic (2,2) VCS on each of the C,M and Y images to produce six intermediate shares and combines C1,M1,Y1 to get share 1 and C2,M2,Y2 to get share 2.
3 The Proposed Scheme 3.1 Encryption In method-2 proposed by Chang [3], one bit of the pixel-byte of cover image is replaced by the pixel-value of the share image. For security, the cover pixels in the cover image are first mixed using total automorphism. This method was developed for black-andwhite images. But it can be extended for color images. First, 2 shares are produced for the color image using Hou’s third algorithm. To share a W x H secret image, we take a cover image of size 2W x 2H so that the cover image size and share size is the same. Then each pixel of the share image has 3-bit of color information- one for each primitive color. Each pixel of the cover image has 8-bit (256 level) color information for each primitive color. Now for share 1, one bit of the cover pixel for a primitive color is chosen and is XORed with that primitive color bit of the share image. The process is repeated for all the pixels of share 1. Now for share 2, the same cover image is taken
236
Jaya and A. Sardana
and same procedure is reiterated. Here XOR is used instead of total automorphisms as proposed by Chang [3]. The reason is that XOR is easy to perform and takes very less time than total automorphisms. Further, the secret bit cannot be revealed from the cover image as it is the XOR-result of cover-pixel bit and share-bit.
Fig. 2. Bit pattern
The bit to be replaced should be one of the four lower order bits so that the pixel value of the cover image does not change much. 3.2 Data Extraction For decoding purpose, the specified bit of modified-share 1 and modified-share 2 are XORed and the bit value of the original halftoned image is achieved. Figure 3 shows Table 1. Pixel reconstruction using proposed scheme
Share 1
Share 2
Cover Image
Modified Share 1
Modified Share 2
Final XOR
0
0
0
0
0
0
0
1
0
0
1
1
1
0
0
1
0
1
1
1
0
1
1
0
0
0
1
1
1
0
0
1
1
1
0
1
1
0
1
0
1
1
1
1
1
0
0
0
Multiple Secrets Sharing with Meaningful Shares
237
one of the possible combinations of share 1 and share 2 using basic (2,2) VC proposed by Naor and Shamir[1] for white pixel, and the reconstructed image using XOR operation. Figure 4 shows the scheme for black pixel. The output image quality is better using this scheme as XOR operation allows for perfect reconstruction. It means that there is no loss of contrast. The decryption can be understood as follows. Suppose we have the secret image S. We create 2 shares for it as S1 and S2 using Hou’s method [3]. Then we XOR it with the cover image, S1 with C1 and S2 with C2 during encryption to produce innocentlooking shares. For the decoding process, we XOR the predefined bit of C1 and C2 to generate the secret.
( S1 ⊕ C1) ⊕ ( S 2 ⊕ C 2) = ( S1 ⊕ S 2) ⊕ (C1 ⊕ C 2) = S1 ⊕ S 2 C1 and C2 are the same images as they are just 2 copies of same cover image. Hence result of C1 ⊕ C 2 becomes 0 and this effectively results in S1 ⊕ S 2 which constructs the final image.
Share 1
Share 2
XORed Result
Fig. 3. White pixel reconstruction
Share 1
Share 2
XORed Result
Fig. 4. Black pixel reconstruction
3.3 Method Extension The proposed method can be extended to share multiple secrets in same cover image. For this, 2 shares are created for each secret to be shared. While embedding the shares in cover image, the same bit-position is used for both shares belonging to the same secret. Thus the extension will result in 2 innocent-looking cover shares which will contain multiple secrets. The method can be used to share up to 8 secret images together but in that case the shares produced will be random. To keep the shares meaningful, optimum number of shares should be embedded. If 4 secret images are shared together in same cover image then it can change the pixel value maximum by a value of 15. If 5 images are to be shared then it can change the original pixel value of cover image by a value of 31. These changes are not very large and the eyes will not be able to recognize a difference. The value of optimum number of shares depends on the application where the method is to be used such that it will not change the pixel value of cover image much and will still be innocent-looking shares.
238
Jaya and A. Sardana
The method can be summarized as: Step 1: Create 2 shares for each secret using Hou’s third method. Step 2: Choose a cover image. Make 2 copies of it. Step 3: Select one bit in cover image and XOR it with corresponding pixel of share 1. Step 4: Repeat the process for share 2. Step 5: Repeat the steps 1-4 for each of the secret to be shared.
4 Analysis 4.1 Security Analysis The proposed scheme does the security enhancement with a much cheaper operation XOR than the permutation method used by Chang [3]. The method XORs the original bit-value of the cover image with the pixel-value of the created color-share. The produced result becomes the bit-value of the corresponding pixel of modified cover image. If the bit-value in the cover image is 0 and the pixel-value of the color share is 0, this gives a bit-value of 0 after the modification done by XOR. But this result can also be produced if the values are 1 and 1. So each possible bit-value in the modified cover image has two possibilities and both of them are equally likely. This proves the security of the scheme. Table 2. Security analysis of the scheme
Cover image bitvalue
Pixel-value of color share
Modified cover image bit-value
0
0
0
1
1
0
0
1
1
1
0
1
4.2 Performance Analysis The methods discussed in [5, 6, 7] need additional data structure and so for decoding process, that data structure must also be provided along with the shares. This adds an extra overhead. Further, the security enhancement is done by the XOR operation and not by the permutation as in [3, 6, 7] which takes less encoding time. The proposed method supports true color images as opposed to [3, 5]. Finally, decoding needs again only XOR operation of the pixels and so it also takes less time than the methods
Multiple Secrets Sharing with Meaningful Shares
239
which need additional data structure to decode the image. The image quality is also good as XOR allows for perfect reconstruction of the pixels. Table 3. Comparison of various VCS for producing meaningful shares
Authors
Year
True-color (n,n)-scheme Security support supported enhancement
Chang-Yu [5]
2002
No
No
No
Yes
Wu et al. [6]
2004
NA
Yes
Permutation
Yes
Tsai et al. [7]
2009
Yes
Yes
Permutation
Yes
Proposed method
-
Yes
No
XOR
No
Additional data structure needed
Table 4. Comparison of various VCS for sharing multiple secrets
Author
Year
No of secret images
Pixel expansion
Share type
Wu and Chang [9]
2005
2
4
Circle
Shyu et al. [10]
2007
n>=2
2n
Circle
Feng et al. [11]
2008
n>=2
9
Rectangular
Proposed method
-
Upto 8 (upto 4 for better security)
4
Rectangular
240
Jaya and A. Sardana
5 Experimental Results Figure 5 shows 4 secret images to be encoded. The size of all the secret images is 200 x 200. Figure 6 is chosen as the cover image which is of size 400 x 400. 2 copies of the same cover image are taken. Then random-looking shares for the secret image are created using Hou’s method. The shares are then embedded in cover images. Thus the innocent-looking shares shown in figure 7 are achieved. These shares are decoded to generate the secret images, shown in figure 8. The reconstructed images are 4 times the original images as the pixel expansion in Hou’s method is 4. We can see that the created meaningful shares do not differ much from the original cover image. As we increase the number of secret images to be shared, the shares start to differ more than the original cover image. This method provides an efficient way to share up to 4 or 5 secret images together with innocent-looking shares. One limitation of the scheme is that it cannot be used for (n, n)- scheme.
(a)
(b)
(c)
(d)
Fig. 5. (a) Secret image Lena (b) Secret image Baboon (c) Secret image Ball (d) Secret image Toy
Fig. 6. Cover image
Multiple Secrets Sharing with Meaningful Shares
(a)
241
(b)
Fig. 7. (a) Innocent share 1 (b) Innocent share 2
(a)
(b)
Fig. 8. (a) Recovered image Lena (b) Recovered image Baboon (c) Recovered image Ball (d) Recovered image Toy
242
Jaya and A. Sardana
(c)
(d) Fig. 8. (continued)
6 Conclusions In this paper, we have proposed multiple-secret sharing scheme producing innocent shares. When the two shares are XORed, the original embedded information can be achieved. The scheme takes two copies of single cover image for producing two shares. We can share multiple secrets together with enhanced security. The advantages of the proposed method are good image quality, no additional data structure and less encoding time. The size of reconstructed images does not vary with the number of colors present in the secret images. The scheme is very much suitable for real-life applications which requires fast computation, less storage and is prone to attackers.
References 1. Naor, M., Shamir, A.: Visual cryptography. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 1–12. Springer, Heidelberg (1995) 2. Hou, Y.C.: Visual cryptography for color images. Pattern Recognition 36, 1619–1629 (2003) 3. Chang, C.-C., Chuang, J.-C., Lin, P.-Y.: Sharing A Secret Two-Tone Image In Two GrayLevel Images. In: Proceedings of the 11th International Conference on Parallel and Distributed Systems, ICPADS 2005 (2005) 4. Chang, C., Tsai, C., Chen, T.: A New Scheme For Sharing Secret Color Images In Computer Network. In: Proceedings of International Conference on Parallel and Distributed Systems, pp. 21–27 (2000)
Multiple Secrets Sharing with Meaningful Shares
243
5. Chang, C.-C., Yu, T.-X.: Sharing A Secret Gray Image In Multiple Images. In: First International Symposium on Cyber Worlds, CW 2002 (2002) 6. Wu, Y.S., Thien, C.C., Lin, J.C.: Sharing and hiding secret images with size constraint. Pattern Recognition 37, 137–138 (2004) 7. Tsai, D.-S., Horng, G., Chen, T.-H., Huang, Y.-T.: A Novel Secret Image Sharing Scheme For True-Color Images With Size Constraint. Information Sciences 179, 324–325 (2009) 8. Droste, S.: New results on visual cryptography. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 401–415. Springer, Heidelberg (1996) 9. Wu, H.-C., Chang, C.-C.: Sharing visual multi-secrets using circle shares. Computer Standards & Interfaces 28, 123–135 (2005) 10. Shyu, S.J., Huang, S.-Y., Lee, Y.-K., Wang, R.-Z., Chen, K.: Sharing multiple secrets in visual cryptography. Pattern Recognition 40, 3633–3651 (2007) 11. Feng, J.-B., Wu, H.-C., Tsai, C.-S., Chang, Y.-F., Chu, Y.-P.: Visual secret sharing for multiple secrets. Pattern Recognition 41, 3572–3581 (2008)
On Estimating Strength of a DDoS Attack Using Polynomial Regression Model B.B. Gupta1,2, P.K. Agrawal3, A. Mishra1, and M.K. Pattanshetti1 1
Department of Computer Science, Graphic Era University, Dehradun, India
[email protected] 2 Department of Electronics and Computer Engineering, Indian Institute of Technology Roorkee, Roorkee, India 3 Department of Computer Science, NSIT, New Delhi, India
Abstract. This paper presents a novel scheme to estimate strength of a DDoS attack using polynomial regression model. To estimate strength of attack, a relationship is established between strength of attack and observed deviation in sample entropy. Various statistical performance measures are used to evaluate the performance of the polynomial regression models. NS-2 network simulator on Linux platform is used as simulation test bed for launching DDoS attacks with varied attack strength. The simulation results are promising as we are able to estimate strength of DDoS attack efficiently.
1 Introduction DDoS attacks compromise availability of the information system through various means [1,2]. One of the major challenges in defending against DDoS attacks is to accurately detect their occurrences in the first place. Anomaly based DDoS detection systems construct profile of the traffic normally seen in the network, and identify anomalies whenever traffic deviate from normal profile beyond a threshold [3,4]. This extend of deviation is normally not utilized. We use polynomial regression [5,6] based approach that utilizes this extend of deviation from detection threshold, to estimate strength of a DDoS attack. In order to estimate strength of a DDoS attack, polynomial regression model is used. To measure the performance of the proposed approach, we have calculated various statistical performance measures i.e. R2, CC, SSE, MSE, RMSE, NMSE, η, MAE and residual error [12]. Internet type topologies used for simulation are generated using Transit-Stub model of GT-ITM topology generator [7]. NS-2 network simulator [8] on Linux platform is used as simulation test bed for launching DDoS attacks with varied attack strength. The remainder of the paper is organized as follows. Section 2 contains overview of polynomial regression model. Detection scheme is described in section 3. Section 4 describes experimental setup and performance analysis in details. Model development is presented in section 5. Section 6 contains simulation results and discussion. Finally, Section 7 concludes the paper. A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 244–249, 2011. © Springer-Verlag Berlin Heidelberg 2011
On Estimating Strength of a DDoS Attack Using Polynomial Regression Model
245
2 Polynomial Regression Model In its simplest, form regression analysis [9,10] involves finding the best straight line relationship to explain how the variation in an outcome variable, Y, depends on the variation in a predictor variable, X. When there is only one explanatory variable the regression model is called a simple regression, whereas if there are more than one explanatory variable the regression model is called multiple regression. Polynomial regression [4,5] is a form of regression in which the relationship between the independent variable X and the dependent variable Y is modeled as an ith order polynomial. The general form of this regression model is as follows:
Yi = Yˆi + ε i Yˆi = β0 + β1 X + β2 X 2 + ......... + βn X n
(1)
Input and Output: In polynomial regression model, a relationship is developed between strength of a DDoS attack Y (output) and observed deviation in sample entropy X (input). Here X is equal to (Hc-Hn). Our proposed regression based approach utilizes this deviation in sample entropy X to estimate strength of a DDoS attack.
3 Detection of Attacks Entropy [11] based DDoS scheme is used to construct profile of the traffic normally seen in the network, and identify anomalies whenever traffic goes out of profile. A metric that captures the degree of dispersal or concentration of a distribution is sample entropy. Sample entropy H(X) is
H ( X ) = −∑ pi log 2 ( pi ) N
(2)
i =1
where
pi is ni/S. Here ni represent total number of bytes arrivals for a flow i in {t −
= ∑ ni , i = 1,2....N . The value of sample entropy lies in the range 0N
Δ, t} and S
i =1
log2 N. To detect the attack, the value of
Hc ( X ) is
calculated in time window Δ conti-
nuously; whenever there is appreciable deviation from X n ( X ) , various types of DDoS attacks are detected. Hc ( X ) , and X n ( X ) gives Entropy at the time of detection of attack and Entropy value for normal profile respectively.
4 Experimental Setup and Performance Analysis Real-world Internet type topologies generated using Transit-Stub model of GT-ITM topology generator [7] are used to test our proposed scheme, where transit domains are treated as different Internet Service Provider (ISP) networks i.e. Autonomous
246
B.B. Gupta et al.
Systems (AS). For simulations, we use ISP level topology, which contains four transit domains with each domain containing twelve transit nodes i.e. transit routers. All the four transit domains have two peer links at transit nodes with adjacent transit domains. Remaining ten transit nodes are connected to ten stub domain, one stub domain per transit node. Stub domains are used to connect transit domains with customer domains, as each stub domain contains a customer domain with ten legitimate client machines. So total of four hundred legitimate client machines are used to generate background traffic. The legitimate clients are TCP agents that request files of size 1 Mbps with request inter-arrival times drawn from a Poisson distribution. The attackers are modeled by UDP agents. A UDP connection is used instead of a TCP one because in a practical attack flow, the attacker would normally never follow the basic rules of TCP, i.e. waiting for ACK packets before the next window of outstanding packets can be sent, etc. In our experiments, the monitoring time window was set to 200ms. Total false positive alarms are minimum with high detection rate using this value of monitoring window.
5 Model Development In order to estimate strength of a DDoS attack ( Yˆ ) from deviation (HC - Hn) in entropy value, simulation experiments are done at the varying attack strength from 10Mbps Table 1. Deviation in entropy with actual strength of DDoS attack Actual strength of DDoS Deviation in Entropy (X) attack (Y) 10M 0.149 15M 0.169 20M 0.184 25M 0.192 30M 0.199 35M 0.197 40M 0.195 45M 0.195 50M 0.208 55M 0.212 60M 0.233 65M 0.241 70M 0.244 75M 0.253 80M 0.279 85M 0.280 90M 0.299 95M 0.296 100M 0.319
On Estimating Strength of a DDoS Attack Using Polynomial Regression Model
247
to 100Mbps and at fixed total number of zombies i.e. 100. Table 1 represents deviation in entropy with actual strength of DDoS attack. Polynomial regression model is developed using strength of attack (Y) and deviation (HC - Hn) in entropy value as discussed in Table 1 to fit the regression equation. Figure 1 shows the regression equation and coefficient of determination for polynomial regression model.
Strength of Attack (Mbps)
120 100
y = -1284.9x 2 + 1176.4x - 144 R2 = 0.9603
80 60 40 20
Polynomial Regression
0 0.10
0.14
0.18 0.22 0.26 Deviation in Entropy (X)
0.30
0.34
Fig. 1. Regression equation and coefficient of determination for polynomial regression model
6 Results and Discussion We have developed polynomial regression model as discussed in section 5. Various performance measures are used to check the accuracy of this model. 120
Strength of Attack
100 80 60 40 20 0 0.149
0.184
0.199
0.195
0.208
0.233
0.244
0.279
0.299
0.319
Deviation in Entropy Actual DDoS attack Strength
Predicted DDoS attack strength using Model M2
Fig. 2. Comparison between actual strength of a DDoS attack and predicted strength of a DDoS attack using polynomial regression model M2
248
B.B. Gupta et al.
Predicted strength of attack can be computed and compared with actual strength of attack using proposed regression model. The comparison between actual strength of attack and predicted strength of attack using polynomial regression model is depicted in figures 2. Table 2 contains values of various statistical measures for polynomial regression model. It can be inferred from table 2 that for polynomial regression model, values of R2, CC, SSE, MSE, RMSE, NMSE, η, MAE are 0.96, 0.98, 566.31, 29.81, 5.46, 1.06, 0.96 and 0.81, respectively. Hence estimated strength of a DDoS attack using polynomial model is closed to actual strength of a DDoS attack. Table 2. Values of various performance measures R2 CC SSE MSE RMSE NMSE η MAE
0.96 0.98 566.31 29.81 5.46 1.06 0.96 0.81
7 Conclusion and Future Work This paper investigates how polynomial regression model can be used to estimate strength of a DDoS attack from deviation in sample entropy. For this, model is developed and various statistical performance measures are calculated. After careful investigation, we can conclude that estimated strength of a DDoS attack using polynomial regression model is very close to actual strength of a DDoS attack. Hence, polynomial regression model is very useful method for estimating strength of attack.
References 1. Gupta, B.B., Misra, M., Joshi, R.C.: An ISP level Solution to Combat DDoS attacks using Combined Statistical Based Approach. International Journal of Information Assurance and Security (JIAS) 3(2), 102–110 (2008) 2. Gupta, B.B., Joshi, R.C., Misra, M.: Defending against Distributed Denial of Service Attacks: Issues and Challenges. Information Security Journal: A Global Perspective 18(5), 224–247 (2009) 3. Gupta, B.B., Joshi, R.C., Misra, M.: Dynamic and Auto Responsive Solution for Distributed Denial-of-Service Attacks Detection in ISP Network. International Journal of Computer Theory and Engineering (IJCTE) 1(1), 71–80 (2009) 4. Mirkovic, J., Reiher, P.: A Taxonomy of DDoS Attack and DDoS defense Mechanisms. ACM SIGCOMM Computer Communications Review 34(2), 39–53 (2004) 5. Stigler, S.M.: Optimal Experimental Design for Polynomial Regression. Journal of American Statistical Association 66(334), 311–318 (1971)
On Estimating Strength of a DDoS Attack Using Polynomial Regression Model
249
6. Anderson, T.W.: The Choice of the Degree of a Polynomial Regression as a Multiple Decision Problem. The Annals of Mathematical Statistics 33(1), 255–265 (1962) 7. GT-ITM Traffic Generator Documentation and tool, http://www.cc.gatech.edu/fac/EllenLegura/graphs.html 8. NS Documentation, http://www.isi.edu/nsnam/ns 9. Lindley, D.V.: Regression and correlation analysis. New Palgrave: A Dictionary of Economics 4, 120–123 (1987) 10. Freedman, D.A.: Statistical Models: Theory and Practice. Cambridge University Press, Cambridge (2005) 11. Shannon, C.E.: A mathematical theory of communication. ACM SIGMOBILE Mobile Computing and Communication Review 5(1), 3–55 (2001) 12. Gupta, B.B., Joshi, R.C., Misra, M.: ANN Based Scheme to Predict Number of Zombies in DDoS Attack. International Journal of Network Security 13(3), 216–225 (2011)
Finding New Solutions for Services in Federated Open Systems Interconnection Zubair Ahmad Khattak1,2, Jamalul-lail Ab Manan2, and Suziah Sulaiman1 1
Universiti Teknologi PETRONAS, Department of Computer and Information Sciences, Tronoh 31750, Perak, Malaysia
[email protected],
[email protected] 2 MIMOS Berhad, Advanced Information Security Cluster, Technology Park Malaysia, 57000, Kuala Lumpur, Malaysia
[email protected]
Abstract. Federated environment application running on cost-effective federated identity management system has been more widely adopted, and would potentially attract more organizations to adopt and invest if we enhance with security and trust mechanisms. The traditional certificate based authentication raises various issues such as firstly, the case when public portion of the key pair can be guessed or calculated by the attacker, it can further be used to masquerade against resource access, and secondly, when the storing of private key on user system can be compromised by viruses, Trojan horses etc. Also current computer platforms are lacking in platform trust establishment which makes it hard to trust remote platforms. In this paper, we discuss concerns related to federated services user authentication, authorization, and trust establishment in Federated Open Systems Interconnection and proposed trusted platform module protected storage to protect private keys, and platform attestation mechanisms to establish inter platform (and hence inter system) trust among interacting systems in open environment to overcome these issues. To assess our work we compared trusted platform module with existing authentication types and shows that trusted platform module provides better temper-resistance protection against attacks such as replay, Trojan horse’s, and fake anti viruses’ attacks etc. Keywords: federated identity management system, authentication, trust establishment, trusted computing, trusted platform module.
1 Introduction Federated Environment (FE) can be defined as a collaborative, sharing of resources or services between groups, environment between several organizations. The two well known FE application examples are Centers of Excellence (COE) and Federated Identity Management (FIM) [1]. The later one allows users to use their authentication (AuthN) credentials with home organization (from Identity Provider (IDP)) to access services (from Service Providers (SP)) within the federation. The Single-Sign-On (SSO) [2] facility plays a major role in reducing the number of users’ accounts by A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 250–259, 2011. © Springer-Verlag Berlin Heidelberg 2011
Finding New Solutions for Services in Federated Open Systems Interconnection
251
reducing too many and repeated AuthN to various sites. The three major entities involved are: (1) User - an entity that access a service or multiple services (2) IDP an entity that performs user AuthN, and (3) SP- entity that offers services to the users [3]. In open environments SSO schemes, user identification is achieved via diverse AuthN methods ranging from a single to multiple factors. In a worst case scenario, if user identification process is typically based on weak method, such as a user name and password. In this scenario, once user credentials are compromised, it immediately opens a security breach hole. In two examples, as pointed in the data leakage reports in [4, 5] showed that the lost of personal data in open environment can bring disaster to whom it belongs and holds. Access to Internet Web-based services or a resource identification or AuthN of end-user, is mandatory to ensure they are, who they say they are. In certificate based AuthN, user first obtains private key certificate from certificate authority and installs it on client PC. The main problem in this case lies, how to protect the private key? The threat model which relates to dispersed identities presented in [9] which shows how concerns raises due to the attacks such as man-in-the-middle attack, replay attack, fake software’s, etc to unprotected entities on user system (client). The manin-the-middle attack also can impersonate IDP and SP to obtain users credentials, or intercept and/or tamper system or user messages, or installing Trojan horses or fake anti-viruses [10]. With no trust infrastructure, and the lack of trust between any two interacting parties, many of existing solutions, such as trust establishment based on traditional methods, such as Public Key Infrastructure (PKI), or sharing of secret keys, would have many challenges. We will present later in this paper, the Trusted Platform Module (TPM) AuthN (certificate based) and attestation mechanism (a platform integrity check) as a suggested solution to enhance the client side security & existing weak trust between platforms with hardware TPM. Trusted Computing Group (TCG) [6] replaces Trusted Computing Platform Alliance (TCPA) [7] which is a not-for-profit organization. Its main objective include developing, defining, and promoting open, vender neutral, and industry standards for Trusted Computing (TC) building blocks and software interfaces across multiple platforms [6]. For more details about TCG interested readers are referred to [6, 7, 8]. Our paper is structured as follows. In Section 2, we present federated services challenges. Section 3 presents trusted computing temper-resistant chip based solution. In Section 4, we present assessment of the work and we conclude with Section 5.
2 Federated Services Challenges In this section we present issues such as AuthN, authorization (AuthR) [11, 12, 13] & trust establishment [14, 15] that identify the potential & critical area of improvement. 2.1 User Authentication and Authorization The risk associated with authentication (SSO) in a federated system is more difficult to control as compared to a centralized systems. Therefore, weak AuthN mechanism such a username and password might produce major vulnerabilities to the subject, and would lead to increasing a risk associated to phishing, pharming & password attacks mentioned in [16]. In open system interconnection environment (Internet) these
252
Z.A. Khattak, J.Ab. Manan, and S. Sulaiman
threats would eventually lead to widely damage user trust and organization reputation due to the poor and weak AuthN mechanisms implementation. The study performed by panda security [17] in 2009 have found that Trojans which were maliciously designed to steal personal identifiable or financial information had lead to identity fraud which rose staggeringly to 800 % from the first half to the second half of 2008. In addition, researcher forecast based on the previous 14 months analysis that this rate would increase up to 336 % (p/m) throughout 2009. The two important challenges related to AuthN in FIMS are (1) measurement & determination of identity information accuracy & validity, and (2) trusted services that enhance confidence. In typical federated system, each domain has its own AuthR polices. In federation, user in domain (X), for example, want to access a service (P) or resource (R) in another domain (Y) is difficult to achieve without facing issues of compromising identity and loosing personal identity information. Hence, proper AuthR mechanisms are highly needed, i.e. when communicating with endpoints across multiple hops [18]. 2.2 Trust Establishment By analogy, in a real physical interaction between two persons coming from two different organizations, they must undergo certain “trust establishment’ before any serious engagement take place between two persons. Federated systems based on a concept to get into (login) the services (government services, education services, email services etc.) only once with username/ password or any other mechanism and then access many services without re-login. The most common open federated services systems are Shibboleth [24], Liberty Alliance [25], OpenID [26]. The basic architecture of these systems is nearly same. However, request and response of messages in theses systems varied from one to another. The common three entities involved in such systems a user, an IDP, and a SP. In a federated services scenario, a user requests a resource or service from SP. Let’s assumes there is no prior trust relationship exists between user and SP and the services provider depends on the AuthN information to make access decision. The user trust IDP, associated with one or more IDP, that they AuthN them and provide credentials associated with the users to the SP. The SP on basis of these credentials and their owned polices allow or deny access to the requested resource or a service. Therefore, the federated services approaches mentioned above solve the dilemma, user is AuthN and trusted not to misuse the provided services, of AuthN, and AuthR but the his/her platform might be not in trustworthy state. Therefore, before transferring credentials from IDP to SP assess the trustworthiness of user platform or IDP & SP’s platforms is mandatory.
3 Trusted Computing Trusted Computing is a response to the rising challenges and possible costs of networks and data security breaches. Practically TC covers a range of technologies and standards intended to make computers safer, reliable, and less prone to viruses, malwares, & spams. This technology can also help to make the network management security more effective and efficient. In early 2000s, TCPA [7] now known as TCG [6] launched the notion of trusted platform. This platform contains a hardware based
Finding New Solutions for Services in Federated Open Systems Interconnection
253
subsystem, called TPM [21], devoted to maintaining trust and security between communicating machines (client, servers, H/P, etc.). TPM is a unique paradigm to bring and establish trust among computing/ mobile platforms. The TPM by definition is small co-processor chip that can securely store and report information to provide a hardware root-of-trust. TPM has shielded locations, Platform Configuration Registers (PCR) that can store cryptographic hashes of the software loaded for execution, to store the platform configurations. These PCRs can only be manipulates by a mechanism called TPM-Extend. The hashes stored in PCR are used to report the platform configuration to the challenging party in a secure and trusted manner. The mechanism, for establishment of trust that reports the platform configuration to the challenging party is known as Remote Attestation. The RA enables a remote party (a validation service in our case) to verify the integrity of the remote platform through trust tokens submitted by the TPM on the target platform (a client or server in our case). 3.1 AuthN with Private Key Protection The four entities given in Figure 1 below a Bank service, an ISP playing the role of Private-Certificate Authority, User agent and TPM. The TPM and User agent are both part of the client system. In typical certificate based AuthN (e.g. public key certificate), user obtains a certificate from Certificate Authority (CA) and stores it on a client system. In such a process the public portion is passed on to the CA and private part is stored at client system. TPM
User agent
ISP (P-CA)
Bank Service (Server)
Service Req. Client Certificate Req.
Look for client certificate, if no then AIKcertificate Req. Perform(TPM_MakeIdentity)
Tspi_TPM_CollateIdentityRequest Perform(TSS_CollateIdentityRequest)
TPM_IDENTITY_REQ. ISP (P-CA) signing certificate AIKcertificate Activation
Perform(TPM_ActivateIdentity) Perform(TPM_CreateWrapKey) Perform(TPM_CertifyKey2)
Identity certificate (user) signing.
TPM_SYM_CA_ATTESTATION. Tspi_TPM_ActivateIdentity Tspi_Key_CreateKey Tspi_Key_CreateKey
Perform(TPM_CreateWrapKey)
Tspi_Key_CreateKey
Perform(TPM_CertifyKey2)
Tspi_Key_CertifyKey
Perform(TPM_Sign)
Perform(TPM_LoadKey) Perform(TPM_Sign)
Tspi_Hash_Sign
If certificate found
Cert.Verify message & certificate
Private key & certification verification Secure channel (SSL) (Username/ password)/
verify
Fig. 1. The flow diagram of setup and authentication phases
The storing of private key certificate on client system raises many issues. Therefore, to overcome from above problem two precautionary steps must be taken. Firstly, secure transferring of the public key, secondly, private key protection. Here we present only user AuthN to a single service via two factors, i.e. TPM provide protection to private key which involves (1) certificate and private key corroboration,
254
Z.A. Khattak, J.Ab. Manan, and S. Sulaiman
and (2) username and password confirmation. The AIKcertificate Request, ISP (P-CA) signing certificate, AIKcertificate Activation, Identity certificate (user) signing are important steps to be performed during phase-setup (Figure 1 above, left side). Complete process given in Figure 1 above, & detailed description in (Appendix: Table 2). 3.2 Attestation (Platform Authentication) Attestation (platform authentication) is a mechanism which is defined in TCG specifications, whereby the integrity measurements of the client or host platform is performed and stored in PCR registers of the TPM chip. During attestation process the TPM signs over the values of PCRs, and external 20-byte (160-bit) data (nonce) using RSA private key. The confidentially of these signed PCRs and nonce are protected by TPM. The unique aspect of the attestation is that it proves the identity, integrity and state of the platform to the attester (requestor). The Root of Trust for measurement (RTM), for instance, Core Root of Trust for Measurement (CRTM) is considered as a trustworthy and reliably measure the integrity of other entities. Secondly, Root of Trust for Reporting (RTR) proves to challenger of the local PC embedded with genuine TPM and reliably measure and reports its configuration. Thirdly, for Root of Trust for Storage (RTS), due to TPM memory constraint the external keys are secured by Storage Root Key (SRK) that is also secured by RTS. The remote attestation technique, Integrity Measurement Architecture (IMA) [19] extended TCG attestation mechanism, actually formed on load-time measurements. Because of space limitation please we refer interested reader to [19]. Using attestation process a TPM enabled device (such as PC, laptop, PDA, etc) assures the remote device of its trustworthy status. The TPM consist of many keys such Endorsement Key (EK), Attestation Identity Key (AIK), Binding, Sealing keys. The EK is a manufactured built-in key representing the identity of each TPM enabled platform. The EK private part using TPM signs assertion about the trusted computer states. The remote device can verify that those assertions are signed by a genuine TPM. The EK public part is certified by CA (P-CA) to indicate EK public part belongs to a particular TPM. There are several benefits of using AIK over EK, they are; (i) AIK not directly linked with the hardware TPM, (ii) prevent against EK cryptanalysis, (iii) reduces load on TPM, because AIK uses by the CPU, while EK uses TPM. The root of trust plays an important role in trusted chain establishment. For federated web services system, from Attestation Models (AM) we can build various trust models such as a Direct Trust i.e. Direct Attestation Model (DAM), and Indirect Trust i.e Delegated Attestation Model (DeAM). In DAM either exists as a uni-directional or mutual-directional. In uni-directional, only attestation requestor (e.g. a server) challenges the attested platform (e.g. a client or target), and in mutualdirectional the challenger (server) and attester (client) change their positions after each integrity measurement request and response. In an example of a mutual directional, a server (challenger) sends an integrity measurement request to the client, and if validation of returned measurement is successfully verified, then client sends the integrity measurement request to the server and performs the validation. If both measurement results are successfully validated each other then they are mutually attested. In DAM two main disadvantages exists, that is (i) the attested platforms (e.g. a client) need to disclose their integrity measurement information to the challenger
Finding New Solutions for Services in Federated Open Systems Interconnection
255
(e.g. a server), and that leads to the violation of integrity privacy disclosure to the attestation challengers (ii) in both cases uni-directional and mutual-directional attestation challenger needs to be capable of validating the attestation response. For detail request and response overview among different entities (see Figure 2). Please for more details interested readers referred to [20].
1
TPM
TPM
SML 5
Policy
4
SML PCR
PCR Integrity request/ response Module
3
Integrity request/ response Module
8
Attestation Challenger
6
Validation Repository SML PCR Certificate
2 7
Fig. 2. Practical delegation based trust and remote platform attestation (authentication) architecture
While in DeAM, a Corroboration Service (CS) performs the role of a challenger and validates the integrity measurement or performs attestation of attested platform (either a client or a server) on behalf of the requestor and forwards the validation result in the form a credential. The DeAM approach helps to overcome of the concerns pointed in DAM under the pre-condition that CS behaves properly and is trusted by both the challenger and attester platforms. Next, we show with an example of DeAM. The corroboration entity showed in Figure 2 above plays the role of trust validation service on behalf of the entities (client and server) provided that both are equipped with TPMs.
4 Assessment: Trusted Platform Module vs. Existing AuthN Types Federated system approaches mostly supports third parties AuthN, for instance IDP that authenticates end user, while in second approach TPM plays the role of IDP or ASP to achieve SSO among dispersed SP’s. Both approaches can adopt any single or combination of two factors AuthN mechanisms amongst knowledge-Based Authentication (KBA) such as password, Object-Based Authentication (OBA) fro instance hardware tokens or TPM, and ID-Based Authentication (ID-BA) such as biometric. In typical scenario user obtains a public key certificate from CA. The certificate is storing on client system. The public part of key is passing to the CA and private part of the key stored on client system. The storing of this key on user system raises many concerns. However, storing this key on smart card can bring great security to the private key. The TPM provides strong security against all software based attacks but TPM still vulnerable to hardware based attack. An example of such attack would be a cold-boot attack where a user doesn’t let the computer shut down completely. This
256
Z.A. Khattak, J.Ab. Manan, and S. Sulaiman
attack relies on data to be in the RAM after power has been removed [22]. The (X) represents that TPM is nearly strengthen the computer system security against all software based attacks. The Table 1 given below presents some potential attacks, vulnerable AuthN types, and examples, changed according to our requirements picked from [23]. Table 1. Some Potential attacks, vulnerable AuthN mechanisms with examples Attack Types User System Attack
AuthN Types Password Token Biometric TPM Password Theft, Token Copying, & Eavesdropping Biometric TPM Password Replay Token Biometric TPM Password, Trojan Horse’s Token, Biometric TPM Password, Fake Antivirus Token, Biometric TPM Phishing, Password, pharming, Token, Biometric man-in-theTPM middle
Instances By guessing, or exhaustive searching By exhaustive searching By False matching (X) By shoulder surfing By counterfeiting hardware, theft By spoofing (Copying biometrics) (X) By replay stolen password response By replay stolen pass code response By replay stolen- biometric- template response (X) By installing of a rough client or capture device (X) By installation of malicious software and capture secret info. via taking the control of client system (X) By using social engineering techniques, exploit the poor usability of current web service technologies (X)
5 Conclusion In this paper, we discussed concerns related to federated services that involve user AuthN, AuthR, and trust establishment in Federated Open Systems Interconnection. We argued that the traditional certificate based AuthN which raised number of issues such as firstly, the case when public portion of the key pair can be guessed or calculated by the attacker, and secondly, when the storing of private key on user system can be compromised by viruses, Trojan horses, etc. In addition current computer platforms are lacking to establish a platform trust which makes harder to trust remote platforms are trustworthy or untrustworthy. Therefore in distributed environment access a TPM based trust establishment mechanism, remote attestation, would boost the end user trust that no body can invade his computing/ mobile platform to run or install malicious software’s. From service or resource provider perspective that only an authentic TPM are allowed to make a request to a resource or a service.
Finding New Solutions for Services in Federated Open Systems Interconnection
257
We also discussed how TCG can potentially provide solution for these issues using both protected storage to protect private keys and platform attestation mechanisms to establish inter platform (and hence inter system) trust among interacting systems, and can help to overcome identity theft issues in open environment. Our assessment of range of most common AuthN types and TPM shows that TPM provides stronger security against range of attacks in open environment. Currently we are in a process to create IMA based prototype to demonstrate the remote attestation mechanism. In this demo we will show how the requester and responding platforms attest each others that they are trustworthy or not, & guarantees that no malicious software or code running on either platforms. Acknowledgments. This work funded by Universiti Teknologi PETRONAS Postgraduate Assistantship Scheme and MIMOS Berhad, Malaysia.
References 1. Chadwick, D.W.: Federated Identity Management. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007. LNCS, vol. 5705, pp. 96–120. Springer, Heidelberg (2009) 2. Pashalidis, A., Mitchell, C.J.: Taxonomy of Single Sign-On Systems. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 249–264. Springer, Heidelberg (2003) 3. Lutz, D.: Federation Payments using SAML Tokens with Trusted Platform Modules. In: Proceedings of the IEEE Symposium on Computers and Communications, pp. 363–368 (2007) 4. Vijayan, J.: Wells fargo discloses another data breach. Computer World (2006), http://www.computerworld.com/s/article/9002944 /Wells_Fargodisclo_nother_data_breach 5. Lemos, R.: Reported data leaks reach high in 2007. Security Focus (2007), http://www.securityfocus.com/brief/652 6. Trusted Computing, http://www.trustedcomputinggroup.org/ 7. Trusted Computing Platform Alliance (TCPA), http://mako.cc/talks/20030416politics_and_tech_of_control/trustedcomputing.html 8. Balacheff, B., Chen, L., Pearson, S., Plaquin, D., Proudler, G.: Trusted Computing Platforms: TCPA Technology in Context. Prentice-Hall, Englewood Cliffs (2003) 9. Khattak, Z.A., Sulaiman, S., Manan, J.A.: A Study on Threat Model for Federated Identities in Federated Identity Management System. In: Proceeding 4th International Symposium on Information Technology of IEEE Symposium, pp. 618–623 (2010) 10. Ahn, G.-J., Shin, D., Hong, S.-P.: Information Assurance in Federated Identity Management: Experimentations and Issues. In: Zhou, X., Su, S., Papazoglou, M.P., Orlowska, M.E., Jeffery, K. (eds.) WISE 2004. LNCS, vol. 3306, pp. 78–89. Springer, Heidelberg (2004) 11. Stephenson, P.: Ensuring Consistent Security Implementation within a Distributed and Federated Environment, pp. 12–14 (2006) 12. Hommel, W., Reiser, H.: Federated Identity Management: Shortcomings of Existing Standards. In: Proceedings of 9th IFIP/IEEE International Symposium on Integrated Management (2005) 13. Smedinghoff, T.J.: Federated Identity Management: Balancing Privacy Rights, Liability Risks, and the Duty to Authenticate (2009)
258
Z.A. Khattak, J.Ab. Manan, and S. Sulaiman
14. Jøsang, A., Fabre, J., Hay, B., Dalziel, J., Pope, S.: Trust Requirements in Identity Management. In: Australasian Information Security Workshop (2005) 15. Maler, E., Reed, D.: The Venn of Identity: Options and Issues in Federated Identity Management. IEEE Security and Privacy 6(2), 16–23 (2008) 16. Madsen, P., Koga, Y., Takahashi, K.: Federated Identity Management For Protecting Users from ID Theft. In: Proceedings of the 2005 ACM Workshop on Digital Identity Management, pp. 77–83. ACM Press, New York (2005) 17. Mills, E.: Report: ID fraud malware infecting PCs at increasing rates, Security (2009), http://news.cnet.com/8301-1009_3-1019302583.html?tag=mncol;title 18. Shin, D., Ahn, G.-J., Shenoy, P.: Ensuring Information Assurance in Federated Identity Management. In: Proceedings of the 23rd IEEE International Performance Computing and Communications Conference, pp. 821–826 (2004) 19. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCGbased Integrity Measurement Architecture. In: Proceedings of the 13th USENIX Security Symposium Conference, Berkeley, CA, USA, pp. 223–238 (2004) 20. Khattak, Z.A., Manan, J.A., Sulaiman, S.: Analysis of Open Environment Sign-in Schemes-Privacy Enhanced & Trustworthy Approach. J. Adv. in Info. Tech. 2(2), 109– 121 (2011), doi:10.4304/jait.2.2.109-121 21. Trusted Computing Group, Trusted Computing Group Specification Architecture Overview v1.2. Technical Report. Portland, Oregon, USA (2003) 22. Bakhsh, S.: Protecting your data with on-disk encryption, Business Intelligence Solutions, http://www.trustyourtechnologist.com/index.php/2010/07/07 /protecting-your-data-with-on-disk-encryption/ 23. O’Gorman, L.: Comparing passwords, tokens, and biometrics for user authentication. Proceedings of the IEEE 91(12), 2021–2040 (2003) 24. Shibboleth, http://shibboleth.internet2.edu/ 25. Liberty Alliance, http://projectliberty.org/ 26. OpenID, http://openid.net/
Appendix: Table 2. Processes Steps Detailed Description User agent calling Tspi_TPM_Collate IdentityRequest
TPM Performs TPM_Make Identity
TSS_CollateIde ntityRequest
Process The user agent performs Tspi_TPM_CollateI dentityRequest making a request to TPM to create an AIK key & setup certificate request from ISP or IDP or AS plays a role of P-CA. The TPM_MakeIdentity execution creates a new AIK and using private key to sign structure (TPM_IDENTITY_CONTENTS). This structure includes public key, hashing result, identity Label. The user agent performs TSS_ CollateIdentityRequest. It assembles the data required by ISP (P-CA). Next it sends the IdentityRequest (to attest the new created TPM identity) TPM_IDENTITY_PROOF to the ISP (P-CA). This message include Identity-Binding signature to structure (TPM_IDENTITY_CONTENTS). In addition it consist endorsement l, conformance, and platform credentials. The IR message is symmetrically encrypted using a session key and
Finding New Solutions for Services in Federated Open Systems Interconnection
259
session key is asymmetrically encrypted using the public key of the ISP (P-CA). The user agent forwards Identity-Request (TPM_IDENTITY_REQ.) message to ISP. On receiving the TPM_IDENTITY_REQ. by ISP (P-CA). The ISP uses private key to decrypts the session key and then decrypts the message using session key. It verifies the Identity-Request message was generated by a genuine TPM. The ISP response by sending ISPResponse (TPM_SYM_CA_ATTESTATION structure) message. This message includes encrypted version of identity credential such as TPM_IDENTITY_CREDENTIAL structure, symmetrically encrypted using a session key and session key is asymmetrically encrypted using the public key of TPM Endorsement Key (EK). Tspi_TPM_Activate TPM_ActivateI User agent perform Tspi_TPM_ActivateIdentity to Identity dentity receives AIK credential from ISP (P-CA) and activate it. For this TPM performs TPM_ActivateIdentity to obtain session used to use to encrypt the identity credential. Only TPM EK private key part can be used to decrypt the encrypted session key with TPM EK public part. The user agent performs TSS_ RecoverTPMIdentity to decrypt the AIK certificate such as TPM_IDENTITY _CREDENTIAL using the session key. Tspi_Key_Create TPM_CreateWr The certified AIK private part can not be used to Key apKey sign external data to the TPM. Therefore, user agent should create another non-migratabale key pair (D) method call Tspi_Key_CreateKey (by Tspi_Key_Certify TPM_CertifyKe by performing a command- TPM_CreateWrap Key) Key y2 and then sign newly created key with AIK private key part by using the method- Tspi_Key _CertifyKey (by performing a commandTPM_CertifyKey2). Tspi_Key_ TPM_CreateWr The user agent should create non-migratabale key CreateKey apKey pair or certified migratabale key pair (E) using TPM_CMK_Cr methodTspi_Key_CreateKey. TPM_ eateKey CMK_CreateKey can be used if user want to Tspi_Key_ TPM_CertifyKe migrate the key to another TPM Platform while TPM_CreateWrapKey to create non-migratabale Certify Key y2 key pair. Using TPM_CertifyKey2 to sign new key pair (E) using private portion of AIK. Tspi_Hash_Sign TPM_Sign The user agent performs method-Tspi_Hash _Sign. TPM performs a command- TPM_Sign to sign E public key (confirming to X.509 v3 format). The public key certificate work as user identity certificate for authentication of client to the Bank Server.
Duplicate File Names-A Novel Steganographic Data Hiding Technique Avinash Srinivasan1 and Jie Wu2 1 2
PA Center for Digital Forensics, Bloomsburg University, Bloomsburg PA 17815 Center for Networked Computing, Temple University, Philadelphia, PA 19122
Abstract. Data hiding has been an integral part of human society from the very early days dating back to BC. It has played its role for both good and bad purposes. First instances of data hiding dates back to 440 B.C. and has been cited in several works as one of the first known and recorded use of steganography. Several complicated Steganographic techniques have been proposed in the past decade to deceive the detection mechanisms. Steganalysis has also been one of the corner stones of research in the recent past to thwart such attempts of the adversary to subterfuge detection. In this paper we present a novel, simple, and easy to implement data hiding technique for hiding files with duplicate names. The proposed file hiding technique Duplicate File Names uses an innocuous file as the cover medium exploiting its name and reputation as a good file. This vulnerability was first discovered on a Windows 98 machine with DOS 6.1. We have tested this vulnerability on several different file systems to confirm that the vulnerability exists across file systems and not specific to older Windows file systems. Finally, we have discussed using this method for legitimate data hiding as well as detecting when employed for illegitimate data hiding. Keywords: Digital forensics, duplicate file name, file hiding, identity and data theft, steganography.
1
Introduction
Steganography has been a great challenge to the digital forensic community from the very beginning. However, one has to be unbiased and recognize the good side to Steganography like digital copyrighting and watermarking. Several techniques have been developed to detect information hiding accomplished by various Steganographic tools employing a limited number of Steganographic algorithms. However the adversary has been consistently successful in developing new techniques to achieve the same. In this paper we expose a potentially serous vulnerability which was first discovered on a Windows 98 machine with DOS 6.1. The problem was identified while recovering deleted files on a FAT12 formatted floppy disk using DiskEdit. Norton Diskedit is a hexeditor for logical and physical disk drives on all Windows filesystems. It is an undocumented utility that comes along with the standard Norton Utilities package for Windows. The A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 260–268, 2011. c Springer-Verlag Berlin Heidelberg 2011
Duplicate File Names-A Novel Steganographic Data Hiding Technique
261
aforementioned vulnerability persists across the FAT file system family- FAT12, FAT16, and FAT32. The vulnerability can be formally stated as follows“A malicious file can be renamed, using a simple Hex editor tool, to bear the same name as that of a known good file on the media to evade simple detection schemes including visual examination”. This vulnerability is as powerful as it appears simple. An average computer user with the knowledge of the underlying file systems’ structure and layout can easily traffic important files in and out of a room, building, or the country. To accomplish this, all he needs is a simple hex editor tool such as DiskEdit or HxD. Such files can range anywhere from a simple and not so critical data like coworkers’ salary and bonus package to important business data like design and development blueprints and Intellectual Property. From a national security perspective, this could a document with classified information or a terrorist plot. None-the-less, these files can also be potentially dangerous viruses, malware, child porn image and video files. The question that many of us want an answer to is“Is this the most sophisticated data hiding technique”? and the simple answer is “NO”. However, the answer neither mitigates the risk nor eliminates the threat from such a simple data hiding technique. In this paper we will discuss the structure of a simple FAT file system- FAT12. We then discuss the steps by which malicious files can be hidden in plain sight there by easily evading detection and visual inspection techniques employed. Simple and routine inspections are commonly deployed at the periphery of an organization like the security guard who can be directed to inspect the files carried out by employees working in certain restricted areas. The idea of this research work is to develop a simple and easy to use tool that can be used to detect and thwart such simple information theft that can potentially cause irreversible business losses and jeopardize the national security. We then discuss in detail the reverse engineering process of extracting such files. The reminder of this paper is organized as follows. In Sec.2 we will review some of the important works in the field of steganography relevant to our work. We then present two application scenarios discussing in detail the presented data hiding technique in Sec.4. In Sec.3, we discuss the requirements for this method of data hiding to work, the categorization of storage devices, and related issues. We also present in this section the various areas on a disk where data can be hidden that usually would not hold user data otherwise. Later in Sec.5 we present some fundamental information of file systems with FAT12 as an example because of its simplicity. In Sec.6 we will discuss the details on how files can be hidden in plain sight by exploiting the vulnerability presented in this paper. We present a detailed detection and recovery process in Sec.7. Finally, in Sec.8, we conclude our work with directions for future research.
2
Related Work
Steganography can be used to insert plain or encrypted data in a cover file to avoid detection. The sole purpose of steganography is to conceal the very fact
262
A. Srinivasan and J. Wu
that something exists as opposed to cryptography which aims at rendering the contents uninterpretable. MaDonald and Kuhn’s StegFS [MK2000] hides encrypted data in the unused blocks of a Linux ext2 file system. Consequently, it makes the data look like a partition in which unused blocks have recently been overwritten. Furthermore, the proposed method of overwriting with random bytes mimics disk wiping tool. Metasploit Anti-Forensics Project [MetaSplolt] seeks to develop tools and techniques for removing forensic evidence from computer systems. This project includes a number of tools, including Timestomp, Slacker, and SAM Juicer, many of which have been integrated in the Metasploit Framework. Metasploits Slacker hides data within the slack space of FAT or NTFS file system. FragFS [TM2006] hides data within the NTFS Master File Table. It scans the MFT table for suitable MFT entries that have not been modified within the last year. It then calculates how much free space is available and divides it into 16byte chunks for hiding data. RuneFS [G2005] stores files on blocks it assigns to the bad blocks inode which happens to be inode 1 in ext2. Forensic programs are not specifically designed to look at the bad blocks inode. Newer versions of RuneFS also encrypt files before hiding them making the problem a two fold problem.
3
Hiding Information on Storage Devices
In this section we will list the the requirements for successful data hiding and various areas on the storage volume where data can be hidden. 3.1
Requirements
For successful data hiding using the Duplicate File Names method, the following requirements have to be met. 1. The cover file should always have a lower starting cluster number compared to the file to be hidden. This is because the OS, when you access a file will always open the file with the lower starting cluster number. This is true and has been verified on all three FAT file systems. 2. The cover file and the hidden file have to be at the same hierarchical level in the directory structure. In light of this point, we have to ask the following question“Is it possible to have two files with the same name but different contents at the same hierarchical level- i.e., on the same drive, inside the same partition, and inside the same folder? The answer to this question is “No”. Trivially, there are two ways to attempting to create two files with the same name1. Renaming an existing file-Two files already exists inside a folder with different names. Try to rename one of the them to have the same name as
Duplicate File Names-A Novel Steganographic Data Hiding Technique
263
the other by either right clicking or by opening the file and using the “save as” option under file menu. An error message will pop up. 2. Creating a new file- A file already exists. Try to create a new file and save it in the same folder as the existing one with the same name. This is same as opening an existing file and using “save as” option. Once again you will see an error message pop up. In summary, one cannot save two file with the same name inside the same directory without overwriting. Once overwritten, the original file content will be lost forever although parts of it may be recovered from slack space. None-the-less, creating multiple files with duplicate names can be easily accomplished with the use of any freely available HeX editor. This requires some knowledge of the underlying file system and the associated OS. With the help of a HeX editor, the adversary can rename multiple files with a single name. Since, with a HexEditor, we work below the file system, the OS will not complain about the file already existing. Neither does the OS overwrite the contents of the original file. This way, there can be several files with the same name inside the same directory. This has been illustrated in Fig.1
Fig. 1. Screenshot of a diskette storing two files with exactly the same name and extension at the at the same hierarchical level
There are several common areas on the disk that are either unused or reserved and can serve the purpose of hiding data without interfering with the intended primary operations of the storage partition. Below is the a list of areas common to both OS partition and non-OS partition.
264
– – – –
4
A. Srinivasan and J. Wu
Slack Space- RAM and File Slack Boot Sector of non-bootable partition Unallocated Space Volume Slack
Application Scenario
In this section we present two application scenarios in different domain to emphasize the potential threat that Duplicate File Name data hiding technique can pose. 1. Scenario- 1: Child Pornography: A child pornographer can hide child porn images and/or videos using the same name as that of an innocuous looking image and/or video file respectively. The child pornographer can be doing this at his work place or at home. Since two files have the same name and clicking on either will always open the known good cover file. 2. Scenario- 2: Information Theft: A company employee easily steal confidential and proprietary data. The employee can steal the data very easily. He can save it on to his system with the name of a file he has privilege to access. Then copy both the original file and the file he is stealing with the Duplicate Name and walk out. Even if there is any sceurity screeningNo body would immediately wonder as to how two files with the same name can be copied to the same directory. The following two situations have to be clearly differentiated. Duplicate files can have the same name and or different names. If they have the same name and are inside the same volume on a drive, then there will be only one root directory entry for all copies of the file with the same name. However, if duplicate copies have different names, then there will be a separate root directory entry for each copy with a different name irrespective of the hierarchy they reside at. In the former situation, as long as duplicate copies are inside the same volume, copies with the same name will have consistent data as long as they are duplicate. However, in the later scenario, modifying a file will not update the duplicate copies with different file names. As already mentioned, in this paper we are trying to resolve the first scenario. There are commercially available tools to handle the second and third scenario. The fourth scenario is benign and poses no threat as such.
5
Hiding On Floppy Disk
For simplicity, we consider the example of hiding a malicious file on a floppy disk formatted with FAT12 file system. Additionally, to enable the reader in appreciating and understanding the file hiding technique presented in this paper, we will briefly discuss the layout of a floppy disk formatted with FAT12 file system and important data structures as shown in Fig.2. The entire floppy disk can be divided into two main regions.
Duplicate File Names-A Novel Steganographic Data Hiding Technique
265
1. System Region 2. Data Region System region consists of important system areas and data structures as follows1. Boot Sector 2. File Allocation Table (a) Primary FAT (b) Secondary FAT 3. Root Directory For file recovery, the two most critical regions are the File Allocation Table and the Root Directory. The standard, default size of a root directory entry is 32 bytes and is consistent across the three FAT file systems-12, 16 and 32. In this paper we will restrict our discussions to FAT file systems for simplicity of conveying the idea. The 32 byte directory entry of a file stored on a FAT formatted volume has some critical information, which are listed below, that can be useful in detecting different files with duplicate names. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10.
File Name File Extension File Attribute(s) Create Date Created Time Last Accessed Date Modified Date Modified Time Start Cluster Number File Size
In particular, for files that have different content but the same name and extension, the start cluster numbers have to be unique. The file size, in almost all cases should be different as well, however it cannot serve as an evidence to trigger suspicion nor serve as a confirmatory litmus test. The same vulnerability can be seen from another perspective of having positive applications including hiding password files in plain sight. Such file can be accessed and opened on the fly by the methods presented later in this paper.
6
The Process of Hiding
In this section, we will discuss the method of hiding files with duplicate name using HeX Editor tool. The file uses size as the key requirement for choosing a cover file. Extension is not a key concern when choosing cover file since extension can be easily modified for the malicious file to match that of the cover file. Without of loss of generality, we will use “Good File” to refer to the cover file being used whose name will not cause any suspicion or raise flags and “Bad
266
A. Srinivasan and J. Wu
Fig. 2. The two main regions of a FAT12 formatted floppy disk and regions and data structures within the system region of a FAT12 formatted floppy disk
File” to refer to the file being hidden which can be proprietary information of a corporate, child pornography image or video, etc. The tool scans the entire root directory and returns the top five files whose size match the given file in size and attributes very closely. Then the user can choose a file whose name and extension will be used as the cover for hiding the malicious file. Once the user makes his choice, the rest is very simple. 1. 2. 3. 4.
