Achieving 5As in Cloud CentricCognitive Cellular Networks

Saravanan Raju, Sai Boddepalli, Qiben Yan, Jitender S. DeogunDepartment of Computer Science and Engineering, University of Nebraska, Lincoln, Nebraska, USA

Abstract—The growing density of cellular users is placing anunprecedented demand on radio spectrum. Cognitive cellularnetworks can alleviate spectrum demand through dynamicspectrum access. In order to be fully functional, cellular usersnot only need spectrum access but also require network access.However, a cellular carrier grants network access only toaccredited users. In this paper, we focus on the problemof opportunistic network access for unaccredited users byspontaneous provisioning in the context of cognitive cellularnetworks. We achieve this for both single and group users byextending the traditional 3A security framework – authentication,authorization, and accounting – to a 5A security paradigm. Thisentails the addition of network access and user assertion. Wedesign several simulations based on a proof-of-principle prototypeto validate our approach against multiple traffic models. Theresults show our approach can deliver at least 13% improvementin user provisioning time compared to conventional schemes.

Index Terms—cognitive cellular network, cloud, access,assertion, authentication, authorization, accounting.

I. INTRODUCTION

The marked upswing in the adoption of wireless as thepreferred medium for last mile digital communications hasled to a substantial increase in the number of cellular users.Currently, it is estimated that globally there are 7.5 billioncellular subscriptions for human and machine users combined.This figure is expected to double in the next decade, and ofthose, nearly one-third may be machines. The result of sucha soaring user base is surging data traffic, which is forecastto grow at an annual rate of 55% from the year 2020. At thisrate, the cumulative global mobile traffic may increase from62 exabyte in 2020 to 5,000 exabyte in 2030 [1].

The projected growth in user numbers and data traffic putsonerous demands on policy regulators and cellular carriersalike. On one hand, regulators are importuned to make newradio spectrum allocations and assignments. On the other,carriers are under duress to acquire additional spectrum andinvest in the constant upkeep of network infrastructure. Theneed for additional spectrum is not necessarily a result ofresource saturation. Rather, it is the unintended consequence offixed spectrum access policy that has left significant spectrumeither in an unused or underutilized state [2].

The issue of increasing spectral efficiency can be attainedwith the adoption of a Cognitive Cellular Network (CCN)model [3]. To this end, cloud-based Radio Access Network(RAN) [4] combined with Network Function Virtualization(NFV) [5] can collectively improve spectrum and networkutilization to meet the growing demands on CCNs.

Cloud-centric CCNs may hold the potential to enableefficacious use of spectrum and network resources. But theireffectiveness to keep up with evolving user and carrier de-mands hinges on whether the system has mechanisms tocoherently manage spectrum and network access for a cogni-tive cellular user (CCU). Dynamic spectrum access strategiesand enabling technologies [6] will allow carriers to apportionspectrum to users based on changing local and temporalrequirements. While this approach addresses the spectrum halfof the problem, the other half pertaining to network accesshas attracted relatively little interest with regard to CCNs. Incellular networks, convention dictates a carrier must approvea user – subscriber and device – for network access to begranted. This accredited user’s network access is administeredby the carrier’s Authentication, Authorization, and Accounting(AAA) service. Current practices necessitate there be a formalagreement in place between carriers so that an accredited usershall have network access irrespective of whether the user isin the home/primary (PN) or visited/secondary network (SN).However, it is not realistic for a carrier to have access agree-ments with every other carrier. Thus, while an unaccreditedCCU that may be operating as a primary user (PU) is awareof spectrum and network access availability in an SN, unlessthere exists a preestablished access agreement, its secondaryuser (SU) network access request will be denied by theSN’s AAA. Hence, the study of spontaneous provisioningof unaccredited CCUs to actualize seamless, ubiquitous andtrustworthy network service access in CCNs is important.

In this paper, we further the cellular network architectureto investigate the problem of granting network access tounaccredited CCUs by spontaneous provisioning. Our designaccommodates both single and group user authentication,authorization, and usage accounting. We extend this 3A setupto a 5A configuration with the addition of a centralizedand federated network element to facilitate network accessand user assertion, respectively. This holistic approach isminimally invasive, which

1) improves user provisioning time by at least 13%compared to conventional approaches, and

2) reduces infrastructure overhead by decreasing thevolume of access signaling traffic.

The rest of the paper is organized as follows: Section IIreviews related research. Section III overviews the architec-ture, Section IV details the system design and Section V thesimulation results. Conclusions are presented in Section VI.

