Capacity Sharing

The Project

Discrete authorization and efficient mutual authentication in capacity sharing-enabled networks

As computation becomes more and more pervasive in the society, networks grow to deal with the increasing number of users. In addition, connectivity is provided in multiple platforms, a trend that leads to the so-called Internet of Things. Thus, the question on how to maximize resources in a fair, efficient and demand-oriented way comes out. An approach to cope with this challenge is capacity sharing, where a user shares a quote of their primary connection. For instance, it is very common to share internet access from a GSM interface with other users through a Wi-Fi interface, e.g. via Wi-Fi Direct, which is native for Android.

As of that Bob shares his connection with Alice, the Internet Service Provider (ISP) does not become aware of Alice and cannot assign any additional bandwidth nor apply any QoS rule, access restriction, or policy on Alice’s traffic without affecting Bob’s. Furthermore, any misconduct of Alice through this shared connection will be unfairly assigned to Bob, since he is the single owner of the connection.

If a network operator was able to distinguish the traffic between Alice and Bob, it could serve each one individually through the same connection. This allows the network operator to offer new different package services while reducing operational costs. From a user perspective, sharing their connection is worthwhile since the network operator could provide extra advantages, e.g. bandwidth increment.

Our Contribution

The current graduation work describes a novel technique for the discrete management of the authorization process focused on this capacity sharing scenario. The access control is obtained using multi-time signatures to achieve discrete authorization by construction and not simply by system control which is susceptible to corruption of internal employees while easing system management complexity. These signature schemes strictly enable a limited number of signatures, therefore it can grant only a limited number of access tokens.