The user initially save the file to be hidden on the storage device. The user then loads the storage device into a hex editor and opens it. User locates the entry in the root directory for the file to be hidden. User over writes the name and extension of the file to be hidden with name and extension of the cover file. 5. User saves the changes made to the storage device. 6. Now, when the storage device is opened on any system, you can see two files with the exact name and extension at the same hierarchical level.
7
The Process of Detection and Recovery
Detecting files with duplicate names but different content can be performed in two different ways. Both these methods are described in detail below. Once two
Duplicate File Names-A Novel Steganographic Data Hiding Technique
267
or more files are detected to have the same name but different content using the method below, then they have to be recovered with out loosing data for their potential evidentiary value. 7.1
Renaming Method of Detection
1. Open the disk in a hex editor tool. 2. Scan the root directory entries on the entire disk including subdirectories for duplicate file names including the extension. If there is more than one file with the same name and extension, then cross check their start cluster number and logical file size. 3. Two files with the same name and extension, if they are exactly the same in content, should have the exact same start cluster number and logical size. 4. If the result of this test confirms the files under scrutiny have the same start cluster number, then it can be ignored since it represents duplicate files. 5. If the result of this test confirms that the file with duplicate names have different start cluster numbers, then they are clearly different. 6. The logical size cannot be used as a confirmatory test since two files with same name but different contents can have the same size. 7. Both these files can be now retrieved to a different location such that original content is not altered, rename them as DIRTY-1.EXT and DIRTY-2.EXT. Now open both files. Having named them differently, the malicious file will not be protected any longer since accessing it now will reveal the actual content.
8
Conclusion and Future Work
In this paper, we have exposed a subtle yet important vulnerability in file systems, specifically FAT, that can be exploited to hide files in plain sight and evade detection. We have also proposed simple solutions to overcome such data hiding techniques and detect hidden files. We will continue to investigate along these lines to uncover any such data hiding techniques that have been either unknown or have been dismissed as too trivial. We have shown strong reasons through example application scenarios where such simple techniques can have a big payoff for the adversary with minimum risk. In the second phase of this project we will be developing a tool that can be used to hide information in plain sight exploiting the same vulnerability. The tool will be primarily targeted for education and training purposes. As part of our future work we will be investigating anti-forensics techniquestechniques that are specifically designed to hinder or thwart forensic detection of criminal activities involving digital equipment and data. Also on our agenda of future research is Denial-of-Service attacks exploiting file system knowledge.
References [HBW2006] Huebnera, E., Bema, D., Wee, C.K.: Data hiding in the NTFS file system. Digital Investigation 3(4), 211–226 (2006) [P1998] Liu, Brown: Bleeding-Edge Anti-Forensics. In: Infosec World Conference & Expo. MIS Training Institute
268
A. Srinivasan and J. Wu
[AB1992] Abramson, N., Bender, W.: Context-Sensitive Multimedia. In: Proceedings of the International Society for Optical Engineering. SPIE, Washington, DC, September 10-11, vol. 1785, pp. 122–132 (1992) [BGM1995] Bender, W., Gruhl, D., Morimoto, N.: Datahiding Techniques. In: Proceedings of SPIE 2420 (1995) [BGML1996] Bender, W., Gruhl, D., Morimoto, N., Lu, A.: Techniques for Data hiding. IBM System Journal 35(3&4) (1996) [BL2006] Buskrik, Liu: Digital Evidence: Challenging the Presumption of Reliability. Journal of Digital Forensic Practice 1, 19–26 (2006), doi:10.1080/15567280500541421 [GM2005] Garfinkel, Malan: One Big File is Not Enough: A Critical Evaluation of the Dominant Free-Space Sanitization Technique. In: The 6th Workshop on Privacy Enhancing Technologies, June 28-June 30. Robinson College, Cambridge [LB2006] Liu, Brown: Bleeding-Edge Anti-Forensics. In: Infosec World Conference & Expo. MIS Training Institute [MK2000] McDonald, A., Kuhn, M.: StegFS: A Steganographic File System for Linux. In: Pfitzmann, A. (ed.) IH 1999. LNCS, vol. 1768, pp. 463–477. Springer, Heidelberg (2000) [TM2006] Thompson, I., Monroe, M.: FragFS: An Advanced Data Hiding Technique. In: BlackHat Federal, Wang (2004) [MetaSplolt] Metasploit Anti Forensics Project, http://www.metasploit.com/research/projects/antiforensics/ [G2005] Grugq: The Art of Defiling, Black Hat (2005), http://www.blackhat.com/presentations/bh-usa-05/bh-us-05-grugq.pdf
A Framework for Securing Web Services by Formulating an Collaborative Security Standard among Prevailing WS-* Security Standards M. Priyadharshini1, R. Baskaran2, Madhan Kumar Srinivasan3, and Paul Rodrigues4 1,2
Computer Science Department, Anna University, Chennai, India
[email protected],
[email protected] 3 Education & Research, Infosys Technologies, Mysore, India
[email protected] 4 Department of IT, Hindustan University, Chennai, India
[email protected]
Abstract. Web Services enables communication between applications with a less working out on the underlying mechanics of communication. This paper provides a brief introduction to security concepts and describes in detail various specifications related to security among WS-* family and association among those specifications. Web Service Standards available do not completely address security for web services. In this paper we have proposed a framework that consists of components which could secure web service interactions facilitating interoperability between various WS-* security standards, by devising a collaborative security standard based on the associability of WS-* security standards and can be furthermore customized by optimizing the selection and projection functions of standard list and parameter list. The parameter list is again formulated by clear understanding of association of the WS-* security standards. Keywords: WS-* family, collaborative security standard, interoperability, web services.
1 Introduction Today’s enterprises take advantage of the benefits of loosely coupled web services and made it an integral part of their business process. Therefore, need for security in business process raises the level of security needs in web services as well. The loose coupling is possible in web services due to extensive usage of XML (Extensible Mark-up Language). XML is used in web services for describing, requesting, responding and so on, which drives us to secure XML messages if web services need to be secured. The chapter just following briefs about the Web Service Model, Chapter III about the various security issues need to be addressed in web services and Chapter IV describes about formulation of collaborative security standard and proposed framework which provides an interoperable and secure gateway for web service usage. Chapter V briefs about various WS-* security standards along with the A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 269–283, 2011. © Springer-Verlag Berlin Heidelberg 2011
270
M. Priyadharshini et al.
issues addressed by those specifications and followed by Chapter VI about the associations that exist between the standards, which serves as the basis for formulating the collaborative security standard. In Chapter VII selection criteria based on scenarios is presented with few scenarios and finally Chapter VIII gives how evaluation process can be done for evaluating the security provision of the framework
2 Web Service Model Web service model is one of the approaches for building SOA (Service Oriented Architecture). Service provider creates a web service and its service definition and publishes in the service registry. Service Requestor finds the service in the registry and obtains the WSDL description and URL to the service itself. The service requestor with the help of information obtained binds to the service and invoke it. Figure 1 shows the web services model as interaction between service requestor and service provider through UDDI registry which is same as that of the Service Oriented Architecture.
Fig. 1. Web Services Model
The core technologies which form the foundation of Web services are SOAP, WSDL and UDDI. 2.1 SOAP Simple Object Access Protocol (SOAP) is used as a standard to exchange messages between client applications and services that run on server through Internet infrastructure. The method invocation is made as a SOAP request and result is passed as SOAP response. SOAP message are in form of XML and it encapsulates as optional element and as mandatory element inside a [1]. Soap Header holds the information needed by the SOAP node
A Framework for Securing Web Services
271
to process the SOAP message such as authentication, routing etc. Soap body contains the information to be sent to the SOAP message receiver. The format of SOAP request and response will be as follows [7]: Table 1. SOAP Request invokes OrdItem() method from http://www.Tanishq.com/Order and SOAP Response passes order number generated on processing the order to the client SOAP Request to Process Order 70010 105057 WGRWRD WhiteGoldRing WithRoundDiamond 8332 2010-02-10 0:10:56
SOAP Response on Processing Order 20014
Table 2. Sample WSDL for Placing Order is specified OrderItem.WSDL
272
M. Priyadharshini et al. Table 2. (Continued)
2.2 WSDL WSDL is an XML document which is the web service interface published by the service providers. Service requestors who wish to access the service can read and interpret the WSDL file. The information in the WSDL file is as follows: • • • •
Location of the service Operations performed by the service Communication Protocol supported by the service Message Format for sending and receiving request and responses.
2.3 UDDI UDDI (Universal Description, Discovery and Integration) is the directory which has list of web service interfaces provided by various businesses. The interfaces are represented using WSDL which is rendered when businesses find the interfaces suitable for their search. UDDI are public or private platform-independent framework driven by service providers like Dell, IBM, Microsoft, Oracle, SAP, and Sun as well as few e-business leaders. Web service is a powerful technology for distributed application development and integration. Today’s most e-commerce applications are based on the involvement of web services and hence make web service as an essential element in current scenario. Next chapter elaborates security issues in web services.
3 Security Issues As stated earlier Web Services rely on Internet infrastructure and hence the security issues encountered in network is encountered in web services also. 3.1 Confidentiality Confidentiality specifies that the content of the message should be accessed only by the sender and receiver. This is achieved by appropriate encryption and decryption
A Framework for Securing Web Services
273
algorithms applied on entire message or parts of the messages. SSL using HTTPS can provide point-to-point data privacy i.e. security at transport level. At application level sensitive data fields can be applied with encryption mechanisms. Sniffing or eaves dropping is an attack with respect to confidentiality. 3.2 Authentication Authentication is establishment of proof of identities among entities involved in the system. Username and password are used for authenticating the user at platform level. At message level to provide authenticity SOAP headers [5] is added with user name and password, assigned tickets and certificates such as Kerberos and X.509 certificate. In application level custom methods can be included for authentication. Single Sign on or Trust relationship need to be incorporated in routing to provide authentication between multiple services. 3.3 Authorization One entity may be authorised to do certain operations, and access certain information whereas others may not be. In Web services access control mechanisms need to be provided in form of XML (XACML and SAML). Access control may be based on Role (RBAC), Context (CBAC), Policy (PBAC), Attribute (ABAC) and so on[2]. 3.4 Non-Repudiation Non-Repudiation is disclaiming the message sending or receiving, time of sending and receiving the message. On critical and secure service access non-repudiation is one of the major issues. A Central arbiter Trusted Third Party (TTP) [1] should be introduced along with XML Signature to provide security in these cases. 3.5 Availability Authorized resources and services available at all times are meant by availability. Denial of Service (DOS) is the commonly encountered problem related to availability. 3.6 Integrity The change of message content during transit leads to loss of Integrity. It is mainly concerned with the web service description (WDSL) file. On tampering and changing this file, intended service may not get bind to the requestor and even problems may arise in case of composition. Proper Hashing algorithm or XML Signature may overcome this issue.
4 Proposed Security Framework Including Formulation of Collaborative Standards 4.1 Security Framework The Proposed Security Framework consists of components such as Security Manager, Static Analyser and Dynamic Analyser. Figure 2 depicts the Security Framework
274
M. Priyadharshini et al.
which serves as a gateway to ensure the security of the web service access from various distributed client applications. Web Service model involves the process of publishing and invoking services. Proposed Security Framework includes security list formation and corresponding parameter list which is devised as a collaborative security standard. Static Analyser is the component which is invoked during registering of service, which will guide the service provider or the publisher to customise and hence record the security standard values for the Standard List as well as corresponding Parameter List.
Fig. 2. Security Framework
Dynamic Analyser component is invoked during discovery and execution of the service, checks for the correctness of the security needs specified in the standard at various levels such as message and transport level. Security Manager is the component in the framework which manages the process of proper execution of the framework maintaining the logs made during Static and Dynamic Analysis. SM={ | af() }
(1)
Where SL – Standard List PL (SL) – Parameter List of Standard List Item Slog – Service Log af – registering or access function 4.2 Collaborative Security Standard Collaborative security standard consist of Standard List and Parameter List. A Standard list is selected based on the precise understanding of the security needs and the WS-* Security Standards and their associations, which could address the needs.
A Framework for Securing Web Services
275
Standard List (SL) formulated with WS-*(all XML Security standards) pertaining to security as input: SL = {I | I Є WS} WS = {t | t Є sf(WS-*)} Where SL – Standard List I - Standard List Item sf – selection function selecting among WS standard Items with security as objective
(2)
Parameter List (PL) for each Standard List (SL) which are found to be suitable for inclusion: PL = {P | P Є pf (SL)}
(3)
Where pf – Projection function to list out only mutually exclusive parameters
5 WS-* Security Standards Organization for the Advancement of Structured Information Standards (OASIS) and World Wide Web Consortium (W3C) devised many WS standards which were used for providing security, reliability, and transaction abilities in web services. These WS* standard specifications help to enhance the interoperability between different industry platforms, most notably Microsoft’s .NET platform and IBM’s WebSphere software. This chapter will discuss on the standards which concentrate on Security. 5.1 WS-Policy WS-Policy [9] is general-purpose framework model that describes web service related policies. A policy can specify properties, requirements and capabilities of the web services. While service request is been sent this policy is used to validate and accept the request. For example a Policy can mandate the web service for NEFT (NonElectronic fund Transfer) to provide service between 10:00 AM and 5:00 PM from Monday to Friday and between 10:00 AM and 2:00 PM on Saturdays or that request should be signed using X.509. The Policies defined in WS-Policy can be attached to service endpoints or XML data using WS-PolicyAttachment. The Polices can be retrieved from SOAP node using WS-MetadataExchange. Specific Policy assertion related to text encoding, SOAP Protocol version and Predicates that enforce the header combinations existing between SOAP messages are defined using WS-PolicyAssertions. The Proposed Security Framework consists of components such as Security Manager, Static Analyser and Dynamic Analyser. Figure 2 depicts the Security Framework which serves as a gateway to ensure the security of the web service access from various distributed client applications. Web Service model involves the process of publishing and invoking services. Proposed
276
M. Priyadharshini et al.
Security Framework includes security list formation and corresponding parameter list which is devised as a collaborative security standard. 5.2 WS-SecurityPolicy WS-SecurityPolicy[8] consists of the security related assertions such as ‘Security Token’ which tells the requestor which security token need to be used while calling a given web service. The other assertions include assertions specifying about Integrity, Confidentiality, and Visibility which are used to specify the message part that need to be protected and that parts need to remain unencrypted. Message expiry can be prompted using ‘Message Age exception’. For Instance, XPath based SignedElements assertion is used to arbitrary message element that need Integrity protection. The RequiredParts and RequiredElements using QNames and XPath are used to specify the header element the message should contain. WS-SecurityPolicy also consists of assertions related to cryptographic algorithms, transportation binding and the order of applying cryptographic algorithms. 5.3 WS-Security WS-Security Standard addresses Confidentiality and Integrity of XML messages transferred as request and responses. The header [12] is used to attach security related information. WS-Security standard defines cryptographic processing rules and methods to associate security tokens. Since SOAP messages are processed and modified by SOAP intermediaries, mechanisms such as SSL/TLS are insufficient to provide end-to-end security of SOAP messages and hence WS-Security gain importance. WS-Security specifies that signature confirmation attribute included to digital signature of request and again back included in the response message, as signed receipt , in order to ensure that the request or response are tied to corresponding response or request. WS-Security defines a mechanism to associate a security token by including them in the header and a reference mechanism to refer the tokens in binary and XML formats. ‘Username Token Profile’ adds literal plaintext password, hashed password, nonce (time variant parameters), and creation timestamp to already available Username Token. ‘Kerberos token profile’ defines the way in which Kerberos tickets are embedded into SOAP messages. The Other profiles include ‘WSSecurity X.509 Certificate token profile’, ’SAML token profile’ and ‘Rights Expression Language Token profile’. 5.4 WS-SecureConversation WS-Secure Conversation [10] defines way to establish ‘security contexts’ identified by an URI, which will permit existing SSL/TLS connection to be shared by subsequent requests to a web server in the transport level. When overheads related to key management raises due to introduction of message level security and as a result of which scalability becomes a problem this standard proves to be a better solution. There are three different ways to establish Security contexts. First, SCT (Security Context Token) retrieval using WS-Trust i.e. SCT is retrieved from a security token
A Framework for Securing Web Services
277
service trusted by the web service. Second, SCT created by the requestor which has a threat of getting rejected by the web service. Third, using security context mutually agreed by requestor as well as provider using challenge-response process. This is SCT is then used to derive the session key, which is used for subsequent encryption and authentication codes. When Security context time exceeds the communication session then it will be cancelled but if it gets expired then it has to be renewed. 5.5 WS-Trust WS-Trust [11] standard introduces ‘Security Token Service’ which is a web service that issue, renew and validate security tokens. While multiple trust domains are involved, one security token can be converted into other by brokering trust. When a requestor wants to access a web service and he doesn’t hold the right security token specified in the policy. The requestor may state the available token and ask for the needed token to STS else requestor may delegate the responsibility of finding the ‘right’ token to STS itself and state only available token and just ask for the ‘right’ token. When the requestor includes time variant parameters as entropy while requesting for token, STS will return a secret key material which is called proof-of-possession. In this case token may be a certificate whereas the proof-of-possession is the associated private key. Requestor who needs an authorisation token for a colleague which need to be valid only till a particular time period can get a token from WS-Trust. 5.6 WS-Federation ‘Federation’ means two or more security domains interacting with each other, letting users to access the services from other security domain. Each domain has its own security token service and each of them has their own security policies. There are few XML standards used along with the WS-* security standards discussed above, which could help those standards in addressing the security issues. They include XMLSignature, XMLEncryption, SAML (Security Assertion Mark-up Language), XACML (Extensible Access Control Mark-up Language) and XKMS (XML Key Management Specification) and so on. XMLSignature. XMLSignature is the protocol which describes the signing of digital contents as whole or in parts. This provides data integrity and also important for authentication and non-repudiation of web services. This may also be used to maintain integrity and non-repudiation of WSDL files to enable definition of web service to be published and later trusted. XMLEncryption. XMLEncryption ensures confidentiality and hence provide secure exchange of structured data [3]. XMLEncryption can be applied to parts and even for documents in persistent storage, in contrast to SSL or VPN. Algorithms such as RSA, Triples DES are used for encryption, combination of these algorithms also prove to increase security during message exchange.
278
M. Priyadharshini et al.
SAML. SAML [4] is an XML standard for asserting authentication and authorisation information. Single sign-on (SSO) between different systems and platforms are realised using SAML. SAML does not establish or guarantee the trust between participants instead assumes and requires trust between them. Also SAML does not guarantee confidentiality, integrity or non-reputability of the assertions in transit. This could only be provided by XMLEncryption and XMLSignature or any other mechanisms supported by underlying communication protocol and platform. XACML. Extensible Access Control Mark-up Language express access control rules and policies used to derive access decision for set of subjects and attributes. In case of multiple rules and policies encoding rules, bundling rules into policies and defining selection and combination algorithms are done by XACML. Access control list in XACML consists of four tuples: • • • •
Subject – UserIds, groups or role names Target Object – single document element Permitted action – read, write, execute or delete (not domain specific) Provision – execute on rules activation – initiating log-in requesting additional credential etc,
XMLKeyManagementSpecification. XMLKMS is the web service interface which provides public key management environment for usage in XMLSignature and XMLEncryption. It consists of two sub protocols XML key information service specification and XML key registration service specification. The former is used for locating and retrieving public keys from key server. The later defines service interfaces to register to revoke and recover escrowed keys from key server. So far we had discussed about various WS-* standards that are related to security. Other than these standards we also have standards which ensures factors such as reliability, transaction, routing in web services such as WS-ReliableMessaging, WSTransaction, WS-Routing, WS-Discovery etc.,
6 Collaboration of WS-* Security Standards All the above standards discussed do not provide an entire solution on their own but need to be used along with other specification to finally arrive at an end to end security standard. For example WS-Security does not provide session management and that is done by WS-SecureConversation. The security solution can be tailored by the solution providers according to the specific need. In order to tailor the security solution it becomes necessary for the service providers and researchers involved in providing such solution to have a clear insight about the association of these standards in detail, which is as follows.
A Framework for Securing Web Services
279
WS-SecurityPolicy provides assertions specific for security. WS-Policy extends WS-SecurityPolicy provides all generic assertions. Hence WS-Security Policy fits into WS-Policy. The security assertions specified in the WS-Security Policy are utilized by WS-Trust, WS-Security and WS-SecureConversation. Security Assertions are represented using SAML. WS-Trust utilizes WS-Security for signing and encrypting SOAP Messages with the help of XMLSignature and XMLEncryption[6]. WS-Trust utilizes WSPolicy/WS-SecurityPolicy for expressing Security Token and to determine which particular security token may be consumed by a given web service.
Fig. 3. Collaboration of WS-* Security Standards Table 3. Summarises the WS-* Security Standards, their purpose and how they collaborate Standard
Purpose
Related Standards
WS-Policy
Define assertions for web services
WS-SecurityPolicy
WS-SecurityPolicy
Define security Assertions
WS-Security
Provide Message Security
WSSecureConversation WS-Trust
Establish security context
WS-Trust WS-Federation WS-Security WS-SecureConversation WS-Federation WS-Security
Security Token Management
WS-Security WS-SecuirtyPolicy
WS-Federation
Enable cross domain access
WS-Security WS-SecurityPolicy WS-Trust
280
M. Priyadharshini et al.
WS-Security uses session keys generated by WS-SecureConversation for subsequent encryption and decryption of messages. WS-Federation uses the WSSecurity, WS-SecurityPolicy and WS-Trust to specify the scenarios in which the requestors from one domain can get access to services in the other domain.
7 Scenarios of Security Challenges and Technological Solutions The proposed system provides us with an environment which could handle different scenarios of security challenges in different ways, but in an integrated and exhaustive manner ensuring the whole security challenges as per the requirements. Table 4. Selection criteria for choosing the WS-* Standards based on security challenges Security Challenge Confidentiality Authorisation
Standard List WS-Security WS-Trust
Authentication
WS-Security
Non-repudiation Availability Integrity
WS-SecureConversation WS-Security WS-Security WS-SecurityPolicy
Parameter List XMLEncryption SAML Assertion XACML Assertion Username Token Profile Kerberos token profile Certificate token profile SAML token profile Rights Expression Language token profile STS,X.509,Kerberos XMLSignature XMLSignature Username Token Profile Kerberos token profile Certificate token profile SAML token profile Rights Expression Language token profile
SCENARIO #1. A Project Proposal is formulated which is aiming at accessing lab results from various laboratories, who are specialist in performing diagnosis for various diseases. This project is intended to be used by all hospital management applications. This could give doctors a clear picture of the status of a patient. In the system requirements, identified significant non-functional requirement is security. SCENARIO #2. A renowned Bank plans to provide a facility of Tax Payment, which access a Tax calculator service, followed by payment through their payment gateway. The Service implementation needs to be incorporated so as to secure the profile of user details and tax amount as well.
A Framework for Securing Web Services
281
Table 5. We provide a listing for the above said scenarios, which gives the list of Security Objectives, possible Standard List and corresponding Parameter List, which could be the inputs from Static Analyzer to our system and used by Dynamic Analyzer during discovering and binding process Scenario # 1: Provider: Diagnostic Laboratories Requestor: Doctors
#2: Provider: Accounting Offices Requestor: Bank
Security Challenge Confidentiality Authorisation Authentication Nonrepudiation
Confidentiality Integrity
Standard List
Parameter List
SL= {WS-Security, WS-Trust, WSSecureConversation } WS= {WS-Security, WS-Trust, WSSecureConversation | sf (WS-Security, WSTrust, WSSecureConversation, WS-SecurityPolicy)}
PL= { pf (XMLEncryption, SAML Assertion, XACML Assertion, Username Token Profile ,Kerberos token profile, Certificate token profile ,SAML token profile, Rights Expression Language token profile, STS Token, X.509 Token, Kerberos Token)} PL= {XMLEncryption, SAML Assertion, XACML Assertion, (Username Token Profile || Kerberos token profile || Certificate token profile|| SAML token profile || Rights Expression Language token profile), (STS Token || X.509 Token || Kerberos Token)} PL= { pf (XMLEncryption, XMLSignature, Username Token Profile ,Kerberos token profile, Certificate token profile ,SAML token profile, Rights Expression Language token profile)} PL= {XMLEncryption, XMLSignature, (Username Token Profile || Kerberos token profile || Certificate token profile|| SAML token profile || Rights Expression Language token profile)}
SL= {WS-Security, WS-SecurityPolicy } WS= {WS-Security, WS-SecurityPolicy | sf (WS-Security, WSTrust, WSSecureConversation, WS-SecurityPolicy)}
8 Evaluation Process The formulation of collaborative security standard done by the framework can be justified by performing combinations of testing appropriate to the security objectives. Inputs for this testing are taken from Slog managed by Security Manager.
282
M. Priyadharshini et al.
n Security Metric sm =
i=1 Where
(Nai – Nfi)
(4)
Σ
Nai
n is the number of security objectives, Nai is total number of times client request for the service with security objective i Nfi is number of times program fails to access the service with security objective i
The security metric(sm) when maximum denotes a better security objective achievement. The individual values of Nai and Nfi as well as security metric(sm) gets updated for each discovery and binding in the Slog, which can be used for further optimisations.
9 Conclusion To provide better interoperability it is not enough to have a good level of understanding on these WS-* Security Standards but collaboration of these standards need to be clearly known without any discrepancies. Web Services Interoperability Organization (WS-I) provides security profiles which specifies the best combinations of these standards, yet it is difficult to devise a customized collaborative security standard and a framework to implement the standard which is proposed in this paper. The Optimization of the customization process can be performed by the logs maintained by the Security Manager component which will be taken care during the implementation of the above proposed framework.
References 1. Sinha, S., Sinha, S.K., Purkayastha, B.S.: Security Issues in Web Services: A Review and Development Approach of Research Agenda. AUJST: Physical Sciences and Technology 5(II) (2010) 2. Zhang, Y., Sun, C., Yang, J., Wang,Y.: Web Services Security Policy. In: International Conf. on Multimedia Information Networking and Security (2010) 3. Liu, W.-j., Li,Y.: Research and Implementation Based on Web Services Security Model. In: International Conference on Innovative Communication and Asia-Pacific Conference on Information Technology and Ocean Engineering (2010) 4. Nortbotten, N.A.: XML and Web Service Security Standards, IEEE Communications Surver & Tutorials, 3 (Third Quarter 2009) 5. Kadry, S., Smaili, K.: A Solutions for Authentication of Web Services Users. Information Technology Journal 6(7), 987–995 (2007) 6. Geuer-Pollman, C., Calessens, J.: Web Services & Web Services Security Standards. Information Security Technical Report, 10, 15–24, Published by Elsevier (2005) 7. WSDL Binding for SOAP 1.2, http://schemas.xmlsoap.org/wsdl/soap12/soap12WSDL.htm
A Framework for Securing Web Services
283
8. WS-SecurityPolicy 1.2 (July 1, 2007), http://docs.oasis-open.org/ws-sx/wssecuritypolicy/200702/ws-securitypolicy-1.2-spec-os.html 9. Web Service Policy 1.5 Framework, W3 Recommendations, 4 (September 2007), http://www.w3.org/TR/2007/REC-ws-policy-20070904 10. WS-SecureConversation 1.3, OASIS Standard (March 1,2007), http://docs.oasis-open.org/ws-sx/wssecureconversation/200512/ws-secureconversation-1.3-os.html 11. WS-Trust 1.3, OASIS Standard (March 19, 2007), http://docs.oasis-open.org/ws-sx/ws-trust/200512 /ws-trust-1.3-os.html 12. Web Services Security: SOAP Message Security1.0 (WS-Security 2004), OASIS Standard (March 01, 2004), http://docs.oasis-open.org/wss/2004/01 /oasis-200401-wss-soap-message-security-1.0 13. Chakhar, S., Haddad, S., Mokdad, L., Mousseau, V., Youcef, S.: Multicriteria EvaluationBased Conceptual Framework for Composite Web Service selection, http://basepub.dauphine.fr/bitstream/handle/123456789/5283/m ulticriteria_mokdad.PDF?sequence=2
Improved Web Search Engine by New Similarity Measures Vijayalaxmi Kakulapati1, Ramakrishna Kolikipogu2, P. Revathy3, and D. Karunanithi4 1,2
Computer Science Department, JNT University, Hyderabad, India
[email protected],
[email protected] 3 Education & Research, Infosys Technologies Limited, Mysore, India
[email protected] 4 Information Technology Department, Hindustan University, Chennai, India
[email protected]
Abstract. Information retrieval is a process of managing the user's needed information. IR system captures dynamically crawling items that are to be stored and indexed into repositories; this dynamic process facilitates retrieval of needed information by search process and customized presentation to the visualization space. Search engines plays major role in finding the relevant items from the huge repositories, where different methods are used to find the items to be retrieved. The survey on search engines explores that the Naive users are not satisfying with the current searching results; one of the reason to this problem is “lack of capturing the intention of the user by the machine”. Artificial intelligence is an emerging area that addresses these problems and trains the search engine to understand the user’s interest by inputting training data set. In this paper we attempt this problem with a novel approach using new similarity measures. The learning function which we used maximizes the user’s preferable information in searching process. The proposed function utilizes the query log by considering similarity between ranked item set and the user’s preferable ranking. The similarity measure facilitates the risk minimization and also feasible for large set of queries. Here we have demonstrated the framework based on the comparison of performance of algorithm particularly on the identification of clusters using replicated clustering approach. In addition, we provided an investigation analysis on clustering performance which is affected by different sequence representations, different distance measures, number of actual web user clusters, number of web pages, similarity between clusters, minimum session length, number of user sessions, and number of clusters to form. Keywords: Search engines, ranking, clustering, similarity measure, Information retrieval, click through data.
1 Introduction Web users request for accurate search results. Most of the Naïve users are poor in experts terminology in which they failed build right query to the search engine, due A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 284–292, 2011. © Springer-Verlag Berlin Heidelberg 2011
Improved Web Search Engine by New Similarity Measures
285
this as one of the reason search engines are limited in capability in the providing accurate results. All most Google, Yahoo, Bing, Ask, etc search engines are in a nascent stage. Still they are interested in doing research to give better results to the end users through one click. Query expansion is one dimension of search engines problem, in which it allows to add new terms to the base query to form new query for better understandability of search engine. We had a survey on query expansion techniques in [7] our previous work. Even we found the difficulty to improve search results by adapting WordNet for term selection for Query reformulation [8]. With this experience [7] [8] we proposed a novel technique to improve the search results. One basic idea is to record the user interaction with the search engine. This information can be used by the user to feedback the base results. Such information is known as click-through data. This information helps to learn similarity between or among the query keywords. Firsthand information is always needed to decide the relevance of the search results. Similarity measure is a function that computes the degree of similarity between two vectors [6]. Different similarity measures are used to increase the function output as the item becomes more similar to the query. The query term based query expansion refers to the measurement of similarity between the terms of a query with the utilization of the similarity propagation of web pages being clicked [9] and the document term based query expansion refers to the measurement of similarity between or among document terms and search queries primarily based on the search engines’ query log of data [9]. The idea behind this is, that the web pages are similar if they are visited by users, which are issuing related queries and these queries are considered similar if the corresponding users visit related pages. The problem of web personalization has become very popular and critical with the faster growth of users in using WWW. The process of customizing web to meet the needs of specific users is called Web Personalization [10].Web customization is to meet the needs of users with the aid of knowledge obtained from the behavior of user navigations. User visits are essentially sequential in nature that needs the services of efficient clustering techniques, These provides sequential data Set similarity measure or S3M that are able to capture both the order of visits occurrence and the content of the web-page. We discuss how click-through information is used in section 3. We explore the importance of similarity measures in section 2 as Related Work.
2 Related Word Similarity Measures(SM) are used to calculate the similarity between documents ( or Web Items) and search query pattern. SM helps to rank the resulted items in the search process. It provides flexibility to present more relevant retrieved item in the search in the desired order. SM is used for Item clustering and term clustering. Statistical indexing and similarity measures [11].
286
V. Kakulapati et al.
2.1 Similarity Measure as Inner dot Product Similarity Measure SM between Item I and Query Q is measured as inner dot product for vectors. t SM(Ij , Q)=Σ Wi j Wi q i=1
Where Wij is weight of term i in Item j , and Wij is Weight of term I in query q. Wi j = TFi j / TOTFj TFi j = Fj /{ max(Fj )} Where TFij is occurrence of Term j in Item i and TOTFj is Total Term Frequency of term j in all Items of the Database. Sometimes less frequent terms in an item may have more importance than more frequent terms; in this case Inverse Item Frequency (IIF) is taken into consideration i.e TF-IIF weighting. Wi j = TFi j * IIFi = TFi j * Log (N/IF i ) Where N is total terms, IFi is Item Frequency. This is represented as binary vector and weighted vector. In binary vector inner dot product is number of matched query terms in Item. In Weighted vectors, it is the sum of product of the weights of the matched terms. It also used for clustering the Similar Items: SM(Ii , Ij)=Σ ( Termi *Termj ) This Inner dot product is unbounded good for larger Items with more number of unique terms. But one drawback of this technique is, it finds how many query terms have matched with Item terms, but not how many are not matched. Sometimes we use inverse Similarity for Relevance calculation in such cases it fails to provide good results. 2.2 Cosine Similarity Measure Inner dot product Similarity Measure is normalized by Cosine angle between two vectors. Cosine Similarity Measure (CSM) is defined as - ij .q CSM(Ij , Q) = -------|ij| .|q| CSM(Ij , Q) =
Improved Web Search Engine by New Similarity Measures
287
Fig. 1. Cosine Similarity Measure
Fig.1 Describes the similarity between Query Q terms and Item I 1 & I2 terms with angle θ1 and θ2 respectively. If the two vectors of Item Term and Query terms coincide and aligned to same line i.e. angle distance is zero, then those two vectors are similar [12]. Like few of the above many similarity measures are used to match the terms of user search to the repository item set. We used same similarity measures for comparison, but comparing information is taken not only from base search pattern, we extended the initial search pattern with the user personalized information and other sources of information to match the items that improve the search results. 2.3 User Personalization To improve the relevance of the user queries, user query logs and profiling is to be maintained as user logs. User Personalization can be achieved using adaption of user interface or adaption of content needed to specific user. To judge the relevance of search results users have no common mechanism. The order of ranking by user interest give better understanding of query results for future analysis. In domain specific search tools the relevance is closer to the ranking order and easy to judge the relevance. To capture the user behavior for future prediction [13] they used ranking quality measures. Using Implicit Feedback whether user get satisfied or not is predicted through learning by finding indicative features including way of search session termination, time spent on resultant pages[14]. The behavior of engine is observed by measuring the quality of ranking functions and observing natural user interactions with the search engine [15].
3 Click-through Data Measuring the similarity of search queries is observed by quarrying the increasing amount of click-through data recorded by Web search engines, which maintain log of
288
V. Kakulapati et al.
the interactions between users and the search engines [16]. The quality of training data considered by humans has major impact on the performance of learning to rank algorithms [17]. Employing human experts to judge the relevance of documents is the traditional way of generating the training examples. But in real time , it is very difficult, time-consuming and costly. From few observations [6] [7] [8] [11] [12] [14] [15] Simple Relevance judgment and normal personalization of user queries has no much affect in improving the search results. In this paper we claim a novel approach for selecting alternate source for user behavioral information i.e. click-through data. Click-through data helps the user to captures the similar features from the past user navigations and searches for alternate items to retrieve. This approach has significant information to decide whether the user option for relevance feedback improves search results or not. We used different similarity measures for matching the click through data aided to the personalized query logs or simple query logs. 3.1 Click-through Data Structure We took manually collected dataset for implementation setup. Our document collection consisting of 200 faculty profiles consisting of standardized attributes given as good meta-data. We begin ranking our document set using Coarse Grain Ranking Algorithm. Coarse grain ranking is good for the document ranking if the items are containing required query terms. This algorithm scores each document by computing a sum of the match between the query and the following document attributes: name of faculty, Department or branch, qualification summary, experience track, subjects handled publication details, references and other details. When we gave query to User interface it returns the following results: Query: “CSE Faculty with minimum of 5 years experience” Table 1. Ranking order of retrieved results for the above query 1
Dr.B.Padmaja Rani, 16 years of teaching experience. Http://www.jntuh.ac.in
2
Satya.K, CSE Faculty, http://www.cmrcet.ac.in
3
Ramakrishna Kolikipogu, CSE Faculty, 5 years experience in teaching http://www.jntuh.ac.in
4
Indiravathi, having 20 years experience, not working in CSE Department
5
Prof.K.Vijayalaxmi, Faculty of CSE, http://www.jntu.ac.in
6
Megana Deepthi Sharma, studying CSE, having 5 years experience in computer operation.
From the profiles document set that we have taken to experiment the model, we got the above result in the first attempt of query “CSE Faculty with minimum of 5 years experience”. We found interesting results i.e. 1, 3, 5 are relevant to the query and 2, 4, 6 are not relevant to the query. Due to blind similarity measure the results are not fruitful. Now we need user judgment for deciding the relevance of search results. The
Improved Web Search Engine by New Similarity Measures
289
user clicks are preserved for the future search process. If user clicks 3rd result first then it has to reserve the first rank among the relevance list. For capturing such click through data, we built a Click-through data data-structure as triplet. Click-through data in search engines is a triplet which consists of the query a, the ranking b presented to the user, and the set c or of links that the user clicks for every navigation. 3.2 Capturing and Storing Click-through Data Click through data can be captured with little overhead and without compromising the functionality and usefulness of the search engine. This does not add any overhead for the user compared to explicit user feedback in particular. The query q and the returned ranking r are recorded easily when ranking (resulted) is displayed to the user. A simple system can be used to keep log of clicks. The following system was used to do the experiments in this paper. We recorded queries submitted, as well as clicks on search results. Each record included the experimental condition, the time, IP address, browser, a session identifier and a query identifier. We define a session as a sequence of navigations (clicks or queries) between a user and the search engine, where less than 10 minutes passes between subsequent interactions. When attribute is clicked in query results keep track of recording clicks occurring within the same session as the query. This is important to eliminate clicks that appeared to come from stored or retrieved and captured search results. Sometimes if user is continuing search more than 10 minutes it is built in such a way that it continues the recording process. In order to capture the click through data as we used middle server. This proxy server records the user clicks information. It has no effect on overhead of the user in search. To give faster results we need to reduce processing time called overhead, in general recording increases the overhead, but in our approach recording click through data and ranking information has no effect on operational cost. The click-through data is stored in a triplet format Data-Structure. The query q and rank order r can be recorded when search engine returns initial results to the user. To record clicks, a middle server maintains a data store of the log file. User queries are given unique Ids, while searching IDs are stored into log file along with query terms and the rank information r. User need not think of storing Links displayed by the results page, but direct him to a proxy server. These links are steps to encode IDs of queries and URLs of the item being suggested. Recording of query, ranking order and URL address happens automatically through proxy server whenever a user clicks the feedback link. The server redirects the user to the clicked URL through HTTP protocol. All this process is done with no more operating cost, which keeps the search engine to present the results to the user with no much extra time.
4 Ranking and Re-ranking The ranking rule is set according to the rank score of the item equal to the number of selections of the same item in past. From the initial ranking we proposed a new ranking algorithm to redefine the user choice list. We use Probalistic Similarity Measure and Cosine Similarity Measure for Item Selection and Ranking for base Search.
290
V. Kakulapati et al.
1. Algorithm: Ranking (Relevant Items Set RIS) Input: Relevance Item Set RIS. Output: Ordered Item List with Ranking r. Repeat if (Reli >Relj) then Swap (Ii,Ij) else Return Item Set I with ranking Order Until (no more Items in RIS)
2. Algorithm: Re-ranking (Ranked Items Set S) Input: Ranked Item Set S. Output: Ordered Item List with Re-Ranking r. CTDRelj) then Swap (Ii,Ij) else Return Item Set I with Re-ranking Order Until (no more Items in S)
5 Experimental Setup We implemented the above concept using Java. We took 200 Faculty Profile Item Set S and Created Click-through Data set in a Table. Whenever user gives choice click from the retrieved Items to the visual place we recorded the click through data in to Click-through Data Table. Using Base algorithm 1 we rank the items in initial search process. We ran the search tool for more than 100 Times and build a click-through data table. For experimenting the algorithm 2, we ran the Search process again for multiple numbers of times and observed the results are more accurate than the initial search. This process has a number of advantages including, it is effortless to execute while covering a large collection of Items and the essential search engines provide a foundation for comparison. The Striver meta-search engine works in the following way. The user will type a query into the interface of the Striver. The query is then forwarded to MSN Search, Google, Excite, AltaVista, and Hotbot. The retrieved results of the pages returned by search engines are analyzed and diagonized for top 50 attempts that are suggested are somehow extracted. For every link, the system displays the name of the page along with its uniform resource locator (URL). The results of our experiment are shown in Table 2.
Improved Web Search Engine by New Similarity Measures
291
Table 2. Experimental Results Recommended Query from click through Data Table (Personalized Queries) CSE Faculty + 5 year experience
Q. No
Query
Average Relevance
Average Improvement
1
CSE Faculty
50.00%
82.00%
2
Faculty with 5 years experience
25.00%
98.00%
CSE Faculty with min. of 5 years experience
3
Experience Faculty in Computers
60.00%
79.00%
Experienced CSE Faculty
4
Experience
10.00%
18.00%
Minimum Experience
5
Computer Science Engineering
15.00%
50.00%
Computer Science Engineering Faculty
6
Teaching Faculty
40.00%
66.00%
Teaching Faculty for CSE
7
CSE
20.00%
50.00%
CSE Faculty
8
Faculty
12.00%
50.00%
CSE Faculty
9
CSE Faculty with good experience
80.00%
50.00%
CSE Faculty
6 Conclusion and Future Work With our proposed a model we measure the similarity of query term with Click through Data log Table instead of directly comparing the whole data set. This new Similarity gave positive result and improved the Recall along with Precision. For query suggestion based on user click through logs to implement it required less computational cost. The re-ranking and suggesting items for user to judge the results are enhance through this paper. Moreover, the algorithm does not rely on the particular terms appearing in the query and Item Set. Our experiments shows that click through data gave more related suggesting queries from the Table 2. Query Numbers 2>8>5>1>7>6>3>4>9 are the order of improved relevance. We observe some time if the Feedback is not right judged it even gives negative results. We experienced with Q.No .9 from Table 2. Inorder to overcome such negative impact from the Click through History we plan to enhance this base model more carefully by appending semantic network and Ontology as our future research direction.
References 1. Baeza-Yates, R.A., Baeza-Yates, R., Ribeiro-Neto, B.: Modern Information Retrieval. Addison-Wesley Longman Publishing Co., Inc., Amsterdam (1999) 2. Beitzel, D.M., Jensen, E.C., Chowdhury, A., Grossman, D., Frieder, O.: Hourly analysis of a very large topically categorized Web query log. In: Proceedings of the Annual International ACM SIGIR Conference on Research and Development in Information Retrieval, pp. 321–328 (2004)
292
V. Kakulapati et al.
3. Shen, X., Dumais, S., Horvitz, E.: Analysis of topic dynamics in Web search. In: Proceedings of the International Conference on World Wide Web, pp. 1102–1103 (2005) 4. Kumar, P., Bapi, R., Krishna, P.: SeqPAM: A Sequence Clustering Algorithm for Web Personalization. Institute for Development and Research in Banking Technology, India 5. Cohen, W., Shapire, R., Singer, Y.: Learning to order things. Journal of Artificial Intelligence Research 6. Shen, H.-z., Zhao, J.-d., Yang, Z.-z.: A Web Mining Model for Real-time Webpage Personalization. ACM, New York (2006) 7. Kolikipogu, R., Padmaja Rani, B., Kakulapati, V.: Information Retrieval in Indian Languages: Query Expansion model for telugu language as a case study. In: IITAIEEE, China, vol. 4(1) (November 2010) 8. Kolikipogu, R.: WordNet Based Term Selection for PRF Query Expansion Model. In: ICCMS 2011, vol. 1 (January 2011) 9. Vojnovi, M., Cruise, J., Gunawardena, D., Marbach, P.: Ranking and Suggesting Popular Item. IEEE Journal 21 (2009) 10. Eirinaki, M., Vazirgiannis, M.: Web Mining for Web Personalization. ACM Transactions on Internet Technology 3(1), 1–27 (2003) 11. Asasa Robertson, S.E., Spark Jones, K.: Relevance Weighting of Search Terms. J. American Society for Information Science 27(3) (1976) 12. Salton, G.E., Fox, E.A., Wu, H.: Extended Boolean Information Retrieval. Communications of the ACM 26(12), 1022–1036 (1983) 13. Kelly, D., Teevan, J.: Implicit feedback for inferring user preference: A bibliography. ACM SIGIR Forum 37(2), 18–28 (2003) 14. Fox, S., Karnawat, K., Mydland, M., Dumais, S., White, T.: Evaluating implicit measures to improve web search. ACM Transactions on Information Science (TOIS) 23(2), 147– 168 (2005) 15. Radlinski, F., Kurupu, M.: How Does Clickthrough Data Reflect Retrieval Quality? In: CIKM 2008, Napa Valley, California, USA, October 26-30 (2008) 16. Zhao, Q., Hoi, S.C.H., Liu, T.-Y.: Time-dependent semantic similarity measure of queries using historical click-through data. In: 5th International Conference on WWW. ACM, New York (2006) 17. Xu, X.F.: Improving quality of training data for learning to rank using click-through data. In: ACM Proceedings of WSDM 2010 (2010)
Recognition of Subsampled Speech Using a Modified Mel Filter Bank Kiran Kumar Bhuvanagiri and Sunil Kumar Kopparapu TCS Innovation Labs - Mumbai, Tata Consultancy Services, Pokhran Road 2, Thane (West), Maharastra 400 601. India {kirankumar.bhuvanagiri,sunilkumar.kopparapu}@tcs.com Abstract. Several speech recognition applications use Mel Frequency Cepstral Coefficients (MFCCs). In general, these features are used to model speech in the form of HMM. However, features depend on the sampling frequency of the speech and subsequently features extracted at certain rate can not be used to recognize speech sampled at a different sampling frequency [5]. In this paper, we first propose a modified Mel filter bank so that the features extracted at different sampling frequencies are correlated. We show experimentally that the models built with speech sampled at one frequency can be used to recognize subsampled speech with high accuracies. Keywords: MFCC, speech recognition, subsampled speech recognition.
1
Introduction
Mel Frequency Cepstral Coefficients (MFCC) are commonly used features in speech signal processing. They have been in use for a long time [3] and have proved to be one of the most successful features in speech recognition tasks [8]. For a typical speech recognition process (see Fig. 1), acoustic models are built using speech recorded at some sampling frequency during the training phase (boxed blue -.-. in Fig. 1). In the testing (boxed red - - - in Fig. 1) or the recognition phase, these acoustic models are used along with a pronunciation lexicon and a language model to recognize speech at the same sampling frequency. If the speech to be recognized is at a sampling frequency other than the sampling frequency of the speech used during the training phase then one of the two things needs to be done (a) retrain the acoustic models with speech samples of the desired sampling frequency or (b) change the sampling rate of the speech to be recognized (test speech) to match the sampling frequency of the speech used for training. In this paper, we address the problem of using models built for a certain sampling frequency to enable recognition of speech at a different sampling frequency. We particularly concentrate on Mel-frequency cepstral coefficient (MFCC) as features [9], [4] because of their frequent use in speech signal processing. Kopparapu et al [5] proposed six filter bank constructs to enable calculation of MFCC’s of a subsampled speech. Pearson correlation coefficient was used to compare the MFCC of subsampled speech and the MFCC of original speech. A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 293–299, 2011. c Springer-Verlag Berlin Heidelberg 2011
294
K.K. Bhuvanagiri and S.K. Kopparapu
Fig. 1. Speech Recognition - showing train and the test stages
In this paper, we construct a Mel filter bank that is able to extract MFCCs of the subsampled speech which are significantly correlated to the MFCC’s of original speech compared to the Mel filter banks discussed in [5]. This is experimentally verified in two ways (a) through the Pearson correlation coefficient and (b) through speech recognition experiments on AN4 speech database [1] using open source ASR engine [2]. Experimental results show that the recognition accuracy on subsampled speech using models developed using original speech is as good as the recognition accuracy on original speech and as expected degrades with excessive subsampling. One of the prime applications of this work is to enable use of acoustic models created for desktop speech (usually 16 kHz) with telephone speech (usually 8 kHz) especially when there is access to only the acoustics models and not to the speech corpus specifically as in Sphinx. The rest of the paper is organized as follows. In Section 2, largely based on our previous work [5], procedure to compute MFCC features and the relationship between the MFCC parameters of the original and subsampled speech is discussed. In Section 2.1, new filter bank is proposed. Section 3 gives the details of the experiments conducted to substantiate advantage of proposed modified filter bank and we conclude in Section 4.
2
Computing MFCC of Subsampled Speech
As shown in [5], let x[n] be a speech signal with a sampling frequency fs and be divided into P frames each of length N samples with an overlap of N/2 samples, say, {x1 , x2 · · · xp · · · xP }, where xp denotes the pth frame of the speech signal N −1 x[n] and is xp = x p ∗ N2 − 1 + i i=0 . Computing MFCC of the pth frame involves,
Recognition of Subsampled Speech Using a Modified Mel Filter Bank
295
1. Multiply xp with a hamming window w[n] = 0.54 − 0.46 cos nπ N , 2. Compute discrete Fourier transform (DFT) [7]. Note that k corresponds to the frequency lf (k) = kfs /N . Xp (k) =
N −1
xp [n]w[n] exp−j
2πkn N
for k = 0, 1, · · · , N − 1
n=0
3. Extract the magnitude spectrum |Xp (k)| 4. Construct a Mel filter bank M (m, k), typically, a series of overlapping triangular filters defined by their center frequencies lf c (m). The parameters that define a Mel filter bank are (a) number of Mel filters, F , (b) minimum frequency, lf min and (c) maximum frequency, lf max . So, m = 1, 2, · · · , F in M (m, k). 5. Segment the magnitude spectrum |Xp (k)| into F critical bands by means of a Mel filter bank. 6. The logarithm of the filter bank outputs is the Mel filter bank output N −1
Lp (m) = ln M (m, k)|Xp (k)| (1) k=0
where m = 1, 2, · · · , F and p = 1, 2, · · · , P . 7. Compute DCT of Lp (m) to get the MFCC parameters. Φrp
{x[n]} =
F
Lp (m) cos
m=1
r(2m − 1)π 2F
(2)
where r = 1, 2, · · · , F and Φrp {x[n]} represents the rth MFCC of the pth frame of the speech signal x[n]. The sampling of the speech signal in time effects the computation of MFCC parameters. Let y[s] denote the sampled speech signal such that y[s] = x[αn] where α = uv and u and v are integers. Note that α > 1 denotes downsampling while α < 1 denotes upsampling and for the purposes of analysis we will assume that α is an integer. Let yp [s] = xp [αn] denote the pth frame of the time scaled speech where s = 0, 1, · · · , S − 1, S being the number of samples in the time scaled speech frame given by S = N/α. DFT of the windowed yp [n] is calculated from the DFT of xp [n]. Using the scaling property of DFT, we have, Yp (k ) =
α−1 1 l=0 Xp (k +lS) where k = 1, 2, · · · , S. The MFCC of the subsampled speech α is given by F r(2m − 1)π Φrp {y[n]} = Lp (m)cos (3) 2F m=1 where r = 1, 2, · · · , F and Lp (m)
= ln
S−1 k =0
α−1
1 M (m, k ) Xp (k + lS) α
l=0
(4)
296
K.K. Bhuvanagiri and S.K. Kopparapu
Note that Lp and M are the log Mel spectrum and the Mel filter bank of the subsampled speech. Note that a good choice of M (m, k ) is the one which gives (a) the best Pearson correlation with the MFCC (M (m, k) of the original speech and (b) best speech recognition accuracies when trained using the original speech and decoded using the subsampled speech. Kopparapu et al [5] chose different constructs of M (m, k ). 2.1
Proposed Filter Bank
We propose a Mel filter bank Mnew (m, k ) for subsampled speech as M (m, αk ) for lf (k ) ≤ ( α1 f2s ) Mnew (m, k ) = 0 for lf (k ) > ( α1 f2s ) where k ranges from 1 to N/α. Notice that the modified filter bank is the subsampled version of original filter bank with bands above α1 f2s set to 0. Clearly, the number of Mel filter bands are less than the original number of Mel filter bands. Let ξ be the number of filter banks whose fc is below fs /2α. Subsequently, Lp (m), the Mel filter bank output, is 0 for m > ξ. In order to retain the total number of filter bank outputs as the original speech we construct Lp (m) = (0.9)m−ξ Lp (ξ) for ξ < m ≤ F
(5)
Equation (5) is based on the observation that Mel filter outputs for m > ξ seems to decay exponentially.
3
Experimental Results
We conducted experiments on AN4 [1] audio database. It consists of 948 train and 130 test audio files containing a total of 773 spoken words or phrases. The recognition results are based on these 773 words and phrases. All the speech files in the AN4 database are sampled at 16 kHz. The Mel filter bank has F = 30 bands with lf min = 130 Hz and lf max = 7300 Hz and the frame size is set to 32 ms. The MFCC parameters are computed for the 16 kHz speech signal x[n], and also the subsampled speech signal x[αn]. The MFCC parameters of y[s] are calculated using the proposed Mel filter bank (5) while the MFCC of x[n] was calculated using (2). We conducted two types of experiments to evaluate the performance of the proposed Mel filter bank construction on subsampled speech. In the first set of experiments, we used the Pearson correlation coefficient (r) to compare the MFCC of the subsampled speech with the MFCC of the original speech along the lines of [5]. In the second set of experiments we used speech recognition accuracies to evaluate the appropriateness of the use of Mel filter bank for subsampled speech. We compared our Mel filter bank with the best Mel filter bank (Type C) proposed in [5].
Recognition of Subsampled Speech Using a Modified Mel Filter Bank
3.1
297
Comparison Using Pearson Correlation Coefficient
We computed framewise r for MFCCs of subsampled speech and the original speech. The mean and variances of r over all the frames are shown in Table 1. Clearly the Mel filter bank construction proposed in this paper performs better than the best method suggested in [5] for all values of α. For α = 16/4 = 4 the mean-variance pair for the proposed Mel filter bank is (0.85609, 0.04176) compared to best in [5] (0.67837, 0.14535). Table 1. Pearson correlation coefficient (r), between the MFCCs of original and subsampled speech Sampling factor α = 16/4 α = 16/5 α = 16/6 α = 16/7 α = 16/8 α = 16/10 α = 16/12 α = 16/14 α = 16/16
Proposed mean variance 0.85609 0.04176 0.90588 0.02338 0.9284 0.01198 0.94368 0.00633 0.96188 0.00005 0.98591 0.00037 0.989 0.00025 0.99451 0.00006 1 0
best mean 0.67837 0.70064 0.7201 0.7321 0.7465 0.8030 0.8731 0.9503 1
in [5] variance 0.14535 0.1280 0.1182 0.1010 0.0846 0.0448 0.0188 0.0029 0
Table 2. Recognition accuracies (percentage) Sampling factor Case A (30 MFCCs) Case B (39 features) proposed Best in [5] proposed Best in [5] α = 16/4 9.83 2.07 30.36 3.36 α = 16/5 20.18 1.68 58.86 2.85 α = 16/6 27.30 2.07 68.95 3.62 α = 16/7 31.44 2.33 73.22 5.30 α = 16/8 37 3.88 77.23 11.77 α = 16/10 40.36 7.12 80.50 34.15 α = 16/12 41.01 16.19 81.11 65.85 α = 16/14 42.56 34.80 82.54 77.10 α = 16/16 43.21 43.21 81.11 81.11
3.2
Speech Recognition Experiments
We used the 948 training speech samples of AN4 database to build acoustic models using SphinxTrain. Training is done using MFCCs calculated on the 16 kHz (original) speech files. Recognition results are based on the 130 test speech samples In Case A we used 30 MFCC’s while in Case B we used 13 MFCC but concatenated them with 13 velocity and 13 acceleration coefficients
298
K.K. Bhuvanagiri and S.K. Kopparapu
Fig. 2. Comparing ASR accuracies of both methods for different values of sampling factors (α)
Fig. 3. Sample log Filter bank outputs of original speech, and subsampled speech using the proposed Mel filter bank and the best Mel filter bank in [5]
to form a 39 dimensional feature vector. Recognition accuracies are shown in Table 2 on the 773 words in the 130 test speech files. It can be observed that the word recognition accuracies using the proposed Mel filter bank on subsampled speech is better that what has been proposed in [5] for all values of α and for both the Case A and the Case B. We also observe from Fig. 2 that proposed method is more robust, while accuracies rapidly fall in case of best method in [5] it gradually decreases in our case.