978-1-5090-1328-9/16/$31.00 ©2016 IEEE

Fig. 1. Reference Architecture of a Cloud-Centric Cognitive Cellular Network

II. RELATED WORK

There are a number of studies and standards that delve intovarious user access provisioning schemes in typical wirelessnetworks using a AAA protocol [7]. Several of these arebased on Diameter [8] and its battery of extensions [9]. Thisprotocol is the de facto AAA implementation in conventionalcellular networks [10] as it can support both intracarrier andintercarrier access provisioning for accredited users.

The access provisioning performance of a AAA protocol isgreatly impacted by network hops, latency, and jitter, and isof significant concern in intercarrier network access scenarios[11]. As delay in intercarrier access provisioning is likely,to compensate, AAA must be programmed to handle fastauthentication [12] and reauthentication [13]. Additionally,ubiquitous intercarrier network access for unaccredited userspresumes a contractual agreement exists between all carriers,and though such many-to-many affiliations are not alwayspragmatic [14], in some instances it is possible to gain networkaccess in the absence of an agreement [15]. Another alternateaccess method is a one-to-many federated approach, whichhas wide adoption in web-based systems [16].

Irrespective of the access provisioning approach, an in-creasing number of cellular users warrant AAA protocols likeDiameter to support group authentication because some ofthese users may be a cluster of machines under the same ambitor a subscriber with more than one device [17].

Our conclusion is that the standard 3A framework lendsitself well in conventional cellular networks, but it needsancillary extensions to aid opportunistic network access incognitive cellular networks. Of the available AAA protocols,the prevalent service Diameter is yet to have a ratified standardfor federated access [18] and group authentication [19]. Ourclaim is that to attain the goals of CCNs, it is vital tohave these technologies in place that can go hand in handto realize both dynamic spectrum access and opportunisticnetwork access. In this paper, we posit an end-to-end cloud-centric 5A architecture to address these issues in CCNs.

III. ARCHITECTURE OVERVIEW

In cellular networks, the AAA is responsible for user accessand the RAN for spectrum management. In cloud-centricCCNs, the RAN is a virtual baseband unit that connects to oneor more remote radio units over an optical network. Althoughthe role of the cloud RAN is distinct, it is possible to use thesame virtualization platform to interface with other networkelements, such as the AAA, using NFV [20].

Apart from the cloud RAN and AAA network elements, ourarchitecture also includes a federated Identity and CredibilityService (ICS) and a centralized Network Access Exchange(NAE), as shown in Fig. 1. We consider a consortium of one ormore cognitive cellular carriers serving a given geographicalregion demarcated into multiple cells. All the subscribers havedevices equipped with cognitive radio capabilities, which at alltimes is seeking the network service with the highest payoffin terms of price and/or quality. In this layout, when a CCUinitiates a network access request, it is routed by the NetworkAccess Gateway (NAG) to the appropriate carrier RAN and,in turn, the corresponding AAA.

The cloud-centric colocation of the RAN, AAA, NAE, andICS network elements helps reduce service latency, minimizecell interference, lower energy consumption, increase networkutilization, and improve spectral efficiency. The centralizedcooperative setup of the RAN betters radio management deci-sions. Because of cooperative transmission and reception, thenetwork can obtain a 13%–20% cumulative spectral efficiency,while the cell edge can net 75%–119% spectral gain [4].The configuration also augurs well for multitenancy support,which can be delivered with fine-grained logical isolation overthe same underlying shared hardware resource. Overall, thissetup increases spectrum and network utilization, and reducescapital and operational expenditure for the carriers [21]. Weleverage this setup to expand the 3A security frameworkto a 5A – access, assertion, authentication, authorization,and accounting – paradigm as explained in the followingsubsections.

A. Access

Spectrum and network utilization varies depending on users,time, and space [2]. Any spare spectrum can be made acces-sible using dynamic spectrum access. We evaluate the hierar-chical dynamic access method where CCUs are two classes ofusers: PUs and SUs. Here, PNs may grant SUs opportunisticaccess to their network anytime, anywhere, provided it neitherimpinges on the carrier’s base spectrum demand nor degradesthe service quality for the PUs [6]. In addition to sparespectrum, the PN must also ensure it has reserve networkcapacity to concurrently support PU and SU sessions. Inour architecture, CCUs operate in a proactive sensing modeconstantly seeking better service. Each one is programmedwith a primary network list and operates in permissive mode.This configuration grants a CCU access to a PN and alsoenables it to tap into an SN on the fly even when presentin a PN service area.