Recognition of Subsampled Speech Using a Modified Mel Filter Bank
299
The better performance of the proposed Mel filter bank in terms of recognition accuracies can be explained by looking at a sample filter bank output shown in Fig. 3. Filter bank output of the proposed Mel filter bank construct (red line ’+’) closely follow that of original speech Mel filter bank output (blue line ’x’), while even the best reported filter bank in [5] (shown in black line ’o’) shows a shift in the filter bank outputs.
4
Conclusion
The importance of this Mel filter bank design to extract MFCC of subsampled speech is apparent when there are available trained models for speech of one sampling frequency and the recognition has to be performed on subsampled speech without explicit creation of acoustic models for the subsampled speech. As a particular example, the work reported here can be used to recognize subsampled speech using acoustic (HMM or GMM) models generated using Desktop speech (usually 16 kHz). We proposed a modified Mel filter bank which enables extraction of MFCC from subsampled speech which correlated very well with the MFCC of the original sampled speech. We experimentally showed that the use of the modified Mel filter bank construct in MFCC computation of subsampled speech outperforms the Mel filter banks developed in [5]. This was demonstrated at two levels, namely, in terms of a correlation measure with the MFCC of the original speech and also through word recognition accuracies. Speech recognition accuracies for larger values of α can be improved by better approximating the missing Mel filter outputs using bandwidth expansion [6] techniques, which we would be addressing in our future work.
References 1. CMU: AN4 database, http://www.speech.cs.cmu.edu/databases/an4/ 2. CMU: Sphinx, http://www.speech.cs.cmu.edu/ 3. Davis, S.B., Mermelstein, P.: Comparison of parametric representations for monosyllabic word recognition in continuously spoken sentences. IEEE Trans. Acoust. Speech Signal Processing 28(4), 357–366 (1980) 4. Jun, Z., Kwong, S., Gang, W., Hong, Q.: Using Mel-frequency cepstral coefficients in missing data technique. EURASIP Journal on Applied Signal Processing 2004 (3), 340–346 (2004) 5. Kopparapu, S., Laxminarayana, M.: Choice of mel filter bank in computing mfcc of a resampled speech. In: 10th International Conference on Information Sciences Signal Processing and their Applications ISSPA, pp. 121–124 (May 2010) 6. kornagel, U.: Techniques for artificial bandwidth extension of telephone speech. Signal Processing 86(6) (June 2006) 7. Oppenheim, S.: Discrete Time Signal Processing. Prentice-Hall, Englewood Cliffs (1989) 8. Quatieri, T.F.: Discrete-time speech signal processing: Principles and practice, vol. II, pp. 686–713. Pearson Education, London (1989) 9. Reynolds, D.A., Rose, R.C.: Robust text-independent speaker identification using Gaussian mixture speaker models. IEEE Transactions on Speech and Audio Processing 3(1) (January 1995)
Tumor Detection in Brain Magnetic Resonance Images Using Modified Thresholding Techniques C.L. Biji1, D. Selvathi2, and Asha Panicker3 1
ECE Dept, Rajagiri School of Engineering & Technology, Kochi, India
[email protected] 2 ECE Dept, Mepco Schlenk Engineering College, Sivakasi, India
[email protected] 3 ECE Dept, Rajagiri School of Engineering & Technology, Kochi, India
[email protected]
Abstract. Automated computerized image segmentation is very important for clinical research and diagnosis. The paper deals with two segmentation schemes namely Modified Fuzzy thresholding and Modified minimum error thresholding. The method includes the extraction of tumor along with suspected tumorized region which is followed by the morphological operation to remove the unwanted tissues. The performance measure of various segmentation schemes are comparatively analyzed based on segmentation efficiency and correspondence ratio. The automated method for segmentation of brain tumor tissue provides comparable accuracy to those of manual segmentation. Keywords: Segmentation; Magnetic resonance Imaging; Thresholding.
1 Introduction In medical image analysis, segmentation is an indispensable step in the processing. Image segmentation is the process of partitioning the image into meaningful sub regions or objects with the same attribution [6]. Brain tumor segmentation for magnetic resonance image (MRI) is a difficult task that involves image analysis based on intensity and shape [1, 4]. Due to the characteristics of the imaging modalities segmentation becomes a difficult but important problem in biomedical application. Manual segmentation is more difficult, time-consuming, and costlier than automated processing by a computer system. Hence, medical image segmentation scheme should posses some preferred properties such as fast computation, accurate and robust segmentation results [2, 3]. The proposed frame work employs with segmentation schemes viz. (i) Modified Fuzzy thresholding and (ii) Modified minimum error thresholding. The method includes two stages; initially the tumor along with suspected tumorized region is extracted using the segmentation scheme mentioned and which is followed by the morphological operation to remove the unwanted tissues. More over the segmentation schemes are comparatively analyzed based on the performance measure. The proposed A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 300–308, 2011. © Springer-Verlag Berlin Heidelberg 2011
Tumor Detection in Brain Magnetic Resonance Images
301
automatic segmentation proves to be effective by its high segmentation efficiency and correspondence ratio. 1.1 Materials In this work, brain MR Images acquired on a 0.2 Tesla, Siemens–Magnetom CONCERTO MR scanner (siemens, AG medical solutions, Erlangen, Germany) are used. Axial, 2D, 5mm thick slice images, with a slice gap of 2mm were acquired with 246*512 acquisition matrix and with the field view of range 220mm to 250mm. In this work 30 abnormal patients are considered. For each patient a set of slices are selected by experts to provide the representative selection. Each brain slice consists of T1, T2 and T2 FLAIR weighted images. All T1 weighted images (TR/TE of 325550/8-12ms) were acquired using Spin Echo (SE) sequence. While T2 (TR/TE of 3500-10000/ 97-162ms) and T2-FLAIR (TR/TE of 3500-10000/89-162ms) weighted images were collected using Turbo Spin Echo (TSE) sequences.
2 Methodology Automated computerized image segmentation [20] is very important for clinical research and diagnosis. A wide variety of approaches [5,7] have been proposed for brain MR image segmentation which mainly relies on the prior definition of tumor boundary. The paper mainly aims to present new and sophisticated methods of automatically selecting a threshold value for segmentation. The general block diagram describing the proposed work is shown in Fig.1. Input MR Image
Segmentation Scheme
Post Processing
Output MR Image
Fig 1. General Block diagram for Tumor Extraction in Brain MR Images
The approximate tumor tissues in the brain MR images can be extracted by performing segmentation. Segmentation schemes employed in this work namely (i) Modified fuzzy thresholding and (ii) Modified minimum error thresholding. After the segmentation, the unwanted tissues can be removed by performing morphological operation [19]. Thus the post processing step merge the connected regions while removing some isolated non tumor regions 2.1 Modified Fuzzy Thresholding Fuzzy c means thresholding provides an efficient segmentation by considering all pixels with a membership value. In the classical Fuzzy C Means thresholding [12] the output threshold depends on the input threshold which has been arbitrarily fixed, hence in order to overcome the difficulties a proper initial threshold is encountered.
302
C.L. Biji, D. Selvathi, and A. Panicker
The parameter selected to have fuzziness is the gray level intensity values. The block diagram for the proposed method is displayed in Fig 2.
Input Image
Initial Threshold Selection
Fuzzy Cmeans Thresholding
Post Processing
Output Image
Fig. 2. Modified Fuzzy C Means Thresholding
The input initial threshold can be calculated using the formula
T = max⎛⎜⎜grayvalue⎞⎟⎟ / 2 ⎝
(1)
⎠
The extraction of tumor is carried out by performing fuzzy c means thresholding algorithm [14, 16] followed by hardening scheme. Fuzzy thresholding is an extension of fuzzy clustering for segmentation by considering the gray values alone as a feature. For fuzzy c-means thresholding the objective function to be minimized is given by 2 L −1 2 τ J = ∑ ∑ h μ ⎛⎜ j ⎞⎟ d ⎛⎜ j, v ⎞⎟ j i⎝ ⎠ ⎝ i⎠ i =1 j= 0
(2)
The objective function equation (2) can be iteratively minimized by computing the means with the equation (3) and updating the membership with equation (4) L ∑ v = i
j= 1 L ∑ j=1
μ
O
(j) =
μ j i
τ⎛ ⎞ ⎜ j⎟ ⎝ ⎠
h μ j i
τ⎛ ⎞ ⎜ j⎟ ⎝ ⎠
jh
(3)
1
(4)
2/(τ −1) ⎡ ⎛ ⎞⎤ ⎞ ⎛ 1+ ⎢d ⎜ j, v ⎟ /d ⎜ j, v ⎟⎥ ⎠ ⎝ ⎠ ⎝ 2 1 ⎣ ⎦
In order to remove the unwanted tissues, as post processing morphological erosion and dilation is carried. 2.3 Modified Minimum Error Thresholding The block diagram for the proposed frame work is given in Fig 3, Input MR Image
Pre Processing
Valley Point Removal
Minimum Error Thresholding
Post Processing
Fig. 3. Modified Minimum Error Thresholding
Output Image
Tumor Detection in Brain Magnetic Resonance Images
303
The preprocessing step provides a measure of local variation of intensity and is computed over a square neighborhood.
1 W2
⎧⎪ i +M j+ M 2 ⎤ ⎫⎪ 1 ⎡i+M j+M − I(k, l)⎥ ⎬ I ( k, l) ⎨∑ ∑ 2 ⎢∑ ∑ W ⎣i −M j−M ⎪⎩k =i −M j−M ⎦ ⎪⎭
(5)
As the internal local minimum can adversely affect the threshold selection the first valley point corresponding to background has to be suppressed [18]. The histogram provides a narrow peak corresponding to the background. Initially, two local maxima (peak) yj and yk are computed. The valley point can be obtained using
Vt = ( y j + y k )/2
(6)
After the valley point removal, threshold selection is carried out through minimum error thresholding algorithm ([14], [15]). Using this optimal threshold abnormal tissues are extracted. In order to remove the unwanted tissues after segmentation, morphological erosion and dilation is performed for improving the efficiency.
3 Results and Discussion The proposed methodology is applied to real datasets representing tumor images with different intensity, shapes, location and sizes. The effectiveness of proposed methodology is analyzed with the resultant average of T2 weighted and T2 FLAIR MR Images of size 512X320. The algorithms are implemented in Matlab 6.5 platform and are run on 3.0 GHZ, 512 MB RAM Pentium IV Personal Computer in Microsoft Windows operating system. Analysis is carried out for 30 different dataset. Defining the abnormal region can be useful for surgical planning and even for radiation therapy. The proposed methodology automatically extracts the tumor region and hence it largely assists the physicians. In this paper a comparative analysis of the two thresholding schemes have been tabulated. 3.1 Modified Fuzzy Thresholding The tumor extraction results obtained for four type data set is shown in the figure 4. The fuzzy threshold obtained through the algorithm for astrocytomas data set is 122, Glioma data set is 77, Metastas type data set is 103 and Meningiomas type is 95. 3.2 Modified Minimum Error Thresholding For Astrocytomas data set, inorder to get proper segmentation the first valley point is removed and first threshold valley point obtained is 19. The minimum error threshold
304
C.L. Biji, D. Selvathi, and A. Panicker
value obtained through the algorithm is 89 and for further improvement in result erosion and dilation is performed. For Gliomas type data set, inorder to get proper segmentation the first valley point is removed and first valley point obtained is 28. The minimum error threshold value obtained through the algorithm is 144 and for further improvement in result erosion and dilation is performed. For metastas type data set, Inorder to get proper segmentation the first valley point is removed and first valley point obtained is 34. The minimum error threshold value obtained through the algorithm is 110 and for further improvement in result erosion and dilation is performed. For meningiomas type data set inorder to get proper segmentation the first valley point is removed and first valley point obtained is 31. The minimum error threshold value obtained through the algorithm is 162 and for further improvement in result erosion and dilation is performed. The results obtained are shown in fig 5. Type Cancer
of
T2 Weighted
T2 Flair
Average
Fuzzy
Post
Image
Threshold
Processed
Image
Image
Astrocytomas
Glioma
Metastas
Meningiomas
Fig. 4. Result obtained for Modified Fuzzy Thresholding
Tumor Detection in Brain Magnetic Resonance Images
305
3.2 Performance Measure Quantitative measurement of segmentation criterions are performed based on segmentation efficiency (SE) and correspondence ratio (CR) [17]. Segmentation efficiency and Correspondence ratio are calculated in terms of true positive (TP), false positive (FP), ground truth area (GT) and false negative (FN) [18]. SE and CR can be defined as follows. The quantitative measures of both the schemes are given in the table1 and 2.
SE =
TP *100 GT
(4)
CR = [(TP - 0.5 * FP)/GT] * 100 Type of Cancer T2 Weighted T2 Flair
(5)
Average
Minimum
Post
Image
ErrorThreshod
Processed
Image
Image
Astrocytomas
Glioma
Metastas
Meningiomas
Fig. 5. Resultant Images for Modified Minimum Error Thresholding
306
C.L. Biji, D. Selvathi, and A. Panicker
Table 1. Performance measure of modified fuzzy thresholding
Tumor Type
Astrocytomas
Name Slice 1 Slice 2 Slice 3 Slice 4 Slice 5
Tumor Isolated 11779 14349 16709 16295 15957
TP 7984 11385 13125 13313 13291
FP 3795 2964 3584 2982 2666
GT 8048 11464 13139 13660 13994
FN 64 79 14 347 703
SE 99.20 99.310 99.89 97.45 94.97 98.16
CR 0.75 0.86 0.86 0.86 0.85 0.840
Tumor Isolated 12053 11775 7698 12804 15069
TP 4913 7201 6914 5924 4276
FP 7140 4574 784 6880 10793
GT 4937 7229 6923 5949 4319
FN 24 28 9 25 43
SE 99.51 99.61 99.87 99.57 99.00 99.51
CR 0.27 0.67 0.94 0.41 -0.25 0.41
Tumor Isolated 15135 17470 20001 20284 17119
TP 13307 13576 14777 17709 15555
FP 1828 3894 5224 2575 1564
GT 13518 13751 14924 18153 16466
FN 211 175 147 444 911
SE 98.43 98.72 99.01 97.55 94.46 97.64
CR 0.91 0.84 0.81 0.90 0.89 0.87
Tumor Isolated 43325 46048 43375 36850 49307
TP 12017 9806 8780 13807 10632
FP 31308 36242 34595 23043 38675
GT 12031 9806 8798 14157 10697
FN 14 0 18 350 65
SE 99.88 100 99.79 97.52 99.39 99.31
CR -0.30 -0.84 -0.96 0.16 -0.81 -0.55
Avg Name
Glioma
Slice 1 Slice 2 Slice 3 Slice 4 Slice 5
Avg Name
Metastas
Slice 1 Slice 2 Slice 3 Slice 4 Slice 5
Avg
Meningiomas
Name Slice 1 Slice 2 Slice 3 Slice 4 Slice 5
Avg
Tumor Detection in Brain Magnetic Resonance Images
307
Table 2. Performance measure of modified Minimum thresholding
Tumor Type Name Slice 1 Slice 2 Astrocytomas Slice 3 Slice 4 Slice 5
Tumor Isolated 9222 12726 14647 18494 16118
TP 7848 11329 13099 13602 13604
FP 1374 1397 1548 4892 2514
GT 8048 11464 13139 13660 13994
FN 200 135 40 58 390
Avg
Glioma
Name Slice 1 Slice 2 Slice 3 Slice 4 Slice 5
Metastas
Avg
CR 0.88 0.92 0.93 0.81 0.88 0.89
Tumor Isolated
TP
FP
GT
FN
SE
CR
5239 8143 7873 6454 4831
4804 7212 6918 5860 4177
435 931 955 594 654
4937 7229 6923 5949 4319
133 17 5 89 142
97.30 99.76 99.92 98.50 96.71 98.44
0.92 0.93 0.93 0.93 0.89 0.92
Tumor Isolated 5485 10353 14685 15044 19633
TP 3712 8907 13150 12968 14726
FP 1773 1446 1535 2076 4907
GT 3988 9616 13518 13751 14924
FN 276 709 368 783 198
SE 93.07 92.62 97.27 94.30 98.67 95.19
CR 0.70 0.85 0.91 0.86 0.82 0.83
Avg Name Slice 1 Slice 2 Slice 3 Slice 4 Slice 5
SE 97.51 98.82 99.69 99.57 97.21 98.56
Tumor Name Isolated TP FP GT FN SE CR Slice 1 3536 3016 520 12031 9015 25.068 0.22 Slice 2 2632 2383 249 9806 7423 24.30 0.23 1498 175 8798 7300 17.02 0.160 Meningiomas Slice 3 1673 Slice 4 2997 2746 251 14157 11411 19.39 0.18 Slice 5 3279 3129 150 10697 7568 29.25 0.28 Avg 23.01 0.218 From the quantitative analysis, it is observed that both the methods for comparable results.
4 Conclusion The paper presents two new approaches for automatic segmentation of tumors from MR images. The approaches shows promise in effectively segmenting different tumors with high segmentation efficiency correspondence ratio. A potential issue that is not handled by the proposed method is extraction of tumor if the intensity level is less. The method can further extended through clustering methodologies, which should been even suitable for Meningiomas type tumors.
Acknowledgement The author would like to thank S. Alagappan, Chief consultant Radiologist, Devaki MRI & CT scans, Madurai, INDIA for supplying all MR images.
308
C.L. Biji, D. Selvathi, and A. Panicker
References 1. Macovski, A., Meyer, C.H., Noll, D.C., Nishimura, D.G., Pauly, J.M.: A homogeneity correction method for magnetic resonance imaging with time-varying gradients. IEEE Trans. Med. Imaging 10(4), 629–637 (1991) 2. Clark, M.C., Goldgof, D.B., Hall, L.O., Murtagh, F.R., Sibiger, M.S., Velthuizen, R.: Automated tumor segmentation using knowledge based technique. IEEE Trans. on Medical Imaging 17(2), 238–251 (1998) 3. Lenvine, M., Shaheen, S.: A modular computer vision system for image segmentation. IEEE Trans. on Pattern Analysis and Machine Intelligence 3(5), 540–557 (1981) 4. Kichenassamy, S., Kumar, A., Oliver, P.J., Tannenbaum, A., Yezzi, A.: A geometric snake model for segmentation of medical imagery. IEEE Trans. on Medical Image Analysis 1(2), 91–108 (1996) 5. Sahoo, P.K., Soltani, S., Wong, A.K.C.: A survey of Thresholding Techniques. Computer Vision, Graphics, and Image Processing 41, 233–260 (1988) 6. Gonzalez, R.C., Woods, R.E.: Digital Image Processing, 2nd edn. Pearson Education, London (2002) 7. Illingworth, J., Kittler, J.: Threshold Selection based on a simple image statistic. Computer Vision, Graphics, and Image Processing 30, 125-147 (1985) 8. Yan, H., Zhu, Y.: Computerized Tumor Boundary Detection Using a Hopfield Neural Network. IEEE Transactions on Medical Imaging 16(1) (1997) 9. Gauthier, D., Wu, K., Levine, M.D.: Live Cell Image Segmentation. IEEE Transactions on Biomedical Engineering 42(1) (January 1995) 10. Calvard, S., Ridler, T.: Picture thresholding using an iterative selection method. IEEE Trans. Systems Man Cybernet. SMC-8, 630–632 (November 1978) 11. Biswas, P.K., Jawahar, C.V., Ray, A.K.: Investigations on Fuzzy thresholding Based on Fuzzy Clustering. Pattern Recognition 30(10), 1605–1613 (1997) 12. Ostu, N.: A threshold selection method from gray level histogram. IEEE Trans. System Man Cybernet. SMC-8, 62–66 (1978) 13. Kapur’s, J.N., Sahoo, P.K., Wong, A.K.C.: A new method for gray-level picture thresholding using the entropy of histograms. Computer Vision Graphics Image Process. 29, 273–285 (1985) 14. Illingworth, J., Kittler: Minimum Error thresholding. Pattern Recognition, 19(1), 41–47 (1985) 15. Danielsson, P.E., Ye, Q.Z.: On minimum error thresholding and its implementations. Pattern Recognition Letters 7, 201–206 (1988) 16. Cheng, H.-D., Freimanis, R.I., Lui, Y.M.: A novel Approach to Micro calcification Detection Using Fuzzy Logic Technique. IEEE Transactions on Medical Imaging 17(3), 442–450 (1998) 17. Mendelsohn, M.L., Prewitt, J.M.S.: The analysis of cell images. Ann. N. Y. Acad. Sci. 128, 1035–1053 (1966) 18. Goldgof, D.B., Hall, L.O., Fletcher-Heath, L.M., Murtagh, F.R.: Automatic Segmentation of non-enhancing brain tumors in magnetic resonance images. Artificial Intelligence in Medicine 21, 43–63 (2001) 19. Middleton, I., Damper, R.I.: Segmentation of MR Images Using a Combination of Neural networks and active contour models. Medical Engineering & Physics 26, 71–76 (2004) 20. Pradhan, N., Sinha, A.K.: Development of a composite feature vector for the detection of pathological and healthy tissues in FLAIR MR images of brain. ICGST-BIME Journal 10(1) (December 2010)
Generate Vision in Blind People Using Suitable Neuroprosthesis Implant of BIOMEMS in Brain B. Vivekavardhana Reddy1, Y.S. Kumara Swamy2, and N. Usha3 1
2
City Engineering College Bangalore Department Of MCA DYSCE, Bangalore 3 Department Of CSE, BGSIT Bangalore
Abstract. For Human beings, image processing occurs in the occipital lobe of the brain. The brain signals that are generated for the image processing is universal for all humans. Generally, the visually impaired people lose sight because of severe damage to only the eyes (natural photoreceptors) but the occipital lobe is still working. In this paper, we discuss a technique for generating partial vision to the blind by utilizing electrical photoreceptors to capture image, process the image using edge & motion detection adaptive VLSI network that works on the principle of bug fly’s visual system, convert it into digital data and wirelessly transmit it to a BioMEMS implanted into the occipital lobe of brain.
1 Introduction Since visually impaired people only have damaged eyes, their loss of sight is mainly because their natural photoreceptors (eyes) are unable to generate signals that excite the neurons in the occipital lobe of the brain. The temporal lobe in the human brain is responsible for the visual sensation. It is proved that the neurons of the occipital lobe in a blind patient are healthy and have the potential to create visual sensation if the required signals are fired to the neurons in that region. Thus here we are discussing a technique of transmitting visual data digitally into the occipital lobe of the brain by wireless means, in the brain a BioMEMS device is implanted to receive this wireless digital data. The visual data transmitted by external means into the brain is received by a Patch Antenna that is present on the BioMEMS device. This digital data tapped by the patch antenna is then converted into analog signal using a resistor controlled wein bridge oscillator. This analog signal obtained from the wein bridge oscillator is equivalent to the signals that are required by the occipital lobe neurons to create visual sensation in human beings. The visual sensation occurs in temporal lobe but the image processing in human beings is done in the occipital lobe of the brain. Our main agenda is to generate same image processing signals in blind peoples mind. The brain signals also referred to as “Visual Evoked Potential (VEP)” is obtained from EEG tests of normal people [3]. The whole Process carried out in EEG test is given in Fig 1a. The EEG signals obtained from normal people serve as a means of reference for us to design our system. An adaptive VLSI network is used to recognize the edges & motion, based on these a suitable decision to identify the edges is made. Fig 1b shows the block diagram of our system. A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 309–317, 2011. © Springer-Verlag Berlin Heidelberg 2011
310
B.V. Reddy, Y.S.K. Swamy, and N. Usha
Fig. 1a. EEG electrode configuration
Fig. 1b. Block diagram of the system
2 Image Acquisition and Processing A 2-dimensional array of electrical photoreceptor cells are used in the system, this acts as the artificial eye that captures visual data. The image is focused onto the photoreceptor cell array. Each pixel is mapped on to the corresponding cell which is aligned in the straight line of sight. Each cell has a concave lens which allows only the light rays from straight line of sight pixel. Thus, pixel data is obtained on to the corresponding photoreceptor cell. The correlation between the adjacent cells is used to extract the edges. When an image is focused onto the photoreceptor cell array, the current induced due to the intensity variation is converted into voltage and then it will be sampled and hold for further analysis. The refresh time is made equal to the perception time of humans. Inspired by biological transduction, we shall assume that the primary goal of phototransduction is to compute image, contrast invariant to absolute illumination. We can think of the total intensity as a sum Igb+i of a steady state background component “I”. The contrast of the signal is as the ratio of i / Igb & the receptor response should be proportional to this ratio independent of Igb, at least for small ratios. The rationale for this assumption is that objects reflect a fixed amount of the light that hits them. The simplest logarithmic receptor that produces useful voltage
Generate Vision in Blind People Using Suitable Neuroprosthesis Implant of BIOMEMS
311
Fig. 2. Basic Cell of Pixel
Fig. 3. MOS Transistor Photoreceptor & Log Respons
range is shown in Figure 3, it consists of a MOS transistor where the source of the transistor forms the photodiode & channel forms the barrier that results in logarithmic response of intensity. Now this forms the basic photoreceptor cell. The number of electrons excited is dependent on the light intensity i.e. color Eg=nhv, the number of electrons emitted into the conduction band is dependent on wavelength of light hence on color, thus there is a small change in current/voltage when an edge is detected. The correlation between adjacent cells is extracted to detect edges; figure 4 shows a simplified 2 x 2 photoreceptor array & correlation between the adjacent cells. Usually spatial-temporal model is used for motion detection, but since we have to have a real time motion detection system, this model needs prediction of speed to induce delays, so this creates a problem. Hence so called “Template Model” proposed by G.A.Horridge [4] is used for motion detection.
312
B.V. Reddy, Y.S.K. Swamy, and N. Usha
Fig. 4. Correlation technique used for edge detection
3 Adaptive Network Using VLSI The adaptive network is used to generate signals equivalent to VEP, using the photoreceptor cells output. The adaptive network is used in 2 modes 1. Training Mode 2. Recognition Mode In training mode the training image is given to set the weights of the network. These weights are the optimum weights. In recognition mode, random images are given, and the network will adapt to recognize the new image. When circuit is in training mode, the photoreceptor output is given to the adaptive network; the output from each cell is given to a capacitor so that the desired response for a particular edge is obtained. This desired response is sampled and then compared with output of the network when it is operated in the recognition mode. In recognition mode the current obtained from the photoreceptor correlation is given to the input capacitor. It changes to a voltage Vgs peak then it produces a current (ac) “Ids peak” which is proportional to the transconductance gain “gm1”. The output from “n” amplifiers is added to get the weighted sum of the input. Then it is subtracted from the desired response to get the error for the particular network. This will be four to five networks for four basic edges say Circular, Square, Triangular, etc. similarly for motion there will be two to three networks. The error functions of these networks determine the edge or motion. Fig 5 shows the implementation circuit implementation using VLSI. The Network Adaptation Process: If the error is positive, the current pump circuit in figure 5 is selected and large current flows through input capacitor. If the error is negative then the current sink circuit in figure 5 is selected and then the error voltage controls the amount of current to sink. Thus, Ids of the transconductance amplifier is varied depending upon the error. After two cycles of weight adjustments, the adaptation stops. Depending upon the errors of all the networks the object, edge is recognized. The transconductance gain of the amplifier acts as weights (gm) gm=B (Vgs-Vl). The selection of particular digital value for the corresponding object based
Generate Vision in Blind People Using Suitable Neuroprosthesis Implant of BIOMEMS
313
on the errors of the adaptive network is shown in figure 6. After two cycles of adaptation process which ever has the minimum error, that particular edge network & motion network is dominant & the brain signal equivalent to that is generated. Figure 7 shows a method to select the minimum errors. In the circuit, the comparator values give the minimum error function of the four networks Ek1, Ek2, Ek3 and Ek4. Depending on these the digital values are selected that are obtained from the ADC of the VEP of the particular edge/motion.
Fig. 5. Adaptive Network designed in VLSI
Fig. 6. Selection of digital value for corresponding error
314
B.V. Reddy, Y.S.K. Swamy, and N. Usha
Fig. 7. Circuit to select minimum of errors
Fig. 8. Comparator values for all possibilities
4 Visual Evoked Potential The EEG test has shown that, for any visual evoked potential the response is of the order of microseconds and is divided into four regions of frequency as shown in figure 8. The gain of the weinbridge oscillator which has the same frequency as the VEP is altered in the four frequency regions to generate the particular brain signal. The digital values of the particular brain signal is stored in a 6 transistor Pseudo SRAM cell shown in figure 9, then depending on the digital values transmitted the gain of the oscillator in the given frequency is varied.
Fig. 9. EEG test signal with 4 frequency regions f1, f2, f3 and f4
Generate Vision in Blind People Using Suitable Neuroprosthesis Implant of BIOMEMS
315
Wireless Digital Data Communication: The digital data from the Pseudo SRAM cell will now have to be transmitted to the BioMEMS that is implanted inside the patient’s brain. To establish this communication link we need to use wireless technology. The data from the SRAM cell is transmitted using a wireless patch antenna operated at 300MHz frequency. Also, there will be one more patch antenna, meant only for receiving data, is embedded on the surface of the BioMEMS device. This patch antenna is tuned to operate in the band or around 300MHz. The digital data has to be encoded, because the resistance values must have different resonant frequencies so that the particular resistance is selected. This is achieved by having a Voltage Controlled Oscillator [8] V.C.O in which, the frequency is dependent on the magnitude of the applied voltage.
Fig. 10. Pseudo SRAM Memory cell to store and transmit data
BioMEMS: The BioMEMS [9] is implanted into the blind person’s occipital lobe. It contains 5 parts namely: 1. Patch Antenna Receiver, 2. Resistor Controlled Schmitt trigger and double integrator and 3. Demultiplexing Circuit and 4. A 4 x 4 silicon platinum Electrode Array. The patch antenna receiver receives the digital encoded data wirelessly. The gain controlled scmitt trigger generates signals depending upon the received digital encoded data from the receiver antenna. The resistors in the ciccuits as shown in fig11 is controlled through the resistors are implemented using ujt and the rlc circit is used to tune the resistor to a particular frequency and hence control the selection of the resistor of double integrator circuit shown in figure 11, the output voltage of the oscillator is controlled by the resistor network. Thus signal corresponding to only the transmitted digital data. As explained above the VEP is sum of the potential of neuron firing. Hence the signal generated by the wein bridge oscillator has to be demultiplexed and then apply the voltage signals to the neurons. Figure 14 shows the Demultiplexer circuit used to demultiplex the signals and apply the same to the electrode array.
316
B.V. Reddy, Y.S.K. Swamy, and N. Usha
Fig. 11. Simulated circuit of Schmitt trigger and dual integrator Gain Controller Circuit that should be incorporated on BioMEMS
Fig. 12. Simulation results
Thus, the demultiplexer is used to drive voltages of the electrodes that are placed on the neurons. The silicon material is used to create the 4 x 4 electrode array; we used this material because of the biocompatibility of silicon for BioMEMS application [10].The simulated results are as shown in fig12.The output of the first integrator is triangular and the output of the second integrator is sine wave. Since ujt
Generate Vision in Blind People Using Suitable Neuroprosthesis Implant of BIOMEMS
317
and micro strip antenna is not available in multisim. Resistors are controlled using switching MOSFET. This is also shown in figure 12.
4 Conclusion A technology to enable partial vision in visual impaired people is discussed here. Since majority of the blind people have the occipital lobe healthy, we are using new technologies to artificially excite brain neurons, like using a BioMEMS 4 x 4 electrode arrays that is precisely firing the neurons with required brain signals. The brain signals are generated using VLSI circuits, the VLSI circuit processes an image captured by electrical photoreceptors for this purpose. The EEG signal is known to be the summation of the individual neuron firing. So the output generated from the gain control circuit is given to demultiplexer the frequency of the clock is twice as the frequency of the output. The demultiplexed output is given to the respective MEMS electrode .This information is got from the EEG electrode configuration.
References 1. Yakovleff, A.J.S., Moini, A.: Motion Perception using Analog VLSI. Analog Integrated Circuits & Signal Processing 15(2), 183–200 (1998) ISSN:0925-1030 2. Mojarradi, M.: Miniaturized Neuroprosthesis Suitable for Implantation into Brain. IEEE Transaction on Neural Systems & Rehabilitation Engineering (March 2003) 3. Rangayanan, R.M.: Visual Evoked Potential ”Biomedical Signal Processing Analysis. A Case Study Approach”. IEEE Press, Los Alamitos 4. Sobey, P.J., Horridge, G.A.: Implementation of Template Model For Vision. Proc. R. Soc. Lond. B 240(1298), 211–229 (1990), doi:10.1098/rspb.1990.0035 5. Nguyen, C.T.-C.: MEMS Technology for Timing and Frequency Control. Dept. of Electrical Engineering and Computer Science 6. Schmidt, S., Horch, K., Normann, R.: Biocompatibility of silicon-based electrode arrays implanted in feline cortical tissue. Journal of Biomedical Materials Research (November 1993)
Undecimated Wavelet Packet for Blind Speech Separation Using Independent Component Analysis Ibrahim Missaoui1 and Zied Lachiri1,2
2
1 National School of Engineers of Tunis, BP. 37 Le Belv´ed`ere, 1002 Tunis, Tunisia
[email protected] National Institute of Applied Science and Technology INSAT, BP 676 centre urbain cedex, Tunis, Tunisia
[email protected]
Abstract. This paper addresses the problem of multi-channel blind speech separation in the instantaneous mixture case. We propose a new blind speech separation system which combines independent component analysis approach and the undecimated wavelet packet decomposition. The idea behind employing undecimated wavelet as a preprocessing step is to improve the non-Gaussianity distribution of independent components which is a pre-requirement for ICA and to increase their independency. The two observed signals are transformed using undecimated wavelet and Shannon entropy criterion into an adequate representation and perform then a preliminary separation. Finally, the separation task is done in time domain. Obtained results show that the proposed method gives a considerable improvement when compared with FastICA and other techniques. Keywords: Undecimated wavelet packet decomposition, independent component analysis, blind speech separation.
1
Introduction
The human auditory system has a remarkable ability to separate the target sounds emitted from different sources. However, it is very difficult to replicate this functionality in their machine counterparts. This challenging known as cocktail-party problem has been investigated and studied by many researchers in the last decades [20]. The blind source separation (BSS) is a technique for recovering a set of the source signals from their mixture signals without exploring any knowledge about the source signals and the mixing channel. Among the solutions to BSS problem independent component analysis (ICA) approach is one of the popular BSS methods are often used inherently with them. The ICA is a statistical and computational technique in which the goal is to find a linear projection of the data A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 318–328, 2011. c Springer-Verlag Berlin Heidelberg 2011
Undecimated Wavelet Packet for Blind Speech Separation
319
where the source signals or components are statistically independent or as independent as possible [17]. In the instantaneous blind separation, many algorithms have been developed using this approach [19] such as ICA based on the mutual information minimization [2,27], maximization of non-Gaussianity [1,6,4] and maximization of likelihood [3,12]. To perform the blind separation task, the ICA approach can use the second or higher-order statistics. For instance, SOBI [13] is the Second order blind identification algorithm which extract the estimated signals by applying a joint diagonalization of a set of covariance matrix. Similarly, the Jade algorithm is introduced in [10] based on higher-order statistics and use a Jacobi technique in order to performed a joint diagonalization of the cumulant matrices. Some approach combines the ICA algorithm with another technique. For instance, the geometric information [29]and the subband decomposition [24] can be used in combination with ICA. In [5], the mixture is decomposed using the discrete wavelet transform and then the separation step is performed in each sub band. The approach proposed in [22,25] employed the wavelet transform as the preprocessing step and the separation task is then done in time domain. In this paper, we propose a blind separation system to extract the speech signals from their observed signals in the instantaneous case. The proposed system use undecimated wavelet packet decomposition [9] for the transformation of the two mixtures signals into adequate representation to emphasize the non-Gaussian nature of mixture signals which pre-requirement for ICA and then performed a preliminary separation [22,25,23]. Finally, the separation task is carried out in time domain. The rest of the paper is organized as follows. After the introduction, the section 2 introduces the blind speech separation problem and describes the FastICA algorithm used in the proposed method. In section 3, undecimated wavelet packet decomposition is presented. Then in section 4, the proposed method is described. Section 5 exposes the experimental results. Finally, Section 6 concludes and gives a perspective of our work.
2
Blind Speech Separation
In this section, we formulate and describe the problem of blind speech separation by focusing mainly on the ICA approach. 2.1
Problem Formulation
The main task of the blind speech separation problem is to extract the original speech signals from their observed mixtures without reference to any prior information on the sources signals or the observed signals under the assumption that the source signals are statistically. The observed signals contain a different combination of the source signals. This mixing model can be represented in the instantaneous case where the number of mixtures signals equal that of source signals by: X(t) = AS(t) . (1)
320
I. Missaoui and Z. Lachiri
Where X(t) = [x1 (t) .. xn (t)]T is a vector of mixture signals, S(t) = [s1 (t) .. sn (t)]T is the unknown vector of sources signals and A is the unknown mixing matrix having as dimension (n n). The Independent component analysis is a statistic method of BSS technique, which tends to solve this problem by exploiting the assumption of independence of the source signals. This method consist to find the separating matrix known as unmixing matrix W = A−1 , whose used to recover the original independent components as Y = W X. Their principle can be depicted by figure 1. The key idea is to maximize the non-Gaussianity for attempting to make the sources as statistically independent as possible under some fundamental assumptions (i.e. the sources) are and certain restrictions [17]: The components si (t) of S(t) assumed to be statistically independent with non-gaussian distribution. In order to measure the non gaussianity or independence, the ICA approach exploits the high-order statistics and information-theoretic criteria such as the kurtosis or differential entropy called negentropy [17]. FastICA algorithm [6,17], which based on negentropy, is one of the most popular algorithms performing independent component analysis.
Fig. 1. Principle of ICA
2.2
FastICA Algorithm
The FastICA is one of an efficient algorithm which performs the ICA approach. It realizes the blind separation task by using a point iteration scheme in order to find maximum of the non-Gaussianity of projected component. The non gaussianity can be measured through the value of negentropy which defined as the differential entropy: J(y) = H(ygauss ) − H(y) . (2) Where H(y) represents the differential entropy of y and it is computed as fallows: H(y) = − f (y) log(f (y))dy . (3) The negentropy can be considered as the optimal measure of the gaussianity. However, it is difficult to estimate the true negentropy. Thus, several approximations are used and developed such the one developed by Aapo Hyvarinen et al [6,17]:
Undecimated Wavelet Packet for Blind Speech Separation
J(y) =
p
ki (E[gi (y)] − E[gi (v)])2 .
321
(4)
i=1
where ki , gi and v are respectively positive constants, the non quadratic functions and Gaussian random variable. The fundamental fixed-point iteration is performed by using the following expression: i g(WiT X i )} − E{g (WiT X i )} Wi . Wi (k) ← E{X
(5)
where g is the contrast function and g is its derivative.
3 3.1
Undecimated Wavelet Packet Wavelet Transform
Wavelet transform (WT) is introduced as a time frequency analysis approach which leads a new way to represent the signal into a linear powerful representation [14,21]. In addition, the discrete wavelet transform (DWT) has been developed. It decomposes signals into approximation and details followed by decimators after each filtering. However, the DWT is not translation invariant [21]. In order to provide a denser approximation and overcome this drawback, the undecimated wavelet transform (UWT) has been introduced. In which, no decimation is performed after each filtering step, so that every both approximate and detail signal have the same size which equal to that of the analyzed signal. The UWT was invented several times with different names as algorithm a` trous (algorithm with holes) [8], shiftinvariant DWT [26] and redundant wavelet transform [7]. The UWPT is developed in the same way and computed in a similar manner as the wavelet packet transform except that the downsampling operation after each filtering step is suppressed. 3.2
The Undecimated Wavelet Packet
In our BSS system, we use the undecimated wavelet packet decomposition using Daubechies4 (db4) of an 8 kHz speech signal. This decomposition tree structure consists of five levels and it is adjusted in order to accords critical band characteristics. The sample rate of speech signal used in this work is 8 Khz which leads a bandwidth of 4 kHz. Therefore, the audible frequency range can be approximate with 17 critical bands (barks) as shown in Table 1. The tree structure of undecimated wavelet packet decomposition is obtained according to this results critical bandwidths [9]. It is depicted in figure 2, The frequency bandwidth for each node of the UWPD tree is computed by the following equation: cbw(i, j) = 2−j (Fs − 1) .
(6)
Where i = (0, 1, .., 5) and j = (0, .., 2−j − 1) are respectively the number of levels and the position of the node and Fs is the sampling frequency.
322
I. Missaoui and Z. Lachiri Table 1. Critical-band characteristics Critical bands Center frequency Critical bandwidth (barks) (Hz) (CBW) (Hz) 1 50 100 2 150 100 3 250 100 4 350 100 5 450 110 6 570 120 7 700 140 8 840 150 9 1000 160 10 1170 190 11 1370 210 12 1600 240 13 1850 280 14 2500 320 15 2150 380 16 2900 450 17 3400 550
4
The Proposed Method
The idea behind employing wavelet transform as a preprocessing step is to improve the non-Gaussianity distribution of independent components that is a pre-requirement for ICA and to increase their independency [22,25]. Inspired from this idea, we propose a new blind separation system, in the instantaneous mixture case, to extract the speech signals of two-speakers from two speech mixtures. The proposed system use the undecimated wavelet packet decomposition for transformed the two mixtures signals into adequate representation to emphasize the non-Gaussian nature of mixture signals. The UWPD tree is chosen according to critical bands of psycho-acoustic model of human auditory system. The results signals are used to estimate the unmixed matrix W using the FastICA algorithm [6]. The separation task is then done in the time domain. Our speech separation system, shown in figure 3, contains two modules shown in dotted boxes. The first module (Preprocessing Module) consists to extract appropriate signals from the observed signals to improve the source separation task. The second module (Separation module) performs the source separation using FastICA algorithm [6]. The Description for each module is given bellow. 4.1
Preprocessing Module
The first module corresponds to the preprocessing step that decomposes the observed signals using a perceptual filter bank. This filterbank is designed by
Undecimated Wavelet Packet for Blind Speech Separation
323
Fig. 2. The CB-UWPD tree and its corresponding frequency bandwidths (perceptual filterbank)
adjusting undecimated wavelet packet decomposition tree, according to critical band characteristics of psycho-acoustic model [9]. Each result coefficients of the two mixtures can be viewed as an appropriate signal. Thus, we have many possibilities in the choice of the best coefficients. In order to increase the non Gaussianity of the signals that is a pre-requirement for ICA, we need to find the best coefficients which improves the source separation task. The coefficients selection is done by using Shannon entropy criterion [22,25,15]. The following steps summarize the procedure of the selection algorithm: Step 1: Decompose each mixture signals into undecimated wavelet packet. Step 2: Calculate the entropy of each node Cj,k of UWPD tree. Step 3: Select the node which has the lowest entropy. The Shannon entropy is computed for each node (j, k) as follow: H(j, k) = − pi log(pi ) . Where pi =
Cj,k (i) . X(k)2
(7)
(8)
324
I. Missaoui and Z. Lachiri
Fig. 3. The framework of proposed speech separation system
With Cj,k are the UWPD coefficients and X is the mixture signal. 4.2
Separation Module
In this module, the separation task in done and can be devised into two steps, the first one consists on generating the unmixing matrix W using the FastICA algorithm [6]. This step uses the result signals of the previous module as new inputs of FastICA. The two input signals correspond to the UWPD coefficients having the lowest entropy. The second step consists on extracting the estimated speech signals using the matrix W and taking into account the original mixtures signals.
5
Results and Evaluation
In this section, we illustrate the performance of our system described in the previous section. We use TIMIT database which formed by a total of 6300 speech signals. These signals are formed by 10 sentences spoken by each of 630 speakers. The latter are chosen from 8 major dialect regions of the United States [28]. The speech signals taken are resampled to 8 kHz. We consider in this work the instantaneous case with two mixture signals composed of two speech signals. The observed signals are generated, artificially, using the following mixing matrix: 21 . (9) A= 11
Undecimated Wavelet Packet for Blind Speech Separation
325
To evaluate our system, we use different performance metrics such as the blind separation performance measures introduced in BSS EVAL [11,30], including various numerical measures of BSS performance. We exploit in this work, the Signal to Interference Ratio (SIR) and Signal to Distortion Ratio (SDR) measures. To generate these measures, the estimated signals si (n) must be decomposed into the following component sum: si (n) = starget (n) + einterf (n) + eartef act (n) .
(10)
where starget (n), einterf (n) and eartef act are, respectively, an allowed deformation of the target source si (n),an allowed deformation of the sources which takes account of the interference of the unwanted sources and an artifact term which represents the artifacts produced by the separation algorithm. Then, the SIR and SDR ration are computed using the last decomposition as: starget (n)2 . einterf (n)2
(11)
starget (n)2 . einterf (n)2 + eartef act (n)2
(12)
SIR = 20 log
SDR = 20 log
In order to evaluate the quality of the estimated speech signals, the segmental and overalla Signal to Noise ration are used. In addition, a subjective test is done using perceptual evaluation of speech quality PESQ, which is an objective method, defined in the ITU-T P.862 standard [16]. The PESQ measure is a score comprise between 0.5 and 5 db and equivalents to the subjective ”Mean Opinion Score”. The experiment results of our proposed system has been compared to that of FastICA algorithm [6], described in section 2, and two well-known algorithms SOBI [13] and Jade [10]. The obtained results are summarized in four tables. The table 2 presents the BSS evaluation, including SIR and SDR ration, obtained after separation task by proposed method, SOBI, Jade and FastICA. We observed that the SIR ≈ SDR and their values for the proposed method is improved compared to FastICA. The SIR average is 55.93 db for the proposed method, 48.03db for FastICA, 50.17 db for Jade and 26.60 db for SOBI. Table 3 and 4 illustrates segmental SNR and overall SNR. We can see that the estimated signals obtained by our method have better values than that of the other methods. for instance, we have obtained overall SNR improvement of 9 db compared with FastICA. To measure the speech quality of the estimated signals, the BSS evaluation measures is reported in terms of PESQ. As depicted in table 5, the proposed
326
I. Missaoui and Z. Lachiri
Table 2. Comparison of SIR and SDR using SOBI, Jade, FastICA and proposed Method (PM)
SIR(Signal 1) SIR(Signal 2) SDR(Signal 1) SDR(Signal 2) Average
SOBI Jade FastICA PM 26.92 54.72 44.39 51.11 26.29 45.63 51.68 60.75 26.92 54.72 44.39 51.11 26.29 45.63 51.68 60.75 26.60 50.17 48.03 55.93
Table 3. Comparison of segmental SNR using Sobi, Jade, FastICA and proposed Method (PM) SOBI Jade FastICA PM Seg SNR (Signal 1) 22.58 33.56 30.79 32.79 Seg SNR (Signal 2) 20.47 29.40 31.15 33.03 Table 4. Comparison of Overall SNR using Sobi, Jade, FastICA and proposed Method (PM) SOBI Jade FastICA PM Overall SNR (Signal 1) 26.92 54.72 44.39 51.11 Overall SNR (Signal 2) 26.29 45.63 51.68 60.75 Table 5. Comparison PESQ using SOBI, Jade, FastICA and proposed Method (PM) SOBI Jade FastICA PM PESQ (Signal 1) 2.58 3.29 3.25 3.29 PESQ (Signal 2) 3.45 4.14 4.27 4.38
method is still more effective in terms of perceptual quality than FastICA and the other techniques.
6
Conclusion
In this work, we have proposed a novel blind speech separation approach to separate two sources in the instantaneous case. This approach is based on undecimated wavelet packet transform and ICA algorithm. We employed the undecimated wavelet packet and used Shannon entropy criteria in order to increase the non gaussianity of observed signals. The results signals are used as new inputs of ICA algorithm to estimate the unmixing matrix which was employed to separate the speech signals in time domain. The experimental results of this hybrid undecimated wavelet packet-ICA show that the proposed approach yields a better separation performance compared to similar techniques.
Undecimated Wavelet Packet for Blind Speech Separation
327
References 1. Comon, P.: Independent component analysis: A new concept? Signal Processing 36(3), 287–314 (1994) 2. Bell, A.J., Sejnowski, T.J.: An information maximization approach to blind separation and blind deconvolution. Neural Computation 7, 1004–1034 (1995) 3. Cardoso, J.F.: Infomax and maximum likelihood for blind separation. IEEE Signal Processing Letters 4, 112–114 (1997) 4. Wang, F.S., Li, H.W., Li, R.: Novel NonGaussianity Measure Based BSS Algorithm for Dependent Signals. In: Dong, G., Lin, X., Wang, W., Yang, Y., Yu, J.X. (eds.) APWeb/WAIM 2007. LNCS, vol. 4505, pp. 837–844. Springer, Heidelberg (2007) 5. Xiao, W., Jingjing, H., Shijiu, J., Antao, X., Weikui, W.: Blind separation of speech signals based on wavelet transform and independent component analysis. Transactions of Tianjin University 16(2), 123–128 (2010) 6. Hyv¨ arine, A.: Fast and robust fixed-point algorithms for independent component analysis. IEEE Transactions on Neural Networks 10(3), 626–634 (1999) 7. Fowler, J.: The redundant discrete wavelet transform and additive noise. IEEE Signal Processing Letters 12(9), 629–632 (2005) 8. Shensa, M.: The discrete wavelet transform: Wedding the ` a trous and Mallat algorithms. IEEE Trans. Signal Processing 40(10), 2464–2482 (1992) 9. Tasmaz, H., Ercelebi, E.: Speech enhancement based on undecimated wavelet packet-perceptual filterbanks and MMSE-STSA estimation in various noise environments. Digital Signal Processing 18(5), 797–812 (2008) 10. Cardoso, J.F.: Higher-order contrasts for independent component analysis. Neural Computation 11, 157–192 (1999) 11. Vincent, E., Gribonval, R., Fevotte, C.: Performance Measurement in Blind Audio Source Separation. IEEE Transactions on Audio, Speech, and Language Processing 14(4), 1462–1469 (2006) 12. Chien, J.T., Chen, B.C.: A New Independent Component Analysis for Speech Recognition and Separation. IEEE Transactions on Audio, Speech and Language Processing 14(4), 1245–1254 (2006) 13. Belouchrani, A., Abed-Meraim, K., Cardoso, J.F., Moulines, E.: A blind source separation technique using second order statistics. IEEE Trans. Signal Processing 45, 434–444 (1997) 14. Gargour, C., Abrea, M., Ramachandran, V., Lina, J.M.: A short introduction to wavelets and their applications. IEEE Circuits and Systems Magazine 9(2), 57–58 (2009) 15. Coifman, R., Wickerhausser, M.: Entropy-based algorithms for best-basis selection. IEEE Transactions on Information Theory 38, 713–718 (1992) 16. ITU-T P.862, Perceptual evaluation of speech quality (PESQ), an objective method for end-to-end speech quality assessment of narrow-band telephone networks and speech codecs. International Telecommunication Union, Geneva (2001) 17. Hyv¨ arinen, A., Karhunen, J., Oja, E.: Independent Component Analysis. Wiley Interscience, New York (2001) 18. Wang, L., Brown, G.J.: Computational Auditory Scene Analysis: Principles, Algorithms, and Applications. Wiley/IEEE Press, Hoboken, NJ (2006) 19. Haykin, S.: Neural Networks and Learning Machines, 3rd edn. Prentice-Hall, Englewood Cliffs (2008) 20. Cichocki, A., Amari, S.: Adaptive Blind Signal and Adaptive Blind Signal and Image Processing. John Wiley and Sons, New York (2002)
328
I. Missaoui and Z. Lachiri
21. Mallat: A Wavelet Tour of Signal Processing: The Sparse Way, 3rd edn. Academic Press, London (2008) 22. Moussaoui, R., Rouat, J., Lefebvre, R.: Wavelet Based Independent Component Analysis for Multi-Channel Source Separation. In: IEEE International Conference on Acoustics, Speech and Signal Processing, pp. 645–648 (2006) 23. Usman, K., Juzoji, H., Nakajima, I., Sadiq, M.A.: A study of increasing the speed of the independent component analysis (lCA) using wavelet technique. In: Proc. International Workshop on Enterprise Networking and Computing in Healthcare Industry, pp. 73–75 (2004) 24. Tanaka, T., Cichocki, A.: Subband decomposition independent component analysis and new performance criteria. In: IEEE International Conference on Acoustics, Speech and Signal Processing, pp. 541–544 (2004) 25. Mirarab, M.R., Sobhani, M.A., Nasiri, A.A.: A New Wavelet Based Blind Audio Source Separation Using Kurtosis. In: International Conference on Advanced Computer Theory and Engineering (2010) 26. Walden, A.T., Contreras, C.: The phase-corrected undecimated discrete wavelet packet transform and its application to interpreting the timing of events. Proceedings of the Royal Society of London, 2243–2266 (1998) 27. Chien, J.T., Hsieh, H.L., Furui, S.: A new mutual information measure for independent component alalysis. In: IEEE International Conference on Acoustics, Speech and Signal Processing, pp. 1817–1820 (2008) 28. Fisher, W., Dodington, G., Goudie-Marshall, K.: The TIMIT-DARPA speech recognition research database: Specification and status. In: DARPA Workshop on Speech Recognition (1986) 29. Zhang, W., Rao, B.D.: Combining Independent Component Analysis with Geometric Information and its Application to Speech Processing. In: IEEE International Conference on Acoustics, Speech, and Signal Processing (2009) 30. Fevotte, C., Gribonval, R., Vincent, E.: BSS EVAL toolbox user guide, IRISA, Rennes, France, Technical Report 1706 (2005)
A Robust Framework for Multi-object Tracking Anand Singh Jalal and Vrijendra Singh Indian Institute of Information Technology, Allahabad, India
[email protected],
[email protected]
Abstract. Tracking multiple objects in a scenario exhibit complex interaction is very challenging. In this work, we propose a framework for multi-object tracking in complex wavelet domain to resolve the challenges occurred due to incidents of occlusion and split. A scheme exploiting the spatial and appearance information is used to detect and correct the occlusion and split state. Experimental results illustrate the effectiveness and robustness of the proposed framework in ambiguous situations in several indoor and outdoor video sequences.
1 Introduction There are a sheer number of applications where visual object tracking becomes an essential component. These applications include surveillance system to know the suspicious activity, sport video analysis to extract highlights, traffic monitoring and human computer interaction to assist visually challenged people. Even the performance of high level event analysis is highly depends on the accuracy of an object tracking method. Multi-object tracking is one of the most challenging problems in computer vision. The challenges are due to change in appearance of the objects, occlusion of objects and splitting of object. Occlusion occurs either due to one object is occluded by another object or an object is occluded by some component of the background. Split may occur due to merged object or because of errors in the segmentation method. An error in the split may mislead the tracker. A good multi-object tracking method should be able to detect changing numbers of objects in the scene, adding and removing objects and also able to handle both occlusion and split events. Kalman filtering is an efficient solution to track multiple objects [1]. However mistakes become more frequent and are difficult to correct as the number of objects increases. The problem can be solved using particle filtering by exploiting the multiple hypotheses [2]. In [3], the author formulates the multi-object tracking as a Bayesian network inference problem and explores this approach to track multiple players. In [4], the author proposed a probabilistic framework based on HMM to describe a multiple object trajectory tracking. The framework was able to track unknown number of multiple objects. The association problem has been represented as a bipartite graph in [5]. A method was proposed to maintain hypotheses for multiple associations. They also resolved the problem of objects entering and exiting, and handled the error due to merging and splitting objects. However, particle filterbased tracking algorithms having not enough samples that are statistically significant A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 329–338, 2011. © Springer-Verlag Berlin Heidelberg 2011
330
A.S. Jalal and V. Singh
modes, faced difficulty to track multiple objects. They are only capable to handle partial short duration occlusion. In recent years a number of approaches are proposed in the literature to resolve the issues of multi-object tracking [6,7,8]. However, these methods are failed when the objects suddenly disappears or change its direction or in case of similar colored/textured objects. This paper describes a multi-resolution tracking framework using Daubechies complex wavelet transform. Due to its approximate shift invariant and noise resilience nature Daubechies complex wavelet transform based method provides efficiency and robustness to the tracking system in varying real-life environment and even in the presence of noise [9]. Also the wavelet transform has an inherent multi-resolution nature that provides a rich and robust representation of an object. A multi-resolution approach employs opportunity to perform tracking at high resolution when we require accurate estimation of object state e.g. confusion due to occlusion, while tracking at lower spatial resolution at other times. Therefore, in the proposed approach we exploit the high resolution to gain more discriminative power to object model, whereas all other tasks are performed at low resolution. The proposed algorithm exploits a correspondence establishment approach similar to that presented in [6], but with a different distance measure and different appearance model based on Daubechies complex wavelet coefficients. The proposed approach encompasses the principle of object permanence to handle the occlusion occurred due to a background object such as an electric pole or a tree. Object permanence is defined as the ability of an infant to understand the existence of a hidden moving object [10]. The remaining part of the paper is organized as follows. Section 2 gives an overview of the proposed framework. Section 3 presents the proposed multi-object tracking approach and discusses how to handle the occlusion and split problems in multi-object scenario. Section 4 contains results over real world video sequences, and finally, Section 5 concludes and discusses the open issues for future research.
2 Proposed Framework Wavelet domain provides a framework to view and process image at multiple resolutions [11]. We have used Daubechies complex wavelet transform (CxWT), as it is approximately shift-invariant and has better directional information with respect to real DWT. The details of CxWT can be found in [12]. The proposed framework is broadly subdivided into two components: 1) moving object extraction using background subtraction 2) muti-object tracking using occlusion reasoning. Fig. 2 illustrates the block diagram of the proposed framework, which is self explanatory. From the block diagram it is clear that all the tasks are performed in complex wavelet domain. The first component of the proposed framework consists of a simple and effective background modelling and subtraction method, in which a background model is extracted initially by a training stage. Background subtraction is then performed to extract moving foreground pixels in the current frame using a single Gaussian method in wavelet domain [13]. An area thresholding method is incorporated to remove the
A Robust Framework for Multi-object Tracking
331
false detections. The background is updated using the feedback of classification results of the extracted moving objects. Morphological operators are then applied for further smoothing of the moving object. The second component is the tracking module, which uses a correspondence process to associate each foreground object with one of the existing tracked object. However, this task becomes challenging even in the simple case of partial occlusions. Therefore, in the proposed method we are exploiting the spatial and appearance information of object to handle object occlusion and object split problem. In the proposed framework we compute appearance model at a high resolution (lower level) to gain more discriminative power for object model, whereas other tasks like background modelling and subtraction, shadow suppression and correspondence establishment are performed at low resolution (higher level). By performing most of the task at low resolution, we have attained high immunity to noise and also reduced the computations.
Complex Wavelet Transform
Frame Capture
Background Modelling
N Last Frame ?
Update Objects Database
Background Subtraction
Morphological analysis Extract Moving Objects
Y Finish Tracking
Compute feature vector for candidate objects
Multi-Object Tracking Occlusion Analysis
Correspondence Establishment
Multi-Object Tracking
Fig. 2. The proposed multi-object tracking framework
3 Multi-object Tracking Mutli-object tracking algorithms should be able to establish unique correspondences between objects in each frame of a video. The first component of the proposed framework detects foreground pixels and form isolated regions of connected foreground pixels, which are called blobs. The next task is to establish a correspondence between object instances over frames. The proposed framework is capable to track any number of objects without any prior information about the object modelling.
332
A.S. Jalal and V. Singh
3.1 Object Appearance Modelling Object modelling can be defined as finding an appropriate visual description that makes the object distinguish from other objects and background. In the proposed method, each object is characterised with it’s spatial layout and appearance. A histogram of wavelet coefficients is used to model the object appearance. Since in the tracking process, usually the boundary points of object are prone to error due to occlusion or interference from the background. So we used Epanechinikov kernel function to smooth the probability density function, which assign lower weights to pixels farther from the centre [14]. This improves the robustness of the object model, by diminishing the influence of boundary clutter. The histogram of a target can be computed as:
p = { pk ; k = 1: K} Where K represents the number of histogram bins. For each bin the discrete probabilities are formulated as: M
(
)
pk = CN ∑ g E || xa ||2 δ ( b( xa ) − k ) a =1
Where CN is a normalization constant required to ensure that ∑ kK=1 pk = 1, δ the
kronecker delta, { xa ; a = a : M } the pixel location, M is the number of target pixels, and b( xa ) a function that makes a correspondence between the given pixel value and its analogous histogram bin. The symbol g E ( x) represents an isotropic kernel having a convex and monotonic profile. In order to make the appearance model more discriminative, we used complex wavelet coefficients at higher resolution to compute weighted histogram. A Bhattacharyya coefficient is used as a measure of comparability between two appearance models [14]. 3.2 Detection of Object Correspondence
The aim of Correspondence Establishment module is to associate foreground blobs with objects that are already being tracked. In ideal cases a single object is mapped to one connected blob. However, due to occlusions and splits, two or more different objects may assign to a single connected blob or single object may appear as more than one connected blobs. To resolve the correspondence problem, we use a correspondence matrix Cm showing the association between foreground regions extracted in current frame and the objects successfully tracked in the previous frame. In the correspondence matrix (Cm), the rows correspond to existing tracks in previous frame and columns to foreground blobs in the current frame. In the proposed approach we maintain a data structure named as object database ( DBobj ) to keep track of information about the tracked objects. The information are: identity(ID), area(A), centroid(C), minimum bounding box(MBB), appearance model(OM), merge list(MList) and status(S). Where status can be A(Active),
A Robust Framework for Multi-object Tracking
333
P(Passive), E(Exit), M(Merge). MList consists of the ID of the objects that are involved in merging. Suppose Oti −1 represent a i th tracked object in (t − 1)th frame and Btj represent the j th blob in t th frame respectively, where i = 1, 2,..., M and j = 1, 2,..., N . M represents the number of objects that already being tracked in the previous frame and N represents the number of foreground blobs in the current frame. The distance between blob Btj and object Oti −1 can be defined as: t −1
Bt
D x = COx i − C x j
t −1
Bt
and D y = COy i − C y j
(1)
Where C x and C y represent the X and Y component of the respective centroid. The size of the correspondence matrix (Cm) is M x N and its value can be defined as: ⎧ ⎪ C m [i, j ] = ⎨ 1; ⎪ 0; ⎩
Dx <
WOt −1 + WBt i
Otherwise
j
2
and D y <
H Ot −1 + H Bt ⎫ i j ⎪ ⎬ 2 ⎪ ⎭
(2)
Where W and H represent width and height of respective object and blob. Thus correspondence matrix contains binary values. An entry ‘1’ in the correspondence matrix shows that there is an association between the corresponding object ( O ) and blob ( B ). The analysis of correspondence matrix produces following association events: Active Track: A single blob B in current frame is associated to a single object O in the previous frame, if the blob is isolated and not occluded. In such condition the corresponding column and row in Cm have only one non-zero element. As soon as a blob is declared as active track, the corresponding information in the DBobj is
updated. Appearing or Reappearing: If a column in Cm has all zero elements then it shows that the corresponding blob B cannot be explained by any of the existing object hypotheses. Thus, B has to be a new region which is either caused by the entry of a new object or the reappearance of one of the existing object. The existing object may disappear from the scene for some time due to occlusion occurred by a background object such as a pole or a tree. If the entry (appearance) of the region is from the boundary of the image then it is treated as a new object, otherwise it might be an existing object. If it is a case of existing object then the appearance feature of such blob B is matched against the objects having a ‘Passive’ status in DBobj . If a match
is found, the ‘Passive’ status of corresponding object is replaced by an ‘Active’ status and object details are updated in DBobj . However, if no match is found, the blob is
334
A.S. Jalal and V. Singh
treated as a new object. If blob is detected as new object then it’s details should be added to the DBobj and a ‘Active’ status is assigned to it. Exit or Disappear: If a row in Cm has all zero elements then it implies that the hypothesis of corresponding object O is not supported by any of the foreground blobs. Thus, O is either exited from the scene or disappeared for some time due to occlusion occurred by a background object. If the O was near the boundary then it is assumed to be an exit status, otherwise it is assumed that the O is disappeared for some time. If blob is detected as an exit object then its status is updated as ‘Exit’ in DBobj . If it is the case of disappearing then the status is updated as ‘Passive’. Merging: If a column in Cm has more than one non-zero entries. It implies that multiple objects compete for a single foreground blob. Splitting: If a row in Cm has more than one non-zero entries. It implies that a merged object is splitted into its corresponding components. 3.2.1 Detecting and Correcting Occlusion If a column in Cm has more than one non-zero entries, there are two possible causes a) multiple objects merged together and form a single foreground blob; b) two or more objects are in the close proximity and satisfying eqn. 2. Merging is very common in case of objects crossing each other, standing together etc. First condition (merging or occlusion) occurs when two or more objects come in close proximity of each other, i.e., the minimum bounding boxes of the objects physically overlap in the frame. Thus, the merging gives rise to a single foreground blob having area significantly larger than corresponding objects. Suppose two objects OA and OB in previous frame t-1 are occluded in the current frame t and give rise to a single blob BM . In the proposed approach this BM is tracked as a new object and assumed to be a
mother object ( OM ) having two child objects OA and OB . This mother object is added to DBobj and the ID of OA and OB are inserted in the MList of OM . The status of OA and OB are also updated as ‘M’. This OM will be tracked in the subsequent frames as an active track until it splits. In case of second condition where objects seemed to be merged due to the close proximity, the blob is mapped to object having maximum similarity. This similarity is based on appearance feature using object model at high resolution. 3.2.2 Detecting and Correcting Splits A merged object can be splitted into several blobs during segmentation process. There are two possibility of merging of objects a) due to the occlusion of two or more objects during tracking b) two or more objects might enter the scene in a group. If merging is due to occlusion such as in the above example OM , then splitting
produces corresponding child objects ( OA and OB ) and their identity is re-established
A Robust Framework for Multi-object Tracking
335
using the appearance features of objects. These child objects are then tracked as existing objects. The objects details are updated in DBobj and the status is changed as ‘Active’. If merging is due to the group entry then splitting produces new objects. The details of these new objects are added to the DBobj and an ‘Active’ status is assigned. After splitting the merge object ( OM ) is released from the DBobj .
4 Experimental Results A qualitative evaluation of the proposed approach is carried out in four video sequences. The first two sequences are from PETS-2009 dataset, which provides a challenging multi-object scenario. The third sequence is from Hall Monitoring video consists of the problem of noise due to the indoor illumination. Since several lighting sources are present in the Hall Monitoring scenario, so target and background appearance is significantly affected. The last video is recorded in outdoor environment of our institute campus. The image resolution is 760 x 576, 352 x 240 and 720 x 480 for PETS video, Hall Monitoring and Campus video respectively. The experiments have been started with the first set of PETS-2009 image sequences. The ID of the object is labeled at the middle of the bounding box. A green color label shows a new or reappeared object. A white color label shows an active tracked object. Whereas a yellow color label with a red bounding box shows a merged object. The top image in fig. 3, demonstrates the trajectory of objects on the image plane. Fig. 3(a) shows the start of the scenario having seven objects. Fig. 3(c) illustrates the object having ID#5 is occluded behind the electric pole and disappears from the scene for few frames. This object is reappeared in fig. 3(d) and correctly tracked by the proposed approach using the concept of object permanence. In the meantime objects having ID#6 and ID#7 come very close and form a single merged
Fig. 3. Snapshots from tracking results of the “PETS 2009” image sequence 1
336
A.S. Jalal and V. Singh
Fig. 4. Snapshots from tracking results of the “PETS 2009” image sequence 2
Fig. 5. Snapshots from tracking results on “Hall monitoring” image sequence
object. Figs 3(d-f) show that the proposed algorithm, enables the tracking of objects ID#6 and ID#7 during the merge period. Figs 3(e-f) also show the partial occlusion of object due to background component. Another experiment was performed on the second set of PETS-2009 image sequences. A crosswalk scene is analysed in this experiment. Fig. 4(a) shows the tracking objects at the start of the scenario. In fig. 4(b) the occlusion takes place between object ID#2 and object ID#3. Fig. 4(b) and fig. 4(d) illustrate that the proposed scheme detects and corrects occlusion effectively in the presence of heavy occlusion as shown in fig. 4(c). Figs 4(e-f) again show the effectiveness of the proposed scheme during heavy occlusion. The next experiment was performed on the Hall Monitoring image sequences. In this scenario, the background color distribution is similar to the trousers of the first object and also this image sequence is suffered from noise caused by variations in the
A Robust Framework for Multi-object Tracking
337
illumination. This causes multiple segments of a single object during background subtraction process. However, the proposed framework shows it’s efficiency to correct these split segments as shown in fig. 5. Also we are performing most of the task like background subtraction, shadow suppression etc. at a lower resolution, as a result the noise is greatly attenuated due to the effect of lowpass filtering. The last experiment was performed on the Campus video, in which the objects are moving away from the camera. Figs. 3-6 illustrate that our method attains the entry of objects from any directions.
Fig. 6. Snapshots from tracking results on “Campus” image sequence
From the experimentation results, we conclude that our method obtains satisfactory results to track multiple objects and successful in coping with the problem of split and occlusion. However, it is not validated in crowded scenes.
5 Conclusion In this paper we have presented a Daubechies complex wavelet transform based framework for tracking multiple objects aiming to resolve the problem occur due to the presence of noise, occlusion, and split error. The appearance feature of objects at multi-resolution level is used to resolve the problem of occlusion and split error. The obtained experimental results in four video sequences show that our approach can cope successfully the interactions, occlusions and split in challenging situations.
References 1. Mittal, A., Davis, L.: M2tracker: A Multi-view Approach to Segmenting and Tracking People in a Cluttered Scene. International Journal of Computer Vision 51(3), 189–203 (2003) 2. Smith, K., Gatica-Perez, D., Odobez, J.-M.: Using Particles to Track Varying Numbers of Interacting People. In: Proceedings of the Conference on Computer Vision and Pattern Recognition (2005)
338
A.S. Jalal and V. Singh
3. Nillius, P., Sullivan, J., Carlsson, S.: Multi-target Tracking - Linking Identities using Bayesian Network Inference. In: Proceedings of the Conference on Computer Vision and Pattern Recognition, vol. 2, pp. 2187–2194 (2006) 4. Han, M., Xu, W., Tao, H., Gong, Y.: Multi-object Trajectory Tracking. Machine Vision and Applications 18(3), 221–232 (2007) 5. Joo, S.W., Chellappa, R.: Multiple-Hypothesis Approach for Multi-object Visual Tracking. IEEE Transactions on Image Processing 16, 2849–2854 (2007) 6. Senior, A., Hampapur, A., Tian, Y.-L., Brown, L., Pankanti, S., Bolle, R.: Appearance Models for Occlusion Handling. Journal of Image and Vision Computing 24(11), 1233– 1243 (2006) 7. Rad, R., Jamzad, M.: Real Time Classification and Tracking of Multiple Vehicles in Highways. Pattern Recognition Letters 26(10), 1597–1607 (2005) 8. Amer, A.: Voting-based Simultaneous Tracking of Multiple Video Objects. IEEE Transactions on Circuits and Systems for Video Technology 15, 1448–1462 (2005) 9. Jalal, A.S., Tiwary, U.S.: A Robust Object Tracking Method Using Structural Similarity in Daubechies Complex Wavelet Domain. In: Chaudhury, S., Mitra, S., Murthy, C.A., Sastry, P.S., Pal, S.K. (eds.) PReMI 2009. LNCS, vol. 5909, pp. 315–320. Springer, Heidelberg (2009) 10. Huang, Y., Essa, I.: Tracking Multiple Objects through Occlusions. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1051–1058 (2005) 11. Wang, Y., Doherty, J.F., Duck, R.E.V.: Moving Object Tracking in Video. In: Proceedings of 29th IEEE Int’l Conference on Applied Imagery Pattern Recognition Workshop, pp. 95–101 (2000) 12. Lina, J.-M.: Image Processing with Complex Daubechies Wavelets. Journal of Mathematical Imaging and Vision 7(3), 211–223 (1997) 13. Ugur, B., Enis, A., Aksay, A., Bilgay, M.A.: Moving object detection in wavelet compressed video. Signal Processing: Image Communication 20, 255–264 (2005) 14. Comaniciu, D., Ramesh, V., Meer, P.: Kernel-based Object Tracking. IEEE Transactions on Pattern Analysis and Machine Intelligence 25(5), 564–575 (2003)
SVM Based Classification of Traffic Signs for Realtime Embedded Platform Rajeev Kumaraswamy, Lekhesh V. Prabhu, K. Suchithra, and P.S. Sreejith Pai Network Systems & Technologies Pvt Ltd, Technopark, Trivandrum, India {rajeev.k,lekhesh.prabhu,suchithra.k,sreejith.pai}@nestgroup.net
Abstract. A vision based traffic sign recognition system collects information about road signs and helps the driver to make timely decisions, making driving safer and easier. This paper deals with the real-time detection and recognition of traffic signs from video sequences using colour information. Support vector machine based classification is employed for the detection and recognition of traffic signs. The algorithms implemented are tested in a real time embedded environment. The algorithms are trainable to detect and recognize important prohibitory and warning signs from video captured in real-time. Keywords: traffic sign recognition, support vector machine, pattern classification, realtime embedded system.
1
Introduction
Driver Assistance Systems(DAS) that help drivers to react to changing road conditions can potentially improve safety [1,2,3]. Computer vision based methods, which have the advantage of high resolution, can be employed to recognize road signs and detect lane markings, road borders and obstacles. The input is usually a video captured from a camera fixed on the vehicle. Automatic recognition of traffic signs is an important task for DAS. Traffic signs are standardized by different regulatory bodies and are designed to stand out in the environment. Moreover, signs are rigidly positioned and are set up in clear sight to the driver. These factors reduce the difficulty in designing recognition algorithms. Nevertheless, a number of challenges remain for a successful recognition. Weather and lighting conditions can vary significantly in traffic environments. Additionally, as the camera is moving, motion blur and abrupt contrast changes occur frequently. The sign installation and surface material can physically change over time, influenced by accidents, vandalism and weather resulting in rotated and degenerated signs. Another problem is occlusion from other objects such as trees. The traffic sign detection algorithms commonly rely on shape and colour of the traffic signs [3,4,5,6,7]. Shape based methods detect the signs using a set of predefined templates and hence is sensitive to total or partial occlusion and target rotation. Colour based methods detect signs in a scene using the pixel intensity in RGB or HSI colour spaces. There are very few work reported in literature which deal with actual real-time embedded implementations. Goedeme A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 339–348, 2011. c Springer-Verlag Berlin Heidelberg 2011
340
R. Kumaraswamy et al.
[13] has proposed some algorithms intended for real-time implementation on embedded platforms, but real-time implementation has not been attempted. Souki et al [14] propose an embedded implementation based on shape and colour but the processing time is greater than 17 seconds. The only real-time embedded implementation reported so far is by Muller et al [15] realized on a Virtex-4 LX100 FPGA. They classify 11 signs out of which 7 are speed limit signs. They have adopted the classification algorithm from a previous work of the current authors [9]. This paper describes a general framework for the realtime embedded realization of detection and classification of red speed limit and warning signs from video sequences. We followed a model based approach in developing and validating the reference model in MATLAB/Simulink environment. The real-time C/C++ implementation was developed based on autocode generated from the reference model. The algorithms are evolved from our previous work [9]. We describe the adptations that were required for meeting the real-time constraints and limited resources of OMAP processor. The paper is organized as follows: Section 2 focuses on the system overview. Experimental results are described in Section 3. Conclusions are drawn in Section 4.
2
System Overview
In this paper, we present a system for detection and recognition of traffic signs. The block level representation of the traffic sign detection and recognition system is shown in Figure 1. The traffic sign detection and recognition system consists of three stages. 1. ROI Selection : In this stage the candidate blobs are segmented from the input frames by thresholding in RGB color space. The extracted blobs are rotation corrected, cropped and resized to a size of 64x64. 2. Shape Classification : Blobs obtained from the colour segmentation process are classified according to their shape using multiclass SVM. 3. Pattern Recognition : Blobs classified as circle or triangle are sent to the pattern recognition stage. This stage involves pattern segmentation, feature extraction and SVM based pattern classification. 2.1
ROI Selection
The first task involved is the segmentation of the traffic sign. Road signs are designed to stand out from the environment, so colour is the natural choice for segmentation. Different colour spaces can be employed for segmenting traffic signs. Hue in the HSI colour model is a very good representative for colour. We found Hue and Saturation based schemes have better illumination invariance. But conversion from RGB to HSI is computationally expensive. So for the real time implementation in embedded platform, we have used RGB colour space.
SVM Based Classification of Traffic Signs for Realtime Embedded Platform
341
Fig. 1. Block diagram of Traffic Sign Detection and Recognition system
Once the color based segmentation is done, the image pixels are grouped together as connected components. As we expect multiple signs in some frames, we do a connected component labelling. Blobs not having a minimum size and aspect ratio are discarded. This eliminates most of the unwanted and noisy blobs.The limits for blob size and aspect ratio were empirically derived using standard road signs. A minimun blob size of 400 pixels and an aspect ratio between 0.6 and 2.5 has been used for selecting the candidate blobs. The candidate blobs obtained may not be aligned with the horizontal axis. The rotation angle is calculated from the bottom Distance to Border(DtB) vectors [10] and the blobs are reoriented in a reference position. Once the rotation correction is done, the candidate blobs are cropped and resized to a size of 64x64.
342
2.2
R. Kumaraswamy et al.
Shape Classification Using SVM
The blobs that are obtained from the segmentation stage are to be classified in this stage according to their shape. In order to perform shape classification, nonlinear multi-class SVM is employed. 1) Shape Feature Extraction: The first step in shape classification is to make feature vectors for the input to the non linear multi-class SVM. Many methods have been proposed for extraction of feature vectors [8,9,10]. We use DtB as the vectors for training SVM. DtB is the distance from the external edge of the blob to its bounding box. Thus for a segmented blob we have four DtB vectors for left, right, top and bottom. Each DtB vector has a length of 64. The main advantage of this method is its robustness to several factors such as rotation and scale. This feature is invariant to rotations, because all blobs have been previously orientated in a reference position using the DtB vectors. The DtB vectors for left,right,top and bottom are concatenated and subsampled to a length of 64. Figure 2 shows the resampled DtB vectors for segmented triangular,circular and yield signs. 2) Shape Classification: In this work three shapes viz,circle, triangle and inverted triangle are considered for classification. The non linear SVM trained using the distance to border features enables the classification of a traffic sign. A detailed description on the training aspects of non linear SVM is given in section 2.4. 2.3
Pattern Classification
Once the shape classification process is completed, the candidate blobs belonging to circle or triangle are being sent to the pattern recognition stage. The inverted triangle traffic signs obtained in shape classification are considered directly for YIELD sign. If the number of white pixels is above a preassigned threshold, then it is classified as YIELD sign. In order to perform pattern recognition of circular and triangular traffic signs non linear multi-class SVMs are employed. 1) Pattern Segmentation: The pattern is extracted from a virtual masked region within the segmented blob. This masked region is obtained from the left and right DtBs used in the shape detection. The top and the bottom limits are manually chosen from the prior knowledge of the region in which the pattern resides. Now the pattern is obtained by thresholding the black region of the segmented intensity blob. 2) Feature Extraction: Projections and DtB features are used in the recognition of triangular signs whereas DtB alone is used for recognizing circular signs. For triangular signs, the projection of the cropped pattern is found along the x axis and y axis. The x and y projections are both resampled to a length of 32 each and then concatenated to form the projection feature vector of length 64.
SVM Based Classification of Traffic Signs for Realtime Embedded Platform
(a)
(d)
(b)
(e)
343
(c)
(f)
Fig. 2. (a) Segmented Circular Blob (b) Segmented Triangular Blob (c)Segmented Blob for Yield sign (d) Distance to Border for Circular Blob (e) Distance to Border for Triangular Blob (f) Distance to Border for Yield
Left and Right DtBs each resampled to 32 samples and concatenated to form the DtB feature vector. For triangle the full feature vector is formed by concatenating the projection and DtB vectors. For the blobs classified as circular, a red area checking is performed. If the total red area inside the blob is greater than a threshold, it is considered as either STOP sign or DO NOT ENTER sign. Inorder to distinguish between the STOP sign and DO NOT ENTER sign, we search for a continuous pattern of white pixels. If there exists such a pattern, the blob is classified as DO NOT ENTER otherwise it is classified as a STOP sign. For circular signs other than STOP and DO NOT ENTER, the DtBs resampled to a length of 64 forms the final feature vector. In the case of circular speed limit signs, the first digit alone is cropped and used in the feature extraction. Figure 3 shows the segmented blobs and the feature vectors used for training the multiclass non-linear SVM for pattern recognition. 3) Pattern Recognition: In the recognition stage, multi-class SVM classifiers with a RBF kernel is used. We have used two SVM classifiers- one for the circular sign and the other for the triangular sign. For the current real-time implementation, we have restricted the classification to 6 circular signs and 8 triangular signs. It is possible to include more signs without changing the present classifier structure. By extending this hierarchical classification, we can include signs with other colours also.
344
R. Kumaraswamy et al.
(a)
(b)
(c)
(d) Fig. 3. (a) Red Triangular Segmented Blobs and the corresponding extracted pattern(b) Red Circular Segmented Blobs and the corresponding extracted pattern(c) Extracted features for red triangular blobs(d) Extracted features for red circular blobs
2.4
Training Non-linear SVM for Shape Classification and Pattern Recognition
We summarize here the details of SVM classifiers and the training strategy. 1) Support Vector Machine: Support Vector Machine is a machine learning algorithm which can classify data into several groups. It is based on the concept of decision planes, where the training data is mapped to a higher dimensional space and separated by a plane defining the two or more classes of data. The extensive introduction about SVMs can be found in [11]. The formulation of SVMs deals with structural risk minimization (SRM). SRM minimizes an upper bound on the Vapnik Chervonenkis dimension, and it clearly differs from empirical risk minimization, which minimizes the error on the training data. For the training of SVMs, we have used the library LIBSVM [12].
SVM Based Classification of Traffic Signs for Realtime Embedded Platform
345
2) Cross validation and Grid search: The accuracy of SVM model is largely dependent upon the selection of the model parameters. There are two parameters c and g while using an RBF kernel in the SVM classification. g is the kernel parameter gamma and c is the cost parameter. The value of c controls the tradeoff between allowing training errors and forcing rigid margins. Increasing the value of c results in over fitting. It results in an increase in the misclassifications, but creates a more accurate model. Hence an optimal value should be chosen for the parameter c. The cross validation procedure can prevent the over fitting problem. In v -fold cross-validation, the training set is first divided into v subsets of equal size. Sequentially one subset is tested using the classifier trained on the remaining v-1 subsets. Thus, each instance of the whole training set is predicted once [12]. Grid search tries values of (c,g) across a specified search range using geometric steps and picks up the values with the best cross validation accuracy. For shape classification, the (c,g) values used are (2,0.00781). For pattern recognition the (c,g) value used are (2,0.25 ) for triangular signs and (2,2) for circular signs.
3
Experimental Results
The algorithms developed were tested in real-time on an embedded platform. The algorithms are trainable to detect and recognize important prohibitory and warning signs from video captured in real-time. The test setup used for the real-time embedded application as shown in Figure 4 comprises of,
Fig. 4. Test setup for Real-time Embedded application
1. Hardware: The application runs on Beagle board (www.beagleboard.org), which is a low-cost, community supported development board from TI. It has an OMAP3530 processor. The traffic sign recognition (TSR) software runs in the ARM (Cortex A8) core of OMAP.
346
R. Kumaraswamy et al.
Fig. 5. Signs currently recognized by the embedded application
(a)
(b)
(c)
(d)
(e) Fig. 6. Results obtained from the embedded platform (a) Test input frame(b) Thresholded image (c) Segmented Blobs of interest(d) Extracted Patterns (e)GUI Showing Classification Results
SVM Based Classification of Traffic Signs for Realtime Embedded Platform
347
2. System software: The board runs Angstrom Linux distribution (www.angstrom-distribution.org) which is built using the Open Embedded build system (www.openembedded.org). V4L2 (Video for Linux) is used for capturing the webcam video and display is using OMAP frame buffer (Video/OSD). 3. TSR application: This includes the algorithms for detection and recognition of traffic signs. Algorithms were modelled using MATLAB/Simulink. Autocode is generated using Matlab Real-Time Workshop and then ported to embedded platform. Platform specific code generation and code optimization has not been done for this application. Even without these optimizations, the application runs at near real-time. The input to the application is a video stream captured live from a camera connected to the board. The video from webcam is captured at VGA resolution (640x480 pixels). These frames are processed by TSR engine and at the same time displayed on screen. If a sign is detected, an icon image corresponding to the recognized sign is displayed on screen. Currently the processing speed of the TSR application is 5 fps.The application currently recognizes 17 different signs compliant to the Vienna Convention on Road Signs and Signals. The set of currently recognizable signs is shown in Figure 5. Some of the test results displayed by the embedded application are shown in Figure 6. In the absense of extensive video footage for testing, we conducted testing on real-time video of printed signs held in various distances and orientations in front of the camera. The sizes of the printed signs were chosen to match the actual viewing angles in real road situations. This controlled testing environment allowed for flexible generation of test sets. The system tolerated in-plane rotations upto 20◦ away from horizontal and much larger rotations upto 40◦ away from the frontal pose. As an improvement over many other reported solutions, the recognition performance did not deteriorate all the way down to 20 × 20 pixel size for the signs. Misclassification error is less than 3% over a test data set of 1700 images.
4
Conclusion
We have proposed a new hierarchical scheme for real-time detection and classification of traffic signs on an embedded platform. We have introduced low complexity algorithms for detection and feature extraction, suitable for real-time implementation. The algorithms were developed in MATLAB/Simulink environment and automatically generated C code was ported to ARM core of OMAP and tested with real-time video input. Without any further code optimization, a performance of 5 frames per second was achieved. Considering the fact that processing is not usually required for every frame, this frame rate is already nearly real-time. The proposed scheme is a very good candidate for real-time realization of multiclass traffic sign recognition within the limited computing resources of embedded processors. With some modifications, the scheme is expected to be extensible to traffic signs following conventions other than the Vienna Convention.
348
R. Kumaraswamy et al.
References 1. de la Escalera, A., Moreno, L.E., Salichs, M.A., Armingol, J.M.: Road Traffic Sign Detection and Classification. IEEE Transactions on Industrial Electronics 44(6), 848–859 (1997) 2. de la Escalera, A., Armingol, J.M., Mata, M.: Traffic Sign Recognition and Analysis for Intelligent Vehicles. Image and Vision Computing 21, 247–258 (2003) 3. Fang, C., Chen, S., Fuh, C.: Road Sign Detection and Tracking. IEEE Transactions on Vehicular Technology 52(5), 1329–1341 (2003) 4. Miura, J., Itoh, M., Shirai, Y.: Towards Vision Based Intelligent Navigator: Its Concept and Prototype. IEEE Transaction on Intelligent Transportation Systems 3(2), 136–146 (2002) 5. Bascon, S.M., et al.: Road Sign Detection and Recognition Based on Support Vector Machines. IEEE Transactions on Intelligent Transportation Systems 8(2) (June 2007) 6. de la Escalera, A., Armingol, J.M., Pastor, J.M., Rodriguez, F.J.: Visual Sign Information Extraction and Identification by Deformable Models for Intelligent Vehicles. lEEE Transactions on Intelligent Transportation Systems 5(2), 57–68 (2004) 7. Liu, H., Liu, D., Xin, J.: Real Time Recognition of Road Traffic Sign in Motion Image Based on Genetic Algorithm. In: Proceedings 1st. Int. Conf. Mach. Learn. Cybern., pp. 83–86 (November 2002) 8. Kiran, C.G., Prabhu, L.V., Abdu Rahiman, V., Kumaraswamy, R., Sreekumar, A.: Support Vector Machine Learning based Traffic Sign Detection and Shape Classification using Distance to Borders and Distance from Center Features. In: IEEE Region 10 Conference, TENCON 2008, November 18-21. University of Hyderabad (2008) 9. Kiran, C.G., Prabhu, L.V., Abdu Rahiman, V., Kumaraswamy, R.: Traffic Sign Detection and Pattern Recognition using Support Vector Machine. In: The Seventh International Conference on Advances in Pattern Recognition (ICAPR 2009), February 4-6. Indian statistical Institute, Kolkata (2009) 10. Lafuente Arroyo, S., Gil Jimenez, P., Maldonado Bascon, R., Lopez Ferreras, F., Maldonado Bascon, S.: Traffic Sign Shape Classification Evaluation I: SVM using Distance to Borders. In: Proceedings of IEEE Intelligent Vehicles Symposium, Las Vegas, pp. 557–562 (June 2005) 11. Abe, S.: Support Vector Machines for Pattern Classification. Springer-Verlag London Limited, Heidelberg (2005) 12. Chang, C., Lin, C.: LIBSVM: A Library for Support Vector Machines (2001), http://www.csie.ntu.edu.tw/~ cjlin/libsvm 13. Goedeme, T.: Towards Traffic Sign Recognition on an Embedded System. In: Proceedings of European Conference on the Use of Modern Electronics in ICT, ECUMICT 2008, Ghent, Belgium, March 13-14 (2008) 14. Souki, M.A., Boussaid, L., Abid, M.: An Embedded System for Real-Time Traffic Sign Recognizing. In: 3rd International Design and Test Workshop, IDT 2008 (December 2008) 15. Muller, M., Braun, A., Gerlach, J., Rosenstiel, W., Nienhuser, D., Zollner, J.M., Bringmann, O.: Design of an automotive traffic sign recognition system targeting a multi-core SoC implementation. In: Proceedings of Design, Automation and Test in Europe, Dresden, Germany, March 8-12 (2010)
A Real Time Video Stabilization Algorithm Tarun Kancharla and Sanjyot Gindi CREST, KPIT Cummins Info systems Ltd. Pune, India {Tarun.Kancharla,Sanjyot.Gindi}@kpitcummins.com
Abstract. Jitter or unintentional motion during image capture, poses a critical problem for any image processing application. Video stabilization is a technique used to correct images against unintentional camera motion. We propose a simple and fast video stabilization algorithm that can be used for real time pre-processing of images, which is especially useful in automotive vision applications. Corner and edge based features have been used for the proposed stabilization method. An affine model is used to estimate the motion parameters using these features. A scheme to validate the features and a variant of iterative least squares algorithm to eliminate the outliers is also proposed. The motion parameters obtained are smoothed using a moving average filter, which eliminates the higher frequency jitters obtained due to unintentional motion. The algorithm can be used to correct translational and rotational distortions arising in the video due to jitter. Keywords: Video Stabilization, Corner detection, Affine Transform, Moving average filter, Dolly motion.
1 Introduction For vision based driver safety applications a camera is mounted on the vehicle to capture continuous and real time videos. Uneven surface of the roads and mechanical vibrations of the vehicle during capture, affect the quality of these videos. The distortions arising from such kind of jitter makes them unpleasant for viewing. Such motion of the camera also makes it difficult to process and extract important information from the images. Hence, the video needs to be corrected and stabilised against any unintentional movement of the camera. Video can be stabilized using either hardware sensors or by software techniques. Hardware sensors are usually expensive and have a limited range of correction. Hence they are less preferred. Software techniques use image processing methods to estimate and compensate for the unintentional motion. Over the past decade, a number of methods have been proposed to stabilize video using image based methods. Any image based method used for stabilization consists of 2 main steps: motion estimation and motion compensation. Different kinds of feature extraction and matching methods have been used to obtain a match between frames, for example, Block Matching [1], [5], SIFT [2] etc. Motion estimation is done by comparing the features across subsequent frames and obtaining the parameters for the motion models like translation or affine. The motion vectors which are obtained A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 349–357, 2011. © Springer-Verlag Berlin Heidelberg 2011
350
T. Kancharla and S. Gindi
due to local motion in the image are eliminated using RANSAC [3] or iterative least squares algorithms [10]. IIR filters were used in [4] and Kalman filter and its variations were used in [6], [9] to estimate the intentional motion; optical flow techniques [7] have also been used to smoothen the motion vectors. The final step of motion correction uses geometrical transformations to compensate for the unintentional motion estimated by the motion estimation module. Fig. 1 illustrates the generalized block diagram of a video stabilization algorithm. While most accurate methods in literature use complex methods that are also time consuming, the proposed algorithm uses simple techniques and is fast, to be used for real time applications. The smooth motion quality in the output video is favourable for viewing and further processing in applications for object segmentation, detection etc. The paper is organised as follows: we describe feature extraction and feature matching scheme used for this algorithm in section 2. In section 3 Motion estimation and compensation are discussed. Section 4 contains the results of experiments performed on different videos and we present the conclusions in section 5.
Fig. 1. Generalized block diagram for video stabilization
2 Feature Extraction and Matching In order to compensate the unintentional motion in a video, it needs to be estimated using motion vectors. The motion vectors are calculated by matching features
A Real Time Video Stabilization Algorithm
351
between successive image frames in the video. Features are extracted in one frame and compared with those in preceding frame to obtain the correspondence. The jitter or unintentional motion can be in the form of translational, rotational and scale variations. Hence the features selected should be robust to all these variations. Image frames also need to be enhanced, to enable better extraction of the selected features. 2.1 Corner Features In this method, we use Harris corner detector [8] to detect features in the image. A slight modification of Harris corner detection technique is used, to ensure uniform distribution of corners across the image. Using Harris corner detection in its original form gives very high number of corners in images or areas in an image which contains details like multiple objects, people, trees etc and very few corners in images or areas in an image containing plain regions like sky or water. In order to obtain a sufficient number and a uniform distribution of features across the image in any scenario, pre-processing is done to enhance the corners and they are detected in all the four quadrants using an adaptive threshold. A combination of cross correlation and confidence value of the corner is used to match the corner features. In template matching, an image block of size centered about the corner point in the present frame is used as a template to be matched with similarly obtained image blocks about the feature points in the previous frame. The best match is obtained by comparing the normalized cross-correlation values obtained by template matching against each image block and a minimal threshold value is set to reject false matches.. The following equation gives the value of normalized crosscorrelation and the minimum threshold condition ∑ ∑
∑
0.8
.
(1)
In the above equation, is the normalized cross-correlation value, N is the size of the image block, x and y are the pixel values of the image blocks from present and previous frames respectively. Templates are usually sensitive to rotation, scaling and illumination changes. However, it is safe to assume that such variations in subsequent frames are very less when the image block size is chosen carefully, hence template matching usually gives a proper match. As the strength of the corner pixel does not change drastically in subsequent frames, the matched image block is further validated by comparing the pixel intensity (confidence) value of the feature extracted (corner). 2.2 Edge Based Template Matching The extraction of corner points is time consuming as it gives a large number of features and template matching needs to be done further for all the obtained features. In order to decrease the computation, edges are used instead of corners, as it requires very less computation to extract edges than to extract corners. The image is smoothed as a pre-processing step to eliminate the edges that arise due to noise.
352
T. Kancharla and S. Gindi
Canny edge detection is performed on the smoothed image to obtain the connected edges. The image is uniformly divided into image blocks (IB) of size and each block is checked for edges present. The equation to obtain the fraction of edge content in IB is given below ∑
∑
,
,
1 0
0 . 0
(2)
‘ ’ is the fraction of edge pixels in the image block IB. The blocks are discarded if the fraction e is less than a minimum threshold ‘τ’. The centre point of IB can be used as the feature point. Since only a few matching features are sufficient for estimating the motion vectors, we can choose the required number of image blocks and perform template matching to identify corresponding image blocks in the previous frame. For each selected IB in the present frame, a corresponding search window of size ( 2 , 2 ) is selected from the previous frame. and are distances in x and y directions which are dependent on the maximum translation possible in respective directions. The best match is obtained by comparing the normalized cross-correlation values. The computation time for this method is minimal because template matching is done only for the selected blocks, as compared to corner features where the template matching is done for all the obtained feature points.
3 Motion Estimation and Compensation Once the features are extracted and matched, the co-ordinates of the matched features from present and previous frames are obtained. A simple affine motion model is used to estimate the motion between the frames. It is essential to eliminate the outliers before estimating the motion vectors. There are two types of outliers: the ones due to incorrect matching of the features and those due to local motion. By choosing an appropriate template size and matching the selected blocks as mentioned in section II, the first type of outliers are avoided. To eliminate the second type of outliers, we use a variant of iterative least squares [10]. We compute the mean of the error between the estimated , (using motion model obtained from previous frame) and actual positions , of the feature points in the present frame. _
∑
.
(3)
P is the total number of feature points selected. If the difference between the error and the _ is greater than a threshold ‘т’ for a feature point then it is discarded. This process successfully eliminates the outliers due to local motion. 3.1 Motion Estimation The relationship between the co-ordinates of present and previous frames using affine model is shown in the following equation.
A Real Time Video Stabilization Algorithm
*
= 1
0
0
1
1
.
353
(4)
, are the co-ordinates in present frame and , are co-ordinates in previous frame. The parameters , , are responsible for rotation and scaling account for translation in x and y directions respectively. in the image, The rotation and scaling parameters are calculated using the following equations. ,
.
(5)
.
(6)
and are scaling in x and y directions respectively and is the angle of rotation. The matched co-ordinates from successive frames are pooled to form a matrix. *
= 1
1
0
0
1 .
1
1
.
(7) (8)
S represents co-ordinates from the previous frame and represents co-ordinates from the present frame. A is the affine matrix which contains the affine parameters. 6 co-ordinates are sufficient to estimate the affine parameters. However, to account for any minor mismatches, multiple co-ordinates are used. The affine parameters are estimated using pseudo-inverse method. Since the pseudo-inverse contains only inversion of a 3 3 matrix, the amount of computation is minimal. 3.2 Motion Compensation For a camera mounted on vehicle, the total motion obtained is a summation of the intentional motion and motion due to jitter. Usually jitter is a high frequency component compared to intentional motion and can be eliminated by filtering out the high frequency components in the estimated motion vectors. We use a moving average filter of length 30 (usually 1 sec assuming camera frame rate is 30fps) to filter out the jitter and obtain an estimate of the intentional motion. The following equation shows the calculation of estimated motion in horizontal direction using moving average filter for the frame ‘p’, this can similarly be applied for rotation and scaling. ∑
.
(9)
where, is the estimate of the intentional motion in the present frame, is the motion vector obtained using motion estimation step, the subscripts p and (p-i) denote the respective frame numbers, k is length of the moving average filter. The estimated intentional motion (∑ ) is subtracted from the motion vector obtained using
354
T. Kancharla and S. Gindi
motion estimation to obtain the motion due to jitter. The compensation is done for the jittery motion to obtain a stabilized video. The intentional motion estimated may not be equal to the actual intentional motion, but the aim of video stabilization is to obtain a video that is free from jittery motion and pleasing to the eye, rather than to exactly track the intentional motion.
4 Experimental Results The algorithm has been tested by performing informal subjective evaluation of the output corresponding to 20 videos taken for different test conditions. The test scenarios considered are jittery videos with dolly motion, with stationary and moving objects, videos having variations in illumination conditions etc. Compared to corner based template matching, edge based template matching for video stabilization is much faster. It takes 40 to 50ms to correct the unintentional motion in each frame that corresponds to 20 to 25 fps (frame rate per second) on a 3.0GHz Intel Pentium 4 processor using Open-CV software. The performance can also be significantly improved if implemented on embedded boards, which are commonly used for vision based applications.
(a)
(b)
Fig. 2. Filtered motion vectors obtained using moving average filter. (a) along horizontal direction (b) along vertical direction.
In Fig 2, we see that the motion vectors obtained after application of moving average filter (thicker line in the figures) have fewer jitters and are much smoother than the estimated motion vectors. The filtered motion vector is free from jitters and the video thus obtained is smooth. Fig 3 shows the comparison of stabilized and original image sequences at different instances. The highlighted areas along the perimeter in the right-hand-side of the images indicate the unintentional motion that is compensated for in that particular image frame. The highlighted area also gives an idea of the type of distortionswhether translational, rotational or scale- that are caused due to jitter, with respect to the previous frame. The sequence on the left side of Fig. 3(a) and 3(b) is the original sequence and the sequence of the right side is the stabilized sequence. Videos in Fig 3(a) and 3(b) are taken in low light and bright light conditions respectively.
A Real Time Video Stabilization Algorithm
(a)
355
(b)
Fig. 3. Stabilized sequence of a video which undergoes dolly motion. Original sequence is on the left side and the stabilized sequence is on the right side of the images.
The images in Fig. 4(a) and 5(a) are obtained by overlapping 20 consecutive frames of original video sequence and images, Fig. 4(b) and 5(b) are obtained similarly for the stabilized video sequence. Since there is dolly motion present in the video, we expect a motion blur when successive frames in the sequence are overlapped. However, the edge information should not vary drastically. The original sequence is affected by jitter along x and y directions and due to rotation. Notice the highlighted portions in the images, it is difficult to identify the objects in the original image sequences of Fig. 4(a) and 5(a) due to excessive blurring, but they can clearly be identified in the stabilized image sequences of Fig. 4(b) and 5(b). Further confirmation can be obtained by comparing the edge maps of the original and stabilized image sequences. The edge maps in 4(d) and 5(d) are much more detailed than the edge maps in figures 4(c) and 5(c). The proposed algorithm does not give the expected results in scenarios where the number of features detected in background is very less than the foreground. Consider an example of a boat moving on water, the background consists of sky and water, there are very few corner points in the background, and the corner points obtained are mainly due to the boat. The motion estimated using these vectors gives the local motion of the boat and not the motion of the camera.
356
T. Kancharla and S. Gindi
(a)
(b)
(c)
(d)
Fig 4. The figures are obtained by overlapping 20 consecutive frames. (a) Original Image sequence (b) Stabilized Image sequence (c),(d) Corresponding edge maps.
(a)
(b)
(c)
(d)
Fig 5. The figures are obtained by overlapping 20 consecutive frames. (a) Original Image sequence (b) Stabilized Image sequence (c),(d) Corresponding edge maps.
A Real Time Video Stabilization Algorithm
357
5 Conclusions In this paper, we have presented a simple and computationally efficient video stabilization algorithm that is robust to distortions in translation and rotation. We estimate the global motion vectors and filter them to obtain a stabilized sequence. The accuracy of other methods known in literature relies heavily on the complexity of features used for matching, and as such, give poor performance with respect to time and computation. The speed and performance of this algorithm for stationary videos is excellent and suitable for use in real time applications. The speed of the algorithm reduces slightly for videos containing intentional motion; however, it is acceptable for any practical case. When used as a pre-processing step of an object detection scheme, the detection accuracy can improve due to the stabilization. Also, the quality of output is smooth and pleasing to view.
References 1. Vella, F., Castorina, A., Mancuso, M., Messina, G.: Digital image stabilization by adaptive block motion vector filtering. IEEE Trans. on Consumer Electronics 48(3) (August 2002) 2. Lowe, D.: Distinctive image features from scale-invariant key points. International Journal of Computer Vision 60(2), 91–110 (2004) 3. Fischler, M.A., Bolles, R.C.: A Paradigm for Model Fitting with Applications to Image Analysis and Automated Cartography. Comm. of the ACM 24, 381–395 (1981) 4. Jin, J.S., Zhu, Z., Xu, G.: A Stable Vision System for Moving Vehicles. IEEE Transaction on Intelligent Transportation Systems 1(1), 32–39 (2000) 5. Ko, S.J., Lee, S.H., Lee, K.H.: Digital image stabilizing algorithms based on bit-plane matching. IEEE Transaction on Consumer Electronics 44(3), 617–622 (1998) 6. Litvin, A., Konrad, J., Karl, W.C.: Probabilistic video stabilization using Kalman filtering and mosaicking. In: Proc. of SPIE Electronic Imaging, vol. 5022, pp. 663–674 (2003) 7. Chang, J., Hu, W., Cheng, M., Chang, B.: Digital image translational and rotational motion stabilization using optical flow technique. IEEE Transactions on Consumer Electronics 48(1), 108–115 (2002) 8. Harris, C., Stephens, M.: A combined corner and edge detection. In: Proceedings of the Fifth IEEE International Conference on Automatic Face and Gesture Recognition, pp. 287–293 (May 2002) 9. Tico, M., Vehvilainen, M.: Robust Method of Videos Stabilization. In: EUSIPCO (September 2007) 10. Chang, H.C., Lai, S.H., Lu, K.R.: A robust and efficient video stabilization algorithm. In: ICME 2004: International Conference on Multimedia and Expo., vol. 1, pp. 29–32, 7, 30, 40, 49, 64. IEEE, Los Alamitos (2004)
Object Classification Using Encoded Edge Based Structural Information Aditya R. Kanitkar1, Brijendra K. Bharti2, and Umesh N. Hivarkar3 KPIT CUMMINS INFOSYSTEMS LIMITED, Pune – 411057, India {Aditya.Kanitkar,Brijendra.Bharti, Umesh.Hivarkar}@kpitcummins.com
Abstract. Gaining the understanding of objects present in the surrounding environment is necessary to perform many fundamental tasks. Human vision systems utilize the contour information of objects to perform identification of objects and use prior learnings for their classification. However, computer vision systems still face many limitations in object analysis and classification. The crux of the problem in computer vision systems is identifying and grouping edges which correspond to the object contour and rejecting those which correspond to finer details. The approach proposed in this work aims to eliminate this edge selection and analysis and instead generate run length codes which correspond to different contour patterns. These codes would then be useful to classify various objects identified. The approach has been successfully applied for day time vehicle detection. Keywords: Object Classification, Discrete Haar Wavelet Transform, Contour Pattern Detection, Run length Codes.
1 Introduction The basic task required for any such system is recognition of objects present in the surrounding environment. The human vision is a highly sophisticated system which has evolved over millions of years and handles this task with ease. But computer vision and hardware are still in a comparative nascent stage. Hence suitable logic needs to be developed to compensate for lack of sophisticated hardware. From detailed studies and research performed, it has been observed that the strongest cue for identification and recognition of objects is the boundary i.e. the contour of the object. Human vision system has highly developed cells and complex mechanisms for detection and grouping of bar, gratings and edges observed into object contours. Computer vision systems perform this task in an analogous manner. They identify possible edges of objects and use developed logic for identifying regions in the image which correspond to real world objects. There is an inherent non-trivial task of filtering out edges corresponding to finer details and grouping of boundary edges. A major challenge faced in this task is preparing data structures and logical algorithms for automatic object detection for a variety of environmental scenes, pose and appearances [1]. A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 358–367, 2011. © Springer-Verlag Berlin Heidelberg 2011
Object Classification Using Encoded Edge Based Structural Information
359
In this work, it is proposed that instead of detecting edges and then grouping those, the structure of the objects can be inferred from suitable distribution of edges. Hence filtering out of weak edges, grouping of strong edges and connecting them automatically can be avoided. Representation for the object structure for automatic parsing is handled by encoding the structure in run length binary codes. This method is experimented for daytime vehicle detection in complex urban scenes.
2 Vehicle Detection in Daytime Vision based Driver Assistance Systems (DAS) require a thorough understanding of the surrounding environment to perform various functions efficiently. Hence, it is necessary to perform detection of other vehicles present in the environment. To detect a vehicle in the image is a complex process. This is mainly because the vehicle class consists of a large number of different elements having various types of shape, size, color and texture. Shadows, tires, lamp systems, are few to name. Vehicle detection however can be considered as a two class problem with vehicle versus non vehicle classes. There are many regions which exhibit similar features as vehicles. So it is needed to classify vehicles in the selected regions. Various other methods based on features and classifiers are presented in the available literature till date. • Matthews et al. [2] analyzed the Region of Interest (ROI) using Principal Components Analysis (PCA). The training images were scaled (20x20) and then subdivided into windows (25 of 4x4 sizes).Each window was then analyzed to extract PCA features. These features were then classified by Neural Networks (NN). • Goerick et al. [3] used Local Orientation Code (LOC) to extract edge information of ROI. The histogram of this LOC was then classified by Neural Networks. • The line and edge information were used as features by using Gabor Filters. The set of values for different orientations and scale in Gabor Filter were then used for classification by learning algorithms [4]. • Papageougiou et al. [5] considered over complete set of Haar Wavelet Features and used Support Vector Machines (SVM) as classifiers. The key observation made was the increased performance than PCA or Gabor Filter Features. • Sun et al [6], [7], [8] demonstrated that magnitude of Haar Features was redundant and quantized features had superior performance as compared to previous Haar features. • According to Wen et al [9] however, changing illumination and surrounding conditions can affect the sign of the wavelet coefficients and cause intra class variance. The authors proposed an improvement in the quantized features by using unsigned features. Thus it is seen that the state of art approaches for vehicle classification involve features which are based on the edge information and structure of vehicle. In these approaches, learning algorithms and training databases are an important factor in the classification. However the deterministic nature of the edge structure provides strong visual cues for classification of vehicles. It is proposed that this deterministic
360
A.R. Kanitkar, B.K. Bharti, and U.N. Hivarkar
distribution can be used for classification and reducing the complex and time consuming learning process.
3 Edge Feature Analysis Using DHWT Edges can be defined as discontinuities in the acquired image. They are usually represented as the change in gradient of the pixel values. But this discontinuity is also a characteristic used to define the noise added in the image. The randomness of the discontinuity is used to separate noise and edges. Thus recognizing strong object edges and filtering out noise like features as well very weak edges due to illumination and material texture is a major challenge in edge detection [10]. 3.1 Representation of Object Edge Properties Using DHWT Wavelets are well known class of functions which represent the signals present by scaling and translating a base function. In mathematics, the Haar wavelet has squareshape functions which together form a wavelet family or basis. Haar Wavelet basis are not continuous and hence are not optimal for representation of original grayscale images. They can be used to detect transitions in the signal i.e. ultimately edges with accuracy. So edge detection can be performed accurately with Haar Wavelets. [11] In Image processing, Haar wavelets are usually applied in the form of Discrete Haar wavelet transform (DHWT). As this transform is calculated in the spatial domain, it has low time complexity (O (n2)) compared to 2D-Fourier transform {O (n2log (n))}.
Fig. 1. An urban road image and its Haar Wavelet Decomposition
The transform can be represented as the weighted sum and differences over the entire image. This weighted sum is termed as the coefficient of the Haar wavelet basis functions. Haar wavelet coefficients are of high value where there are distinct edge features. Haar Wavelets are utilized for vehicle detection because they offer many advantages such as
Object Classification Using Encoded Edge Based Structural Information
361
─ They are simple to implement with algebraic operations of averaging and differencing with less time complexity. ─ They encode edge information from multiple scales inherently. They also form orthogonal basis and thus provides a non redundant compact representation of the image structure.
4 Contour Suppression One of the problems with contemporary edge detectors is that they do not make a distinction between contours of objects and edges originating from textured regions. Detection of edges is very much dependant on filtering out noise as well as unimportant edge features. So a biologically motivated technique is used to improve the edges detected by using Haar Transform. In human vision, classical receptive field (CRF) is the region for which neural cells gives maximum response for edges of specific orientation and size. [12]. A cell simulated in the CRF is also affected by the stimulus given to cells outside the defined CRF. The effect is inhibitive in nature and is referred to as non-classical receptive field (non-CRF) inhibition. Using this inhibition, texture regions can be handled by edge detectors. Normal edge detectors will exhibit strong stimulus for contours and less for texture edges. So there can be separation in edges belonging to boundary region and those belonging to texture of region A centre surround model is used for suppression on edges. This model is based on neurons present in retina. Essentially it is positive scaling factors at centre which decrease towards negative values at the edges [13].
Fig. 2. 3d Surface for Centre Surround Inhibitor
Fig. 3. Suppressed Edges for Contour Detection
362
A.R. Kanitkar, B.K. Bharti, and U.N. Hivarkar
Thus we can observe that the kernel values are selected such that the centre of the region is affected by a large positive scaling while the boundaries of the regions are affected by a negative scaling. This negative scaling is the inhibitive effect observed.
5 Run Length Encoding As we observe acquiring ideal contour is extremely difficult in current edge detectors. Various specific techniques for noise removal and edge detection have to be performed in order to generate the true contour. However, getting the exact contour is not of much importance as compared to obtaining the structure of the object for various tasks like object classification and recognition. Generally prominent edges are converted to binary pattern with selected points marked as ‘1’ and the rest as ‘0’. This pattern of ’1’ and ‘0’ generally represents the structure of the scene. In ideal cases various measures can be utilized to identify the binary patterns. These can be texture based, transform based and so on. The run length encoding forms a great feature as it encodes the structure of the object in just numeric values. Long lines and edges can be represented by higher values and noise and distortions will be encoded as short transitions. So the binary edge image obtained is converted to a 1D string using concatenated column or row values. This string is processed using run length encoding with one and zero being represented as unique weights. Each run of zero’s is expressed as negative value and run of one’s is positive. This code represents the final region. The advantages of run length encoding is that • • • •
It remains unchanged even if image is scaled down. It is same for translated images in horizontal as well as vertical directions. It can also be smoothed and reduce distortions in the image binarization. It is faster compared to texture representation For e.g. 1010011000111 = 1Z 1O 2Z 2O 3Z 3O with Z as Zeros and O as Ones. So Run length Code = [ -1 , 1 , -2 , 2 , -3, 3 ]
6 Structure Encoding in Run length Code Image Reshaping is done by taking all the pixel elements in a column and then concatenating it in one dimensional array formed. This is repeated for all columns. The one dimensional array thus formed is then converted to run length code. For use in classification, the code is shifted by the maximum run for zero and normalized to obtain data plot in linear manner in [0 1] form. 1 0 1
0 1 0
0 0 = { [1 , 0 , 1] , [ 0, 1, 0] , [ 0, 0,1] } 1
To illustrate, plots for some common euclidean structures are shown in Fig. 4. The bars indicate the nomralised run value for specific element of code.
Object Classification Using Encoded Edge Based Structural Information
363
Fig. 4. Run length Code Plots for Regular Euclidean Structures
Thus, the run length code for regular shapes follows deterministic trend. This fact is used in detecting the vehicles in day time where removing the false detection after segmentation is one of the challenging tasks. Run length code for potential vehicle regions follows some deterministic pattern over the false vehicle regions. Further section elaborates on the approach of using this variance value for classification in day time vehicle detection.
7 Classification The edges detected in the image are the structural information of the objects. Contour suppression logic is added in the approach to improve the accuracy of detected edges. Then the edge pixels are scaled to binary format by thresholding. After this edge detection, the pixel coefficients are used as features for learning algorithms. In approaches outlined earlier, an extensive training database and algorithms such as SVM, NN are used for classification. It is hypothesized that it is possible to represent the edge pixels as structural information using some features and separate the classes by simple linear thresholding. To ratify this hypothesis a series of experiments with different approaches was performed as follows 7.1 Profile Based Classification The structural information in itself can also act as a feature for classification by using the row dimensional profile of the edge pixels. This profile is generated by summing the pixel values row wise. The deterministic nature of this profile can be used to separate the classes. This nature can be quantified in form of the variance of the profile. 7.2 Run Length Based Classification It is observed that discontinuities in the rows at column level are lost in dimensional profiling. So the pixels are represented as runs of 1’s in a particular row. This was
364
A.R. Kanitkar, B.K. Bharti, and U.N. Hivarkar
done to represent the structure more accurately. The deterministic nature of the run length code is quantified in form of the scatter obtained in the data points of the code. The forward difference of the run length code is obtained to remove the scaling in intensity levels as well as to obtain the transitions in runs. The forward difference is a 1-D array of length equal to the obtained run length code. This array is assumed as the data set and the variance of the data set is calculated. It is observed that this variance value proves to be capable of differentiating non-vehicles and vehicles efficiently. 7.3 Comparative Analysis To evaluate the proposed approach against previous state of art approach , a comparative analysis was done on the run length code approach and the approach using SVM and level scaling (3rd Approach) as proposed by Wen et al.[] Here, the comparison parameter was the accuracy tradeoff and the reduction in time complexity and efforts. 7.4 Performance Evaluation Classification of true and false vehicles is usually performed over a test database. Training is done using a small subset to select various parameters such as thresholds. Performance measures for classification considered are false classification ratio and true classification ratio for vehicle candidate. CRt = Nt / Ni+
(1)
CRf = Nf / Ni-
(2)
where, • CR is Classification Ration • N is Labels identified as belonging to a particular Class Ni is Labels predefined as belonging to a particular Class
8 Experimental Results The training set consists of 20 vehicles and 20 non vehicles. A test dataset of 100 vehicles and 100 non vehicles was collected in varying conditions for day time. This dataset was used for classification of vehicles and non-vehicles. 8.1 Profile Based Classification The randomness of the dimensional profile obtained as described earlier is used to classify the vehicle regions. This randomness can be found by using the spread of the profile data points and the corresponding variance values. A suitable threshold is selected for separation of the two classes using the training data .This threshold is the mean value of the range of thresholds available.
Object Classification Using Encoded Edge Based Structural Information
365
Table 1. Performance Analysis of Profile based Classification
Class Vehicle Non-Vehicle
N 100 100
Ni 74 77
CR 74 77
Accuracy in % 74 77
8.2 Run Length Code Based Classification As described earlier the difference curve for run length code is used as a feature. The variance of the data points are used to obtain the measure a suitable threshold is selected for separation of the two classes using the training data. The threshold is set at the mean of data set obtained. Table 2. Performance Analysis of Run length Code based Classification
Class Vehicle Non-Vehicle
N
Ni
100 100
89 72
CR 89 72
Accuracy in % 89 72
Thus it is observed that if the value of the threshold is set to the median of the range of available linear threshold values, there is an increase in the vehicle detection accuracy by almost 15%. This is observed however for a small test data-set. 8.3 Comparative Analysis The approach followed by Wen et al. using SVM is compared for the improvement in time complexity. It is observed that for training and testing the same database for SVM the time complexity is increased as compared to our approach The SVM comparison is done using the SVM and Kernel Methods Matlab Toolbox which is implemented entirely in Matlab. The simulation was done on an Intel Core™ 2 Duo processor with 2.19 GHz processing speed and 3 GB RAM. The time measured is on basis of the standard CPU time scale. Table 3. Comparitive Analysis based on SVM
Classification Approach Profile based
Time Required for Training + Testing 0.0030 seconds
Run length based
2.6186 seconds
SVM based
8.1191 seconds
The accuracy of the proposed approach is less as compared to SVM with SVM being over classified at 100 % accuracy on a small data set.
366
A.R. Kanitkar, B.K. Bharti, and U.N. Hivarkar
8.4 Parametric Analysis The approaches outlined above depend on the coefficients obtained from edge detection. While converting to binary format, a suitable threshold has to be selected .So the features extracted an subsequently the classification depends on this threshold
Fig. 7. Classifier characteristic
9 Conclusions and Summary Classification of Objects is needed for performing various tasks in computer vision systems. Current state of the art methods utilize SVM, ADABoost and other learning algorithms. Substantial efforts need to be taken for feature extraction and selection using approaches like Dimensionality reduction, PCA and ICA. Efforts are also needed for creating data sets and training using neural networks. The proposed method eliminates this need for training as it is mathematical based approach. It is observed that structural encoding will be beneficial for fast real time systems as it virtually eliminates the grouping of edges and contour formation. The structural information is deterministic in nature and can also be used as features for classification using dimensional profiles. It is also proposed that run length coding for structural information will increase the efficiency of the classification as it represents the structure more accurately. Features extracted as run length code are virtually invariant as they are robust to change in scale, linear translation as well as illumination conditions being binary in nature. The approach is tested for day time vehicle detection in vision-based Driver Assistance System, and it shows the promising results in terms of improvement of vehicle detection by 15% as compared to profile based approaches by using run length coding. One of the limitations is that the approach is dependent on the thresholding performed and creation of the binary string pattern. Robustness is increased in run length code as compared to other texture based feature extraction methods. Future scope of development in the approach is addition of adaptive binary thresholding logic as well as increased efficiency of edge detection.
Object Classification Using Encoded Edge Based Structural Information
367
References 1. Basu, M.: Gaussian-based edge-detection methods: A Survey. IEEE SMC-C (32), 252– 260 (2002) 2. Matthews, N.D., An, P.E., Charnley, D., Harris, C.J.: Vehicle detection and recognition in greyscale imagery. Control Eng. Practice 4(4), 473–479 (1996) 3. Goerick, C., Detlev, N., Werner, M.: Artificial neural networks in real-time car detection and tracking application. Pattern Recognition Letters 17, 335–343 (1996) 4. Sun, Z., Bebis, G., Miller, R.: On-road vehicle detection using Gabor filters and support vector machines. Digital Signal Processing, 1019–1022 (2002) 5. Papageorgiou, C., Poggio, T.: A trainable system for object detection. International Journal of Computer Vision 4(4), 15–33 (2000) 6. Sun, Z., Bebis, G., Miller, R.: Quantized wavelet features and support vector machines for on-road vehicle detection. In: 7th International Conference on Control, Automation, Robotics and Vision, vol. 3, pp. 1641–1646 (2002) 7. Sun, Z., Bebis, G., Miller, R.: On-road vehicle detection using optical sensors: a review. In: IEEE International Conference on Intelligent Transportation Systems, pp. 585–590. IEEE Press, Washington, DC (2004) 8. Sun, Z., Bebis, G., Miller, R.: Monocular precrash vehicle detection: features and classifiers. IEEE Transactions on Image Processing (2006) 9. Wen, X., Yuan, H., Yang, C., Song, C., Duan, B., Zhao, H.: Improved Haar Wavelet Feature Extraction Approaches for Vehicle Detection. In: Proceedings of the 2007 IEEE Intelligent Transportation Systems Conference, Seattle, WA, USA, September 30-October 3 (2007) 10. Canny, J.F.: A computational approach to edge detection. IEEE PAMI 8(6), 679–698 (1986) 11. Mallat, S.: A Wavelet Tour of Signal Processing 12. Grigorescu, C., Petkov, N., Westenberg, M.A.: Contour detection based on non-classical receptive field inhibition. IEEE Trans. on Image Processing, 729–739 (2003) 13. Papari, G., Campisi, P., Petkov, N., Neri, A.: A multiscale approach to contour detection by texture suppression. In: SPIE Image Proc.: Alg. and Syst., San Jose, CA, vol. 6064A (2006) 14. Canu, S., Grandvalet, Y., Guigue, V., Rakotomamonjy, A.: SVM and Kernel Methods Matlab Toolbox. In: Perception Systèmes et Information. INSA de Rouen, Rouen (2005)
Real Time Vehicle Detection for Rear and Forward Collision Warning Systems Gaurav Kumar Yadav, Tarun Kancharla, and Smita Nair CREST, KPIT Cummins Info systems Ltd. Pune, India {Gaurav.Yadav,Tarun.Kancharla,Smita.Nair}@kpitcummins.com
Abstract. Vehicle detection module is an important application within most of the driver assistance systems. This paper presents a real-time vision based method for detecting vehicles in both rear and forward collision warning systems. The system setup consists of a pair of cameras mounted on each lateral mirror for monitoring rear collisions, whereas camera for forward monitoring is placed on the dashboard. The proposed algorithm selects ROI based on the road lane marking. Two separate modules are functional, one for detecting vehicles in the forward path and other for passing-by vehicles. Profiling and edge detection techniques are used to localize forward path objects. The passing vehicles are detected by temporal differencing. The detected vehicles are tracked in the subsequent frames using mean-shift based tracking. Experiments performed on different road scenarios shows that the proposed method is robust and has a real-time performance. Keywords: Rear Collision, Forward Collision, Profiling, Vehicle geometry, Vehicle Detection.
1 Introduction The major challenge in road transportation is to increase the safety of the passengers. A survey on the vehicle accidents statistics [3] predicts 10 million injuries each year. Amongst these, rear-end collisions and forward collisions are most common types of road accidents, wherein the major threat to the driver is due to other vehicles. Vehicle detection and tracking find a major application in all collision avoidance systems. Vehicle detection can be accomplished either by hardware sensors like radar or laser, or by vision based software methods. Hardware sensors such as laser and radars are very expensive and cannot be used in low-end vehicles. Ultrasound sensors are cost effective but their application is restricted due to the limited detection range. A number of vision-based techniques have been used over the past few years to detect vehicles in various road scenarios. Vision based methods used for vehicle detection can be categorized based on hypothesis generation or hypothesis verification [1]. K.Lim, L.Ang, K.Seng and S.Chin present a comparative study on few vehicle detection techniques in [1]. The study shows that some methods are symmetry based, but symmetry estimation is sensitive to noise. Shadow based vehicle A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 368–377, 2011. © Springer-Verlag Berlin Heidelberg 2011
Real Time Vehicle Detection for Rear and Forward Collision Warning Systems
369
detection does not provide a systematic way to choose proper threshold and could be affected due to illumination variations. Other methods based on texture, motion, entropy analysis, stereo vision etc. are computationally expensive. However, the presence of over bridge, flyover roadways, and signboards may decrease the performance of above-mentioned techniques. Couple of methods use profiling, optical flow and edge detection for detecting vehicles [4], [2]. N. Matthews, P. An, D. Charnley, and C. Harris [6], used edge detection to find strong vertical edges to localize left and right position of a vehicle,. The left and right position of a vehicle is estimated by finding the local maximum peaks of the vertical profile. Most of the mentioned methods use classifiers after vehicle segmentation, which increases the computation time and sometimes classifies vehicle as non-vehicle. In the proposed work, videos are captured from a moving car for both rear and forward collisions. The captured videos are analysed for detecting forward path and passing-by vehicles. The ROI is selected based on lane detections and using the concept of vanishing point. The vehicle regions are localized using profiling. Once the probable regions are detected, further processing based on vehicle geometry such as vehicle base, aspect ratio etc. removes false detections The method is robust to detect vehicles under normal day-light highway conditions. Since classifiers are not used, it provides a very real time performance. The proposed work is presented as follows. Section 2 provides the algorithm details for detecting forward vehicles. Section 3 provides algorithm details for detecting passing vehicles followed by tracking module in section 4. The experiments and results are summarized in section 5 followed by conclusion in section 6. Fig. 1 illustrates the block diagram for the proposed vehicle detection algorithm.
Fig. 1. Block diagram for vehicle detection
370
G.K. Yadav, T. Kancharla, and S. Nair
2 Algorithm Description – Forward Vehicles The proposed vehicle detection algorithm can be used for both rear and forward collision warning systems. The algorithm is explained with reference to forward vehicle detection, the same algorithm can be used for rear- collision detection with a little change in the ROI (Region of Interest) selection. Further sections provide insight into the developed algorithm.
(a)
(b) Fig. 2. (a) Original image, (b) Region of interest
2.1
ROI Selection
For forward vehicle detection case, it is assumed that vehicles are present only between the end lanes of the road and below the vanishing point, original image and region of interest is shown in Fig. 2(a) and 2(b) respectively. The lanes are detected using Hough transform [5], applied on the canny image. Hough transform provides multiple lanes and needs further analysis to extract the required region. The outer most lanes are selected based on the lane slope. Analysis showed that if the slope is selected varying from 5 to 175 degrees, the required lanes can be extracted. The result of the extracted lane is presented in Fig. 3(a). Based on the extracted lanes, the vanishing point is computed and the required ROI selected. The selected ROI is as shown in Fig. 3(b). In case of rear-end systems; the lane detection is done for only one side using the above-mentioned procedure.
(a)
(b)
Fig. 3. (a) Lane detection, (b) outside lane region removed
Real Time Vehicle Detection for Rear and Forward Collision Warning Systems
371
2.2 Profiling Edge based profiling is performed on the selected ROI. Foremost, the horizontal and vertical edge detection is performed on the ROI region using sobel operator. The obtained edge image consists of edges due to vehicles and some noise edges due to lanes and irregularities on the road. The false edges are discarded based on their lengths using morphological opening functions. A threshold edge map is created for prominent edges. To compute edge profile, we sum up the edges column wise and row wise for vertical and horizontal edge image respectively using Eq. 1, Eq. 2 respectively, where v and h are vertical and horizontal projection vectors. A large value for vi indicates pronounced vertical edges along V ( xi , y , t ) . A large value for
h j indicates pronounced horizontal edges along H ( x, y j , t ) . A threshold is set for selecting large projection values in each direction. Combined horizontal and vertical edge image after profiling is shown in Fig. 4. Notice that the lane markings are not obtained in Fig. 4, as they do not satisfy the threshold condition for profiling in both horizontal and vertical directions. m
m
i=1
i=1
h = (h1,h2,...... hm) = (∑H(xi , y1,t),........ .,∑H(xi , yn,t)) .
(1)
n
v = (v1,v2,.....vn ) = (∑V(x1, yj ,t),.......,∑V(xm, yj ,t)) .
(2)
j =1
Fig. 4. Vertical and Horizontal edges after profiling
2.3 Grouping of Edges The output of profiling gives edges belonging to the vehicle, as can be seen from Fig 4, there are multiple edges that belong to the same car. The edges are grouped to form image blocks, which contain vehicles. In some cases, the top of the vehicle may be cut off due to the ROI limitation. To obtain the complete vehicle, the length of the box is extended based on the width of the horizontal and vertical edge obtained. The obtained output is as shown in Fig. 5 2.4 False Detections To remove false detections due to poles, signboard, markers on the road, and due to the misdetection of lanes, once again we perform edge detection on each separate box
372
G.K. Yadav, T. Kancharla, and S. Nair
Fig. 5. Detected Vehicle
detected. Horizontal edge detection is used to obtain the edge due to base of the vehicle as shown if Fig. 6. A square window is considered around horizontal edge and the number of non-zero pixels for the same image block is checked in the canny edge image, if the percentage of non-zero pixels is more than a predetermined threshold, the block is retained else discarded. This procedure helps to eliminate the false detection due to other objects like poles or sign board. The detected objects are retained on basis of their aspect ratio and maximum/ minimum areas. This further reduces false detections.
Fig. 6. Horizontal edge detection to remove false detection
3 Algorithm Description –Passing Vehicles In case of forward detection, it is not possible to detect passing vehicles using the above mentioned method since the vehicle geometry of the passing vehicle would be different from the in-path vehicle. Assuming that the passing vehicle moves with certain velocity, temporal difference of images provides significant information. In the obtained video, consider temporal difference of images i.e. differencing the current image j frame from an earlier frame k using Eq. 3 where α is fixed threshold and R is region of interest. This provides brightness difference in that region if there is a passing vehicle and if there is no passing vehicle, the brightness difference is zero or very less. Both left and right side ROI’s are selected and subtracted from the previous frame. The sum of the difference region is compared against a threshold value and a rectangular box is drawn in that region as shown in Fig. 7. Due to overlap of certain regions in both algorithms, multiple boxes would be visible for the same passing vehicles. In that case, the box having more overlap ratio is retained.
Real Time Vehicle Detection for Rear and Forward Collision Warning Systems
373
Fig. 7. Passing Vehicle Detection
∑|I
x , y∈ R
j
( x, y) − I k ( x, y) | ≥ α .
(3)
4 Tracking In order to further improve the real time performance of the system, tracking module is introduced after the detection block. The method uses histogram based tracking
(a) Frame no.210
(b) Frame no.215
(c) Frame no.218 Fig. 8. Tracking result
374
G.K. Yadav, T. Kancharla, and S. Nair
module using mean-shift algorithm [7]. The detected vehicle is represented using a rectangular region with centre position co-ordinates (c x , c y ) and width and height dimensions
( hx , h y ) . The features of the target vehicles are represented using
intensity histogram within the rectangular region. The target vehicle in the current image is located and tracked in subsequent frames. The tracking module tracks all detected vehicles for next N frames (N=10). The tracking module also provides consistency in drawing boxes round the vehicles and removing misdetections in adjacent frames. Tracking results are presented in Fig. 8.
5 Experiments The algorithm is tested on multiple videos for both rear and forward scenarios. The forward scenarios are considered for highway conditions whereas the rear scenario is considered for city conditions. The accuracy of the algorithm is presented in Table.1. The results include data taken on highways and different Indian road scenarios, described as follows. Table 1. Result obtained Total Frames Forward Collision Rear-end collision(Bright Condition) Rear-end collision (Rainy Condition)
Detected Vehicles 2824
Accuracy 94.13%
False Positive Rate 0.19
500 (700 vehicles)
647
92.45%
0.2
2000 (1800 vehicles)
919
51.9%
0.4
2000 (3000 vehicles)
5.1 Highway Road Condition Real time video for forward vehicle detection was captured during day time in highway environment. The total number of vehicle in N=2000 frames is about 3000, in which 2824 vehicles were detected correctly. The results of vehicle detection are presented in Fig. 9. The vehicles that are very far from the host vehicle are not detected. 5.2 Normal City Condition Real time video for rear-end vehicle detection was captured in two scenarios a) bright condition and b) rainy condition.
Real Time Vehicle Detection for Rear and Forward Collision Warning Systems
375
a)
For bright condition, the number of total vehicles was 700 in 500 frames, of which 560 vehicles were detected correctly. The output is shown in Fig. 10. b) For rainy condition, the total number of vehicles was 1800 in 1000 frames, of which 919 vehicles were detected correctly. The output is shown in Fig. 11. As presented in the results, the algorithm achieves best performance in highwayroad scenarios with an accuracy of about 95%. It is observed that the vehicles in the same lane as that of the host vehicle (in-path) are always detected by the mentioned technique, and the misdetections are generally for the side and passing-by vehicles. The performance of the algorithm deteriorates for city type conditions where the results are poor in case of rain weather. As shown, in rainy conditions, accuracy is poor due to reflections from vehicles and other objects on the road. The processing speed of the proposed algorithm is 15 fps and can be used in real time applications.
(a)
(b)
(c)
(d)
Fig. 9. Highway road conditions for forward vehicle detections. Algorithm analysed for N=2000 frames.
376
G.K. Yadav, T. Kancharla, and S. Nair
(a)
(b)
(c) Fig. 10. Normal bright city condition for rear vehicle scenario
(a)
(b)
(c) Fig. 11. Rainy condition for rear vehicle scenario
Real Time Vehicle Detection for Rear and Forward Collision Warning Systems
377
6 Conclusions This paper presents a simple robust real-time application for detecting vehicles in rear-and forward collision regions for daytime scenarios. Results from experimental video sequence demonstrate the high performance of the system and low false positive rate under ideal road scenarios. The algorithm has a very high accuracy at detecting in-path vehicles. The performance is degraded under rainy weather scenarios because of improper segmentation obtained from multiple edges due to reflections from various objects. The algorithm finds applications in collision warning systems, where warning is provided to the host vehicle is case of a possible collision. The algorithm is more effective for highway type of scenarios in normal daylight conditions. Future work includes developing robust technique for detecting vehicles under various weather conditions and for NIR videos.
References 1. Lim, K.H., Ang, L.M., Seng, K.P., Chin, S.W.: Lane-vehicle detection and tracking. In: International Multi Conference of Engineers and Scientists, March 18-20, vol. 2 (2009) 2. Betke, M., Haritaoglu, E., Davis, L.S.: Real-time multiple vehicle detection and tracking from a moving vehicle. Machine Vision and Application 12, 69–83 (2000) 3. Sun, Z., Bebis, G., Miller, R.: On-road vehicle detection: A review. IEEE Transaction on Pattern Analysis and Machine Intelligence 28(5) (May 2006) 4. Sotelo, M.A., Barriga, J.: Rear-end collision detection using vision for automotive application. Journal of Zhejiang University Science A 9(10), 1369–1372 (2008) 5. Galambos, C., Kittler, J., Matas, J.: Progressive Probabilistic Hough Transform for Line Detection. In: IEEE Computer Society Conference on Computer Vision and Pattern Recognition, vol. 1, p. 1554 (1999) 6. Matthews, N., An, P., Charnley, D., Harris, C.: Vehicle Detection and Recognition in Greyscale Imagery. Control Eng. Practice 4, 473–479 (1996) 7. Comaniciu, D., Ramesh, V., Meer, P.: ’ Kernel-based Object Tracking. IEEE Transactions on Pattern Analysis and Machine Intelligence 25(5) (May 2005)
PIN Generation Using Single Channel EEG Biometric Ramaswamy Palaniappan1, Jenish Gosalia2, Kenneth Revett3, and Andrews Samraj4 1
School of Computer Science and Electronic Engineering, University of Essex, Colchester, UK
[email protected] 2 Toumaz Technology Limited, Abingdon, UK
[email protected] 3 Faculty of Informatics and Computer Science, British University of Egypt, Cairo, Egypt
[email protected] 4 Vellore Institute of Technology University, Chennai Campus, Chennai, 600 048, India
[email protected]
Abstract. This paper investigates a method to generate personal identification number (PIN) using brain activity recorded from a single active electroencephalogram (EEG) channel. EEG based biometric to generate PIN is less prone to fraud and the method is based on the recent developments in brain-computer interface (BCI) technology, specifically P300 based BCI designs. Our perfect classification accuracies from three subjects indicate promise for generating PIN using thought activity measured from a single channel. Keywords: Biometrics, Brain computer interface, Electroencephalogram, Information transfer rate, Neural networks.
1 Introduction Biometric technologies can be roughly divided into those that that identify a person or authenticate a person’s identity [1]. Personal identification number (PIN) is one commonly used ‘confidential sequence of numerals’ to authenticate a person’s identity, as employed in automated teller machine (ATM) to withdraw cash or perform other functions. In recent years, PINs have been used to authenticate debit and credit cards in lieu of signatures. In this paper, we investigate a method to generate PIN using only brain’s electrical activity (i.e. electroencephalogram (EEG)). The advantage is obviously that it is less prone to fraud such as shoulder surfing problem as in the conventional method of keying in the numbers. The method follows the recent developments in brain-computer interface (BCI) technology [2]. BCI designs were initially developed to assist the disabled to communicate with their external surroundings as they circumvent the peripheral nerves and muscles to create a link between the brain and computers/devices. In recent years, BCI designs have been explored for other purposes such as biometrics [3, 4], games design [5], virtual reality [6] and robotics [7]. A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 378–385, 2011. © Springer-Verlag Berlin Heidelberg 2011
PIN Generation Using Single Channel EEG Biometric
379
There are many BCI paradigms, the most common being the non-invasive EEG based. EEG based BCI designs could be further divided into those based on transient evoked potential, motor imagery, slow cortical potential, mental task and steady state evoked potential. Transient evoked potential method, more commonly known as the P300 method as it is based on a potential that is generated about 300-600 ms after the stimulus onset, is probably the method chosen by many BCI researchers due to its simplicity and ease of use by the subjects. The thought based PIN generation investigated here is based on this P300 based BCI.
2 Methodology Three right handed male subjects aged 24 participated in this study. The objective of the experiment and the description of the experiment were given to the subjects before they signed a voluntary consent. The experiment was approved by the University of Essex’s Ethics Committee. The subjects were seated in a room with computer screen projected about 30 cm from their eyes. The subjects had no uncorrected visual problems. The visual stimulus paradigm is as shown in Figure 1.
1
2
3
4
5
6
7
8
9
0 Fig. 1. Visual stimulus paradigm
The numbers on the screen were flashed randomly with each flash lasting 100 ms with 75 ms inter-stimulus interval (ISI). These timings were chosen from a previous study [7]. The subjects were asked to concentrate on a given target number and to keep a mental count of the target flashes (this is to avoid lapses of concentration). When a target number is flashed, a positive potential about 300-600 ms after stimulus onset in evoked and shows up in the recorded EEG signal. A total of five trials were conducted in each session where a trial consisted of ten random flashes of each number. A short break of 2.5 s was given between each session. A second session was conducted on a separate week. EEG data from 32 electrodes as shown in Figure 2 was collected using Biosemi Active Two system. The sampling rate used was 256 Hz. One second EEG data after stimulus onset from each flash was extracted for further processing.
380
R. Palaniappan et al.
Fig. 2. Used electrode locations
2.1 Pre-processing The data was bandpass filtered using a Butterworth IIR filter with order 6. Two commonly used bandpass ranges of 1-8 Hz [9] and 1-12 Hz [10] were used. Next, the data was downsampled to 32 samples. Windsorising as suggested in [10] was applied to remove outlier data beyond 10th and 90th percentiles. A single hidden layer feedforward neural network classifier trained by the backpropagation algorithm was used to train and test the performance of the processed EEG data. 2.2 Classification Instead of treating the classification as a ten class problem, the classifier was trained with only two outputs, one for target and another for non-target. Our preliminary simulations show that the results are much improved following this strategy. Data from one session was used to train the neural network while the remaining data from the other session was used to test the performance of the classifier. To avoid overtraining the neural network with more non-target instances as compared to target instances, all 50 target instances (ten numbers x five flashes) were used with 50 randomly chosen non-target instances rather than the total 450 non-target instances. The training was conducted until mean square error fell below 0.0001 or a maximum iteration number of 1000 was reached. The hidden layer size was fixed to be similar to the number of inputs. For example, when 32 channels were used, the size was 1024. The two outputs of the classifier were added incrementally after each trial. As the neural network could predict more than a single target for each trial, the maximal output after considering all the ten flashes in a trial was taken as the predicted target.
PIN Generation Using Single Channel EEG Biometric
381
The classification step was repeated ten times (to reduce effects of different neural network weight connections) and also cross validated with the training and testing datasets swapped and performances from these 20 runs were averaged. All the computer simulations were conducted with MATLAB.
3 Results Figure 3 shows the grand averaged 1-8 Hz bandpass filtered EEG response from 50 target and 50 non-target EEG signals for a subject. The occurrence of P300 component around 300-600 ms for the target flash (shown in red) as compared to nontarget (shown in blue) is evident from the figure. Target vs non-target P300 EEG 8
Amplitude (arbitrary units)
6
4
2
0
-2
-4
-6 0
0.1
0.2
0.3
0.4
0.5 0.6 Time (s)
0.7
0.8
0.9
1
Fig. 3. Grand averaged EEG response for a subject Classification accuracy for subject 1
1
0.95
Accuracy
0.9
0.85
0.8
0.75
0.7
0.65
1-8 Hz 1-12 Hz 1
2
3 No. of trials
4
Fig. 4. Passband range comparison for subject 1
5
382
R. Palaniappan et al. Classification accuracy for subject 2
1 0.95 0.9 0.85
Accuracy
0.8 0.75 0.7 0.65 0.6 1-8 Hz 1-12 Hz
0.55 0.5
1
2
3 No. of trials
4
5
Fig. 5. Passband range comparison for subject 2
Figures 4-6 shows the results from subjects using all 32 channels with passband ranges of 1-8 Hz and 1-12 Hz. Passband range of 1-8 Hz gave improved performance (statistically significant, p Td where di,j is Euclidean distance between two colors ci and bj , and the threshold Td is the maximum distance used to judge whether two color features are similar or not.The distance dmax = α ∗ Td ,where α and Td are set as 1.2 and 25 in our experiments.
(a)
(b)
(c)
(d)
Fig. 2. Comparison of PR Curves for Different Transformations: (a) Blurring (b) Zooming-in (c) Zooming-out (d) Contrast change
3
Experimental Results
To evaluate the performance of our approach, we used a video database, which contains 101 video sequences, collected from Open Video Project [12]. The video database contains approximately 305297 frames. The video content includes news, documents, Education, movies, natural scenes, landscapes etc. The format of the original video data used is MPEG-1 with 352*240 pixels and 30 fps. We designed two sets of experiments to evaluate the detection accuracy
478
R. Roopalakshmi and G.R.M. Reddy
(a)
(b)
(c)
(d)
Fig. 3. Comparison of PR Curves for Different Transformations: (a) Rotation (b) Image Ratio (c) Noise addition (d) Resolution Change
and detection efficiency of our approach respectively. From the video database, we randomly selected 15 videos, ranging from 5 to 8 seconds. Different kinds of transformations, that are given by, 1) Blurring, 2) Zooming-in, 3) Zooming-out, 4) Contrast Change, 5) Rotation, 6) Random Noise Addition, 7) Image Ratio and 8) Resolution Change are applied to those 15 videos to generate 120 video copies. Then, selected 15 videos are used as the query videos to search the database. To evaluate the efficiency, the computational cost of the single video copy detection is discussed. 3.1
Experiment 1: Detection Accuracy
To measure the detection accuracy of our scheme, we used standard Precision and Recall metrics. We consider a detection result as correct if there is any overlap with the region from which the query was extracted. The metrics of Precision and Recall used for the accuracy evaluation are given by, P recision = T P/(T P + F P ),
(6)
Recall = T P/(T P + F N ),
(7)
Efficient Video Copy Detection
479
True Positives (TP) are positive examples correctly labeled as positives. False Positives (FP) refer to negative examples incorrectly labeled as positives. False Negatives (FN) refer to positive examples incorrectly labeled as negatives. Figure 2 shows the comparison of precision and recall values of our approach with that of algorithm(1), stands for the approach [13], with respect to the blurring, zooming-in, zooming-out and contrast change transformations. In algorithm(1),authors have used Ordinal measure for extracting features of frames.The experimental results show that our scheme produces better detection results compared to the reference method. From Figure 2, we can observe that for recall values 0.8 & above, our scheme gives good precision values which is almost equal to 1, whereas the precision values of the reference method vary from 0.7 to 0.8. Figure 3 shows the results in terms of precision and recall values of the proposed and reference methods for various types of image transformations, that include rotation, image ratio, noise addition and resolution change. These results show that our scheme produces better precision values as 0.98 ,0.97 etc.,when compared with that of the reference method. 3.2
Experiment 2: Detection Efficiency
In most of the CBCD systems, the major challenge is total computation time required to implement copy detection task. In order to evaluate the efficiency of our approach, we have compared the computational cost of our approach with that of Kim ’s approach [14]. In [14] authors have used luminance of frames as feature descriptors for their CBCD task.The experiments are conducted on a standard PC with 3.2 GHz CPU and 2 GB RAM. Table 2 gives the computational cost details of both proposed and reference methods. The results from Table 2 demonstrate that our scheme is more efficient, when compared to Kim ’s approach by reducing the total computational cost up to 65%. Table 2. Computational Cost Comparison of Kim and Proposed Methods Task
Kim’s Method(in secs) Proposed Method(in secs) 1 Min 3 Min
1 Min 3 Min
5 min
16.000 51.000 97.000 13.986 34.849
52.561
6.500 18.700 27.800
0.648 1.140
2.689
Total Computation Time 22.500 69.700 124.800 14.634 35.989
55.250
Feature Extraction Feature Comparison
4
5 Min
Conclusion
In this paper, we presented a simple and video signature method using Dominant Color Descriptors of MPEG-7 standard. Experimental results show that our approach provides good performance in terms of detection accuracy rates and also
480
R. Roopalakshmi and G.R.M. Reddy
reduces the computational cost, when compared with the existing approaches. Further, our future work will be targeted at the following: 1. Multi- feature CBCD system, in which audio signatures are also incorporated with the existing approach. 2. To increase robustness of existing system against various transforms like Cropping, Camcording, Encoding, Gamma Correction etc. Acknowledgments. We would like to thank the anonymous reviewers for their valuable comments and suggestions.
References 1. Wu, X., Hgo, C.-W., Hauptmann, A.G., Tan, H.-K.: Real Time Near Duplicate Elimination for Web Video Search with Content and Context. IEEE Transactions on Multimedia 11(2) (2009) 2. Bhat, D., Nayar, S.: Ordinal Measures for Image Correspondence. IEEE Transactions on Pattern Analysis and Machine Intelligence, 415–423 (1998) 3. Shen, H.T., Zhou, X., Huang, Z., Shao, J.: UQLIPS: A real-time near-duplicate video clip detection system. In: VLDB (2007) 4. Lowe, D.G.: Distinctive Image Features from Scale-Invariant Key Points. Journal of Computer Vision, 91–110 (2004) 5. Bay, H., Tuytelaars, T, Van Gool, L.: SURF: Speeded Up Robust Features. Computer Vision and Image Understanding, 346–359 (2008) 6. Ke, Y., Sukthankar, R.: PCASIFT: A More Distinctive Representation for Local Image Descriptors. In: Computer Vision and Pattern Recognition (CVPR), pp. 506–513 (2004) 7. Manjunath, B.S., Salembier, P., Sikora, T.: Introduction to MPEG-7 - Multimedia Content Description Interface. John Wiley and Sons, West Sussex (2002) 8. Lloyd, S.P.: Least Squares Quantization in PCM. IEEE Transactions. Information Theory 28, 129–137 (1982) 9. Kashiwagi, T., Oe, S.: Introduction of Frequency Image and applications. In: SICE Annual Conference 2007, Japan (2007) 10. Deng, Y., Manjunath, B.S., Kenney, C., Moore, M.S., Shin, H.: An efficient color representation for image retrieval. IEEE Transactions on Image Processing 10, 140–147 (2001) 11. Roytman, E., Gotsman, C.: Dynamic Color Quantization of Video Sequences. IEEE Transactions on Visualization and Computer Graphics 1(3) (1995) 12. Open Video Project, http://www.open-video.org 13. Cho, H.-J., Lee, Y.-S., Sohn, C.-B., Chung, K.-S., Oh, S.-J.: A Novel Video Copy Detection Method Based on Statistical Analysis. In: International Conference on Multimedia & Expo. (2009) 14. Kim, J., Nam, J.: Content-based Video Copy Detection using Spatio-Temporal Compact Feature. In: International Conference on Advanced Communication Technology ICACT 2009 (2009)
Mobile Video Service Disruptions Control in Android Using JADE Tatiana Gualotuña1, Diego Marcillo1, Elsa Macías López2, and Alvaro Suárez-Sarmiento2 1
Grupo de Aplicaciones Móviles y Realidad Virtual, Departamento de Ciencias de la Computación, Escuela Politécnica del Ejército, Ecuador {tatiana.gualotunia,dmmarcillo}@espe.edu.ec 2 Grupo de Arquitectura y Concurrencia, Departamento de Ingeniería Telemática, Universidad de Las Palmas de G.C., Spain {emacias,asuarez}@dit.ulpgc.es
Abstract. The rapid evolution of wireless communications has contributed to successful of the mobile Video Streaming service today. However, the streaming technique is necessary for receiving video efficiently because the mobiles still have limited resources. The unpredictable behavior of wireless channels can produce service disruptions, and rejection of the user. In a previous work the last two authors have worked on solving this problem using a new architecture based on software agents and proxies. This paper extends that previous work by applying it to the new mobile phones based on Android. We have developed new skills: the use of servers (VLC and YouTube) and the use of multimedia compression formats. The comparison of our results and the previous ones for the other platforms shows that our mechanism is very efficient and provides a high quality service for the user. Keywords: Video Streaming, Android, Mobile Telephone, JADE, Service Disruptions.
1 Introduction The globalization of the Internet has led to increased distribution of multimedia files, generating digital mechanisms that can communicate high quality information in compressed form and deploy them in real-time to the mobile user. Advances in video compression and communication allow multimedia information to be displayed on mobile devices. But due to limited resources, especially memory, it is necessary to use particular techniques as Video Streaming; this technique requires real time video or large stored videos be divided in synchronized parts. These parts are communicated independently but synchronously visualized in the mobile phone. The most important topic of Video Streaming is that concurrently there are parts of the video leaving the Server, travelling in the Network and visualizing in the phone. Mobile and wireless communication has grown dramatically in recent years. Worldwide there are many communication facilities based on standards such as: Wireless Fidelity (Wi-Fi) [1], Worldwide Interoperability for Microwave Access A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 481–490, 2011. © Springer-Verlag Berlin Heidelberg 2011
482
T. Gualotuña et al.
(WiMAX) [2] allowing communication to a very small economic cost to the user. However, the data transmission in wireless channels suffers from many errors, frequent packet loss and radio coverage is not always high which can produce frequent radio disconnections of mobile phones. These disconnections are totally unpredictable and their adverse effects on communication can only be mitigated. The most widely used protocol for Video Streaming is Real Time Streaming Protocol (RTSP) (described in Request For comment (RFC) 2326). This protocol, or its recent variants based on Hypertext Transfer Protocol (HTTP) [3] [4] or Real Time Messaging Protocol (RTMP) [5], run over Real Time Protocol (RTP) and Real Time Control Protocol (RTCP) for sending video frames and control of arrival to the mobile phone. In special cases such as the Nokia N95 it can be used an additional protocol called Real Time Data Transfer (RDT) [6] which carries out additional control over the state of the wireless network that connects the mobile phone (3G networks only). The RTSP typically uses Transmission Control Protocol (TCP) for signaling. This represents a new problem associated with the wireless cannel disconnections. This is because neither RTP nor RTCP are appropriate protocols to control (without an additional middleware) mobile phone disconnections. In addition, because it is necessary to carry out a RTSP session to download the video, when a long-term disruption occurs (1 minute approximately) the session is lost and must be restarted negotiating again all the connection parameters. It implies to receive video from the beginning. This causes enormous anger in the mobile phone user leaving the RTSP session. This is not a minor problem, on the contrary, it is a significant issue for several reasons: the operator o manager of multimedia content can lose Money due to user neglect, the wireless cannel can be congested with video frames that no one will see (are out of radio coverage) and can degrade the use of the other services at that time are using the wireless network. Therefore, we think it is important to continue working on this problem, especially for new platforms for smart mobile telephones. Recent Market Research [7] [8] demonstrate that mobile phones with Android are the most currently used for multimedia applications. Moreover, all these phones have wireless communication interfaces, enabling them to receive Video Streaming at low cost. In this paper we present the implementation of our mechanism, that controlled the video communication and visualizing on portable computers [9] [10] and mobile devices like Nokia N95 [11], to the new mobile phones with Android. The basic idea was to prevent the user to re-initiate an RTSP session and to allow the user to receive lost video frames (temporarily stored in a buffer until mobile device back into the coverage area). These video frames are visualized while the video server is sending other video frames. As in previous cases we have used a software agent architecture [12] [13] providing artificial intelligence methods. Our software mechanism uses the Java Agent Development Environment (JADE) platform, in particular the version: JADE powered by Lightweight Extensible Agent Platform (JADE-LEAP) [14] [15] which is an open source multi-agent system that meet the standards Foundation for Intelligent Physical Agents (FIPA) [16]. The important innovations in this paper are the follows: a) we have used free open source video platforms like: Video LAN (VLC) [17] and the YouTube video service whose provides a high level of practical
Mobile Video Service Disruptions Control in Android Using JADE
483
application to our mechanism. b) We have used standard compression formats for media information used worldwide. The structure of this paper is: Section 2 presents the benefits of using software agents and the applicability of the JADE platform for programming agents. We present the Video Streaming automatic resumption mechanism based on JADE for mobile phones. In section 3 we discuss the effectiveness of the mechanism to perform experimental tests in real scenarios and to evaluate the results in the Android platform. Finally, we present conclusions and future work.
2 Basic Ideas of Our Agent Based Control Mechanism Agent Oriented Programming (AOP) has emerged as an alternative for the design of complex systems. The objectives and requirements of the problem to be solved are implemented by a set of autonomous entities, capable of exhibiting intelligent behavior. This naturally allows the decoupling and desirable cohesion system, facilitating the software construction and maintenance [18]. Software agents represent autonomous computational units capable of learning from their environment and act upon it to fulfill the purpose for which they were designed. They monitor the progress of selected strategies and communicate by exchanging messages. The AOP allows the development of multi-agent systems that are structured by multiple software components that interact and cooperate to solve problems that are beyond the scope of each component. We have shown AOP can be used to control the quality of Video Streaming delivery to mobile devices. There are several platforms for the development of software agents, free and proprietary. For this study we selected JADE. It is a free software platform with graphical tools for monitoring, documentation, support and is implemented in a widely accepted multiplatform language, Java. JADE [14] is a middleware that enables the deployment of distributed multi-agent systems and is consistent with the FIPA specifications [16] (global institution that sets standards to ensure interoperability between heterogeneous agents). JADE consists of one or more containers that can be located in different hosts. JADE’s agents can contact to platforms implemented with other technologies and stay in distributed containers. The set of all containers is called a platform and provides an even layer to cover the diversity of the underlying layers [19]. In each platform there should be a principal container that will be the first to run and which will record the remaining containers to start looking for run. Agent Management System (AMS) and Directory Facilitator (DF) can only be placed in the principal container. JADE LEAP [15] is a modified version of the JADE platform that runs on personal computers, servers, especially on mobile devices like cell phones, PDAs… It allows the development and implementation of JADE agents on mobile devices connected through wireless networks taking into account that these devices have limitations on some resources such as connectivity, memory and processing. JADE-ANDROID [20] is a JADE complement that provides support for the use of JADE-LEAP in the Android operating system. It is released as an add-on of JADE and is available for download on the terms of the LGPL license. It allows the implementation of agent-oriented applications based on the peer-to-peer paradigm.
484
T. Gualotuña et al.
2.1 The Service Disruption Problem and Our Solution Video transmission uses Streaming technique that enables partial download of the video into small fragments of smaller size in the Client, improving usability to send a sequence of video frames presenting low delays to start the display and lower storage requirements. During video communication, there could be breaks or service disruptions especially in wireless networks communication. It is important to improve the user experience, thus a mechanism must be provided in order to allow the user to resume a RTSP session in case a service disruption was produced. This mechanism must identify the point where to resume the session transparently. We consider the following hypothesis: 1.
2.
3. 4.
5.
There is a video server (real time o on demand) that uses Video Streaming technique to communicate a large amount of video data to mobile phone whose user is moving. Eventually, the mobile phone can be in an area where there is no radio coverage, or the transport layer protocols or Internet application does not respond during a time interval increased (from 10 seconds to 1 minute). The wireless channel may be congested causing intermittent disconnections of low duration (less than 10 seconds). As a result Video Streaming service experiences unpredictable disruptions. Moreover, it is useless to have a statistical method to predict disruptions because in practice it is impossible to have a probability of success of disruption that is reliable. The control parameters in mobile devices (bandwidth, delay, error rate and display quality) change due to client mobility and unpredictable behavior of wireless communications.
With these assumptions we are facing a mathematical optimization problem whose input variables are the above control parameters (actually there are more parameters at different levels of network architecture that does not consider in this paper). In theory with all these variables is possible to construct a function which result is a logic value: Data should be stored in a buffer when the mobile phone be out of coverage (for use when it returns to coverage) or data must not be stored in that buffer. Let us note that in general it must be decided when there is a high level of congestion, when many packets are lost… The randomness of the variables and the inability to effectively predict values of these variables makes the problem very difficult to solve exactly. We believe that the use of heuristics can alleviate the adverse effects of disruptions. But it is more efficient to use an algorithmic solution based on cooperative software agents as outlined in general for optimization problems in [21]. In this sense, systems like JADE can be used as an alternative to control the video service disruptions, thereby increasing the usability of the video streaming system. JADE-LEAP uses the Multiagent System Management (MAS) service that allows the design of the messaging and Remote Method Invocation (RMI). JADE supports the management of intermittent disconnections through its Message Transport Protocol (MTP) that performs the physical transport of messages between two agents residing in distributed containers, providing failover services. When a communication break occurs, the MTP performs constant monitoring and when the reconnection is
Mobile Video Service Disruptions Control in Android Using JADE
485
given to place, it warn the agents to restart dialogue from the point where the disconnection was produced [22]. Our mechanism for mobile phones identifies the following entities (Fig. 1.): A RTSP Video Streaming server, an Agent Proxy Server (APS), an Agent Proxy Client (APC) and the Client device which is displaying video frames.
Fig. 1. Proposed mechanism of Video Streaming on Android phones
The APS has two functions, the first is to receive messages from the APC and sent to the server as the ports assigned in the negotiation and the remaining function is to both receive messages from the server and send to the APC. The APC allows the mobile device to receive and send messages of RTSP, RTP and RTCP safely. This APC implements storage and communication mechanisms, as well as filtering the RTSP negotiation to be as transparent as possible. This resides on the mobile device which ensures that the agent will never disconnect client. By placing agents in the APS and APC, they cooperate to define when the phone is out of coverage using MTP signaling and taking care to resolve intermittent disconnects and automatically resume Video Streaming session. The messages of FIPA-Agent Communication Language (ACL) that cannot be delivered to the mobile phone are stored in the buffer of the APS, and they will be sent once the reconnection is achieved. One of the benefits of JADE-ANDROID is that they try to reconnect the APS and APC for some time. MTP defines the waiting time to reconnect the client (default value is one minute); this waiting time defines the maximum size of the buffer of the APS. When the connection between the agents is restored, the APC will read the sorted frames in the buffer and then it will send them to the video player in the mobile phone (Client). Thus, the Client will retrieve the video from the break point.
486
T. Gualotuña et al.
3 Experimental Results In our previous work we had worked with a video server set for us in Java that used the Motion Joint Photographic Expert Group (MJPEG) [23] video format which basically compresses each video frame as a JPEG image. The MJPEG format was the worst choice because it does not take advantage of temporal images compression. That means the Server will send approximately a similar amount of traffic in each RTP packet which should cause a high waste of bandwidth. But it will simplify the observation of service disruptions because it is simple to observe the absence of traffic in the Wi-Fi Channel in the period of time d. In this paper we have used freely distributed servers widely used and more powerful video encoding formats. On the one hand, we have complicated the interaction between the proxies and the video Server. On the other hand, we have improved the detection of video packets when disruptions occur and should be subsequently retrieved from the buffer. The reason we do this is to provide more practical realism to our mechanism to mitigate the adverse effects of video disruptions. The improvements include: 1.
A video server that has been used for testing, VLC (one of the free distribution that is currently used worldwide). The other server we have used was YouTube that represents the most widely used multimedia service worldwide today. In both cases we have tried to deliver video encoded in a compatible format with Android. 2. The configuration of the video format used is as follows: for video the H.264/AVC codec, bit rate 9000 kbps, 25 fps, width 176, height 144 and for audio the Advanced Audio Coding (AAC), bit rate of 128 kbps, 1 channel and the sampling rate of 44100.
We have used a wireless network with a Wi-Fi access point at 54Mbps. A 2.20 GHz AMD processor laptop with 4 GB of RAM and wireless card Atheros AR5009 IEEE 802.11 a/g/n wireless adapter. A Centrino Duo 1.66 GHz processor laptop with 1 GB
Fig. 2. FIPA message Exchange on the JADE-ANDROID platform
Mobile Video Service Disruptions Control in Android Using JADE
487
of RAM and a wireless card Intel Pro / Wireless 3945ABG. The model of the mobile device is a Google Nexus One with Android with a QSD 8250 Qualcomm processor at 1 GHz and 512 MB of RAM. We have achieved several tests considering the following cycle: in-out-in coverage in order to test the effectiveness of JADE-ANDROID for retrieving video frames packets after a service disruption. We show the sequence of FIPA ACL messages exchanged between the APS and APC in the Fig. 2. As can be seen the recovering of the RTSP session is done correctly. We present some results taking into account the communication of video and audio due to we tested that there are problems when the size of the packet increases (video) but there is no problem when the size of the packet is short (audio). In Fig. 3 and Fig. 4 we show the jitter and delay for audio and video separately comparing the using of JADE-ANDROID and without it.
Fig. 3. Variation in arrival of audio and video packets
Fig. 4. Delay audio and video packets
In Fig. 5 is shown that practically all the packets sent by the Server (audio and video) are received by the Client using JADE-ANDROID. This is not the case without JADE-ANDROID. Moreover, in this last case, the quality of visualization is very high.
488
T. Gualotuña et al.
Fig. 5. Disconnection management
When it was out of coverage about 30 seconds, the audio and video packets are successfully recovered (no packet losing). A delay is produced when reconnecting, because the packets stored in the buffer must be released and their delay must be recalculated. When the phone was out of coverage during 30 to 45 s, the audio and video packets always arrive to the Client. The audio packets were presented with 100% of quality, but the video frames were delayed and sometimes were not visualized because the buffer size was very small and failed to recalculate the frame. This was due to the timestamp, so the PvPlayer decided to remove the packets with long delay, causing the application did not respond. We found limitations in JADE-ANDROID. It limits to only one agent by each application. But in order to obtain a high quality application we need three agents by application. That is, one agent in charge to manage the RTSP and RTCP messages (a shared channel can be used for these protocol messages). One agent that manages the audio communication using a dedicated channel and another agent for managing video communication.
4 Conclusions and Future Work The implementation of the Video Streaming technique on mobile phones is not a mature research area in which there are efficient practical solutions. This is because users that experience service disruptions should start a new RTSP session. There are some interesting proposals on a commercial level that timidly begin to propose changes to HTTP and RTMP to support this type of terminals. But, there is still no efficient solution. Furthermore, the implementation of mobile Video Streaming systems on a mobile specific architecture is often a proprietary solution: is not multiplatform. We propose a solution to mitigate disruptions of service multi-platform. In previous Works we have applied our solution to the Symbian and Windows Mobile and in this paper extends to the Android platform. We used JAVA-ANDROID. Moreover, in this paper we present an extension of our mechanism to apply to a freeware open source video server (VLC) and YouTube using compression formats more powerful than those used so far. Our mechanism is necessary because protocols such as RTCP can send delay statistics of packets between the transmitter and receiver, and the amount of lost packets and other data used to make corrections in the transmission, but even so, this
Mobile Video Service Disruptions Control in Android Using JADE
489
protocol does not efficiently handle service disruptions and cannot be used to implement corrective actions. As with previous platforms, for Android our mechanism was tested in practice and experimental results show that it does not cancel the RTSP session and the mobile phone user cannot stop viewing any of the video frames that would be lost if no use our mechanism. It is necessary to clarify that a maximum time for reconnection must be specified in order to avoid wasting resources on the Server. An important issue to work is the predictive mechanisms to manage mobility and apply delivery prediction techniques. In this way the mechanism would anticipate a possible interruption of service with a considerable degree of reliability (remember that it is impossible to predict exactly service disruptions in wireless networks). Another interesting issue is the generation of intelligent mechanisms to carry out the analysis and selection of video frames to be stored based user profiles applying artificial intelligence to create agents for other mobile devices that seek adaptability to the actual conditions of wireless channel. This would maximize the memory in the APS because it would store only those video frames are strictly necessary and that the user profile has indicated. A third interesting issue is the development of a multiagent system that allows dynamic creation of agents on the server for each customer which allows applying Video Streaming technique with high-quality videos. This would achieve to improve the performance of multimedia information communication when multiple mobile devices connect to server at the same time because each JADE agent works point to point.
References 1. Hernández, K., Pelayo, J., Aguirre, L.: Broadband Transmission to Rural Areas. In: Eighth LACCEI 2010, pp. 2–5 (2010) 2. Gabriel, C.: WiMAX; The Critical Wireless Standard (March 2011), Download available http://eyeforwireless.com/wimax_report.pdf 3. Deshpande, S.: Adaptive timeline aware client controlled HTTP streaming. In: Proc. of SPIE, pp. 2–5 (2009) 4. Begen, C., Akgul, T., Baugher, M.: Watching video over the Web, part I: streaming protocols. IEEE Internet Comput. (2011) 5. Real-Time Messaging Protocol (RTMP) Specification. Adobe Systems Inc. (March 2011), Download available http://adobe.com/devnet/rtmp.html 6. Nokia N95, Nokia Inc. (March 2011), Download available http://nokia.es/link?cid=PLAIN_TEXT_815211 7. Market Research (March 2011), Download available http://altersem.com/blog/wpcontent/uploads/2010/09/EstudioDeMercadoMobileInternet.pdf 8. Trends in Mobile Operating Systems (March 2011), Download available http://noticiasdot.com/wp2/2010/12/14/android-sera-elsistema-operativo-mas-popular-en-el-verano-del-2012/ 9. Suarez, A., Macias, E.: Automatic Resumption of Streaming Sessions over Wi-Fi Using JADE. IAENG International Journal of Computer Science, IJCS 33(1), 16
490
T. Gualotuña et al.
10. Suarez, A., Macias, E., Martin, J.: Light Protocol and Buffer Management for Automatically Recovering Streaming Sessions in Wi-Fi Mobile Telephones. In: Proceedings of the IEEE Second International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies, UBICOMM 2008, pp. 80–76 (2008) 11. Suarez, A., Macias, E., Espino, F.J.: Automatic Resumption of RTSP Sessions in Mobile Phones using JADE-LEAP. IEEE Latin America Transactions 7(3), 3–8 (2009) 12. Gao, L., Zhang, Z., Towsley, D.: Proxy-Assisted Techniques for Delivering Continuous Multimedia Streams. IEEE/ACM Transactions on Networking 11(6), 884–894 (2003) 13. Bellavista, P., Corradi, A., Giannelli, C.: Mobile Proxies for Proactive Buffering in Wireless Internet Multimedia Streaming. In: Proceedings of the IEEE International Conference on Distributed Computing Systems Workshop (ICDCSW 2005), pp. 297–304 (2005) 14. Bellifemine, F., Caire, G., Poggi, A., Rimassa, G.: JADE, A White Paper. Journal of Telecom Italia Lab 3(3), 6–19 (2003) 15. Caire, G., Piere, F.: LEAP USER GUI (March 2011), Download available http://jade.tilab.com/doc/tutorials/LEAPUserGuide.pdf 16. FIPA, The Foundation for Intelligent Physical Agents (March 2011), Download available http://fipa.org/. 17. VideoLAN project’s media player, free software under GPL licensed (March 2011), Download available http://videolan.org/vlc/ 18. Vallejo, D.: A multi-agent system for optimizing the rendering. Department of Computer Science, pp. 8–23. University Castilla – La Mancha (2006) 19. Caire, G.: JADE Tutorial. JADE Programming for Beginners (2011), Download available http://jade.tilab.com/doc/tutorials/JADEProgrammingTutorial-for-beginners.pdf 20. Gotta, D., Trucco, T., Ughetti, M.: Jade Android Add-On Guide (March 2011), Download available http://jade.tilab.com/doc/tutorials/JADE_ANDROID_Guide.pdf 21. Shoham, Y., Leyton-Brown, K.: MULTIAGENT SYSTEMS Algorithmic, GameTheoretic, and Logical Foundations, pp. 330–381. Cambridge University Press, Cambridge (2009) 22. Suarez, A., Macias, E., Espino, F.J.: Automatic Resumption of RTSP Sessions in Mobile Phones using JADE-LEAP. IEEE/ACM Transactions on Networking 11(6), 884–894 (2003) 23. Muralles, W.: Analysis, Evaluation and Recommendation of Digital Video Formats (March 2011), Download available http://biblioteca.usac.edu.gt/tesis/08/08_7716.pdf
Performance Analysis of Video Protocols over IP Transition Mechanisms Hira Sathu and Mohib A. Shah Unitec Institute of Technology, Auckland, New Zealand
[email protected],
[email protected]
Abstract. In this paper, the performance of Video Protocols was tested on three well known IP transition mechanisms such as IPv6to4, IPv6in4 and Dual-Stack. The protocols involved in this experiment were MPEG-1, MPEG-2, and MP-4 protocol. In this experiment two tunnelling and a Dual-Stack mechanisms were configured and impact of these mechanisms on Video packets was observed. The parameters measured using the above test-bed were throughput, impactedthroughput (due IP transition mechanisms) and CPU utilization. The results indicate that as video packet size is increased, impact of IP transition mechanism becomes significant. Observation for Dual-Stack mechanism shows that it performed much better than other two tunnelling mechanisms (IPv6to4 & IPV6in4). IPv6to4 tunnelling mechanism had less impact on video packets while IPv6in4 had the highest impact of all three protocols tested. Comparison between video protocols illustrates that MPEG-2 was highly impacted by tunnelling mechanisms having almost the same amount of bandwidth wasted while MP4 was least impacted by tunnelling mechanism. More detail of results is covered in this paper including CPU utilization and impacted-throughput. Keywords: Video, performance analysis, protocols, IPv6to4, IPv6in4 & DualStack mechanism, and Linux Ubuntu 10.10.
1 Introduction A recent study [1] indicates that Video over IP is one of the most important and fast growing technology in the digital world. Larger numbers of users prefer to have Video over IP available at any of the computing devices they use from any location. Thus, usage of Video over IP would require each device to have an IP address in order to communicate over the internet. There are several other issues that Video over IP would face challenges from. These would be size of video packets for smaller devices and quality of video over NGN internet infrastructures using various protocols. Video over IP is mostly being used over IPv4 infrastructure (Internet); however futuristic research study of video states that video over IP would face greater challenges ahead, when it will be used over IPv6 networks and has to integrate with both IPv4 and IPv6 networks. In this experimental based research we have set up a network test-bed environment, to investigate and clarify how video quality is impacted by IP transition mechanisms [2]. A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 491–500, 2011. © Springer-Verlag Berlin Heidelberg 2011
492
H. Sathu and M.A. Shah
Moving Picture Experts Group (MPEG) is a working group of experts formed by ISO and IEC with a view to set standards for multimedia (MM) video and audio compression and transmission. MPEG has membership of various universities, industries, and research institutions. MPEG standardises the syntax and the protocol which is used to multiplex/ combine video and audio. The standard defines the way many such multimedia streams can be compressed and transported simultaneously within the MPEG standards. The most commonly used standards for transporting video are MPEG-1, MPEG-2 and MPEG-4. Their evolution was also in that order. MPEG-3 meant for High Definition TV compression became redundant with its features merged with MPEG-2. MPEG-1 was the first MM compression technique with speeds at about 1.5 Mbps (ISO/IEC 11172). Considering the lower bit rate of 1.5Mbps for MM services, this standard has lower sampling rate for the images as well as uses lower picture rates of 24-30 Hz. This resulted in lower picture quality. The popular digital audio encoding, MP3 audio compression format is a part of MPEG-1 standard which was later extended to cover MPEG-2 standard as well. MPEG-2 standard is an improvement over the MPEG-1 standard and is capable of broadcast quality TV transportation. The typical transmission rates for this standard are higher than MPEG-1. MPEG-4 standard uses enhanced compression features over MPEG-2 helping transport of computer graphic application level MM. In some profiles the MPEG-4 decoder is capable of describing even three dimensional shapes and surfaces for files with .MP4 file extension, that were also covered in this study. The structure of this paper is as follows: next Section covers the background. Section 3 mentions related works and contribution of this paper. Section 4 includes the network test-bed setup of this research and Section 5 covers the traffic generating & monitoring tools specification and Section 6 outlines experiment design. Section 7 presents the results in graphical form and describes the experiment. Finally section 8 covers the discussions and conclusions followed by the references section.
2 Background The researchers considered the issue relating to the growth of IPv6 that provides a number of advantages on adoption, and its co existence with the currently popular IPv4. However, there still remains the issue of IPv6 not being able to communicate directly with IPv4 networks. To resolve this problem, different IP transition mechanisms have been designed such as Dual-Stack, IPv6-to-4 and IPv6-in-4 mechanisms. IPv6-to-4 and IPv6-in-4 are two major tunnelling mechanisms which were mainly designed for IPv6 users. It allows IPv6 based network users to communicate with other IPv6 based networks through IPv4 cloud (Internet). These tunnelling mechanisms were structured to carry IPv6 based packets through IPv4 cloud by encapsulating IPv6 packets with IPv4 header and sending them via IPv4 cloud. It then de-capsulate the packets at the other end and deliver them to their destination. IPv6-to-4 tunnel is considered as automatic tunnel and it requires prefixed IP addresses. It does not work with private IPv4 addresses and it cannot use multicast addresses or the loop-back address as the embedded IPv4 address [3]. IPv6-in-4
Performance Analysis of Video Protocols over IP Transition Mechanisms
493
tunnel is considered as configured tunnel, which is manually configured between hosts, no tunnel brokers were used for the set up. It does not require any prefixed IP addresses, unlike 6to4 tunnel and can perform with any IP address range. Each tunnel has a separate virtual interface and is configured differently. In Linux based operating systems IPv6-to-4 tunnel is configured in an interface called tun6to4, while IPv6-in-4 tunnel is established in an interface called IPv6-in-4. Dual-Stack is based on both versions of IP (IPv4 & IPv6) protocol stacks working simultaneously. It enables IPv4 based nodes to communicate with other IPv4 based nodes and IPv6 based nodes communicate with only IPv6 based nodes. However IPv4 based nodes can’t communicate directly with IPv6 based nodes. These IP transition mechanisms have provided a solution by enabling IPv6 based networks to communicate with other IPv6 based networks via different infrastructures. However, these IP transition mechanisms result in additional delay in the transmission process because of encapsulation and de-capsulation that is essential. This may reduce the quality of video communication or cause more bandwidth wastage. Therefore the authors have carried out tests to identify and clarify the impact of the two tunnelling and a Dual-Stack mechanism on video protocols. Three well known IP transition mechanisms were selected namely, IPv6to4, IPv6in4 and DualStack. The video protocols tested were (MPEG-1 MPEG-2 & MP-4) and Linux Ubuntu 10.10 operating system was used. The main focus of this experimental research is to capture and evaluate the impact caused by these IP transition mechanisms on video packets and compare their results.
3 Related Works This section discusses earlier studies undertaken in this and related areas. In [4] the researchers have used a technique called Adaptive Significance Determination Mechanism in Temporal and Spatial domains (ASDM-TS) for H.264 videos over IP dual-stack network with DiffServ model. The packet loss scenario was mainly focused for various video protocols as each video protocol has different error transmission characteristics. Usage of fixed model for video traffic which priorities video packets in different sequences is not successful and degrades the quality of video due to loss of important video packets. However with new technique (ASDMTS) simulated results show that it improves the performance of video traffic over IP dual-stack mechanism. In another study [5], the authors have carried out an experiment on Dual-Stack mechanism using four different types of traffic (Video, Internet, FTP & VoIP). NS-2 (Network Simulator 2) tool was used to identify the performance of multiple traffic and parameters covered were Bandwidth, packet loss and delay. MPEG-4 protocol was selected to transmit video traffic over Dual-Stack mechanism using different packet sizes and results were compared. Final discussion covering the overall results mentioned that IPv6 is better than IPv4 using all four types of traffics tested. Moreover IPv6 allows more bandwidth, and adds less delay over large packet sizes while IPv4 does not provide high bandwidth and is limited in regard to large packet size traffic [5].
494
H. Sathu and M.A. Shah
In [6] Video communication between two countries was established in order to evaluate the behavior of the video transmission over IPv6 infrastructure and compared against IPv4 infrastructure. HDTV with/without compression was transmitted over both networks (IPv6 & IPv4) using one-way and two-way transmission. The outcome stated that 0.1% packet loss was observed using a one-way communication on IPv6 infrastructure while two-way transmission provided 44% packet loss. IPv4 using both one-way and two-way video communication didn’t create any unusual results. However it was concluded that 44% packet loss over IPv6 was due to the devices that come into play over the complete path between these two countries; with some of these devices not being efficient for both-ways video communication over IPv6. In [7] the investigation was carried out to clarify packet loss in video transmission over IP networks using error concealment process and without error concealment process. Lotus multi-view sequence was used, which allows 8 views and each view has 500 frames. It was observed that 2% packet loss occurred without using error concealment process. However quality of video was seriously damaged while using error concealment process the quality of video over IP networks was much better. In [8] authors propose a solution for the IP-3DTV Network Management System based on IPv4 and IPv6 networks. In another study authors have proposed a solution for video traffic improvement using two schemes such as SBF-H and RBF-H. These two techniques have the ability to select the best packet forwarder in bi-directional multiple lanes. The tests were simulated and results compiled indicate that RBF-H can provide better video quality than SBF-H in most traffic situations [9]. In the next paper [10] the authors have simulated voice and video traffic over WLAN (Wireless Local Area Network) using various protocols. The results achieved from the experiment indicate that it is possible to have three different standards of Video channels with minimum packet loss. The authors believe that the results identified in the local area network can be applied to the wide area network without having low quality video services. The contribution and motivation of this paper is to identify the impact caused by different IP transition mechanisms on Video protocols and compare the results. It was based on simulating a real network. A two way video conference on IPv6 based networks via IPv4 cloud was set up and used two tunnelling and a Dual-Stack mechanism to establish a connection between both IPv6 networks. Video traffic was generated using MPEG-1, MPEG-2 and MP4 protocols over IP transition mechanisms and impact of IP transition mechanisms was measured. As of early-2011, no literature was observed that covered evaluation of video performance using three well known transition mechanisms such as IPv6to4, IPv6in4 and Dual-Stack.
4 Network Setup The proposed network test-bed was setup based on three different configurations. There are three networks as shown in Figure 1 below. There are two IPv6 based networks that were connected to each other via IPv4 network. To establish a connection between two IPv6 based networks via IPv4 cloud, IP transition mechanisms were configured. Three different types of IP transition mechanisms were involved in these networks such as IPv6to4, IPv6in4 and Dual-Stack. One by one we configured each of these
Performance Analysis of Video Protocols over IP Transition Mechanisms
495
mechanisms to establish a connection between IPv6 based networks. Throughout these networks cat5e cables were used for physical connectivity. As illustrated below a client machine is connected to a router using IPv6 configuration and then a router is connected to another router using IPv4 configuration. Second router is connected to a client using IPv6 configuration. IPv6to4 and IPv6in4 tunnelling mechanisms were configured on both routers machines. For Dual-Stack mechanism all the machines had both versions of IPs enabled (IPv4 and IPv6 at same time). Linux (Ubuntu 10.10) operating system was installed on both routers and static routing was used for both versions of IPs (IPv4 & IPv6).
Fig. 1. Network test-bed based on IP Transition & Tunnelling mechanisms
In addition we have setup a pure IPv4 based networks and pure IPv6 based networks and performed similar tests on these networks in order to compare and differentiate the results. The test-bed shown above is based on two IPv6 networks through IPv4 cloud and both IPv6 networks are connected to each other using IP transition mechanisms (IPv6to4, IPv6in4 & Dual-Stack). All tests were conducted under same circumstances using same services on each workstation. The hardware used in this experiment includes four workstations; two performed as clients and other two were configured as routers. Linux (Ubuntu 10.10) operating system was installed on both router machines and three IP transition mechanisms were implemented on those routers. Authors used a tool called CPU-Z to identify all the components used. Following is a list of hardware components, which were involved:
An Intel® Core 2 Duo E6300 1.86 GHz processor 4.00 GB RAM for the efficient operation Broadcom NetXtreme Gigabit NIC cards A Western Digital hard-drive (160 GB) on each workstation. Cat5e fast Ethernet cables were also used.
5 Traffic Generating and Monitoring Tools VLC (Video LAN Client) [11] is a tool that was selected to broadcast (generate) video traffic over the networks. We explicitly selected this tool as it supports both
496
H. Sathu and M.A. Shah
versions of internet protocols (IPv4 & IPv6) and works across a range of operating systems including Linux, Windows and Mac. It also has the ability to broadcast live audio, video and supports multiple voice and video protocols such as MPEG-1, MPEG-2 and MP4. Gnome is a traffic monitoring tool [12] that allows users to audit and measure the performance of a live network. It has the capability to capture and measure throughput, CPU utilization and RAM utilization. Gnome was explicitly selected as it could detain and monitor the traffic during encapsulation and de-capsulation sectors. Other tools have the ability to measure the traffic performance over a network; however they cannot obtain the performance results during encapsulation and decapsulation at IP transition segments. Gnome has that special ability to monitor the traffic when it is being encapsulated or de-capsulated. This tool allowed us to capture the throughput and impacted-throughput caused by IP transition mechanisms.
6 Experimental Design Two platforms of VLC were installed on each client machine at both ends of networks and Gnome was installed on a router. First VLC player was used to stream live video conference and was received at other end using VLC Player. Same way another VLC player was used to stream video back to the client, to make it two ways video conferences. Then Gnome tool was setup on Router 1 machine where encapsulation and de-capsulation is processed. Hence all measurements were made at Router 1. In this experiment data was captured at 30 seconds intervals. The tests were repeated over 10 times to gain more accuracy in results. Next sections presents tests results obtained from this experiment.
7 Results The metrics involved in this experiment are the pure throughput, impacted-throughput (due tunnelling) and CPU utilization. This section covers three video protocols namely, MPEG-1, MPEG-2 and MP4 performance over the two pure IP versions followed by the transition mechanisms and their average results are presented in graphs and Table 1. Figure 2 below illustrates the MPEG-1 actual throughput and additional impactedthroughput due to encapsulation process. Throughput obtained using IPv4 was approximately 250 Kilobytes per second while using IPv6 it slightly increased due to the bigger header size of IPv6 packets. Dual-Stack provided marginally more throughput than IPv6 as Dual-Stack works by enabling both IPv4 & IPv6 protocol stacks at the same, which may cause slight impact on video packets. The results measured over IPv6in4 tunnel was the highest at approximately 367 Kilobytes per second and IPv6to4 tunnelling was marginally close at approximately 364 Kilobytes per second. It is clear from the graph shown below that using IPv6in4 tunnel will require at least 110 Kilobytes per second extra bandwidth on your actual throughput. Due to IPv6in4 tunnel 110 Kilobytes per second will be wasted and it will be costly for users as high amount of bandwidth gets wasted. IPv6to4 tunnel provides less impact than IPv6in4 tunnel at approximately 3 Kilobytes per second.
Performance Analysis of Video Protocols over IP Transition Mechanisms
497
T h ro u g h p u t (K iB /s )
Video Protocols MPEG-1 355 330 305 280 255 230
IPv4
IPv6
Dual Stack
IPv6to4
IPv6in4
IP versions & IP mechanims Fig. 2. Throughput of MPEG-1 and Impacted-Throughput by IP Transition mechanisms (KiB/s)
T h r o u g h p u t (K iB /s )
Video Protocols MPEG-2 800 740 680 620 560 500 IPv4
IPv6
Dual Stack
IPv6to4
IPv6in4
IP versions & IP mechanims Fig. 3. Throughput of MPEG-2 and Impacted-Throughput by IP Transition mechanisms (KiB/s)
The results for MPEG-2 protocol indicate that IPv6in4 tunnel had the highest impact on bandwidth. Throughput traffic measured over IPv4 shows that it takes 530 Kilobytes per second to have a two way video conference while using IPv6 it takes 536 Kilobytes per second. Observation over Dual-Stack indicates that it caused about 4 Kilobytes per second, more bandwidth wastage than IPv6. IPv6in4 tunnel had at approximately 883 Kilobytes per second by wasting 347 Kilobytes per second. IPv6to4 had less impact on throughput than IPv6in4 at approximately 4 Kilobytes per second. The throughput results for MP-4 protocol are visible in Figure 4. It describes that using IPv4 at approximately 110 Kilobytes per second’ bandwidth provides a two
498
H. Sathu and M.A. Shah
way video conference while using IPv6 it takes 125 Kilobytes per second. Dual-Stack mechanism caused slight impact on throughput at approximately 3 Kilobytes per second more than IPv6. Impact measured over IPv6in4 tunnel was higher than IPv6to4 tunnel at approximately 20 Kilobytes per second. Observation over IPv6in4 shows that it caused at least 71 Kilobytes per second’ bandwidth wastage while IPv6to4 had at least 52 Kilobytes per second wastage.
Th roughput (K iB /s )
Video Protocols MP-4 200 180 160 140 120 100 IPv4
IPv6
Dual Stack
IPv6to4
IPv6in4
IP versions & IP mechanims Fig. 4. Throughput of MP-4 and Impacted-Throughput by IP Transition mechanisms (KiB/s) Table 1. CPU Utilization tested over IP transition mechanisms (%)
Protocols IPv4 MPEG-1 MPEG-2 MP-4
29.6 31.4 30.9
CPU Utilization% DualStack 31.0 30.03 28.0 28.05 31.5 33.4
IPv6
6to4 26.6 27.6 33.3
6in4 27.4 26.0 31.7
Table 1 shows results of CPU utilization. These results were captured during the performance test of each video protocol using the two IP versions and IP transition mechanisms. The results for MPEG-1 and MPEG-2 had consistent CPU usage on both IP versions and three mechanisms. However, results for MP-4 were marginally higher than MPEG-1 and MPEG-2. It was due to the high compression system operating for MP-4 protocol.
8 Discussion and Conclusion The results compiled from this experiment and presented in the above section, clearly indicate that impact caused by transition mechanisms exceeds when protocols like
Performance Analysis of Video Protocols over IP Transition Mechanisms
499
MPEG-1 or MPEG-2 are transmitted. Dual-Stack had reasonable impact on each protocol while IPv6to4 and IPv6in4 tunnelling mechanisms had higher impact. • Migrating from IPv4 to IPv6 for pure IPv6 networks is beneficial as seen from the results that IPv6 had slight impact on each video protocol, which was caused due to the header size of IPv6 packets. Observation using Dual-Stack also showed that it is still better to have Video traffic over Dual-Stack as it caused slightly more impact than pure IPv6 network, which is only marginal. However, impact measured using IPv6in4 needs to be considered as seen in the section above that IPv6in4 had highest impact on each protocol tested. It caused 110 Kilobytes per second’ bandwidth wastage on MPEG-1, 347 KiB/s on MPEG-2 and 71 KiB/s on MP-4. • Comparisons between tunnelling mechanisms showed that IPv6to4 tunnel was marginally better than IPv6in4 tunnel as it had less impact on each protocol tested. • CPU Utilization measured for three video protocols over IP transition mechanisms showed no extra impact on CPU. It was consistent and didn’t provide any up and down inconsistency. So it is clear from Table 1 above that IP transition mechanisms had no additional impact on CPU utilization while encapsulation and de-capsulation process. Future work in this area should also include study and comparison of alternative methods that could be used to forward IPv6 traffic on IPv4 core networks. Authors are currently working on another test using more video protocols to identify the impact of IP transition mechanisms on those protocols. Another area is to measure packet loss of these video protocols with increased traffic loads to relate the experiments to the realistic environments that are of practical interest.
Acknowledgments We would like to acknowledge Unitec, Institute of Technology for supporting the research team and providing us this opportunity to complete this research.
References 1. Norton, W.B.: Internet Video: The Next Wave of Massive Disruption to US Peering Ecosystem. In: Presented at the Asia Pacific Regional Internet Conference on Operational Technologies (APRICOT), Bali, Indonesia (2007) 2. Tao, S., Apostolopoulos, J., Guerin, R.: Real-Time Monitoring of Video Quality in IP Networks. IEEE/ACM Transactions on Networking 16(5), 1052 (2008) 3. Stockebrand, B.: IPv6 in Practice. A Unixer’s Guide to the Next Generation Internet. Springer, Heidelberg (2007) 4. Lee, C., Yu, Y., Chang, P.: Adaptable Packet Significance Determination Mechanism for H.264 Videos over IP Dual Stack Networks. In: IEEE 4th International Conference on Communications and Networking, pp. 1–5 (2009)
500
H. Sathu and M.A. Shah
5. Sanguankotchakorn, T., Somrobru, M.: Performance Evaluation of IPv6/IPv4 Deployment over Dedicated Data Links. In: IEEE Conference on Information, Communications and Signal Processing, pp. 244–248 (2005) 6. Lee, J., Chon, K.: Compressed High Definition Television (HDTV) over IPv6. In: IEEE Conference on Applications and the Internet Workshops, p. 25 (2006) 7. Zhou, Y., Hou, C., Jin, Z., Yang, L., Yang, J., Guo, J.: Real-Time Transmission of HighResolution Multi-View Stereo Video over IP Networks. In: IEEE Conference: The True Vision-Capture, Transmission and Display of 3D Video, p. 1 (2009) 8. Luo, Y., Jin, Z., Zhao, X.: The Network Management System of IP-3DTV Based on IPv4/IPv6. In: IEEE 6th Conference on Wireless Communications Networking and Mobile Computing, pp. 1–4 (2010) 9. Xie, F., Hua, K.A., Wang, W., Ho, Y.H.: Performance Study of Live Video Streaming over Highway Vehicular Ad hoc Networks. In: IEEE 66th Conference on Vehicular Technology, pp. 2121–2125 (2007) 10. Gidlund, M., Ekling, J.: VoIP and IPTV Distribution over Wireless Mesh Networks in Indoor Environment. IEEE Transactions on Consumer Electronics 54(4), 1665–1671 (2008) 11. Video LAN : Video LAN Organization: VLC Media Player (2011), http://www.videolan.org/vlc/ 12. GNOME: GNOME Documentation Library: System Monitor Manual (2011), http://library.gnome.org/users/gnome-system-monitor/
Performance Comparison of Video Protocols Using Dual-Stack and Tunnelling Mechanisms Hira Sathu, Mohib A. Shah, and Kathiravelu Ganeshan Unitec Institute of Technology, Auckland, New Zealand {Hsathu,kganeshan}@unitec.ac.nz,
[email protected]
Abstract. This paper investigates the performance of Video Protocols over IPv6 and IP transition mechanisms. It mainly focuses on the impact caused by IP transition mechanisms on video packets and compares this with pure IPv6 based networks. The video protocols selected in this experiment were MPEG-1, MPEG-2, MPEGP-4, MKV and FLV. In this experiment a Dual-Stack and two tunnelling mechanisms were established and the impact of these mechanisms on five video protocols was measured. The parameters measured were actualthroughput over a pure IPv6 network, impacted-throughput (due IP transition mechanisms) and CPU utilization. The results indicate that video packet with large size had been impacted more than packets with small size using these IP transition mechanisms. Dual-Stack mechanism performed much better than two tunnelling mechanisms (IPv6to4 & IPv6in4) tested. IPv6in4 tunnelling mechanism had more impact than IPv6to4 tunnelling mechanism over all the video protocols tested with IPv6to4 marginally close for all protocols tested. Performance comparison between video protocols shows that FLV protocol was least impacted while MPEG-2 was highly impacted by the tunnelling mechanisms. Further detail is covered in this paper including specification for actual-throughput, impacted-throughput and CPU utilization. Keywords: Video protocols, performance evaluation, actual-throughput, Impacted-throughput, IPv6to4 tunnel, IPv6in4 tunnel & Dual-Stack mechanism.
1 Introduction Recent studies [1], [2] and [3] indicate that Video over IP is an important technology, which is growing rapidly and has a vital role ahead. Futuristic studies also specify that reliability and availability of Video over IP on all types of electronic devices will be on demand. Hence Video over IP would require more IP addresses in order to permit larger numbers of devices to be connected over the internet. Several other concerns are expected to arise and Video over IP has to deal with related issues, in order to enhance the performance of Video over IP. Issues like video packet size for mobile devices and quality over next generation networks (NGN) are yet to be resolved. Currently Video over IP is mainly being transmitted over IPv4 networks (Internet). However, according to researchers a greater challenge exists for transmitting video over IP over IPv6 infrastructure. In this scenario we have implemented an A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 501–511, 2011. © Springer-Verlag Berlin Heidelberg 2011
502
H. Sathu, M.A. Shah, and K. Ganeshan
infrastructure based on NGN including IPv6 to identify the quality of Video over IP using IP transition mechanisms [4]. MPEG (Moving Picture Experts Group) is a working group of specialists formed by international organisations with a view to set standards for audio, video and multimedia (MM) communications. MPEG has collaborative organisations and works with a range of universities, industries, and research institutions. MPEG standard characterizes multiple ways to broadcast audio and video such as multimedia streams that are compressed and transmitted concurrently within the MPEG standards. MPEG-1, MPEG-2 and MPEG-4 are commonly used standards form the range of MPEG standards, which are used for audio and video transmission. MPEG-3 was designed for High Definition TV compression and became redundant with its features merged with MPEG-2. MPEG-1 was the first MM compression method, which had a speed at approximately 1.5 Mega bits per second (ISO/IEC 11172). Considering the low bit rate of 1.5Mbps for MM services, this standard provides lower sampling rate for the images and uses lower picture rates of 24-30 Hz. The final outcome results a lower picture quality. The popular format known as MP3 is formed from the parts of MPEG-1 and MPEG-2 standards. MPEG-2 provides broadcast quality video and is specially used for TV transportation. The typical broadcast rates for MPEG-2 standard are higher than MPEG-1 while MPEG-4 standard uses compression techniques that result in higher throughput that is greater than MPEG-2. This aids transport of application level MM like computer graphics, animation and regular video files. In some cases MPEG-4 decoder is capable of describing three dimensional pictures and surfaces for files with .MP4 file extension. Matroska Multimedia Container, MKV is an open standard free container file format that can hold an unlimited number of video, audio, picture or subtitle tracks inside a single file. Unlike other similar formats, such as MP4, AVI and ASF, MKV has an open specification (open standard) and most of its code is open source. The formats are .MKA for audio only, .MKS for subtitles only, .MKV for audio, video, pictures and subtitles and .MK3D for stereoscopic/3D video. Matroska is also the basis for .webm (WebM) files. Matroska is based on a binary derivative of XML, called the Extensible Binary Meta Language (EBML) which bestows future format extensibility, without breaking file support in old parsers. Flash Video is viewable on most operating systems, using the Adobe Flash Player and web browser plug-ins and is very popular for embedded video on the web and used by YouTube, Google Video, metacafe, Reuters.com, and many other news providers. FLV is a container file format used to deliver video over the Internet using Adobe Flash Player (versions 6 to10). There are two different video file formats known as Flash Video: FLV and F4V. FLV was originally developed by Macromedia. The audio and video data within FLV files are encoded in the same way as they are within SWF files Flash Video content may also be embedded within SWF files. The F4V file format is based on the ISO base media file format. Flash Video FLV files usually contain material encoded with CODECS following the Sorenson Spark or VP6 video compression formats. The most recent public releases of Flash Player (collaboration between Adobe Systems and MainConcept) also support H.264 video and HE-AAC audio.
Performance Comparison of Video Protocols
503
The contribution and motivation of this paper is to identify the actual-throughput and impacted-throughput using five different video protocols and compare their results. This experiment was conducted in a computer lab based on a real network. A two way video conference was established on IPv6 based networks, which were connected via IPv4 cloud. To connect these networks two tunnelling and a Dual-Stack mechanism was established between both IPv6 networks. Video traffic was transmitted using MPEG-1, MPEG-2, MPEG-4, MKV and FLV protocols over these mechanisms and actual-throughput and impacted-throughput was monitored. As of early-2011, no literature was observed that covered evaluation of video protocols on these three well known transition mechanisms such as IPv6to4, IPv6in4 and Dual-Stack.
2 Background To resolve the issue of shortage in IPv4 addresses for the future, IPv6 was introduced to the computer world. In addition it also provides a number of other advantages on adoption. However, IPv6 still has one major issue since it does not communicate directly with IPv4 networks. To resolve this issue, researchers have designed various IP transition mechanisms known as IPv6 over 4, NAP-PT, Dual-Stack, IPv6to4 and IPv6-in-4 mechanisms, which allows IPv6 based networks to communicate with other IPv6 based networks via the IPv4 cloud. IPv6-to-4 and IPv6-in-4 are two vital tunnelling mechanisms which are available on multiple operating systems including Windows and Linux OSs. The main purpose of these tunnelling mechanisms was to enable IPv6 based networks to communicate to other IPv6 based networks through IPv4 networks (internet). The function of tunnelling mechanisms was designed to carry IPv6 packets via IPv4 networks using encapsulation process and add IPv6 packets into IPv4 header. It then executes decapsulation process at the other end and removes IPv4 header and deliver pure IPv6 based packets to their destinations. IPv6-to-4 tunnel operates as an automatic tunnel using prefixed IP addresses. A special method is used to calculate prefixed IP addresses for both IPv4 and IPv6. It also does not work with private IPv4 addresses and it cannot use multicast addresses or the loop-back address as the embedded IPv4 address [5]. IPv6-in-4 tunnel is also known as configured tunnel, which needs to be configured manually among hosts. It has the capability to operate at any given IP address and does not require any prefixed IP addresses, unlike IPv6to4 tunnel. Each of these tunnels has a special virtual interface, which requires different setup configuration. IPv6to4 tunnel is created and setup in an interface called tun6to4 whereas IPv6in4 tunnel is created and setup in an interface called IPv6-in-4. Dual-Stack mechanism is established by enabling both versions of IP (IPv4 & IPv6) protocol concurrently and they both operates simultaneously. It allows IPv4 based nodes particularly to communicate with only IPv4 based nodes while IPv6 based nodes specifically communicate with IPv6 based nodes; however IPv6 nodes can’t communicate IPv4 nodes. IP transition mechanisms have proposed a solution by allowing IPv6 based networks to communicate with other IPv6 based networks through IPv4 infrastructures. However, there are still major concerns that are noticeable with use of
504
H. Sathu, M.A. Shah, and K. Ganeshan
IP transition mechanisms. Dual-Stack is limited in application until internet service providers and other networks on the internet enable dual-stack mechanism. The tunnelling mechanisms causing additional delay in video transmission is because of encapsulation and de-capsulation process that is a vital concern. This may impact the quality of video transmission and may also lead to increased bandwidth wastage. Thus the authors have setup a real network based environment to conduct tests to clarify the impact of dual-stack and tunnelling mechanisms on five different video protocols. The IP mechanisms selected include a dual-stack, IPv6to4 and IPv6in4 tunnelling mechanisms. The video protocols investigated and tested were MPEG-1 MPEG-2, MPEG-4, MKV & FLV over Linux Ubuntu 10.10 platform. The actual aim of this experimental research is to identify the actual-throughput and clarify the impactedthroughput caused by these IP transition mechanisms on each video protocol and compare their results. The organization of this paper is as follows: Section 3 describes related works. Section 4 presents the network setup and Section 5 discusses the traffic generating & monitoring tools used for this study. Section 6 covers experiment design and Section 7 outlines the analysis and results. Last section presents the discussions and conclusions followed by the references.
3 Related Works This section covers related areas of research which was undertaken by other researchers in past years. In [6] a method was designed and tested which purposed a solution to packet loss issue in video transmission. The method used is called Adaptive Significance Determination Mechanism in Temporal and Spatial domains (ASDM-TS) for H.264 videos packets using IP dual-stack infrastructure with DiffServ model. The video packet loss issue was undertaken in depth and multiple video protocols were involved as each protocol is based on different characteristics and experiences different errors during transmission. A model which used fixed packets for video traffic and prioritised video packet progression differently is ineffective and reduces the quality of video packets due to significant packet loss in the process of transmission. However, using this new method (ASDM-TS) can improve the packet loss in video transmission especially when it is broadcast over IP dual-stack mechanism. In this scenario different types of traffic including video was tested and analyzed on dual-stack mechanism. In [7], authors conducted an experiment and performed Video, Internet, FTP & VoIP traffic over dual-stack mechanism. The tool known as NS-2 (Network Simulator 2) was selected to carry out the tests and metrics considered were packet loss, bandwidth and delay. Video protocol involved was MPEG-4 and it was transmitted over Dual-Stack mechanism using various packet sizes and outcome was compared. It was concluded at the end, that usage of IPv6 is much better than IPv4 no matter which traffic is transmitted. Furthermore IPv6 has the capacity to transmit more bandwidth, and cause less delay for large packet sizes whereas IPv4 is limited and provides less bandwidth for large packet sizes.
Performance Comparison of Video Protocols
505
Communication between two countries was setup using IPv6 to identify the behaviour of video traffic over a live network. In [8] authors observed video transmission over pure IPv6 and results obtained were compared with IPv4 based networks. The tests include HD (High Definition) video packets with and without compression system on both networks (IPv4 & IPv6) and one-way and two-way communication system was established between both countries. The traffic analysis outlines that 0.1% packet loss was measured over one-way transmission on IPv6 based networks while two-way transmission added significant packet loss at approximately 44%. The video transmission over IPv4 states that there is no major concern while using one-way and two-way video communication and outcome is stable for both. However, results for IPv6 indicates that using two-way transmission has caused significant impact on packet loss (44%) due to the network devices. Overall it was concluded that devices used in the infrastructure of IPv6 have caused this major packet loss as these device are not compatible with each other in regards to IPv6 traffic forwarding. An investigation over packet loss was conducted using video traffic. In [9] investigation was conducted to identify and compare packet loss occurrence in video transmission due to the process of error concealment and without error concealment. Lotus multi-view sequence was established that enables 8 views at a time and each view provides 500 frames. Outcome over packet loss shows that there was packet loss at approximately 2% without using error concealment process and caused significant damage to video quality. However using error concealment produced much better results and the quality of video over IP infrastructure was efficient. A new structure of carrying 3D traffic over IP networks was designed and a solution was proposed for 3D IP-TV. In [10] authors designed a technique called IP-3DTV Network Management System which was established on both versions of IP (IPv4 & IPv6). Another study was carried out to enhance the performance of video over IP networks using two techniques known as SBF-H and RBF-H. The techniques mentioned above have the capability to select the appropriate packets during video transmission and forward them in bi-directional multiple lanes. The outcome was obtained based on simulated test environment. It outlines that having RBF-H technique could enhance video traffic while SBF-H is appropriate in most conditions [11]. In this paper [12] the researchers setup a network for simulation environment and performed voice and video packets over WLAN (Wireless Local Area Network) using multiple protocols. The outcome obtained from the tests shows that three different types of channels can be broadcasted concurrently without having significant packet loss in video transmission. The authors concluded at the end that the outcome achieved from these tests which was conducted in LAN (Local Area Network) environment, can be applied over WAN (Wide Area Network) without causing any impact on video quality. In [13], another study was undertaken and real-time network was established to observe the original packet loss on a live network. Impact of frame rate on real-time transmission was also investigated in [14] and [15], the research in [16] takes it to the next level by testing effects of video on next generation network (NGN) and future architectures.
506
H. Sathu, M.A. Shah, and K. Ganeshan
4 Network Setup The proposed network test-bed was established using four different setups. First setup was based on pure IPv6, second enabled dual-stack mechanism. Third and fourth setup involved the two tunnelling mechanism known as IPv6to4 and IPv6in4. There are three networks in each setup as illustrated in Figure 1 below. Two networks at both ends are based on IPv6 configurations while the cloud is based on IPv4 configuration. To establish a connection between two IPv6 based networks through IPv4 cloud, two tunnelling and dual-stack mechanisms were configured. The two tunnelling mechanisms included are IPv6to4 and IPv6in4. One by one each of these mechanisms was configured to setup a connection between IPv6 based networks. Throughout these networks Cat5e cables were used for physical connectivity. As visible below a client workstation is connected to a router using IPv6 configuration and then a router is connected to another router using IPv4 configuration. Second router is connected to a client using IPv6 configuration. IPv6to4 and IPv6in4 tunnelling mechanisms were configured on both router machines. For Dual-Stack mechanism all the workstations and routers had both versions of IPs enabled (IPv4 and IPv6 concurrently). Linux (Ubuntu 10.10) operating system was installed on both routers and static routing was used for both versions of IPs (IPv4 & IPv6).
Fig. 1. Network test-bed based on Tunnelling and Dual-Stack mechanisms
In addition pure IPv6 based networks were set up and similar tests performed on these networks in order to compare the results. The test-bed shown above is based on two IPv6 networks through IPv4 cloud and both IPv6 networks are connected to each other using IP transition mechanisms (IPv6to4, IPv6in4 & Dual-Stack). All tests were conducted under same circumstances using same services on each workstation. The hardware used in this experiment contains four workstations; two machines performed as clients and other two were as routers. Linux (Ubuntu 10.10) platform was installed on both router machines and three IP mechanisms were established on each of the two routers. Authors used a tool called CPU-Z to identify all the components are identical. List of hardware components is mentioned below:
An Intel® Core 2 Duo E6300 1.86 GHz processor 4.00 GB RAM for the efficient operation Broadcom NetXtreme Gigabit NIC cards
Performance Comparison of Video Protocols
507
A Western Digital hard-drive (160 GB) on each workstation. Cat5e fast Ethernet cables were also used.
5 Traffic Generating and Monitoring Tools VLC (Video LAN Client) [17] is a tool that was selected to generate video packets over the networks. This tool was selected as it supports both versions of internet protocols (IPv4 & IPv6) and works across a range of operating systems including Linux, Windows and Mac. It also has the ability to transmit live audio, video and supports multiple voice and video protocols such as MPEG-1, MPEG-2, MPEG-4, MKV and FLV. Gnome is a network monitoring tool [18] that allows users to audit, capture and measure the status of a live network. It has the ability to detain and evaluate throughput, CPU utilization and RAM utilization. Gnome was particularly selected as it could capture and audit the video traffic during the process of encapsulation and decapsulation. Other tools tested had capability to evaluate the traffic status over a network; however they could not observe the performance of network during the process of encapsulation and de-capsulation which is operating due to IP transition mechanisms. Gnome is powerful enough and has special capacity to monitor the traffic when it is being encapsulated or de-capsulated. This tool enabled us to observe and capture the actual-throughput and impacted-throughput caused by IP transition mechanisms.
6 Experimental Design Two applications of VLC player were installed on each client workstation at both sides of networks and Gnome was setup on a router machine. First VLC application was setup to stream live video conference using one of the video protocols and it was received at other end of the network using another VLC application. Same way another VLC application was setup to stream live video back to the client, to make it two ways video conferences. Then Gnome tool was configured on a router machine where encapsulation and de-capsulation was processed. In this experiment data was captured at 30 seconds intervals. The tests were repeated over 10 times to gain more accuracy in results. Next section presents tests results obtained from this experiment.
7 Results Analysis The parameters covered in this experiment are actual-throughput, impactedthroughput and CPU utilization. This section presents performance of five different video protocols namely, MPEG-1, MPEG-2, MPEG-4, MKV and FLV over two tunnelling and Dual-Stack mechanism and their average results are shown in graphs and Table 1 below. Actual-throughput: This is original throughput of two way video conference with no additional traffic impact due to encapsulation. It simply carries video packets and delivers them to their destinations with no addition to the packet size.
508
H. Sathu, M.A. Shah, and K. Ganeshan
Throughput (KiB/s)
Throughput vs Impact-Throughput
IPv6to4 IPv6
750 600 450 300 150 0
MPEG-1
MPEG-2
MPEG-4
MKV
FLV
Video Protocols
Fig. 2. Actual-Throughput with IPv6 and Impacted-Throughput by IPv6to4 tunnelling mechanism (KiB/s)
Impacted-throughput: This is caused by IP transition mechanisms and is added into actual-throughput. The addition of additional encapsulation in the network wastes significant amount of bandwidth to deliver actual-throughput. Figure 2 below illustrates the actual-throughput on IPv6 and impacted-throughput due to encapsulation process on IPv6to4 tunnelling mechanism. The results were obtained using five different video protocols. Highest impacted-throughput was identified on MPEG-2 at approximately 242 kilobytes per second additional impact on actual-throughput. Second highest was calculated on MKV at approximately 136 kilobytes per second. Lowest amount of impacted-throughput was observed on FLV at approximately 17 kilobytes per second while second lowest impacted-throughput was measured on MPEG-4 at approximately 51 kilobytes per second. MPEG-1 had actual-throughput of approximately 257 kilobytes per second and additional 106 kilobytes per second more due encapsulation. MKV and MPEG-1 had almost the same amount of actual-throughput kilobytes per second; however impactedthroughput shows that MKV was more impacted than MEPG-1 at approximately 30 more kilobytes per second. Impacted-throughput is actually wasting bandwidth in a real network as it uses more bandwidth to send less amount of throughput, which is costly for users. The results analysis using IPv6in4 tunnelling mechanism indicates that it has significant impact on the protocols tested. The measurement of MPEG-2 reveals that it was impacted most as it has larger packet size and impacted-throughput was observed at approximately 246 Kilobytes per second. Least amount of impactedthroughput was calculated on FLV at approximately 17 kilobytes per second while second lowest was measured on MPEG-4 at approximately 70 kilobytes per second. MPEG-1 had actual-throughput for two way video conference at approximately 257 kilobytes per second while 110 kilobytes per second impacted-throughput was added on it. The results for MKV shows that it almost had similar amount of actualthroughput as MPEG-1 while impacted-throughput measurement shows it was impacted even more than MPEG-1 at approximately 16 more kilobytes per second. The results for Dual-Stack mechanism are presented below in Figure 4. It illustrates that dual-stack has very less impact over actual-throughput using all five protocols. Highest impact was measured using MKV protocol as it produced 15
Performance Comparison of Video Protocols
Throughput (KiB/s)
Throughput vs Impact-Throughput
509
IPv6in4 IPv6
750 600 450 300 150 0
MPEG-1
MPEG-2
MPEG-4
MKV
FLV
Video Protocols
Fig. 3. Actual-Throughput with IPv6 and Impacted-Throughput by IPv6in4 tunnelling mechanism (KiB/s)
Throughput (KiB/s)
Throughput vs Impact-Throughput
Dual-Stack IPv6
500 400 300 200 100 0
MPEG-1
MPEG-2
MPEG-4
MKV
FLV
Video Protocols
Fig. 4. Actual-Throughput with IPv6 and Impacted-Throughput by Dual-Stack mechanism (KiB/s) Table 1. CPU Utilization tested over Tunnelling and Dual-Stack mechanisms. (%) Mechanisms MPEG-1
CPU Utilization% MPEG-2 MPEG-4
MKV
FLV
Dual-Stack
30.0
28.1
33.4
29.1
26.3
IPv6to4
26.6 27.4
27.1 25.1
33.3 31.7
30.1 28.9
26.2 26.4
IPv6in4
kilobytes per second impacted-throughput while second highest was calculated on MPEG-1 at approximately 4 kilobytes per second. Lowest amount of impactedthroughput was observed on FLV at approximately 0.9 kilobytes per second. MPEG-2 and MPEG-4 both provided marginally close impacted-throughput having less than 0.2 kilobytes per second difference. The reason dual-stack has less impact on these protocols, is because it does not process encapsulation and de-capsulation. Table 1 above shows results of CPU utilization. These results were obtained during the performance test of each video protocol using the two tunnelling and Dual-Stack
510
H. Sathu, M.A. Shah, and K. Ganeshan
mechanism. The results for IPv6to4 and IPv6in4 didn’t show much inconsistency for CPU usage while Dual-Stack was slightly higher than both of them. It is because both versions of IP operate concurrently. Comparison between protocols also didn’t have much variation. However, results for MPEG-4 were marginally higher than all four protocols (MPEG-1, MPEG-2, MKV & FLV). It is due to high compression method used to process MPEG-4 protocol. Least amount of CPU was used during FLV tests, as it can be seen from Table 1 above that FLV had 26 percent usage of CPU no matter which mechanisms it was tested on. It is due to the size of this protocol which requires less processing power.
8 Discussion and Conclusion In this paper investigation of actual-throughput and impacted-throughput was identified and results compiled were presented in the section above. The results clarified that video packets with larger size have significant impact while video protocols with smaller size had slight impact. Dual-Stack had had only very slight impact on all the protocols tested as it does not process encapsulation and decapsulation. On the contrary the tunnelling mechanisms had significant impact on all the protocols tested. • Performance of dual-stack was much better; however it will take several years before websites and other internet service providers allow dual-stack mechanism to be used over the internet. In recent years IPv6to4 and IPv6in4 tunnelling mechanism will enable IPv6 based networks to communicate; however the impact caused by these two tunnelling mechanisms is significant and wastes a lot of bandwidth for video transmission. IPv6to4 mechanism marginally performed better than IPv6in4 mechanism on all the video protocols tested. • Comparison between video protocols indicates that FLV protocol was the least impacted, and usage of this protocol will not cause much bandwidth wastage while MPEG-4 was second best for use over tunnelling mechanisms. • CPU utilization measurement shows no additional impact on CPU usage while IP transition mechanisms were used. However MPEG-4 was marginally higher than other four video protocols tested on two tunnelling and Dual-Stack mechanisms. Due to the packet size of FLV it needs less CPU power. So it is clear from Table 1 above that IP transition mechanisms had slight impact on CPU processing power and even encapsulation and de-capsulation process caused insignificant impact on CPU utilization. Future work in this area should also include study and comparison of alternative methods that could be used to forward IPv6 traffic on IPv4 core networks. Another area is to cover other metrics such as jitter and packet loss and increase traffic loads of these protocols to relate the experiments to the realistic environments.
Acknowledgments We would like to show appreciation to UNITEC, Institute of Technology for supporting the research team and providing us this opportunity to fulfil this research.
Performance Comparison of Video Protocols
511
References 1. Atenas, M., Garcia, M., Canovas, A., Lloret, J.: MPEG-2/MPEG-4 Quantizer to Improve the Video Quality in IPTV Services. In: IEEE Sixth International Conference on Networking and Services, pp. 49–54 (2010) 2. Schierl, T., Gruneberg, K., Wiegand, T.: Scalable Video Coding Over RTP and MPEG-2 Transport Stream in Broadcast and IPTV Channels. IEEE Journals on Wireless Communications 16(5), 64–71 (2009) 3. Kim, S., Yongik, Y.: Video Customization System using Mpeg Standards. In: IEEE International Conference on Multimedia and Ubiquitous Engineering, pp. 475–480 (2008) 4. Tao, S., Apostolopoulos, J., Guerin, R.: Real-Time Monitoring of Video Quality in IP Networks. IEEE/ACM Transactions on Networking 16(5), 1052 (2008) 5. Stockebrand, B.: IPv6 in Practice. A Unixer’s Guide to the Next Generation Internet. Springer, Heidelberg (2007) 6. Lee, C., Yu, Y., Chang, P.: Adaptable Packet Significance Determination Mechanism for H.264 Videos over IP Dual Stack Networks. In: IEEE 4th International Conference on Communications and Networking, pp. 1–5 (2009) 7. Sanguankotchakorn, T., Somrobru, M.: Performance Evaluation of IPv6/IPv4 Deployment over Dedicated Data Links. In: IEEE Conference on Information, Communications and Signal Processing, pp. 244–248 (2005) 8. Lee, L., Chon, K.: Compressed High Definition Television (HDTV) over IPv6. In: IEEE Conference on Applications and the Internet Workshops, p. 25 (2006) 9. Zhou, Y., Hou, C., Jin, Z., Yang, L., Yang, J., Guo, J.: REAL-TIME Transmission of High-Resolution Multi-View Stereo Video over IP Networks. In: IEEE Conference: The True Vision-Capture, Transmission and Display of 3D Video, p. 1 (2009) 10. Luo, Y., Jin, Z., Zhao, X.: The Network Management System of IP-3DTV Based on IPV4/IPV6. In: IEEE 6th Conference on Wireless Communications Networking and Mobile Computing, pp. 1–4 (2010) 11. Xie, F., Hua, K.A., Wang, W., Ho, Y.H.: Performance Study of Live Video Streaming over Highway Vehicular Ad hoc Networks. In: IEEE 66th Conference on Vehicular Technology, pp. 2121–2125 (2007) 12. Gidlund, M., Ekling, J.: VoIP and IPTV Distribution over Wireless Mesh Networks in Indoor Environment. IEEE Transactions on Consumer Electronics 54(4), 1665–1671 (2008) 13. Kukhmay, Y., Glasman, K., Peregudov, A., Logunov, A.: Video over IP Networks: Subjective Assessment of Packet Loss. In: Tenth IEEE Conference on Consumer Electronics, pp. 1–6 (2006) 14. Khalifa, N.E.-D.M., Elmahdy, H.N.: The Impact of Frame Rate on Securing Real Time Transmission of Video over IP Networks. In: IEEE Conference on Networking and Media Convergence, pp. 57–63 (2009) 15. Sims, P.J.: A Study on Video over IP and the Effects on FTTx Architectures. In: IEEE Conference on Globecom Workshops, pp. 1–4 (2007) 16. IlKwon, C., Okamura, K., MyungWon, S., YeongRo, L.: Analysis of Subscribers’ Usages and Attitudes for Video IP Telephony Services over NGN. In: 11th IEEE Conference on Advanced Communication Technology, pp. 1549–1553 (2009) 17. Video LAN.: Video LAN Organization: VLC Media Player(2011), http://www.videolan.org/vlc/ 18. GNOME: GNOME Documentation Library: System Monitor Manual (2011), http://library.gnome.org/users/gnome-system-monitor/
IPTV End-to-End Performance Monitoring Priya Gupta, Priyadarshini Londhe, and Arvind Bhosale Tech Mahindra Pune, India {pg0042955,londhepv,arvindb}@techmahindra.com
Abstract. Service providers are spending millions of dollars in rolling out Internet Protocol Television (IPTV) services. In order to deliver profitable services in this competitive market service provider should focus on reliability and service quality. Customer experience is the key differentiator in this competitive market. To gauge end-user experience they need to have an end-toend and proactive performance monitoring solution for IPTV. Monitoring should be done at various identified interfaces, servers, network elements for user impacting impairments from Super-headend to Set-Top-Box. Proactively addressing trouble alarms or predicting possible issues before they impact enduser experience will greatly enhance the customer experience. Following a proactive approach for monitoring will help service provider in early detection and resolution of faults. The ability to do so will help in improving end-user experience and in turn increase service provider revenue. Keywords: IPTV, Performance Monitoring, Quality of Experience (QoE), Quality of Service (QoS).
1 Introduction IPTV is delivery of entertainment quality video over managed IP network. It is not just limited to delivery of broadcast television program but also extends to services like Video on Demand (VOD) where video is unicast to customer on request. IPTV is one facet of Triple Play (Voice over Internet protocol (VOIP), IPTV and Data services) and Quadplay (also includes mobile services) services. It is a game changing technology as it provides end-users a two-way communication in the delivery of broadcast television. IPTV also offers interactive services like ordering and playing VOD, controlling live TV (rewind and pause), Personal Video Recording (PVR), time shifting etc. In this growing technology many telecom service providers are now offering services like Triple/Quadplay in an attempt to gain greater market share. In addition to providing IPTV over wireline access network, delivery of IPTV over wireless cellular network, hybrid satellite and terrestrial wireless systems, Cable-TV are gaining foothold. IPTV service providers have to compete with their counterparts offering IPTV services through wireless, cable & satellite TV. To be successful, they have to meet and exceed today’s high standards of a reliability and service quality. Service quality is a primary reason for customer churn and dissatisfaction. Hence end-to-end A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 512–523, 2011. © Springer-Verlag Berlin Heidelberg 2011
IPTV End-to-End Performance Monitoring
513
performance monitoring is always a very crucial role in any successful rollout and management of IPTV offerings. This paper will discuss about IPTV Architecture stack that shows components that contribute in delivering IPTV services, various performance monitoring points and performance metrics that needs to be captured for a measuring and ensuring good end customer experience. The paper also suggests an approach for performance monitoring and method to measure QoE aspects of IPTV.
2 IPTV Architecture For delivering IPTV services, content needs to traverse various components. Major components deployed for delivering IPTV services are shown in Fig.1. These are: 1. 2. 3. 4. 5.
Super Headend Video Hub Office Core Network Access Network Home Network
Fig. 1. IPTV Architecture Stack
2.1 Super Headend (SHE) and Video Hub Office (VHO) SHE component is responsible for three major tasks - acquiring television signals/videos at national level from various sources, processing content (encoded,
514
P. Gupta, P. Londhe, and A. Bhosale
trans-coded) and distributing (encapsulating, conditional access) processed content to customer through VHO. Fig.1 shows how content acquired flows from SHE to enduser. Content acquired here by satellite dish have variety of formats and encryption protocols. This content is then converted into serial digital interface (SDI) form by Integrated receiver and decoder (IRD).The signal is than further compressed and encrypted using encoders and Digital Right Management (DRM) technology. Video is encoded into MPEG-4 AVC H.264 to transmit good quality Standard/High definition (SD/HD) content/channel to customers having bandwidth constraints in access network. After all these processing, content is stored in streaming servers to be streamed to end-user. IPTV middleware system offers end-users functionalities like user authentication and authorization, Electronic program guide (EPG) management, subscriber management etc. IPTV network generally contains one SHO and multiple VHOs, where national services are acquired at the SHO and regional, local services and video on demand services are acquired and integrated at each of the VHOs. The content distribution systems are located in the VHOs closest to the clients. 2.2 Core Network The core network is the central network portion of a communication system. It primarily provides interconnection and transfer between edge networks through routers. It needs to be re-engineered to support carriage of large volume of video content. Its bandwidth needs to be extended to meet growing video demand. 2.3 Access Network An access network allows individual subscribers or devices to connect to the core network. It can be Digital subscriber line (DSL), cable modem, wireless broadband, optical lines, or powerline data lines. In order to deliver good quality video to end user “The Last Mile” must be capable of supporting the bandwidth required to carry a video on IP. IPTV roughly requires 2 Mbps for a SD content/channel and 6-12 Mbps for HD content/channel in MPEG-4 format of compression. With fiber, bandwidth in local loop is not an issue. However, providing fiber to all customers is a complex undertaking as it is costly and may involve redesign of existing infrastructure. Currently, broadband technology ADSL2+ and VDSL (Asymmetric/Very High Bit Rate Digital Subscriber Line) seems to be the most economical means of deployment of real time video services. 2.4 Home Network It’s a very critical area as nearly 40% of video issues occur in the home. The bandwidth within the home will be critical factor to assure good delivery of IPTV service. Service needs to be provided by utilizing existing transmission media (power lines, phone lines, coax cables and wireless technologies) that are available at subscriber premises and with same quality [12].
IPTV End-to-End Performance Monitoring
515
3 Need for Performance Monitoring and Its Benefits While service providers are spending millions of dollars in rolling out IPTV service, spend on proactive end-to-end monitoring of IPTV stack (Network, Service delivery platform and video quality) cannot be overlooked. • Need for proactive monitoring of IPTV services is centered on delivering reliable and profitable services in this highly competitive market. Focus on reliability and quality of IPTV services will be key to growth and long term survival of the service provider. Service quality is a primary reason for customer churn and dissatisfaction. Therefore service provider should understand and meet customer’s expectation of service quality. • Most operators are using monitoring solution in some form or other. But many are highly dissatisfied as they do not have end-to-end visibility of IPTV stack and its performance - from headend through network to customer premises. Also with existing network monitoring solution they are not able to gauge end user quality of experience. • End-to-End monitoring of IPTV will give service provider complete knowledge of outage, its scope and magnitude. This knowledge will allow them to act proactively rather than reactively to any outage. This will in turn help them in providing better service, increasing Average Revenue Per User (ARPU) and customer loyalty.
4 QoS for IPTV Quality of Service (QoS) is the measure of performance of the system from network perspective. This measure ensures all network elements, protocols and related services operate as expected. Quality of Experience (QoE), however relates to overall acceptability of service as perceived subjectively by end user. ”QoE is a measure of end-to-end performance levels from the user’s perspective and an indicator of how well this system meets the user needs” [1]. End-users’ perception of the ‘quality of a service’ is different depending on the application requirements. IPTV service delivered over protocol stack shown in Fig.2.has mainly below mentioned aspects of quality. IPTV performance has mainly below mentioned aspects of quality. • Customer: QoE as expected and perceived by end user. • Services: Service specific expectation such as connection time, transaction time, video/audio quality, download speed etc. • Network: QoS in terms of Signaling, Transport, Network/Service delivery elements. • Data or Content: Quality of data received by the customer. A system that is able to measure all these aspects can truly give the E2E service quality measurement. Various standards like ITU-T, broadband forum have various recommendations for IPTV service. Measurement of end-to-end QoS for IPTV services will also have to be based on the underlying IPTV architecture and the type
516
P. Gupta, P. Londhe, and A. Bhosale
of network. Standards like ITU-T 1541[10] standard defines QoS classes for IP network and need to be referred while measuring the service performance over wireline network.
IPTV PROTOCOL STACK Application Layer
HTTP RTSP
Transport Layer
TCP
RTP, RTCP
MPEG2-TS
DHCP, DNS,SNMP
UDP UDP
Network Layer
IPv4/IPv6 , IGMP, RRC, RLC
Data Link Layer
ETHERNET , ATM, AAL2..5, PDCP
Physical Layer
ADSL, VDSL, PON, RF (WCDMA L1/ MAC)
Fig. 2. IPTV Protocol Stack
5 Approach for Monitoring In the established market of satellite and cable television, IPTV brought in interactive digital television, increasing the user expectations of responsiveness of the system and digital video quality. Delivering this desired high service availability with required QoS performance in such a complex and dynamic system requires continuous monitoring and performance analysis. Based on ITU-T and Broadband forum recommendations and our internal study, following approach is recommended for end-to-end performance monitoring. The flow of approach is shown in Fig.3. 5.1 Monitoring Points and Methodology In order to have a complete unified view, IPTV stack should be monitored at all interfaces with all devices, servers and network elements that are present between SHE to subscriber. Suggested monitoring points shown in Fig-1[2] and interfaces are listed below:M1:- Between egress of Content Provider and ingress of SHE. M2:- Domain border between SHO and Core Network. M3:- Domain border between Core Network and Access Network. M4:- Domain border between Access Network and Home Network. M5:- Between Set-top-box (STB) and TV. Servers: - Content Acquisition and Distribution Server (VOD Assets, VOD Metadata), Middleware Servers, VHO Servers, Advertisement Server, Conditional
IPTV End-to-End Performance Monitoring
517
Access (CA)/DRM Servers, Database Servers and servers to integrate with service provider Operational Support System (OSS) and Business Support Systems (BSS). Devices: - Routers, Digital Subscriber Line Access Multiplexer (DSLAM) and Encoders etc. Network: - Access Network and Home Network etc. Active/Passive probes or agents on all monitoring points mentioned above needs to be planted. Active/Passive probes with varying capabilities (Video Content analysis, Video quality, video signaling, Protocol identification, and application server performance measurement) will be required to capture performance metrics mentioned in Section-6. Active probe simulates user behavior by injecting test or signaling packets while Passive approach uses devices or sniffers to watch the traffic as it passes. It analyzes the performance on the basis of transaction/protocol/transport stream metrics. True end-to-end monitoring will have to include client side performance metrics measurement that can be done by either installing an agent on client equipment or an agent in client locality. These agents will capture performance metrics, to enable performance measurement. For measuring customer experience at the Customer Premises Equipment (CPE) mainly two approaches are used – Transport based( on packet loss, Bit rate, loss distance, error packets etc) and Payload based(on full reference/no reference) methods of comparing payload’s quality at ingest with that of the packet received at CPE. 5.2 System Integration Data captured from probes and agents goes as an input to various Element Management System (EMS) and Network Management System (NMS), Fault management system (FMS), Performance Management System (PMS) etc. End-toEnd system will essentially mean integrating output of these various systems. Data obtained from these systems will need to be aggregated, correlated and mapped with IPTV service flow. For all performance metrics that affect end customer experience threshold values needs to be configured. If there is any breach of threshold value or some trend of deterioration in performance metric is observed alarm should be raised. Having a robust and flexible integration strategy will be a key to the success of a proactive endto-end end-performance monitoring solution for IPTV. All alarms raised will go as input to Correlation engine. 5.3 Correlation Engine Topology based correlation engine that uses the topological relationships between networks elements can be used to do following:• Isolate and unify region wise alarms or notifications received from network elements or probes. • Establish dependencies of alarms and notifications • Identify existing or impending issues based on QoE dependencies • Deduce cause and effect relationships between alarms
518
P. Gupta, P. Londhe, and A. Bhosale
• Correlation of different alarms will help in isolating the exact location of faults and thus will help in earlier fault diagnosis and its resolution. 5.4 Unified dashboard A unified dashboard will greatly improve the Trouble to resolve (T2R) cycle for the service providers. Views for performance metrics from different demarcated points suggested above in IPTV, timely alarms proactively generated based on priority and probability of an impending issue and role wise visibility of state of the system (SOS) are something every provider will look for. A connected environment where all the stakeholders are timely updated on the SOS will definitely improve customer experience. In addition to end-to-end visibility, it will enable them to react to any outage even before the customer complains.
Fig. 3. Performance Approach Flow
6 Performance Metrics Fig.4 above shows performance metrics and their place for measurement in end-toend platform. Major performance parameters that need to be monitored for good endcustomer experience in IPTV are as follows:-
Fig. 4. IPTV Performance Metrics & Monitoring Points
IPTV End-to-End Performance Monitoring
519
Monitoring source stream: - At SHO/VHO content obtained from various external sources are aggregated. It is very necessary to measure source quality of Audio/Video streams received at SHO/VHO. If source quality is not good service provider will not be able to deliver good quality video to the customers. Coding Parameters for Audio/Video: - Media streams received at SHO/VHO are processed i.e. encoded, transrated etc. Encoding has a significant impact on video quality. Efficiency of encoding aids in bandwidth efficiency while preserving the video quality. Due to measures taken to conserve bandwidth, certain impairments are inevitably introduced. Various parameters that affect QoE due to digitization and compression are :- Codec standard used, bit rate, frame rate, Group of Picture (GoP) structure and its length, Motion vector search range, Video rate shaping, Frame Width, height, Frame rate, interlacing and Slices per I-frame, Video Reference Clock rate etc. As recommended by Broadband Forum TR-126 [4] provisional video application layer performance thresholds are shown in TABLE 1. Table 1. Bit-rate Thresholds Bit Rate
Threshold values
SDTV broadcast Video
1.75 Mbps CBR
HDTV Broadcast Video
10 Mbps CBR
VOD SDTV
2.1 Mbps CBR
Monitoring Servers/Devices: - We need to monitor all Servers and Devices present from headend to STB. E.g. Servers like Content acquisition server, Content delivery servers and Devices like Routers, DSLAM, Optical Network Terminal (ONT), Edge routers etc. Some of the parameters that need to be monitored here are:• • • • •
CPU & Memory Utilization of Servers Routers Utilization and their Traffic Metrics Throughput & Availability Behavior under heavy load condition Response delays of Servers, Request Error, and Blocked Request
IP Network performance parameters: - Video is transported from the core network through the access network to customer. It has to pass through series of routers and switches and over the transmission systems that interconnect them. At each router or switch there are queues that can introduce variable delays and if queue buffer becomes too full it can lead to packet loss. In general, transmission system between routers and switches does not contribute to performance degradation as it has extremely low error rate. Major contributors are Access network and the home network. Once video has left the headend, major factors that may impair video are Loss/Latency/Jitter of packets and impairment in Transport stream structure. If left unattended, these issues will cause perceivable impairment of video. Major
520
P. Gupta, P. Londhe, and A. Bhosale
parameters that are suggested by TR-126 [4] and ITU-T G.1080 [1] that need to be monitored here are: • Packet Lost, Repaired and Discarded-Impact of loss will be dependent on type of impairment. Loss from I and P frames produce different impairments than B frame packet losses • Burst Loss Rate, Burst Loss Length • Gap Length, Gap Loss and Gap count • Loss Period, Loss Distance • Jitter should be monitored as suggested by RFC 3350[8] • Decoder concealment algorithm used. It can mitigate some perceptual impact of losses • Bandwidth Utilization As suggested by TR-126[4] and ITU-T–1540[3] below mentioned threshold limit (shown in TABLE 2) for these parameters should not be breached. Table 2. Network Performance Thresholds Parameter
Threshold Value
Latency
Less than 200ms
Loss distance
1 error event per 4 hours
Jitter
Less than 50 ms
Max duration of a single error
Less than 16ms
IP video stream Packet loss rate
less than 1.22E-06
Jitter buffer fill
150-200 ms
I-Frame delay
500 ms
MPEG Transport parameters: - Video is often carried in MPEG Transport streams. MPEG-TS contain time stamps, sequence numbers, and program associations for packetized video streams. It is suggested by ETSI TR 101-290 - Level 1, 2 and 3 parameters should be monitored by service providers [6]. It recommends various checks including Synchronization Errors (TS Sync, Sync byte), Table errors (PAT, PSI), PMT, Missing PID, CRC, PTS, and PCR etc. These metrics provide information on key error types that occur with MPEG transport protocols, and are useful for identifying and resolving error conditions. Service Availability & Response Time: - Channel change time that depends on factors like IGMP delay (Internet group multicast protocol), buffer delay and decoding delay is one of major factors affecting user’s experience. Response time for VOD trick play functions (pause, rewind); EPG Navigation (electronic program guide), Time taken for authorization and authentication of user to check his validity and Connection Time
IPTV End-to-End Performance Monitoring
521
Table 3. User Experience Performance thresholds Parameter
Threshold Value
Latency
Less than 200ms
Loss distance
1 error event per 4 hours
Jitter
Less than 50 ms
Max duration of a single error
Less than 16ms
IP video stream Packet loss rate
less than 1.22E-06
Jitter buffer fill
150-200 ms
I-Frame delay
500 ms
etc affect customer experience. As recommended by TR-126[4] thresholds values of below mentioned parameters in TABLE 3. Threshold values should not be breached to have a good end-user experience. STB Related parameters: - The video quality delivered to customer depends on decoding efficiency, buffer size and error concealment algorithm implemented in STB. Jitter that can have significant impact on video quality can be neutralized to some extent by decoder buffer.STB boot time also plays a significant role in terms of user experience. Synchronization of Audio and Video, Lip synchronization: - Audio-Video should be synchronized in order to have good viewing experience. Max threshold recommended by TR-126 [4] is Audio Lead Video by 15ms max and Audio Lag Video by 45ms.
7 QoE in IPTV For services like IPTV, where user satisfaction is the ultimate metric of performance, a method to accurately measure the QoE is required. QoE is a subjective term and using subjective measurements on large scale is not practical as this method relies on input from actual users watching a video. Though this method is accurate, it is expensive and too time consuming. Therefore objective methods are used for estimating QoE. Objective measurements, infer video quality based on the video stream without direct input from the users. It is a very challenging task to have objective measurements that can incorporate human perception. Objective measurement can be done by three methods. • • •
Payload based - J.144 (Full reference Model) and Peak Signal Noise Ratio (PSNR) [11]. Codec aware Packet based – MPQM [9] Codec Independent packet based – MDI (Media delivery index) [7]
522
P. Gupta, P. Londhe, and A. Bhosale Table 4. Comparision of MDI and Complementry Techniques
MDI MDI relies on packet-level information. No codec information is taken into account. It does not require lot of hardware support. It poorly correlates to human perception Here it is easier to isolate the problems in video quality.
It is highly scalable and thus can monitor thousand’s of video streams simultaneously. It is suitable for IPTV service
Other Complementary Techniques like MPQM, PSNR It looks at packet-level information along with codec information and video header information Incorporating codec information makes them computationally intensive They require lot of hardware support. Some of them correlate to some extent with human perception Some techniques return a single number in the range 1-5, that gives little indication of video quality. E.g. As impairments due to encoding, network cannot be distinguished Limited scalability may have issues for real time services as it requires continuous monitoring of thousands of streams Not that suitable for IPTV services
Based on comparison shown in Table 4, MDI seems to be most suitable choice for applications like IPTV. Media Delivery Index: - As described in RFC 4445[7] it is a diagnostic tool or a quality indicator of video quality for monitoring network intended to deliver a video. The MDI is expressed as delay factor (DF) and the media loss rate (MLR). Delay Factor: - This component indicates how many milliseconds of data buffers must contain in order to eliminate jitter. Media Loss Rate (MLR):- It is simply defined as the number of lost or out-of-order media packets per second. 7.1 QoE Estimation QoE is dynamic and depends on many factors. QoE should be measured continuously. It is a function of many factors having different weights as shown in equation-1. Weights might be calculated by simulating the end-to-end scenario and calculating the overall contribution of each parameter to QoE. Quality of video is affected by impairments introduced during encoding, decoding process and in playback of reconstructed video signals. It is inevitably introduced due to measures taken to conserve bandwidth like codec quantization level, longer GoP structure, lower frame rate etc. Various human factors that affect user experience are their emotional state, previous experience or service billing. For.eg Customers who have been watching TV on satellite or cable may be annoyed by channel change delay
IPTV End-to-End Performance Monitoring
523
in IPTV. Environmental factors that may affect user experience are whether you are viewing it on Mobile, HDTV, and SDTV. A particular video will be rated differently for HDTV and SDTV. QoE for IPTV = f∫ (w1*MDI + w2*Transport Layer parameters + w3*Availability+ w4*Environment Factors + w5*Encoding and Decoding efficiency+ w6*Human factors + w7*Service Response Time). (1) w1 to w7 are weights of that parameter
8 Conclusion In this competitive IPTV market, successful service providers have to fulfill subscriber’s expectation of almost zero tolerance for poor or spotty video and unavailability of service. Delivering this kind of quality services on IP network requires monitoring service at all time on all locations. The quality of IP video can be affected by impairments introduced during encoding, transmission of packets, decoding etc. Video is so sensitive that a loss of few packets may lead to freeze frames, blank screen etc. Any such impairment may bring dissatisfaction, leading to customer churn and thus loss of revenue. In this scenario tools for end-to-end monitoring of IPTV becomes extremely critical. Service provider needs to monitor whole stack of IPTV at various interfaces, servers, network elements for various performance level parameters that impact QoE of customers. Monitoring those parameters and reflecting their effect on the QoE, will enable the provider to take proactive action to resolve even impending problems and also help expedite fault resolution. Customer experience will improve many folds by detecting and resolving problems even before customer reports for it or informing the customer proactively on possible issues. Delivering quality IPTV services will improve customer loyalty and service provider revenue.
References [1] Recommendation ITU-T G.1080, Quality of experience requirements for IPTV services (2008) [2] Recommendation ITU-T G.1081, Performance monitoring points for IPTV (2008) [3] Recommendation ITU-T Y.1540, Internet protocol data communication service – IP packet transfer and availability performance parameters (2007) [4] TR-126, Triple-Play Services Quality of Experience (QoE) Requirements, Broadband Forum Technical Report 13 December (2006) [5] TR-135, Data Model for a TR-069 Enabled STB (December 2007) [6] ETSI TR 101 290 V1.2.1,Technical Report Digital Video Broadcasting (DVB); Measurement guidelines for DVB systems (2001-2005) [7] RFC 4445 proposed ”Media Delivery Index” [8] RFC 3550, RTP: A Transport Protocol for Real-Time Applications [9] Branden Lambrecht, C.J., Verscheure, O.: Perceptual Quality Measure using a SpatioTemporal Model of the Human Visual System. In: Proc. SPIE, vol. 2668, pp. 450–461 (March 1996) [10] ITU-T Y.1541(02/06), Network performance objectives for IP-based services [11] T1.TR.74-2001, Objective Video Quality Measurement Using a Peak-Signal-to-NoiseRatio (PSNR) Full Reference Technique [12] TR-135 Data Model for a TR-069 enabled Set Top Box
A Color Image Encryption Technique Based on a Substitution-Permutation Network J. Mohamedmoideen Kader Mastan1, G.A. Sathishkumar2, and K. Bhoopathy Bagan3 1,2 Department of Electronics and Communication Engineering, Sri Venkateswara College of Engineering, Sriperumbudur-602105, India 3 Department of Electronics and Communication Engineering Madras Institute of Technology, Chennai-600044, India
[email protected],
[email protected],
[email protected]
Abstract. In this paper we have proposed and tested an image encryption technique consisting of matrix transformation, pixel diffusion and a permutation box. Since the matrix transformation, which produces both confusion and diffusion, is linear, the pixel diffusion and permutation have been introduced so as to make the technique nonlinear. This technique is specifically designed for sensitive fields like medicine where misinterpretation could result in loss of life. One apt application of this technique is its use in PACS for secure storage and transfer of medical images. The uniqueness of our technique is that it is ciphertext sensitive so that decryption doesn't yield a recognizable image in case there is an error during transmission. The proposed technique gives good parametric and sensitivity results proving itself an eligible candidate for image encryption. Keywords: color image encryption, matrix transformation, pixel diffusion, permutation, ciphertext sensitivity.
1 Introduction With the advent of the Internet and wireless communication, instantaneous transfer of text, images and multimedia to any point on earth has become feasible. However it is a package deal. The more one is free to go, the smaller the boundary becomes. The easier it is to communicate, the more unsafe it is. At this point data security plays an important role. Since digital images play a vital role in areas like medicine and military, their confidentiality is extremely important. However securing or encrypting images is different from doing text in terms of high amount of data and its redundancy, high correlation between pixels and different dimensions such as gray scale and color. The last decade has witnessed image encryption techniques [1-6] which have tried to disrupt the correlation and the redundancy in the ciphered images to the best possible extent. In an attempt to exploit the nature of visual perception, encryption techniques using only pixel permutation have also been proposed [7]. Though these A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 524–533, 2011. © Springer-Verlag Berlin Heidelberg 2011
A Color Image Encryption Technique Based on a Substitution-Permutation Network
525
‘permutation only’ techniques seem to serve the purpose they are completely vulnerable to known plaintext attacks [8]. Hence image encryption techniques too should have the basic requirements namely, confusion, diffusion [9] and avalanche effect. In this paper we have proposed a color image encryption technique involving matrix transformation, pixel diffusion and permutation. While the matrix transformation, which produces good confusion and diffusion, is linear, the pixel diffusion and permutation have been introduced so as to make the technique nonlinear. This technique is specifically designed for sensitive fields like e-medicine where misdiagnosis of diseases could result in loss of life. Our technique is unique because it is ciphertext sensitive so that decryption doesn’t yield a recognizable image in case there is an error during transmission thereby avoiding life threatening conclusion otherwise taken by the physician. One good application of our technique is in PACS (Picture Archiving and Communication System) through which medical images are archived and communicated with confidentiality among physicians and related people. Inadequate security of the medical records and their intentional or accidental leakage could cost the medical center [10]. The rest of the paper is organized as follows. Initially, section 2 is about the encryption technique, followed by the experimental results in section 3. Subsequently the key space and sensitivity analysis are done in section 4, while section 5 constitutes the efficiency analysis. Finally conclusion remarks are drawn in section 6.
2 Encryption Process This technique is significantly different from our previous work [11] in 3 ways. First, we have strengthened the key schedule, the encryption process and additionally, we have designed it for color images. Throughout this paper we have considered 24 bit RGB images as test images. 2.1 Matrix Transformation The matrix transformation (MT) used in our technique is the traditional hill cipher[12] where a key matrix of size 8×8 with values from 0 to 255 is generated. If the generated matrix is not a valid key matrix (not having odd determinant), the main diagonal elements are alone randomized until a valid key matrix is got. Randomizing the main diagonal gives a faster result. Encryption: C = Mat× P mod 256
(1)
Decryption: P = Mat-1× C mod 256
(2)
Where P and C are the plaintext and ciphertext respectively in the form of 1×8 matrix and Mat is the key matrix. The key schedule generates 3 additional matrices by swapping rows and columns of the key matrix as shown in Fig. 1. Each channel of the color image is subjected to MT independently.
526
J.M. Kader Mastan, G.A. Sathishkumar, and K.B. Bagan
Generation of key matrix Mat1
Swapping consecutive rows to generate Mat2
Swapping consecutive columns to generate Mat3
Swapping consecutive rows to generate Mat4
XOR values in each row to generate Key1
XOR values in each row to generate Key2
XOR values in each column to generate Key3
XOR values in each row to generate Key4
Fig. 1. Key schedule
2.2 Pixel Diffusion Initially the rows or the columns of the generated matrices are bitwise XORed to get key arrays of 8 elements. Here we have used linear indexing of image pixels where a(1,1) = a(1), a(2,1) = a(2) and so on. The key schedule is clearly depicted in Fig. 1. Each channel of the color image is subjected to Pixel Diffusion independently. Two types of pixel diffusion are done which are, • Single Pixel Diffusion (SPD): Letk1 is the key array generated for SPD. Let a(i) denote the intensity of the pixel with index i, r be the number of rows in the image and p be the number of pixels in the image. Let p+1=1. The pseudocode of SPD is as follows: Step1:a(1:8) ←a(1:8)⊕k1 Step 2:i←1 Step 3:a(i+1) ← a(i)⊕a(i+1) Step 4:i←i+1 Step 5: Repeat Step 3 till i=1 Step 6:a(i+1) ← (a(i)+a(i+1))mod n Step 7:i←i+1 Step 8: Repeat Step 6 for r – 1 times • Block Pixel Diffusion (BPD): Letk1 be the key array generated for BPD. The pseudocode of BPD is as follows. Step1:a(1:8) ← a(1:8)⊕k1 Step 2:i←1 Step 3:a(i+8:i+15) ← a(i+8:i+15)⊕a(i:i+7) Step 4:i←i+7 Step 5: Repeat Step 3 till i=1 2.3 Permutation This is the stage which makes the red, green and blue channels of the image interdependent. Let Ri, Gi and Bi be the pixels of the red, green and blue channels
A Color Image Encryption Technique Based on a Substitution-Permutation Network
527
Generation of key matrices MT (Mat2)
MT (Mat1)
Plain image
MT (Mat3)
Cipher Image
PB
PB
BPD-1 (Key1)
MT (Mat4)
SPD-1 (Key2)
PB
SPD (Key3)
BPD (Key4)
Generation of key arrays
N.B: denotes matrix transpose; MT – Matrix Transformation; SPD – Single Pixel Diffusion; BPD – Block Pixel Diffusion; SPD-1 – Inverse of SPD algorithm; BPD-1 – Inverse of BPD algorithm; PB – Permutation Box Fig. 2. Encryption process
respectively at index i. The following permutation box (PB) is applied to sets of 4 pixels in all the channels. R1 G1 B1
R2 G2 B2
R3 G3 B3
R4 G4 B4
→
G2 R2 G1
B1 B2 R1
B4 B3 R4
G3 R3 G4
The decryption is done in the reverse direction of the encryption process. However the MT block employs the inverse of the corresponding key matrix in the encryption process and the inverse of the BPD-1, SPD-1, SPD, BPD and PB algorithms are used with the same corresponding key.
Fig. 3. The original image Mandrill.png (left), the encrypted image (middle) and the decrypted image (right)
528
J.M. Kader Mastan, G.A. Sathishkumar, and K.B. Bagan
Fig. 4. Histogram of the red, green and blue channels of the Mandrill.png (top) and those of the encrypted Mandrill.png (bottom)
3 Experimental Results 3.1 Visual Test We have tested our technique over a variety of RGB images such as Barbara, fabric, F16, Heart, Lena, Mandrill, Peppers. Without loss of generality, we have shown the results of a typical natural image, Mandrill.png and a typical medical image, heart.jpg. The encrypted image in Fig. 3 and Fig. 5 doesn’t have any resemblance of the original image. Besides, the histograms at the bottom of Fig.4 and Fig.6 don’t reveal any information of the original image and shows equally probable intensity values. 3.2 Information Entropy Analysis Entropy h is a cumulative measure of the frequency of the intensity levels in an image. Due to the characteristic of the human eye of being insensitive to high frequency components, an image of high entropy is not visually perceivable. Moreover if the entropy of a signal is high the signal looks random. Entropy,
Fig. 5. Original heart.jpg (left), encrypted heart.jpg (middle) and the decrypted image (right)
A Color Image Encryption Technique Based on a Substitution-Permutation Network
529
Fig. 6. Histogram of red, green and blue channels of the original heart.jpg (on the top) and the encrypted heart.jpg (on the bottom)
h=∑i (– pi log2 pi), where pi is the frequency of intensity level i in the image. The maximum h an 8–bit image can attain is 8. The average of our results in Table.1 is 7.99975. Hence an entropy attack is difficult to launch. 3.3 Cross–Correlation The cross–correlation coefficient, CAB between the image A and B quantifies the level to which the image pixels are relatively randomized. The closer it is to zero, the better. Our technique produces an absolute cross-correlation of about 10-4 in most of the cases making a statistical attack tough. ∑ ∑ ∑ ∑
,
,
∑ ∑
,
(3) ,
Where Ai,j is the pixel in the ith row and jth column of A, r and c are the number of rows and columns in each channel of the image respectively. ∑
∑
,
and
∑
∑
,
(4)
Table 1. Entropy of original and encrypted test images Image Original Encrypted
Barbara 7.6919 7.9998
Fabric 7.5632 7.9998
F16 6.6639 7.9997
Heart.jpg 4.9830 7.9995
Lena.tif 7.7502 7.9998
Mandrill.png 7.7624 7.9998
Peppers.jpg 7.7112 7.9998
3.4 Net Pixel Change Rate Net Pixel Change Rate, NPCR is the measure of the number of pixel changed between 2 images A and A’.
530
J.M. Kader Mastan, G.A. G Sathishkumar, and K.B. Bagan ∑
∑
,
100% here
0 if 1 if
,
, ,
′, ′,
(5)
The expected NPCR due d to a good encryption technique is 1–n-1 ×100% % ≈ 99.6094%. Our results averrage to 99.60888%. 3.5 Unified Average Cha ange in Intensity The Unified Average Change in Intensity (UACI) is a measure of the degree to whhich the pixels vary between 2 im mages.
∑
,
∑
,
100%
(6)
The expected UACI for a go ood encryption scheme is 1
∑
1 1
100%
33.4635%
Our encryption scheme reacches an average UACI of 33.48185%. Table 2. Parametric results of encryption of Mandrill.png, heart.jpg and Lena.tif Dim |CAB| R vs R 1×10-3 R vs G 1×10-3 R vs B 1×10-3 G vs R 2×10-4 G vs G 6×10-4 G vs B 7×10-4 B vs R 2×10-5 B vs G 3×10-5 B vs B 1×10-3 Avg
Mandrill.png 512*512*3 NPCR% U UACI% 99.6056 2 29.9482 99.5975 3 30.0023 99.6006 2 29.9843 99.5705 2 28.5434 99.6265 2 28.5987 99.6178 2 28.5877 99.6067 3 31.2287 99.6166 3 31.2768 99.6265 3 31.2747 99.6075 2 29.9383
|CAB| 7×10-3 2×10-3 3×10-3 6×10-3 1×10-3 3×10-3 5×10-3 8×10-4 2×10-3 Avg
Heart.jpg 360*360*3 NPCR% 99.6134 99.6173 99.5941 99.5049 99.598 99.5957 99.6173 99.635 99.6111 99.5985
UACI% 41.2312 41.1535 41.0656 43.2241 43.1686 43.1288 44.344 44.3225 44.2663 42.8782
|CAB| 2×10-3 7×10-4 1×10-3 1×10-3 4×10-4 4×10-4 8×10-4 3×10-4 8×10-4 Avg
Lena.tif 512*512*3 NPCR% 99.6159 99.6223 99.6071 99.5953 99.6025 99.6201 99.6067 99.5998 99.5991 99.6076
UACI% 32.91182 33.08813 33.02256 30.59989 30.6331 30.64442 27.58898 27.60079 27.6221 30.41131
Fig. 7. Image decrypted d by wrong key (left) and its consolidated histogram (right)
A Color Image Encryption Technique Based on a Substitution-Permutation Network
531
4 Key Space and Sensitivity Analysis 4.1 Key Space Analysis Since the initial key generated is an 8×8 matrix with values from 0 to 255, the effective key space is calculated using the formula |
,
|
∏
∏
(7)
from [13] as 3.887×10153 where qi is a prime factor of n=∏ sufficient to resist a brute force attack.
and m=8 which is
4.2 Decryption Key Sensitivity We have shown the sensitivity test results with respect to Mandrill.png. We tested our technique by decrypting an encrypted image using the decryption key changed by one bit and found that no trace of the original image is present in the decrypted image and the histogram is flat (Fig. 7). This ensures that a partial decryption of the image is infeasible. 4.3 Encryption Key Sensitivity We have tested the encryption key sensitivity of our technique by comparing the ciphered images obtained using 2 keys varying by 1 bit. The results average to an NPCR of 99.6072% and a UACI of 33.4685%. The parametric results presented in Table 3 confirm that it is difficult to analyze the encryption technique based on similar keys. Table 3. Sensitivity test results with Mandrill.png Encryption key sensitivity |CAB| NPCR% UACI% R vs R 2×10-3 99.5979 33.4923 R vs G 5×10-4 99.5995 33.4775 R vs B 1×10-3 99.6056 33.5062 G vs R 7×10-4 99.614 33.514 -4 G vs G 7×10 99.6212 33.4644 G vs B 1×10-3 99.612 33.4844 B vs R 3×10-3 99.6086 33.4054 -3 B vs G 2×10 99.6056 33.4375 B vs B 1×10-3 99.601 33.4356 Avg 99.6072 33.4685
Plaintext sensitivity |CAB| NPCR% UACI% -3 1×10 99.6067 33.482 1×10-3 99.6033 33.4443 4×10-4 99.6033 33.49 1×10-3 99.6162 33.4938 -3 4×10 99.5293 33.5271 3×10-4 99.5995 33.4658 5×10-5 99.5922 33.4635 -4 3×10 99.6067 33.458 2×10-3 99.6124 33.5261 Avg 99.5966 33.4834
Ciphertext sensitivity |CAB| NPCR% UACI% 1×10-3 99.6586 33.5538 1×10-3 99.6147 33.4318 1×10-3 99.6071 33.4821 7×10-4 99.6246 33.5148 -4 6×10 99.704 33.5113 6×10-4 99.6159 33.4595 1×10-3 99.6063 33.5522 2×10-3 99.6048 33.4317 1×10-3 99.5689 33.505 Avg 99.6227 33.4935
4.4 Plaintext Sensitivity As plaintext sensitivity is closely related to differential cryptanalysis, we have analyzed the parametric results shown in Table.3 after encrypting Mandrill.png varying by 1 bit. The average of the NPCR values is 99.5966% and UACI is 33.4834%. The results confirm that a differential attack is infeasible.
532
J.M. Kader Mastan, G.A. Sathishkumar, and K.B. Bagan
4.4 Ciphertext Sensitivity Error tolerance is generally expected from cryptographic techniques. However, when strong authentication techniques are used, error tolerance is useless. Moreover in certain fields like medicine, decisions shouldn’t be taken based upon corrupted images. Hence we wanted our technique to be ciphertext sensitive so that a natural error or an intentional change in the ciphertext should lead to a non-recognizable decrypted image. The parametric results shown in Table.3 after decrypting encrypted Mandrill.png varied by 1 bit bolster the fact that any change in the encrypted image corrupts the entire image to a non-perceivable form. The average of the NPCR data is 99.6227% and that of UACI data is 33.4935%.
5 Efficiency Analysis We have implemented the technique in MATLAB 7.10 using a PC equipped with Intel Core2Duo T5550 @ 1.83 GHz, 2 GB RAM, 32–bit Windows 7 Ultimate OS. Theoretically both the encryption and decryption algorithms have same complexity. It can be seen from Table. 4 that as the images’ dimensions increase the bit rate increases due to the parallelism of the matrix transformation and the permutation box. Our technique is faster than the MATLAB implementation of AES [16] which takes at least 1742 seconds (in its fastest mode of encryption) for encrypting an 8 bit image of size 512×512×3. Table 3. Efficiency analysis Spatial resolution of the image 360×360×3 512×512×3 640×480×3
Time taken for encryption (seconds) 1.878208 3.648261 4.214025
Time taken for decryption (seconds) 1.832749 3.652164 4.241128
Average bit rate for encryption/decryption 1.6Mbps 1.68Mbps 2.27Mbps
6 Conclusion This paper presents a substitution-permutation network based encryption technique for color images. The key space, parametric and sensitivity test results mentioned show the cryptographic strength of the technique. The technique resists brute force, entropy, statistical, known/chosen plaintext and differential attacks. This is the first color image encryption technique which is ciphertext sensitive. Unlike other image encryption techniques this technique has 0% error tolerance so that lethal decisions are not taken based on corrupted images. The technique is faster than AES and can be used in real time secure image transmission.
References 1. Sathish Kumar, G.A., Bhoopathy Bagan, K., Vivekanand, V.: A novel algorithm for image encryption by integrated pixel scrambling plus diffusion [IISPD] utilizing duo chaos mapping applicability in wireless systems. Procedia Computer Science 3, 378–387 (2011)
A Color Image Encryption Technique Based on a Substitution-Permutation Network
533
2. Mao, Y., Chen, G., Lian, S.: A novel fast image encryption scheme based on 3D chaotic Baker Maps. International Journal of Bifurcation and Chaos 14(10), 3613–3624 (2004) 3. MU, X-C., SONG, E.-N.: A new color Image Encryption Algorithm Based on 3D Lorenz Chaos Sequences. In: First international Conference on Pervasive Computer, Signal Processing and Application, pp. 269–272 (2010) 4. Liu, S., Sun, J., Xu, Z.: An improved image encryption algorithm based on chaotic system. Journal of computers 4(11) (2009) 5. Fridrich, J.: Symmetric ciphers based on two-dimensional chaotic maps. Int. J. Bifurcation and Chaos 8, 1259–1284 (1997) 6. Socet,D., Magliveras,S.S., Furht, B.: Enhanced 1-D Chaotic Key-Based Algorithm for Image Encryption. In: First International Conference on Security and Privacy for Emerging Areas in Communications Networks, pp. 406–407 (2005) 7. Usman, K., Juzoji, H., Nakajimal, I., Soegidjoko, Ramdhani, M., Hori, T., Igi, S.: Medical image encryption based on pixel arrangement and random permutation for transmission security. In: 9th International Conference on e-Health Networking, Application and Services, pp. 244–247 (2007) 8. Li, S., Li, C., Chen, G., Bourbakis, N.G., Lo, K.-T.: A general quantitative cryptanalysis of permutation-only multimedia ciphers against plaintext attacks. Signal Processing: Image Communication 23(3), 212–223 (2008) 9. Shannon, C.E.: Communication theory of secrecy system. Bell Syst. Techn. J. 28, 656– 715 (1949) 10. http://www.healthcareitnews.com/news/ hhs-cracks-down-provider-pay-100000-hipaa-penalties-overlost-laptops 11. J. Mohamedmoideen Kader Mastan, Sathishkumar, G.A., Bagan, K.B.: Digital Image Security using Matrix and Non-Linear Pixel Transformation. In: International Conference on Computer, Communication, and Electrical Technology, vol. 1 (2011) 12. Hill, L.S.: Cryptography in an Algebraic Alphabet. The American Mathematical Monthly 36(6), 306–312 (1929) 13. Overbey, J., Traves, W., Wojdylo, J.: On the keyspace of the hill cipher. Cryptologia 29(1), 59–72 (2005) 14. Forouzan, B.A.: Cryptography & Network Security. Tata McGraw-Hill, New York (2009) ISBN-13: 978-0-07-066046-5 15. Schneier, B.: Applied Cryptography: Protocols, Algorithms and Source Code in C, 2nd edn. Wiley, NY (1995) 16. Buchholz, J.J.: Matlab Implementation of the Advanced Encryption Standard (2001), http://buchholz.hs-bremen.de/aes/aes.htm
Comment on the Improvement of an Efficient ID-Based RSA Mutlisignature Chenglian Liu1,3, , Marjan Kuchaki Rafsanjani2 , and Liyun Zheng1 1
Department of Maths and Computer Science, Fuqing Branch of Fujian Normal University
[email protected] 2 Department of Computer Science, Shahid Bahonar University of Kerman
[email protected] 3 Department of Mathematics, Royal Holloway, University of London
Abstract. In 2008, Harn and Ren proposed an efficient identity-based RSA multisignatures scheme which it based on Shamir’s identity-based signature. In 2010, Yang et al. pointed out two methods that he presumed make the Harn-Ren scheme insecure. This documentation will prove that Yang et al.s first forgery attack was incorrect and the Harn-Ren scheme is still secure. Keywords: Multisignature, Identity-based signature, RSA Cryptosystem.
1 Introduction With the growth of the Internet, digital signature has become very important to electronic commerce, it provides the cryptographic services authentication and data integrity where agreeance between signer and verifier is required. Is In 1984, Shamir [3] proposed the concept of an identity-based signature (IBS) scheme based on an integer factorization problem. Harn and Ren [1] proposed an efficient identity-based multisignature based on Shamir’s scheme. Each signer needs to register at a private key generator (PKG) and identify himself before being able to joint the network. A signer is accepted, the PKG generates a secret key for that signer based on the signer’s identity, and relative information. In 2010, Yang et al. [4] proposed two forgery attacks to the Harn-Ren scheme. They claimed their methods could be successful, and also suggested improvements. In this paper, we show that Yang et al.’s first claim is incorrect and Harn-Ren’s scheme is still secure.
2 Review of Harn-Ren Scheme Harn and Ren proposed [1] an identity-based multisignature scheme in 2008. Their description follows the model proposed in Micali et al. [2].
Corresponding Author: Mr. Liu is with Department of Mathematics and Computer Science, Fuqing Branch of Fujian Normal University, China.
A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 534–540, 2011. c Springer-Verlag Berlin Heidelberg 2011
Comment on the Improvement of an Efficient ID-Based RSA Mutlisignature
535
2.1 PKG The PKG chooses its public and private key pairs as follows: 1. Runs the probabilistic polynomial algorithm Krsa to generate two random large primes, p and q. 2. Chooses a random public key e such that gcd(e, φ(n)) = 1 and computes the private key (1) d ≡ e−1 (mod φ(n)). 2.2 Multisignature Generation Signer secret key generation. In this algorithm, the signer gets a copy of his secret key from the PKG through a two-step process: 1. A signer submits his identity to the PKG. 2. The PKG, with its private key d and the corresponding public key e, signs the message digest of the identity, denoted as ij , by generating a secret key gj , such that gj ≡ idj
(mod n).
(2)
The gj is the signer ij ’s secret key. We will not distinguish between the identity and its message digest. Message signing. To generate an identity-based multisignature, each signer carries out the followings steps: 1. Chooses a random integer rj and computes tj ≡ rje
(mod n).
(3)
2. Broadcasts rj to all the signers. 3. Upon receiving of rj , j = 1, 2, . . . , l, each signer computes t≡
l
rj
(mod n),
(4)
j=1
and
H(t,m)
sj ≡ gj · rj
(mod n).
(5)
4. Broadcasts sj to all the signers. 5. After receiving of sj , j = 1, 2, . . . , l, the multisignature component s can be computed as l sj (mod n). (6) s≡ j=1
The multisignature for message m is From the above algorithm, it is clear that the signing phase of each individual signature is identical to the original IBS scheme. It is also clear that the length of each multisignature is the same as the individual IBS.
536
C. Liu, M.K. Rafsanjani, and L. Zheng
2.3 Multisignature Verification To verify a multisignature σ = (t, s) of a message m of signers whose identities are i1 , i2 , . . . , il , one verifies the following: se ≡ (i1 · i2 · · · il ) · tH(t,m)
(7)
(mod n).
If it holds, the identity-based multisignature is valid, otherwise it is invalid. Signers
Receiver
Zn∗ ∈R rj tj ≡ rje (mod n) Broadcasts rj to all the signers. l Computes t ≡ rj (mod n) j=1
and sj ≡ gj ·
H(t,m) rj
(mod n) (σ, m)
Broadcasts sj to all the signers. Computes s ≡
l
sj
(mod n)
j=1 ?
se ≡ (i1 · i2 . . . il ) · tH(t,m)
σ = (t, s)
(mod n)
Fig. 1. Harn-Ren scheme
3 Yang et al. Attack and Improvement Yang et al. [4] initiated two forgery attacks on Harn-Ren’s scheme, and claimed the attacker is able to steal the signer’s secret key using their first method. The details are described below: 3.1 Yang et al.’s Forgery Attack I Anyone using broadcast data (rj , sj ) is able to obtain the signers secret key gj and signature (σ, m). When the attack intercepts rj and sj in the broadcasting process, the signature secret key gj can be computed from the formula H(t,m)
sj ≡ gj · rj
(mod n),
(8)
(mod n).
(9)
which also can be expressed as g j ≡ sj ·
1 H(t,m) rj
Comment on the Improvement of an Efficient ID-Based RSA Mutlisignature
In the formula
1 H(t,m) rj
is inverse element of
H(t,m)
rj
537
(mod n),
(10)
(mod n)
(11)
in the modular ‘n’ multiplicative group. Therefore, Harn-Ren scheme does not protect the signer’s secret key from being exposed. Signers
Receiver
Zn∗ ∈R rj tj ≡ rje (mod n) Broadcasts rj to all the signers. l Computes t ≡ rj (mod n) j=1
and sj ≡ gjt ·
H(t,m) rj
(mod n)
Broadcasts sj to all the signers. Computes s ≡
l
sj
(σ, m)
(mod n)
j=1
?
se ≡ (i1 · i2 . . . il )t · tH(t,m)
σ = (t, s)
(mod n)
Fig. 2. Yang et al. scheme
3.2 Yang et al.’s Improvement The PKG key phase and Signer secret key generation phase, is the same as the original scheme and need not be improved. Signing phase. Suppose l signers, i1 , i2 , · · · , il , plan to jointly sign document m, then each signer proceeds as follows: a) Signer ij chooses a random number rj , and compute ti ≡ rje
(mod n).
(12)
b) Broadcast rj to all signers. c) After receiving rj from all signers, compute t≡
l j=1
rj
(mod n),
(13)
538
C. Liu, M.K. Rafsanjani, and L. Zheng
and compute H(t,m)
sj ≡ gjt · rj
(mod n)
(14)
using own secret key. d) Broadcast sj to all signers. e) After receiving sj from the others, compute s≡
l
sj
(mod n),
(15)
j=1
the multisignature of a complete message m is σ = (t, s). Verification Phase. When the receiver receives multisignature message (m, σ), the public key e of the PKG and the identities of all the signers i1 , i2 , · · · , ij can be used to verify the validity of the signature. The verification formula is as follow: ?
se ≡ (i1 , i2 , · · · , ij )t · tH(t,m)
(mod n).
(16)
If verification is successful, then the information has a legitimate signature. Otherwise, it is an illegal signature. Figure 3 shows the detailed procedure for this signature and verification process.
4 Our Comment 4.1 Erratum to Harn-Ren Scheme In this section, we will point out an erratum as follow. The centre broadcasts tj to all the signers, and each signer computes their parameters t where t≡
l
tj
(mod n).
(17)
j=1
If centre broadcasts rj to all the signers, then each signers compute t≡
l
rj
(mod n),
(18)
j=1
and send to receiver. The signers do not pass verification phase where se ≡ (i1 · i2 · · · il ) · tH(t.m)
(mod n).
(19)
Comment on the Improvement of an Efficient ID-Based RSA Mutlisignature Signers
539
Receiver
Zn∗ ∈R rj
It should be sent tj .
rje
tj ≡ (mod n) Broadcasts tj to all the signers. It also sent tj , l otherwise it causes an error in verfication phase. tj (mod n) Computes t ≡ j=1
and sj ≡ gj ·
H(t,m) rj
(mod n)
Broadcasts sj to all the signers. Computes s ≡
l
sj
(σ, m)
(mod n)
j=1 ?
se ≡ (i1 · i2 . . . il ) · tH(t,m)
σ = (t, s)
(mod n)
Fig. 3. Erratum to Harn-Ren scheme
4.2 Security Analysis of Improvement Scheme Yang et al. proposed an improvement of multisignature scheme that they assumed if rj is known. Proof. Assume (t, sj , H(t, m)) is known, and H(t,m)
sj ≡ gjt · rj
(20)
(mod n).
?
Step 1. Compute gcd(t, e) = 1, if it is not equal, then continue until to correct where gcd(t, e) = 1. Step 2. Use Extended Euclidean Algorithm to compute (u, v) where (21)
tu + ec = 1. Step 3. Compute
u·H(t,m)
suj ≡ gjtu · rj and Step 4. Compute
ivj ≡ gjev
u·H(t,m)
· gjev
u·H(t,m)
−v gj ≡ s−u j · ij · rj
(22) (23)
(mod n).
suj · ivj ≡ gjtu · rj and
(mod n),
(mod n), (mod n).
(24) (25)
According above statement, although Yang et al. proposed an improvement of multisignature scheme, but their scheme do not increase to the security degree.
540
C. Liu, M.K. Rafsanjani, and L. Zheng
5 Conclusion As the original erratum in Harn and Ren’s scheme, Yang et al.’s results derived an error in the first forgery attack. The wrong result, is an incorrect assumption. Now that HarnRen’s multisignature scheme has proved to be secure, the Yang et al. scheme becomes unnecessary.
Acknowledgment The authors would like to thank our anonymous reviewers for their valuable comments. This research was supported in part by the Fuqing Branch of Fujian Normal University of China under the contract number KY2010030.
References 1. Harn, L., Ren, J.: Efficient identity-based RSA multisignatures. Computers & Security 27(12), 12–15 (2008) 2. Micali, S., Ohta, K., Reyzin, L.: Accountable-subgroup multisignatures: extended abstract. In: CCS 2001: Proceedings of the 8th ACM Conference on Computer and Communications Security, pp. 245–254. ACM, New York (2001) 3. Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985) 4. Yang, F.Y., Lo, J.H., Liao, C.M.: Improvement of an efficient ID-based RSA multisignature. In: 2010 International Conference on Complex, Intelligent and Software Intensive Systems (CISIS), February 15-18, pp. 822–826 (2010)
A Secure Routing Protocol to Combat Byzantine and Black Hole Attacks for MANETs Jayashree Padmanabhan, Tamil Selvan Raman Subramaniam, Kumaresh Prakasam, and Vigneswaran Ponpandiyan Department of Computer Technology, Anna University, MIT Campus, Chennai -600 044, Tamil Nadu, India
[email protected], {tamil.3758,kumareshpbe,vignesh.wrn65}@gmail.com
Abstract. The unique features of mobile ad hoc networks (potential nodes and link mobility) raise certain requirements for the security mechanism. A particularly challenging problem is how to feasibly detect and screen possible attacks on routing protocols such as Byzantine and Black hole attacks. This work focus on detecting routing Black Hole and Byzantine routing attacks through security and trust based routing. A secure auto configuration scheme is adapted and enhanced with secure public-key distribution to authorize the nodes joining the Mobile Ad hoc Network (MANET). Integrity in messages between source and destination is achieved via public key cryptographic mechanism and keyed Hash MAC over a shared secret key. The proposed schemes can be integrated with the existing routing protocols for MANETs, such as ad hoc ondemand distance vector routing (AODV) and dynamic source routing (DSR). Introducing security mechanisms over routing in MANETs might cause significant overhead and power consumption. Hence a security mechanism considering the tradeoff between security and energy consumption is proposed. A routing algorithm to establish parallel routes in order to build trust over paths and nodes in those paths is devised. So, that compromising nodes can be detected and paths involving those nodes are ignored. The proposed protocol “Secure Routing Protocol to combat Byzantine and Black Hole attacks” (SRPBB) is implemented in ns2 for throughput analysis in presence of attack. Keywords: Mobile Ad hoc networks, security, routing protocol, key management, Byzantine attack, Black Hole attack.
1 Introduction Wireless ad hoc networks are formed by devices that are able to communicate with each other using a wireless physical medium without having a pre-existing network infrastructure. This network is known as Mobile Ad hoc NETworks (MANETs). MANETs can form stand-alone groups of wireless terminals, but some terminals connected to fixed networks too. An inherent characteristic of nodes in ad hoc networks is that they are able to auto configure themselves without the intervention of centralized administration. A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 541–548, 2011. © Springer-Verlag Berlin Heidelberg 2011
542
J. Padmanabhan et al.
As in wired and infrastructure enabled wireless networks, MANETs are also vulnerable to security threats. Attacks against routing in MANETs can be classified in to external attacks and internal attacks. An external attack originates from a node (router) that doesn’t involve in the process of routing but facade to be a trusted node (router). Black hole attack is the most prominent external attack in which attack is generated via advertising false routes. Hence the malicious entity can absorb packets they receive or fabricate them instead of forwarding them. An internal attack originates from a node or a group of nodes that participates in the process of routing. The most prominent internal attack is byzantine attack, in which a node or a group of nodes within the network domain collude to disrupt the routing process by modifying, fabricating, or misleading the packets they receive. Though the level of security achieved through trust based mechanisms is noticeably low when compared to cryptography based mechanisms. In the case of MANETs the nodes are resource constrained and mostly battery driven. Hence, implementation of cryptographic mechanisms would considerably increase the overhead because of the computational complexity involved in them. Hence there is a tradeoff between level of security and computational overhead. In this paper a novel mechanism is proposed for secure auto configuration for a node newly joining MANET. Further, it also states an efficient attack detection and screening mechanism to secure the MANET routing protocols from Byzantine and Black Hole attacks. This is paper is organized as follows; related works are analyzed in Section 2. Mechanism for dynamic key management is proposed in Section 3. An enhanced routing algorithm using Trust mechanism is stated in Section 4. Simulation environment and results are presented in Section 5. Section 6 concludes the paper.
2 Related Work An analysis on current secure routing protocols used for MANETs and self-auto configuration schemes is carried out. Secure routing protocols can be classified under two categories, 1) integrated security mechanism with the existing routing protocol and 2) to detect and defend specific attacks. The common practice is to secure on demand routing protocols, such as AODV, DSR, and DSDV by using end to end authentication. This results in secure routing protocols which includes secure efficient ad hoc routing (SEAD) and Authenticated routing in ad hoc networks (ARAN). SEAD[3] is an extension of DSDV. There is no delay in updates and no increment in sequence number due to broken link. It uses one-way hash chains to authenticate hop counts. The security mechanism in SEAD is the shared secret keys between each pair of nodes. It has Byte overhead and packet overhead. ARAN[4] is implemented both in AODV and DSR. In ARAN, environment has been defined as open, managed open and managed hostile. In open environment random nodes establish connectivity without any trusted third parties in common. In managed open environment difference in the fact that nodes wishing to exchange information may exchange the initial parameters. In managed hostile environment all nodes are deployed by the common source. The weakness is that it is satisfactory only for managed open, as open environment need a trusted certificate server and as managed open need to expose the entire topology.
A Secure Routing Protocol to Combat Byzantine and Black Hole Attacks for MANETs
543
The latter involves protecting the routing traffic against routing attacks. These include On-Demand Secure Byzantine Routing (ODSBR), Rushing Attack Prevention (RAP). ODSBR [5] includes three phases namely route discovery, byzantine fault detection, link weight management. Route discovery process involves signed request to destination and the destination verifies authenticity of the request and creates a response with response sequence numbers. The source in turn selects the best route using link weight management. Authenticated acknowledgement is to be sent for every data packet it receives. The fault nodes are identified using binary search. Route discovery overhead and acknowledgement overhead occurs in ODSBR. RAP [6] is defined for rushing attacks. It involves secure neighbor detection, secure route delegation and secure route discovery. It is to be integrated with other protocol which involves change in route discovery process. Current auto configuration schemes [7] include Self-authentication schemes, challenge response scheme and trust model scheme. In Self authentication scheme [8], a node generates its public/private key pair randomly and then uses the hash value of the public key as the IP address. Here, certificate repository is not needed. The relationship between public key and IP address in this scheme brings the following problem; public/private key pair per node is limited to one where as two pairs of key are needed for signing/verifying and encryption/decryption. Hence it is vulnerable to cipher text attack. Challenge response scheme [9] is based on two steps, authentication and address allocation. This scheme has two problems; only one-hop broadcast is used in the announcement of the public key, and thus the public key is distributed only to the onehop neighbors; and the allocator might be a malicious node, hence it can assign a nondisjoint address pool to the new node, which will lead to address conflicts in the current and subsequent address allocations. Two secure auto configuration schemes based on trust model are analyzed. One method[10] is based on the trust value of the neighbors. This method is vulnerable to Sybil attacks. The second method[11] is threshold cryptography based distributed certificate authority (DCA). The problems with the scheme are, at least k preconfigured DCA server nodes must be present in the MANET without auto configuration and this scheme is also vulnerable to Sybil attack. To summarize, expensive authentication mechanisms are used in protocols that detect routing attacks.
3 Dynamic Key Management Mechanism This section deals with the secure auto configuration mechanism adapted for secure public key distribution nodes and proposed key management scheme. The proposed key management scheme achieves integrity in messages transmitted and the trust estimator technique detects the compromised nodes in the network and screens them to provide security and reliability. 3.1 Secure Auto Configuration Mechanism Since MANETs lack a centralized administration like DHCP to configure nodes joining them, new nodes should auto configure them with network. Auto configuration is done
544
J. Padmanabhan et al.
to announce the association of IP address and public key of a node to the network. A mechanism proposed by [7] HongbouZhou et al, for secure auto configuration and public key distribution is adapted. Secure Auto Configuration and Public Key Distribution achieve two goals, Uniqueness of address allocation and Secured public key distribution. It involves following procedures Generation of Parameters, Broadcast of Duplicate Address Detection (DAD) message, Receipt of Duplicate Address Detection (DAD) message, Forwarding of DAD message, Forwarding of NACK message, Receipt of NACK message, and Broadcast of Commit (CMT) message. 3.2 Key Management Scheme There are two basic key management schemes; they are public and shared-key based mechanisms. Public key based mechanism uses a public/private key pair and an asymmetric key based algorithm like RSA to establish session and authenticate nodes. In a secret key based scheme a shared symmetric key is used to verify the integrity of data. In the proposed key management scheme whenever a node is needed to initiate route discovery, it constructs RREQ and generates SMSG. SMSG consists of the shared secret key that has to be shared between the source and destination and digital signature of the same. The source node now forwards the RREQ along with the SMSG. Once the destination receives the RREQ along with SMSGs it verifies the digital signature via polling. It chooses the shared secret key that has been proved to be valid and detects the misbehavior if the digital signature sent via a path seems to be invalid. The destination reports the source regarding the misbehavior and hence every intermediate nodes record it for the future trust factor calculation. Once the source receives the RREP it starts transmitting the data encrypted via keyed HMAC algorithm using the secret key shared between the source and destination as the key. Key Management Scheme: While (initiate route discovery) { Construct RREQ; Generated SMSG; LRREQ:
broadcast RREQ + SMSG; Wait (RREP || timer Expiry) if (RREP) Exit else Goto LRREQ Transmit
}
A Secure Routing Protocol to Combat Byzantine and Black Hole Attacks for MANETs
545
Where, RREP – Route reply RREQ – Route Request SMSG – Start Message (num+ (E(E(num,KR-PUB),KS-PRI)) num - Shared Secret key
4 Trust Estimator Technique To build a trust estimation technique, trustworthiness on node n by another node n is defined as the probability that node x will perform a particular action expected by n, we denote it as Tx(n). The trustworthiness is measured using Trust Factor (TF) which is calculated by accumulating the behavior of a node over a particular interval called as TF updation cycle. The actions include route request, route reply, and SMSG and data transmission. Each node maintains a Trust Certificate Repository. Based on the Trust Factor calculated each node classifies its entire neighbors under three categories, known, unknown and companion. Known refers to a classification where nodes under this have high probability of being trusted. Unknown refers to a classification of nodes where nodes under this have low probability of being trusted. Companion refers to a classification of nodes where nodes under this have high probability of switching from unknown to known. Let µ be the probability that the link remains active and correct, mC be transmitted message found to be correct, mS be successful transmissions, mT be total number of messages transmitted by x to n which are not destined to n and mA be total number of attempted transmissions. Then Trustworthiness on node n by node x is stated as in equation (1) Tx(n)= (mc+µms) / (mt+µma)
(1)
Let Tx(p;j) be the Trustworthiness on path p by node x on jth TF updation cycle, then Path trust estimation can be stated as in equation (2) Tx(p;j) = Π Tx(n;j) | n ε p
(2)
The trustworthiness parameter stated above accounts for reliability, whereas availability of path also plays an important role in ad hoc networks which has the inherent quality of link mobility. If H is the number of hops in the path, V is the average relative speed, R is the transmission range where R = min (Rx), x ε path and µ 0 is constant of proportionality, decided by node density and mobility scenarios, then parameter µ path is defined as in equation(3). µ Path = (1/µ 0) ((H*V)/R)
(3)
4.1 Enhanced Routing 1. During route discovery, a source node sends RREQ+SMSG packets to its neighboring nodes. 2. Once an RREQ packet is received by an intermediate node, it either replies via a RREP or broadcasts it in turn.
546
J. Padmanabhan et al.
3. When the destination node receives the RREQ, it extracts the shared secret key from the SMSG and sends the RREP message via the route with highest Trust Factor (TF). 4. Once the route is established, the intermediate nodes monitor the link status of the next hops in the active routes. Those that do not meet the performance and trustworthiness requirement will be eliminated from the route. 5. When a link breakage in an active route is detected, a route error (RERR) packet is used to notify the other nodes that the loss of that link has occurred. Some maintenance procedures are needed as in AODV.
5 Simulation Result and Observation The proposed secure routing protocol (SRPBB) is implemented on ns2 version 2.34. Considering the computational overhead involved RSA public key cryptography with OAEP (256 Bits key length) and SHA1 keyed HMAC algorithms are used in dynamic key management scheme. Throughput of the protocol is evaluated under various mobility models, in the presence and absence of attack. Throughput comparison with existing AODV protocol has been done in the presence of attacker nodes and presented in figure 1. Though the protocol uses Operations causing additional processing overhead: 1. SMSG –Start Message involves digital signature generation procedure at the source end on creation and digital signature verification procedure on receiving at the destination end. 2. Transmission involves just HMAC mechanism over the data to be transmitted. 3. DAD involves two HMAC operations one at the source end and another at the destination end. 4. Key length of public key encryption algorithm can be changed or extended to 1024 bits based on the computational capability and applications. Convergence of a routing protocol refers to the time taken by the protocol to establish routes during route discovery phase and re-establishment of routes during route maintenance phase in case of route error. The proposed SRPBB routing protocol implements route maintenance mechanism of AODV but in the case of route discovery it considers trust factor for path selection instead time of arrival of route reply as in AODV. Since a path being chosen based on reliability and availability, the probability of link or node failure is considerably low. So this confirms efficiency of SRPBB over AODV in context of convergence. Considering overhead involved we chose RSA with 256 bit key with OAEP padding. Here OAEP improves the strength of RSA multiple times and incurs very low overhead. This saves the need for large key size to improve the Strength of RSA at the cost of resource utilization. It is estimated that for an RSA key with a length of Lk (in bits), the CPU cycles needed to perform one RSA operation is about (Lk + 2) × (Lk + 2 + 32) for a typical implementation, which is equal to 0.28 and 1.09 million for Lk = 512 and 1024, respectively. It is also estimated that the generation of a signature takes about 20 RSA operations, whereas the verification takes only one RSA operation.
A Secure Routing Protocol to Combat Byzantine and Black Hole Attacks for MANETs
547
In the proposed scheme path trust evaluation parameter is given by the product of trusts of the nodes in the path. Hence the node with minimal trust value will scale down the entire path trust considerably. This makes the protocol to converge fast than other existing protocol. More than reliability, the trust estimator technique proposes a simple and feasible mechanism in consideration with availability of paths. This mechanism adds more efficiency to the protocol. x-axis: Time in milliseconds
y-axis: Total Throughput
Fig. 1. Throughput Comparison Between AODV and SRPBB
6 Conclusion It is evident from the performance evaluation that the devised routing protocol has outperformed existing unicast routing protocols in terms of efficiency and security. Overhead in the implemented key management scheme cause is due to public key cryptographic mechanism being used. Hence considering the tradeoff between energy and security a new cryptographic mechanism can be devised in the future to support resource constraint MANET environment. Considering appropriate parameters other than throughput, efficiency of the protocol has to be scaled and suitable adjustments have to be carried out. To conclude an enhanced routing protocol that eliminates byzantine and black hole attack in MANETs has been devised and implemented. Making the protocol QoS centric is a challenging issue and to be continued with future work.
548
J. Padmanabhan et al.
References 1. Yu, M., Zhou, M., Su, W.: A Secure Routing Protocol against Byzantine Attacks for MANETs in Adversarial Environments. IEEE Transactions On Vehicular Technology 58(1) (January 2009) 2. Bhalaji, N., Shanmugam, A.: Association between Nodes to Combat Blackhole Attack in DSR based Manet. In: IEEE WOCN 2009 Conference Program Cairo, Cairo, Egypt (2009) 3. Hu, Y.-C., Johnson, D.B., Perrig, A.: SEAD: Secure efficient distance vector routing for mobile wireless ad hoc networks. In: Proc. 4th IEEE Workshop Mobile Comput. Syst. Appl., pp. 3–13 (June 2002) 4. Sanzgiri, K., LaFlamme, D., Dahill, B., Levine, B.N., Shields, C., Belding-Royer, E.M.: Authenticated routing for ad hoc networks. IEEE J. Sel. Areas Commun. 23(3), 598–610 (2005) 5. Awerbuch, B., Curtmola, R., Holmer, D., Nita-Rotaru, C.: ODSBR: An On-Demand Secure Byzantine Routing Protocol. JHU CS Tech. Rep.Ver.1 (October 15, 2003) 6. Hu, Y.-C., Perrig, A., Johnson, D.B.: Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols. In: WiSe 2003, San Diego, California, USA (September 19, 2003) 7. Zhou, H., Mutak, M.W., Ni, L.M.: Secure Autoconfiguration and Public-key Distribution for Mobile Ad-hoc Networks. In: IEEE 6th International Conference on Mobile Ad hoc and Sensor Systems, MASS 2009 (2009) Secure Autoconfiguration and Public-key Distribution for Mobile Ad-hoc Networks. In: IEEE 6th International Conference on Mobile Ad hoc and Sensor Systems, MASS 2009 (2009) 8. Wang, P., Reeves, D.S., Ning, P.: Secure Address Autoconfiguration for Mobile Ad Hoc Networks. In: Proceedings of the 2nd Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services (MobiQuitous 2005), San Diego, CA, pp. 519–521 (July 2005) 9. Cavalli, A., Orset, J.-M.: Secure Hosts Autoconfiguration in Mobile Ad Hoc Networks. In: Proceedings of the 24th International Conference on Distributed Computing Systems Workshops (ICDCSW 2004), Tokyo, Japan (March 2004) 10. Hu, S., Mitchell, C.J.: Improving IP address autoconfiguration security in mANETs using trust modelling. In: Jia, X., Wu, J., He, Y. (eds.) MSN 2005. LNCS, vol. 3794, pp. 83–92. Springer, Heidelberg (2005) 11. Nakayama, H., Kurosawa, S., Jamalipour, A., Nemoto, Y., Kato, N.: A Dynamic Anomaly Detection Scheme for AODV-Based Mobile Ad Hoc Networks. IEEE Transactions On Vehicular Technology 58(5) (June 2009) 12. Bai, F., Sadagopan, N., Helmy, A.: BRICS: A Building-block approach for analyzing Routing protocols in ad hoc networks - a Case Study of reactive routing protocols. In: IEEE International Conference on Communications (ICC) (June 2004) 13. Johnson, D.B., Maltz Josh Broch, D.A.: DSR: The Dynamic Source Routing Protocol for Multi-Hop Wireless Ad Hoc Networks. RFC 4728 (February 2007) 14. Lu, S., Li1, L., Lam, K.-Y., Jia, L.: SAODV: A MANET Routing Protocol that can Withstand Black Hole Attack. In: IEEE International Conference on Computational Intelligence and Security (2009) 15. Sadagopan, N., Bai, F., Krishnamachari, B., Helmy, A.: PATHS: Analysis of PATH Duration Statistics and their Impact on Reactive MANET Routing Protocols. In: ACM International Symposium on Mobile Ad Hoc Networking & Computing (2003) 16. Nakayama, H., Kurosawa, S., Jamalipour, A., Nemoto, Y., Kato, N.: A Dynamic Anomaly Detection Scheme for AODV-Based Mobile Ad Hoc Networks. IEEE Transactions On Vehicular Technology 58(5) (June 2009)
A Convertible Designated Verifible Blind Multi-signcryption Scheme Subhalaxmi Das , Sujata Mohanty, and Bansidhar Majhi Department of Computer Science and Engineering, NIT, Rourkela, Orissa
Abstract. This paper presents a convertible blind multi-signcryption scheme without using any one-way hash function based on the security of three computationaly hard problems, namely Computationaly Diffiehellman problem, Discrete Logarithimic Problem, Integer Factorisation problem .Only a designated verifier can verify the signcrypted text having the signcrypters public parameters. The size of the generated authenticated ciphertext is independent of the number of total participating signcrypters. The proposed scheme is convertible as it can easily produce the ordinary signcrypted text without the co-operation from the signer. The verification of the proposed scheme is less, thereby can be applicable in reallife scenarios. Keywords: Blind Convertible.
1
Multi-Signcryption,
Blind
Multi-signature,
Introduction
Encryption and signature are fundamental tools of Public Key Cryptography for confidentiality and authenticity respectively [1]. Traditionally, these two main building-blocks have been considered as independent entities. However, these two basic cryptographic techniques may be combined together in various ways, such as sign-then-encrypt and encrypt-then-sign, in many applications to ensure privacy and authenticity simultaneously. To enhance efficiency, Zheng proposed a novel conception named signcryption, which can fulfill both the functions of signature and encryption in a logical step [3] . Compared with traditional methods, signcryption has less computation, communication and implementation complexity. As the signcryption scheme having so many advantages and extensive application prospects it is used in multi user setting. In multi-user settings, messages are often signed in a group of members. To send messages to multiple recipients, the base signcryption scheme could be run several times in the trivial way. But, the trivial method is infeasible for security and performance reasons. Thus, the new primitive called multi-signcryption should be present. In multisigncryption scheme a number of user can sign a message using some rule and the message is sent to the verifier.
Please note that the LNCS Editorial assumes that all authors have used the western naming convention, with given names preceding surnames. This determines the structure of the names in the running heads and the author index.
A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 549–556, 2011. c Springer-Verlag Berlin Heidelberg 2011
550
S. Das, S. Mohanty, and B. Majhi
Blind signatures were first introduced by Chaum (1982) to protect the right of an individual privacy. A blind signature allows a user to acquire a signature without giving any information about the actual message or the resulting signature [4,5,6]. The properties of the blind signatures are: the signer can not to read the document during process of signature generation and the signer can not correlate the signed document with the act of signing. In a secure blind signature scheme, the signer is unable to link or trace this signed message to the previous signing process instance. This property is usually referred to as the unlinkability property. Due to the unlinkability (blindness) property, blind signature techniques have been widely used in the anonymous electronic cash (e-cash) and anonymous voting systems [9]. In this paper, we propose a designated verifiable blind multi-signcryption scheme, which is an organic combination of multi signcryption and blind signature. This scheme is based on the security of three computational hard problem, namely integer factorization(IF), discrete Logarithmic problem(DLP) and computational Diffie Hellman problem (CDHP) . The proposed scheme has following advantages: (i) The size of the generated authenticated ciphertext is independent of the number of total participating signcrypters. (ii) Except for the designated verifier, no one can obtain the signcrypted message and verify its corresponding signature. (iii) The multi signcryptrd text is cooperatively produced by a group of signcrypters instead of a single signcrypter. (iv) In case of a later dispute on repudiation, the recipient has the ability to convert the authenticated ciphertext into an ordinary one for convincing anyone of the signcrypter’s dishonesty. (v) Each signcrypter of the group cannot know a relationship between the blinded and the unblinded message and signature parameters. (vi) Only cooperation of all signcrypterers can generate a valid blind multi-signcrypted for the designated verifier. Other third parties or some (not all) signcrypters cannot forge a valid blind multi-signcrypted text. This scheme is more efficient for multi-party applications since the size of the generated authenticated ciphertext is independent of the number of total participating signcrypters. In addition, the computation costs for the verifier will not increase even if the signcrypter group is expanded. The proposed blind multi-signcryption is useful in the real life scenarios such as e-cash system, e-bidding, online lottery system and e-commerce applications. Outline of this paper is as follows: The proposed scheme is presented in Section 2. Section 3 contains the discussion about the scheme. Security analysis is done in Section 4, Performance Evaluation is disscussed in section 5, finally we conclude in Section 6.
2
The Proposed Scheme
The proposed multisigncryption scheme consisting of three parties, namely a requester(A), a group of n signcrypters (SG), a trusted party and a verifier(B). The scheme consisting of following four phases such as: setup, Blinding, signcryption, Unblinding and verification. The parameter used in the proposed scheme is given in Table 1.
A Convertible Designated Verifible Blind Multi-signcryption Scheme
551
Table 1. Parameters used in the proposed Scheme Parameter Function A Requester B Verifier SG Group of N signcrypter xi ,yi Private and public key of requester xv ,yv Private and public key of Verifier E and D Encryption and Decryption algorithim || Concatenation operator z,t Private parameter choosen by Signcrypter w Private parameter choosen by Verifier log ygi Log of Yi to the basis g +,-and * Adition, Substraction and Multiplication function resectively
Setup Step 1: The trusted party chooses a integer n as the product of two large primes p and q such that p=2p1 q1 + 1 and q=2p2 q2 + 1, where p1 , q1 ,p2 , q2 are all large primes [8]. Then he chooses g as a generator of GF(n). Then he submits n and g to the requester(A) Step 2: The RequesterA chooses his/her private key xi ∈ Zn∗ and publishes the public keyusing DLP [4]. yi = g xi mod n (1) Blinding Step 1: Then the requester chooses an private parameter w such that w = xi ∗yv mod n. Then encrypt the message by multiplying the value of w with the original message, then add the private key of the sender with that multiplication
M = xi + M ∗ w mod n
(2)
After that the requester encrypt the message using the public key of the verifier(B) M = yv ∗ M mod n (3)
Then he sends M to the signcrypter Signcryption After finding the message, signcrypters are signcrypt the message blindly without knowing the content of the message. The steps of signcryption is proceed as follows:
552
S. Das, S. Mohanty, and B. Majhi
Step 1 Each signcrypter randomly chooses an integer z and t compute the key by using the formula (4) K = z||(M ∗ z) mod n Then he finds the ciphertext by encrypting the message with the key
C = E(K, M ) mod n
(5)
After that each signcrypter computes three private element u, r and v as follows: u = yv ∗ t mod n
(6)
r = k ∗ u mod n
(7)
v =t−
logygi
∗ r mod n
(8)
After receiving all u, r and v value from all members, a clerck who may be a signcrypter of that group computes U, R and S as follows: U=
N
u mod n
(9)
r mod n
(10)
i=1
R=
N i=1
V =
N
v mod n
(11)
i=1
Then he sends this signcrypted text (U, R, V and C) to the requester, and the requester sends this to the verifier(B). Unblind and Verification Step 1 After finding this (U, R, V and C), the verifier(B) first checks the authenticity as follows: U − yv ∗ V + R = R ∗ (w + 1) mod n (12) w = g (yi )+(xv ) mod n
(13)
If this equation holds then the verifier(B) proceed to the next step, otherwise he sent to the message back. Then the verifier calculates the value of U and K as follows: (14) U = g xv (V + R ∗ logygi ) mod n K = R ∗ U −1 mod n
(15)
Then he finds the encrypted message by decrypting the ciphertext(C) with the key(K) M = D(K, C) mod n (16)
A Convertible Designated Verifible Blind Multi-signcryption Scheme
553
Then he calculate the the value of M by decrypting M with his private key as
M = D(xv , M ) mod n
(17)
After that he finds the original message by Exclusive-oring M with his public key as M = (M − g yi ) ∗ g−xv mod n (18) Correctness As U = g xv (V + R ∗ log ygi ) mod n = yv (t − log ygi ∗ R + R ∗ log ygi ) mod n = yv ∗ t mod n
3
Discussion
The security of breaking the private key of requester(A) is bound in the complexity of solving DLP. Also, the concept of safe prime is used in the key generation process which makes the scheme secure. The original message M blinded by attaching it to the private key of the requester along with a random parameter
Fig. 1. The layout of the proposed scheme
554
S. Das, S. Mohanty, and B. Majhi
choosen by him/herself. The signcrypter puts a signature on the blinded message and sends it back to the requestor. The requester checks the authenticity of the signature and extracts the signature. Then the requester sends the signature to a designated verifier(B). The verifier designcrypt the signcrypted text and recovers the original message M. It can be also verified by only the intended recipient of the signcryption. The accepted notion of security with respect to the non-repudiation is existential unforgeability (EUF) under adaptive chosen message attack. This implies message authentication and integrity. This scheme is convertible because in any case of legal dispute verifier can verify the message without the help of the signcrypter. The layout of the proposed scheme is discussed in Figure-1.
4
Security Analysis
First, it is shown that how the proposed scheme resists the attacks to recover the secret key of the signcryter. Then the proof of parameter reduction attack and forgery attack without using one way hash function is disscussed. Finally, the security of the blind multi-signcryption scheme is discussed. 4.1
Attacks for Parametre Reduction
The message recovery Eq. 18 can be written as follows: M=(D(xv,D(R*(g xv (V+R∗ log ygi )-1,C)−g yi )) g−xv mod n Therefore, the parameters in Eq 10 can not be reduced further. Hence the proposed scheme is resistant against parameter reduction attack. 4.2
Forgery Attack
Given the message M, a forger has to solve both Eq 5 and Eq 6 in order to get the triplet (C,R,V) as it is uses discrete logarithm problem. Also the value of p and q is very difficult to obtain as it is generated using safe primes. Even if both R and V known, it is very difficult to find the value of M and M as it uses the private key of the verifier. Lemma 1:Neither the clerk nor the signcrypter can forge a valid signcrypted text Proof: As the requester sends the triplet (C,R,V) to the verifier, where C= E(K, M ) mod n is its own for each signcrypter but R and V is made of summation of all signcrypters r and v as follows n R= i=1 r mod n n V= i=1 v mod n,where r = K ∗ u mod n and v=t-logygi *r mod n, as it is made from each signcrypters contribution, so neither the clerk nor any of the signcrypter can decrypt the valid signcrypted text.
A Convertible Designated Verifible Blind Multi-signcryption Scheme
555
Lemma 2: Only a designated verifier can verify the signcrypted text and able to recover the original message Proof: Since the message can be verified by using the M=(D(xv ,D(R*(g xv (V+R∗ log ygi )1,C)−g yi ))g−xv mod n , in this case no one except the verifier can find the key, as this message can be recovered by using the private key of the verifier. So it is secure against any external attack.
5
Performance Evaluation
The computational complexity of any cryptographic algorithim mainly depends upon on four major operation, namely, no. of inverse algorithim, no. of hash function, no. of exponential and no. of multiplication operation. We ignore the time for performing addition and subtraction operation. The following notations are used to analyze the performance of the proposed scheme; we have ignored the cost of setup phase in the analysis process. 1)TE is the time complexity of modular exponentiation. 2)TM is the time complexity of multiplication. 3)TH is the time complexity of hash function. 4)TI is the time complexity of inverse function. From Table II, it is clear that our scheme is devoid of any hash function, that implies computation cost for signcryption and verification is reduced considerably. The signcryption and verification phase of the proposed scheme has minimal no. of operation . Hence this scheme has low computational complexity and can be useful in practical application. Table 2. Performance evaluation of the proposed scheme Phases Proposed scheme Blinding 5TM Signcryption 3TM Unblinding and verification 3TM +TE +2TI
6
Conclusion
In this paper a new kind of multi-signcryption scheme is proposed, which allows a group of signers to cooperatively produce a blind authenticated ciphertext and preserves the characteristic signcryption scheme. Here only a specific recipient can recover the message and verify the signcrypted text. In case of a dispute, the recipient has the ability to release an ordinary multi-signature and to convince anyone of the singers’ dishonesty. The proposed scheme would be a better alternative for some organizational operations, in which the security requirements
556
S. Das, S. Mohanty, and B. Majhi
of integrity, confidentiality, authenticity, and non-repudiation can be simultaneously achieved with low computation and communication cost. It is proved and analyzed that the proposed scheme can withstand parameter reduction attack, forgery attack and can recover message from the signcrypted text itself. There is no message redundancy feature used in this scheme, but still it resists forgery attack. The scheme supports message recovery feature, as message is recovered from the signature and there is no need to send message along with the signcrypted text. The proposed scheme can be applicable to areas such as e-voting, e-cash and e-commerce.
References 1. Shen, Y., Xie, H., Yang, L.: The Study and Application of Group Blind Signature Scheme in E-commerce Security. IEEE, Los Alamitos (2009) 2. Chen, X., Zhang, F., Kim, K.: ID-Based Multi-Proxy Signature and Blind Multisignature from Bilinear Pairings. Information and Communications University(ICU), 305–732 3. Mohammed, E., Emarah, A.E., El-Shennawy, K.: A blind signature scheme based on Elgamal signature. In: Seventeenth National Radio Science Conference, pp. 22–24 (February 2009) 4. Liu, Y., Yin, X., Chen, J.: A Forward Secure Blind Signature Scheme.In: Congress on Image and Signal Processing (2008) 5. Lopez-Garca, L., Martnez-Ramos, L., Rodrguez-Henrquez, F.: A Comparative Performance Analysis of Several Blind Signature Schemes. In: International Conference on Electrical Engineering, Computing Science and Automatic Control, pp. 310–315 (November 2008) 6. Fan, C.-I., Guan, D.J., Wang, C.-I., Lin, D.-R.: Cryptanalysis of Lee-HwangYang blind signature scheme. Computer Standards and Interfaces 31, 319–320 (2009) 7. Kang, B.: On the security of proxy blind multisignaturescheme without a secure channel. In: 2nd International Conference on Computer Engineering and Technology (2009) 8. Wang, C.-H., Hwang, T., Lee, N.-Y.: Comments on two group signatures. Information Processing Letters 69, 95–97 (1999) 9. Tian, X.-X., Li, H.-J., Xu, J.-P., Wang, Y.: A Security Enforcement ID-based Partially Blind Signature Scheme. In: International Conference on Web Information Systems and Mining (2009)
Middleware Services at Cloud Application Layer Imad M. Abbadi Department of Computer Science University Of Oxford
[email protected]
Abstract. Cloud infrastructure is composed of enormous resources, which need to be securely and reliably coordinated and managed to provide end-to-end trusted services in the Cloud. Such coordination and management could be supported using a set of middleware. A middleware should provide a set of trustworthy automated management services. Such services would help in moving current untrusted Cloud to a trustworthy Clouds’ Internet scale critical infrastructure. The main contribution in this paper is identifying Cloud middleware types focusing on application layer management services and their interdependencies. To the best of our knowledge our paper is the first to identify middleware services and their interdependencies. We demonstrate services interdependencies and interactions using a multi-tier application architecture in Cloud computing context. Finally, we discuss the advantages of middleware services for establishing trust in the Cloud and provide our research agenda in this direction.
1
Introduction
Cloud is defined as “an elastic execution environment of resources involving multiple stakeholders and providing a metered service and multiple granularities for specified level of quality”[11]. Cloud support three main deployment types Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) [12]. The technologies behind current Cloud infrastructure are not new, as they have been used in enterprise infrastructure for many years [14]. Cloud computing current understanding become popular with Amazon EC2 in 2006 [5], and its infrastructure is built up of technologies and processes based on in-house solutions. The two main characteristics of potential Cloud critical infrastructure, which differentiate it from traditional enterprise infrastructure are pay-per-use payment model and automated management services [11]. Such services provide Cloud computing with exceptional capabilities and new features. For example, scale per use, hiding the complexity of infrastructure, automated higher reliability, availability, scalability, dependability, and resilience. These should help in providing a trustworthy resilient Cloud computing, and should result in cost reduction. The main objective of this paper is to identify and analyze Cloud application middleware automated management services and their interdependency. We also A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 557–571, 2011. c Springer-Verlag Berlin Heidelberg 2011
558
I.M. Abbadi
discuss how such services help in establishing trust in the Cloud. This paper is organized as follows. Section 2 defines the scope of the paper and related work. Section 3 defines application layer middleware self-managed services and their interdependence. Section 4 provides a typical multi-tier architect in cloud environment, and discusses how the conceptual models proposed in section 3 support trustworthy and resilient multi-tier application in the Cloud. Finally, we conclude the paper and propose our research agenda in Section 5 .
2
Scope of the Paper and Related Work
Cloud computing can conceptually be viewed from different angles. For the purpose of our paper Cloud computing conceptually consists of multiple intersecting layers as follows (for detailed description about Cloud taxonomy see [1]). 1. Physical Layer — This layer represents the main physical components and their interactions, which constitute Cloud physical infrastructure. Example of these include physical servers, storage, and network components. The physical layer resources are consolidated to serve the Virtual Layer. 2. Virtual Layer — This layer represents the virtual resources, which are hosted by the Physical Layer. Cloud customers in IaaS Cloud type interact directly with the virtual layer, which hosts Clouds customer applications. This layer consists of multiple sub-layers: Virtual Machine (VM), virtual network, and virtual storage. 3. Application Layer — This layer has Clouds’ customer applications, which are hosted using resources in the Virtual Layer. Moving current Cloud infrastructure to the potential trustworthy infrastructure requires a set of trustworthy middleware services. Middleware services glue resources within Cloud layers together by providing a set of automated selfmanaged services that consider users’ security and privacy requirements by design. These services should be transparent to Clouds’ customers and should require minimal human intervention. The implementation of self-managed services’ functions in middleware would mainly depend on the middleware location within Cloud’s layers. For example, a Virtual Layer Middleware is needed between Physical Layer and Virtual Layer to provide infrastructure transparent services to virtual layer, and an Application Layer Middleware is needed between Virtual Layer and Application Layer to provide transparent management services to applications. We have previously defined Virtual Layer Middleware self-managed services and the security challenges for providing such services in [3]. In this paper for clarity we mainly focus on Application Layer Middleware self-managed services. In this paper we continue our previous work in [4], which discusses the misconceptions about Cloud computing, discusses Cloud structural components, and derives the main security challenges in the Cloud. In this paper we mainly focus
Middleware Services at Cloud Application Layer
559
on self-managed services at application layer, factors affecting their actions, and their interdependency. We could not find related work going in same direction of this paper. However, there are other work (see, for example, [8,19]) analyzing Cloud properties from user perspectives, and mainly focus on analyzing Cloud provided services (IaaS, PaaS, and SaaS). However, these do not discuss application layer automated management services and their interdependency. The work in autonomic computing [10] is not related to our work, as it is mainly concerned about physical layer management, which is very different than virtual and application layer management. To the best of our knowledge our work is the first to identify middleware management services interdependency at the application layer.
3
Middleware Services of Application Layer
Middleware Services of Application layer (which we also refer to as self-managed services of Application Layer) are about providing Cloud Application Layer with exceptional capabilities enabling it to automatically manage all applications running on the Cloud, their interdependencies, and take appropriate actions on emergencies. These should support application availability, reliability, scalability, resilience, and adaptability that consider user requirement of security and privacy by design. In this section we provide a set of conceptual models for these services. We use these in subsequent sections to describe their interactions when managing a multi-tier application architect in the Cloud. 3.1
Adaptability
Adaptability is the ability to provide timely and efficient support of applications on system changes and events. Adaptability should always ensure that the overall system properties are preserved (e.g. security, resilience, availability and reliability) when taking an action. The Adaptability service should automatically decide on an action plan and then manage it by coordinating with other services in the same layer or other layers. Figure 1 provides a conceptual model of Adaptability service’s functions. This Figure provides examples of Events and Changes, which Triggers the Adaptability service. The Adaptability service in turn Performs Actions based on the Events and Changes. The Actions also Triggers Cascaded Actions to other services in both Application Layer and Virtual Layer. The Adaptability Service follows a set of rules defined by cloud authorised employees defining Actions and Cascaded Actions. 3.2
Resilience
Resilience in application layer is the ability of system to to maintain an application features (e.g. serviceability and security) despite a number of components
560
I.M. Abbadi
Fig. 1. Adaptability Service
Fig. 2. Resilience Service
failures. High resilience at application layer can be achieved by providing: high resilience at virtual layer and well planned procedures, which we have discussed in detail at [3]. High application layer resilience also requires application redundancy, which can be of two types: active/active or active/passive. Active/Passive (what is also referred to as hot-standby) means the passive application can only process requests once the Active application has failure. Active/Active, on the other hand, means multiple copies of the same application process requests simultaneously. Resilient design helps in achieving higher availability and end-to-end service Reliability, as its design approach focuses on tolerating and surviving the inevitable failures rather than trying to reduce them. The Resilience service communicates with other services to collaborate in providing end-to-end resilient Cloud. Figure 2 provides a conceptual model for Resilience service functions that should be provided to maintain the overall end-to-end application resilience. This Figure provides examples of Single Point of Failure, which Triggers the Resilience service. As we see in the Figure 2 the Adaptability Service first receives a notification of Single Point of Failure events, and then it manages the events. This management would include interacting with other services, which we are interested in the Resilience Service in this part. The Resilience service in turn Performs Actions based on the Single Point of Failure. If the Actions failed to guarantee resilience the Figure provides examples
Middleware Services at Cloud Application Layer
561
Fig. 3. Scalability Service
of Cascaded Actions that are followed. Such Actions and Cascaded Actions follow a set of rules defined by Clouds’ authorised employees. 3.3
Scalability
Scalability at the Application Layer is providing an application with capabilities to quickly and efficiently adapt to the addition and removal of virtual resources. For example, on peak periods the virtual layer scales resources up, and similarly on off-peak periods the virtual layer should release unneeded resources. These should be reflected at the application to support the addition and removal of virtual resources. Also, these should not affect fundamental system properties and should always represent user requirements (e.g. security and privacy). The Adaptability service at the Virtual Layer (see [3] for detailed description of Virtual Layer services) upon detecting a need for either adding resources (e.g. peak period) or removing resources it instructs the virtual layer Scalability service to do so. The virtual layer Scalability service should trigger the application layer Adaptability service to adapt to changes in the Virtual Layer. The Adaptability service at the Application Layer then triggers the Scalability service at the application layer to scale the application to adapt to such changes. Scalability type at virtual layer can be: Horizontal Scalability, Vertical Scalability, or combination of both. Horizontal Scalability is about the amount of instances that would need to be added or removed to a system to satisfy increase or decrease in demand. Vertical Scalability is about increasing or decreasing the size of instances themselves to maintain increase or decrease in demand. In this regard application layer scalability reacts differently to both types of scalability. For example, Horizontal Scalability means the application will be replicated at the newly created VMs; however, Vertical Scalability means the application needs to take advantages of the additional allocated resources (e.g. increase memory usage, spawn additional child processes). Also, in both cases the Scalability process needs to notify the Availability and Reliability services. Figure 3 provides a conceptual model for application Scalability service. This Figure provides the Actions from Adaptability service that triggers the Scalability service. The Scalability service in turn Performs appropriate Actions.
562
I.M. Abbadi
3.4
Availability
Availability of a service represents the relative time a service provides its intended functions. High levels of availability are the result of excellent resilient design.
Fig. 4. Availability Service
Availability service at application layer is in charge of distributing requests coming to an application across all redundant application resources based on their current load. If a resource is down or it is relatively overloaded, the Availability service should immediately stop diverting traffic to that resource, and re-diverts traffic to other active resources until the Adaptability service fixes the problem or until the overloaded resource returns to normal processing capacity. Figure 4 provides a conceptual model for application Availability service. This Figure provides examples of Events from Resilience and Changes from Scalability service, which Triggers the Availability service. The Availability service in turn Performs Actions based on the Events and Changes. The Actions also Trigger Cascaded Actions to other services in both Application Layer and Virtual Layer. 3.5
Reliability
Reliability is related to the success in which a service functions [15]. High endto-end service reliability implies that a service always provides correct results and guarantees no data loss. Higher individual components reliability together with excellent architect and well defined management processes, help in supporting higher resilience. This in turn increases end-to-end service reliability and availability. Reliability is of higher priority than Availability service. Most importantly it ensures that the end-to-end service integrity is maintained (i.e. no data loss and correct service execution). If service integrity is affected by anyway and cannot be immediately recovered, Reliability service then notifies the Availability service to immediately bring a service or part of a service down. This is to ensure that data integrity is always protected. Simultaneously, Adaptability and Resilience service should automatically attempt to recover the system and notifi system administrators in case of a decision cannot be automatically made
Middleware Services at Cloud Application Layer
563
Fig. 5. Reliability Service
(e.g. data corruption that requires manual intervention by an expert domain administrator). Figure 5 provides a conceptual model for application Reliability service. This Figure provides examples of Events from Resilience, Events from Virtual Layer Services, and Changes from Scalability service, which Triggers the Reliability service. The Reliability service in turn PerformsActions and Cascaded Actions based on the Events and Changes. 3.6
Security and Privacy
Security and Privacy at application layer is about ensuring Cloud user security and privacy requirements are maintained by the environment surrounding the application (it is important to re-stress that we are covering the middleware services supporting the application and not the application itself). This for example includes (a.) protecting Cloud user data whilst in transit (transferred to the Cloud and back to the client, and transferred between Cloud structure components), (b.) protecting the data whilst being processed by application, (c.) protecting the data when transferred across Cloud services, (d.) protecting data whilst in storage, and (e.) ensuring that the application runs at a pre-agreed geographical location and also data stored at pre-agreed geographical location. Security and privacy should be built into all other services as default option. Figure 6 provides a conceptual model of Security and Privacy service at Application Layer. This Figure provides examples of Events and Application Services, which trigger the Security and Privacy service. The Security and Privacy service in turn takes Actions based on the Events or Application Services. 3.7
Summary of Services Interdependency
Figure 7 provides a summary for the interaction amongst Application Layer middleware self-managed services, as we discuss throughout this section. This Figure provides a high level overview and it is meant not to cover deep details
564
I.M. Abbadi
Fig. 6. Security and Privacy Service
Fig. 7. Application Layer Self Managed Services Interaction
for clarity. In this Figure Adaptability Service acts as the heart of self-managed services. For example, it intercepts faults and changes in user requirements, manages these by generating action plans, and delegates action plans to other services. To be in a position to do this, the Adaptability Service communicates with Resilience Service, Scalability Service, and Reliability Service. The Resilience Service requires having redundant resources, which is represented by relation Maintains on Redundancy. Excellent resilient design results in higher availability and reliability. This is indicated using Supports relation between Resilience Service with Availability Service and Reliability Service. Scalability Service (it starts based on Triggers received from Adaptability Service) instructs either Adapt to Vertical Scaling and/or Adapt to Horizontal Scaling processes. It also Notifies Availability Service and Reliability Service once scaling is done. The Reliability Service is linked with Integrity process using Must Provide relation. The outcome of the Integrity process is fed to the Reliability Service. If application integrity is affected by any way the Reliability Service sends an Integrity Failure message to both Availability Service and Adaptability Service.
Middleware Services at Cloud Application Layer
4
565
Services Interaction for Multi-tier Application in the Cloud
In this section we start by proposing a typical multi-tier application architect in the Cloud, and then discuss the required classes of middleware. We then describe how it can be managed using the proposed services’ conceptual models. 4.1
Application Architecture in the Cloud and Types of Middleware
Figure 8 illustrates an architect of a muti-tier application in the Cloud. The Application Layer in such multi-tier architect would typical be composed of the following components. 1. Server Backend Application — Is in charge of maintaining backend database repository. The database repository runs in an appropriate container (e.g. Oracle DBMS [17], Microsoft SQL Server [13], Derby [9]). The Server Backend Application would typically be hosted on a set of dedicated VMs, which we refer to as Backend VMs. 2. Server Middle-tier Application — Is in charge of running application business logic functions that interact with Client Frontend Application. The middletier application runs in an appropriate container (e.g. Apache/Tomcat [6], Weblogic [18], Oracle Application Server[16]), which would normally be hosted and replicated across a set of VMs that we refer to as Middle-tier VMs. Middle-teir VMs and backend VMs are usually separate and independent in production environment for several reasons (e.g. security, resource management, and resilience). These two sets of VMs could be combined and even hosted on a single VM for development and test environment. 3. Client Frontend Application — Client application could be combination of HTML, JavaScript, Java Applets, or even a standalone application that would need to communicate with the Cloud for special purposes (e.g. upload data on the Cloud for backup purposes, or be part of a supply chain application). Client application could be stored at either Cloud customer environment or inside Middle-tier VMs, based on the application nature. The Cloud customer at run time (possible downloads and) runs the Client Frontend Application at client side. For example, media organizations usually have editorial systems and online web systems. A media organization could move its online web systems on the Cloud and keep the editorial applications hosted on their local infrastructure. The organization editorial employees use their local editorial applications when creating and editing stories. The organization customers, on the other hand, access online web systems from the Cloud. In this case the Client Frontend Application nature (for organization customers) is a HTML/JavaScript; however, the Client Frontend Application nature (for organization employees) is standalone applications, which transfer stories into online web systems hosted at the Cloud.
566
I.M. Abbadi
Fig. 8. A Typical Multi-tier Application Architect in the Cloud
Fig. 9. Middleware Types for a Multi-Tier Application in the Cloud
Middleware Services at Cloud Application Layer
567
The proposed multi-tier application architect requires a set of trustworthy middleware, as follows (see Figure 9). 1. Virtual Layer Middleware — This middleware intermediates the communication between physical layer and application layer. It should provide transparent infrastructure management services to application layer via a set of selfmanaged services (see [3] for further details). Application Layer Middleware requires these services to support trustworthy and resilience application. 2. Application Layer Middleware — As discussed before this middleware should provide a transparent management services to server applications via a set of self-managed services. This middleware is conceptually composed of two parts: (a.) Server Middle-tier Middleware that supports Server Middle-tier Application, and (b.) Server Backend Middleware that supports Server Backend Application. These middleware should coordinate amongst each other to provide trustworthy and Resilience service between Server Middle-tier Application to Server Backend Application. They also need to coordinate with the other types of middleware to provide trustworthy and Resilience service between Client Frontend Application to Virtual Layer. 3. Client Frontend Middleware — This middleware should provide transparent management services on Client Frontend Application via a set of selfmanaged services. The services’ functions should coordinate with Server Middle-tier Middleware in order to provide trustworthy service between client middle-tier middleware to Server Middle-tier Middleware. 4.2
Middleware Services Interaction
In this section we use the conceptual models proposed in section 3 to discuss middleware services interaction when managing the multi-tier architect proposed earlier. Our discussion is based on providing several examples for the interaction amongst Client Frontend Middleware, Server Middle-tier Middleware, and Server Backend Middleware to self-manage the overall application. For brevity in this we do not discuss Virtual Layer Middleware except when absolutely necessary. Client Frontend Middleware — Supporting Client Frontend Application requires the following self-managed services (in this we do not discuss issues related to customer environment’s self-managed services as it is outside the scope of the paper; for example, we do not discuss Availability and Scalability services for this specific case). 1. Adaptability — This service is in charge of adapting Client Frontend Application side to changes provided by Cloud provider (i.e. Server Middle-tier Middleware), e.g. changes in service location, degraded performance, and incidents. This would enable Adaptability service at client side to take appropriate actions. Example of actions include (see Figure 1): (a.) on change of service location the Middle-tier Middleware’s Adaptability service sends the new location to Client Frontend Middleware Adaptability service, the client can then reestablish communication to new location; (b.) on change of performance due
568
I.M. Abbadi
to emergency the client could reduce its requests to the minimal or even do offline processing and then upload the result on the Cloud; and (c.) on security incidents the client could temporarily follow an emergency plan. These are just sample examples, which would be based on application nature. It is important to re-stress at this point that the application is not necessarily a simple HTML, as it could be an interactive application that do processing at Clouds’ customer location and then communicates with Cloud for follow up process. 2. Resilience — This service is about providing resilient service at client side when communicating with the Cloud (see Figure 2). The service, in this context, mainly attempts to re-establish failed communication with the Cloud (i.e. with Server Middle-tier Middleware) 3. Reliability — This service is concerned about maintaining service reliable for Client Frontend Application when communicating with the Cloud (see Figure 5). The service, in this context, ensures reliability when data transferred/received to/from Cloud, and ensures reliability when data processed at Client Frontend Application. 4. Security and Privacy — Is related to providing security measures at Cloud customer side for Client Frontend Application (see Figure 6). This, for example, includes (a.) protecting client’s data when retrieved from the Cloud and stored or processed at client environment, and (b.) protecting data whilst being transferred to/from the Cloud. Server Middle-tier Middleware supports Server Middle-tier Application and requires the following self-managed services. 1. Adaptability — This service is in charge of supporting changes and events that might affect the functions of Server Middle-tier Application, as illustrated in Figure 1. Example of these includes: (a.) problems in the Cloud, which require relocating the service to another location. The service communicates with the Client Frontend Middleware’s Adaptability service to take an appropriate action; (b.) if Server Middle-tier Application cannot be restarted because of hardware related issues the Adaptability service coordinates with the Adaptability service at all other dependent middleware (e.g. virtual layer middleware and Client Frontend Middleware); and (c.) if application cannot be restarted because of dependency problem, the Adaptability service manages this by finding dependent applications and re-validating their availability. 2. Resilience — This service covers the following examples (see Figure 2). (a.) subject to the Client Frontend Application nature, the Resilience service re-establish communication with the Client Frontend Middleware on failure; (b.) re-establish communication with Server Backend Middleware on failure; (c.) restart Server Middle-tier Application on failure; and (d.) if the application cannot be restarted because of an error (application, environment, or
Middleware Services at Cloud Application Layer
3.
4.
5.
6.
569
others) the service follows appropriate procedure based on the error nature (e.g. triggers the Adaptability service). Scalability — This service is mainly concerned about Server Middle-tier Application adaptability issues when the hosting underneath resources scales up/down. This covers (see Figure 3): (a.) scaling up resources allocated to VM hosting Server Middle-tier Application. This requires the application to follow a set of processes, e.g. spawn further child processes; (b.) scaling up by adding a VM, which require the application to follow a different process, e.g. notifies the Availability service to redistribute the incoming load to the newly created VM, and redistribute client sessions considering the new VM; and (c.) scaling down by removing additional resources allocated in (a.) or removing the additional VM allocated in (b.), each requires following a somehow a reverse process and notifies the Availability service. Availability — This service is in charge of distributing the load coming from Client Frontend Application and Server Backend Application evenly across Server Middle-tier Application redundant resources. If a resource is down, the Availability process immediately stops diverting traffic to that resource, and re-diverts the traffic to other active resources until the Adaptability process fixes the problem. Also, when the hosting environment scales up/down the Availability service re-considers incoming requests distribution based on the nature of the scaling. These are illustrated in Figure 4. Reliability — This service is concerned about maintaining service reliable for Server Middle-tier Application when communicating with both Server Backend Application and Client Frontend Application. Example of processes provided by this service include (see also Figure 5) the following: (a.) verifying reliability when data transferred/received between applications, and (b.) verifying reliability whilst data is processed. Security and Privacy - Is related to maintaining Cloud customer’s security and privacy requirements are maintained by the environment surrounding Server Middle-tier Application. This includes (see Figure 6) the following: (a.) protecting client’s data when retrieved from the Client Frontend Application, (b.) protecting data whilst being processed by Server Middle-tier Application, (c.) protecting data when transferred to/from Server Backend Application, (c.) protecting data on storage, and (d) ensuring security and privacy is preserved for all other services (e.g. securing communication baths).
Server Backend Middleware, which is required to support Server Backend Application, requires same services that are required for Server Middle-tier Middleware. The main difference is that this middleware does not communicate with the Client Frontend Middleware. It mainly protects the application that intermediates the communication between Server Middle-tier Application and backend storage, where data eventually stored. This in turn means this middleware services’ implementation would require to provide additional functions and security features for managing database instance that interacts with the storage.
570
5
I.M. Abbadi
Discussion, Conclusion, and Research Direction
Cloud computing is complex and composed of enormous and heterogeneous resources that need to cooperate, exchange critical messages and coordinate amongst themselves. Such complexity of communication and coordination are error prone and are subject to various security threats. This is especially the case as Cloud computing has recently emerged to academic research from industry because of its promising potential as an Internet-scale computing infrastructure [7,11]. The lack of academic research that formally analyze current Cloud infrastructure increases its vulnerabilities. Cloud infrastructure is expected to support Internet scale critical applications (e.g. hospital systems, smart grid systems). Critical infrastructure and even organizations will not outsource their critical resources at public Cloud without strong assurance about its trustworthiness. Therefore, establishing trustworthy Cloud infrastructure is the key factor to move critical resources into the Cloud. In order to move in this direction for such a complex infrastructure, we virtually split Cloud infrastructure into layers, as illustrated in Figure 8. Each layer relies on the services and resources provided by the layer directly underneath it, and each layer services’ rely on messages communicated with both the layer directly underneath it and above it. Each two adjacent layers have a specific middleware that provides self-managed services. These services’ implementations are based on the layer they serve. Also, different types of middleware services coordinate amongst themselves and exchange critical messages. Establishing trusted middleware services is paramount for providing trustworthy Cloud infrastructure. In our opinion establishing trust in the Cloud requires two mutually dependent elements: (a.) supporting Cloud infrastructure with proper mechanisms and tools helping Cloud providers to automate the process of managing, maintaining, and securing the infrastructure; and (b.) developing methods helping Cloud users and providers to establish trust in the infrastructure operation by continually assessing the operations of the Cloud infrastructure. In our previous work ([2]) we focus on point (b). We discussed point (a) in two papers: in this paper we mainly focus on application layer middleware services, and in our previous work ([3]) we outlined virtual layer services. We are planning to extend our work and build a trust model that clearly clarifies each middleware service functional specifications in all discussed middleware types. The trust model will identify the interdependence across all types of middleware services. It should also clarify how the collaboration across middleware services would establish trust in the Cloud.
Acknowledgment This research has been supported by the TCloud project1 , which is funded by the EU’s Seventh Framework Program ([FP7/2007-2013]) under grant agreement number ICT-257243. The author would like to thank Andrew Martin and Cornelius Namiluko for their discussion and valuable input. The author would also like to thank IWTMP2PS 2011 anonymous reviewers for their comments. 1
http://www.tClouds-project.eu
Middleware Services at Cloud Application Layer
571
References 1. Abbadi, I.M.: Clouds’ infrastructure taxonomy, properties, and management services. In: CloudComp 2011: To Appear In Proceedings Of The International Workshop On Cloud Computing- Architecture, Algorithms And Applications. LNCS. Springer, Berlin (2011) 2. Abbadi, I.M.: Operational trust in clouds’ environmen. In: MOCS 2011: To Appear In Proceedings Of Workshop On Management Of Cloud Systems. IEEE Computer Society, Los Alamitos (2011) 3. Abbadi, I.M.: Self-Managed Services Conceptual Model in Trustworthy Clouds’ Infrastructure. In: Workshop on Cryptography and Security in Clouds. IBM, Zurich (2011), http://www.zurich.ibm.com/~ cca/csc2011/program.html 4. Abbadi, I.M.: Toward Trustworthy Clouds’ Internet Scale Critical Infrastructure. In: Bao, F., Weng, J. (eds.) ISPEC 2011. LNCS, vol. 6672, pp. 71–82. Springer, Heidelberg (2011) 5. Amazon : Amazon Elastic Compute Cloud, Amazon EC2 (2010), http://aws.amazon.com/ec2/ 6. Apache (2011), http://apache.org/ 7. Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R.H., Konwinski, A., Lee, G., Patterson, D.A., Rabkin, A., Stoica, I., Zaharia, M.: Above the Clouds: A Berkeley View of Cloud Computing (2009), http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.pdf 8. Cloud Computing Use Case Discussion Group. Cloud computing use cases (2010), http://cloudusecases.org/Cloud_Computing_Use_Cases_Whitepaper4_0.odt 9. Derby (2011), http://db.apache.org/derby/ 10. IBM. Autonomic computing (2001), http://www.research.ibm.com/autonomic/ 11. Jeffery, K., Neidecker-Lutz, B.: The Future of Cloud Computing—Opportunities For European Cloud Computing Beyond (2010) 12. Mell, P., Grance, T.: The NIST Definition of Cloud Computing 13. Microsoft Corporation. Microsoft SQL Server (2008), http://www.microsoft.com/sqlserve 14. Sun Microsystems. Take Your Business to a Higher Level (2009) 15. Musa, J.D., Iannino, A., Okumoto, K.: Software reliability: measurement, prediction, application (professional ed.), USA, McGraw-Hill, Inc., New York (1990) 16. Oracle Application Server (2010), http://www.oracle.com/technetwork/middleware/ias/overview/index.html 17. Oracle DBMS (2011), http://www.oracle.com/us/products/database/index.html 18. Weblogic (2007), http://www.bea.com 19. Youseff, L., Butrico, M., Da Silva, D.: Toward a unified ontology of cloud computing. In: Proceedings of Grid Computing Environments Workshop, pp. 1–10. IEEE, Los Alamitos (2008)
Attribute Based Anonymity for Preserving Privacy Sri Krishna Adusumalli and V. Valli Kumari Department of Computer Science and Systems Engineering, Andhra University Visakhapatnam, Andhra Pradesh, India, 530 003 {srikrishna.au,vallikumari}@gmail.com
Abstract. Privacy Preserving Publication has become much concern in this decade. Data holders are simply publishing the dataset for mining and survey purpose with less knowledge towards privacy issues. Current research has focused on statistical and hippocratic databases to minimize the re-identification of data. Popular principles like k-anonymity, l-diversity etc., were proposed in literature to achieve privacy. There is a possibility that person specific information may be exposed when the adversary ponders on different combinations of the attributes. In this paper, we analyse this problem and propose a method to publish the finest anonymized dataset that preserves both privacy and utility. Keywords: Privacy, Attribute Generalization, Information Loss.
1 Introduction The affordability of computation, memory and disk storage is enabling large volumes of person specific data is to be collected. Data holders with little knowledge about privacy are releasing the information and thus compromising the privacy. On the other fold the end users are also not aware of privacy issues and several software giants like Google, Microsoft etc., are tracking search queries of the individuals. In this regard protecting data from re-identification has become the most challenging problem when important data like census, voter registration and medical information of patients is released by hospitals, financial institutions and government organizations for mining or survey purposes. Research towards protecting individual’s identity is being done extensively. In 2002 when medical data is linked with the voter’s registration list 87% of USA population was identified with the release data having gender, data of birth and zip code as attributes [1]. To avoid this breach, the data is anonymized by using generalization and suppression that turned into a protection model named k-anonymity [1]. When Netflix data set was deanonymized individuals information was exposed [2]. AOL [3] removed their query logs immediately due to re-identification of person specific information. When data is published, the original data table (T) as shown in the Table 1 is anonymized and the anonymized dataset (∆T) (Table 3) is released for mining purpose. The anonymized table does not contain any Identifying attributes such as SID, Name etc., Some attributes that might reveal the information when linked with the external dataset are termed as Quasi Identifiers (QID), for example: zip code, age, A. Abraham et al. (Eds.): ACC 2011, Part IV, CCIS 193, pp. 572–579, 2011. © Springer-Verlag Berlin Heidelberg 2011
Attribute Based Anonymity for Preserving Privacy
573
date of birth etc. The elementary way of protecting the privacy for a dataset can be done by using k-anonymity. By definition, in the anonymized data released the values of each record are similar to atleast (k-1) other records. This is achieved with the help of generalization and suppression. The framework of k-anonymity is to generalize or suppress some values on Quasi Identifier attributes. Generalization [8] is achieved by generalizing the attribute values to specific value. For example if you consider age attribute of a person say Alice to be 23 we transform it to [20-25] range thereby preserving the semantic nature of the attribute value. Sometimes the generalization is achieved using the desired taxonomy tree as shown in the fig. 1. Table 1. Original Microdata Table Name Alice Bob Korth Jane Korth Harry Sandeep Jack Mary Patricia Benny Ally
Age 26 28 20 24 51 58 44 48 32 38 35 33
Zipcode 53053 53068 53068 53053 54853 54853 54850 54850 53053 53053 53068 53068
Gender Male Male Male Female Male Female Male Male Female Female Female Female
Disease Cancer HIV Flu HIV HIV HIV Obesity Flu Flu Flu HIV Obesity
Table 2. Table without Identifiers Age 26 28 20 24 51 58 44 48 32 38 35 33
Fig. 1. Taxonomy Tree
Zipcode 53053 53068 53068 53053 54853 54853 54850 54850 53053 53053 53068 53068
Gender Male Male Male Female Male Female Male Male Female Female Female Female
Disease Cancer HIV Flu HIV HIV HIV Obesity Flu Flu Flu HIV Obesity
574
S.K. Adusumalli and V.V. Kumari
In this paper we use generalization without any loss of generality. The main objective is that the anonymized dataset that is to be published should preserve both privacy and utility. Our proposed algorithm (Algorithm 1) preserves anonymity and as well as good utility by measuring the information loss on the produced anonymized data sets which are generated by the combination of attributes. To achieve this we adopted the k-anonymity principle for grouping the data. This paper is divided into 4 sections. Section 2 discusses the related work. The proposed work and information loss measuring is explained in section 3 and section 4 concludes the paper.
2 Related Work This section reviews some of the known works in the area. Statistical community resolved re-identification of person specific data but none provided a better and efficient solution for providing anonymity. According to [4] the statistical databases which are used for data mining and fraud detection were released to the miner by adding some noise to the data but on the go it deteriorated the integrity of the tuples thereby turning out for an inappropriate use of data. On the other side some researchers introduced aggregation technique where the data is classified into lower and higher types and then restriction was done in a way that the higher type of the classified data cannot be inferred [5]. The draw backs of the above mentioned methods were overcome by k-anonymity model to an extent by using generalization and suppression [1]. K-anonymity identifies the appropriate Quasi-Identifiers and then generalizes them to a higher level such that the anonymized group will contain atleast k tuples. Our proposed method adopts this principle and considers the combination of attributes and produces different sets of anonymized dataset from which we select the finest among all by measuring the utility of the produced combinatorial datasets.
3 Proposed Work One way of protecting privacy is to group the data such that person specific data cannot be identified. In our proposed approach we adopted the k-anonymity principle [1]. Our work is divided into two fold. We initially generate different possible anonymized datasets considering the taxonomy tree as shown in the fig.1. The anonymized dataset should provide privacy and utility for mining purpose. This goal is being achieved on the second fold by calculating the information loss (I) for all the anonymized datasets that were produced in first stage. The ∆T table which has low information loss will be published. This produced anonymized table is the finest dataset that provides both anonymization and utility. 3.1 Attribute Combination Based Generalization By definition k-anonymity applies the generalization and suppression techniques to the attribute values and then groups the data such that anonymized dataset contains atleast k similar tuples. Abiding to this principle we initially consider the original
Attribute Based Anonymity for Preserving Privacy
575
table (DS) as shown in the table 1. Let DAi be the domain of the dataset DS and be the attribute value set and we term the selected attributes as Quasi-Identifiers. Initially we give an anonymized dataset and k value to the algorithm (Algorithm 1). We apply it for the entire attribute domain DAi. Then the first Quasi-Identifier (QID) attribute i.e., DA1 is selected and the dataset is sorted in ascending order. After sorting we calculate the count i.e., frequency of the support of each attribute value. If DAi [vj] < k we then perform the generalization of the attribute value to a higher level based on the taxonomy tree. We repeat this process (step 4 to 11) for the entire domain values till the support value is greater than or equal to k. Table 3. Anonymized Dataset D1 Age [20-28] [20-28] [20-28] [20-28] [32-38] [32-38] [32-38] [32-38] [44-58] [44-58] [44-58] [44-58]
Zipcode [53053-53068] [53053-53068] [53053-53068] [53053-53068] [53053-53068] [53053-53068] [53053-53068] [53053-53068] [54850-54858] [54850-54858] [54850-54858] [54850-54858]
Gender Person Person Person Person Female Female Female Female Person Person Person Person
Disease HIV Flu HIV Cancer Flu Obesity HIV Flu Flu HIV Obesity HIV
Table 4. Anonymized Dataset D3 Zipcode 53053 53053 53053 53053 53068 53068 53068 53068 [54850-54858] [54850-54858] [54850-54858] [54850-54858]
Age [20-38] [20-38] [20-38] [20-38] [20-38] [20-38] [20-38] [20-38] [44-58] [44-58] [44-58] [44-58]
Gender Person Person Person Person Person Person Person Person Person Person Person Person
Disease Flu HIV Flu Cancer HIV Obesity HIV Flu Flu HIV Obesity HIV
Once the selected Quasi-Identifier is generalized we sort the remaining QuasiIdentifiers in descending order. For every tuple Tx in the dataset if the tuples DAi [Vx] and DAi [Vx+1] are not equal then for every tuple Ty to Tx if the count of the support value of DAj [vj] < k we then generalize the attribute value and repeat the steps 18 to 23 as shown in the algorithm (Algorithm 1) until support for all the attribute values is >=k.
576
S.K. Adusumalli and V.V. Kumari Table 5. Anonymized Dataset D5 Gender Female Female Female Female Female Female Male Male Male Male Male Male
Age [20-58] [20-58] [20-58] [20-58] [20-58] [20-58] [20-58] [20-58] [20-58] [20-58] [20-58] [20-58]
Zipcode [53053-54858] [53053-54858] [53053-54858] [53053-54858] [53053-54858] [53053-54858] [53053-54858] [53053-54858] [53053-54858] [53053-54858] [53053-54858] [53053-54858]
Disease HIV Obesity Flu HIV Flu HIV Obesity Flu Cancer HIV Flu HIV
Algorithm 1. Anonymized Dataset Constructor Input: A Original Dataset DS and K value Output: Anonymized Datasets [D1-DN] Method: Constructing anonymized dataset based on attribute ordering 1. Begin 2. For each attribute domain DAi in DS[DA1,DA2,……, DAn] do 3. sort the DS in ascending order based on DAi 4. For each attribute value DAi[Vj] of DAi in DS do 5. count support(DAi[vj])//To calculate the frequency of the each 6. //attribute value 7. if(support(DAi[vj]