We devise the NAE, a cloud hosted centralized networkelement, as a secondary market exchange to list availablespare spectrum [22]. It is a consortium to which all par-ticipating CCNs contribute. A CCN translates any availablespare spectrum into network access units before relaying thisinformation to be listed in the NAE. The list in terms ofnetwork access units for both data and voice includes carrieridentity, price information, etc. Those CCUs soliciting accessas SUs obtain the list information by interfacing with theNAE via the RAN. When SUs relinquish network access,the corresponding units can be relisted in the marketplacedepending on access demands from the PUs at that instance.

B. Assertion & Authentication

Today, to receive network service a subscriber must have inpossession a device certified by a regulator. Later, a cellularcarrier asserts the identity of a subscriber, and accredits oneor more associated devices for network access. The carrier aspart of the subscriber assertion process may perform a creditcheck to ascertain credit history before bestowing appropriatenetwork access privileges. This protracted process may workso long as subscribers are contractually bound and devicesare locked to a home network. However, this antiquatedapproach deprives users network access anytime, anywhere,as it is neither possible for a cellular carrier’s home networkto have ubiquitous coverage nor feasible for it to have accessagreements with all its peers [15].

Dynamic spectrum access can lead to universal networkcoverage; but to translate this to network access, we needspontaneous provisioning of unaccredited users. We introduceICS, a cloud hosted federated network entity, to accomplishuser provisioning. The ICS is a registry of all CCUs thathave evinced interest in access to an SN and whose identitieshave been verified. It provides not just user validity, but alsopublishes the credit worthiness of a CCU. For operationalefficiency, it is served using the same virtualization platformthat hosts the RAN and AAA. The ICS interfaces with theAAA to handle assertion, authentication and relaying creditinformation of a CCU to a CCN.

Our approach can handle both single and group userauthentication. A single user has one device per subscriptionand a group user has more than one across one or moresubscriptions. A user may be a machine or a human. Agroup is a collective that may be members of a family, staffof a corporation, appliances in a household, machines in anassemblage, etc. With group authentication in place, when aCCU attempts network access, it is routed to a PN’s AAA. Ifanother member of the same group has a valid session withthe PN, a new authentication request to the ICS is avoided.This significantly reduces internal network access signaling.

C. Authorization & Accounting

The authorization and accounting mechanism is addressedby the PN’s AAA in accordance with prevalent standardsand business practices. Based on the service contract, a CCUwill be billed through a transaction between a carrier’s AAAand the federated ICS. The actual mechanism of billing andpayment is out of scope of this paper.

IV. SYSTEM DESIGN

Our intent is to design a spontaneous access provisioningsystem that builds on existing protocols while minimizing dis-ruption of proven processes. In cellular network deployments,the Diameter protocol is widely adopted for handling AAAservices [8]. It administers a user’s network access request byworking with other network elements. Diameter is designedwith extensibility in mind and it has a number of modules tomeet the diverse needs of various stakeholders. We investigatetwo Diameter extensions for NAE and ICS in order to realizespontaneous access provisioning in cloud-centric CCNs. Theseextensions work in tandem with existing network elementsto enable access provisioning of a CCU. Fig. 2 details thesequence of steps involved in determining access availabilityand conducting access negotiation.

There are two major Request/Answer command pairs usedin the proposed scenario, which are described below:

A. Diameter-NAE-Request/Answer commands

Diameter-NAE-Request/Answer is a custom commandpair derived from the standard request/answer command spec-ification of the Diameter protocol. On success, NAE returns alist of CCNs, available network access units per CCN, accesscost, service quality, etc. through a custom group field Data.A subset of Data’s custom Attribute-Value Pair (AVP) is listedhere:

Data ::= <AVP Header>

{ Time-Id }

{ Carrier-Id }

{ Network-Access-Data-Units }

{ Price-Data }

{ Network-Access-Voice-Units }

{ Price-Voice }

* [ AVP ]

Fig. 2. Diameter signaling orchestration and sequence flow to achieve 5As

B. Diameter-ICS-Request/Answer commands

Diameter-ICS-Request/Answer is a custom commandpair extension with necessary AVPs to facilitate communi-cation between the ICS and the carrier’s AAA. These com-mands make possible the sharing of identity and credibilityinformation of unaccredited CCUs. The custom group fieldfor relaying user identity data is User-Profile and itscorresponding AVPs include:

User-Profile ::= <AVP Header>

{ User-Id }

{ Group-Id }

* [ AVP ]

The custom group field to publish user credibility infor-mation is Credibility-Info and the pertinent AVPs are asfollows:

Credibility-Info::= <AVP Header>

{ User-Id }

{ User-Credit-Rating }

* [ AVP ]

The user authentication request from a CCU to an SN’sAAA is carried out using a standard Diameter-EAP-Request

command. If the authentication request is from a single user,or a group user with no valid member sessions, the AAA for-wards it to the ICS by executing a Diameter-ICS-Request

query. The ICS on successful authentication of the CCUreplies with a Diameter-ICS-Answer response. This answercontains the SUCCESS result, and data from the group fieldsUser-Profile and Credibility-Info. Finally, the AAAtriggers a series of steps to initiate a network session, startaccounting and notifies the relevant RAN to provide networkaccess to the CCU as an SU using the Diameter-EAP-Answercommand. Fig. 2 shows the Diameter sequence signalingsteps from network selection to access provisioning. Theaforementioned grammar and AVP definitions present onlyentries pertinent to the scope of this work.

V. PERFORMANCE EVALUATION

The simulations are hosted on x86-64 dual processor serversclocked at 3.8 GHz and stocked with 16 GB of RAM. Thetests are run on CentOS GNU/Linux 7 platform. The ICScore network element is served using FreeIPA, an integratedidentity and authentication solution; the NAE on a fork ofPython FMS, an agent based financial market simulator. Wetest 20,000 network access requests from a pool of 2,500CCUs divided equally amongst 5 CCNs. The access requestsare distributed over 24 hours for a total of 360 (= T ) sessions,where an average session lasts for 4 minutes. We configurea CCN to receive an equal number of access requests fromthe CCUs of other carriers. We use simple password-basedauthentication method to simulate access requests. We supposethe service quality provided by the CCNs to be equal and thecredit rating assigned to the CCUs, identical.

We test three CCU access scenarios: (1) intracarrier, whererequests are from PUs and catered to by the PN’s AAA (2)intercarrier, where requests are from SUs that are coordinatedbetween the SN’s and PN’s AAAs, and (3) federated, whererequests are from SUs, but negotiated between the SN’sAAA and the ICS. We use the performance of intracarrierauthentication as the baseline to compare how the other twofare. We assume the network diameter between the carriers’AAA in the intercarrier setup to be longer than that of thecarriers’ AAA and the ICS in the federated setup. We measurethe time taken in each scenario to successfully authenticate andprovision all the SUs.

In our evaluation, the simulations are plotted for these trafficmodels: normal, Gumbel, trigonometric polynomial, and acurve fit based on observed data. As cellular network datatraffic does not follow normal distribution, we opt to use theskewed models to mimic real world scenario. The trigonomet-ric polynomial and the curve fit functions are deduced based oninference from the traffic pattern observed in [23]. We equatetime (= x) for these distributions to be in the range of 0through 360.

(a) Normal distribution (b) Inverse Gumbel distribution (c) Trigonometric fit

(d) Curve fit (e) Single vs. Group authentication times (f) Pricing between PUs and SUs

Fig. 3. Simulation results for user authentication and access pricing

We consider a normal distribution with a mean of 180 (= µ)and a standard deviation of 60 (= σ2). We assume an inverseGumbel distribution with its location at 270 (= µ) and scaleas 3 (= β):

f (x |µ, β) = 1

βe−(z+e−z) (1)

where, z =x− µβ

For trigonometric fit, we deduce the following polynomialto describe the probabilistic traffic distribution

f (x) = 0.5− 0.45 cos

[2π

360(x− 60)

](2)

The results as presented in Figs. 3a–d tested across alltraffic models show that between intercarrier and federatedapproaches, the latter has better performance. This can beattributed to the fact that in the federated setup the trustrelationship is one-to-many, whereas for intercarrier it is many-to-many. Hence, in the case of the intercarrier setup, forcomplete network access coverage between all CCNs (= C)a total of C(C − 1)/2 trust relations must be established.In comparison, a distributed federated authentication modelrequires the carriers to have a trust relation with just oneexternal entity. Also, the network diameter of a federated setupis relatively smaller than that of intercarrier. Irrespective of thenetwork architecture setup, as the frequency of network accessrequests increase, so does internal network signaling traffic[10]. While this can deteriorate performance in any networkconfiguration, between intercarrier and federated approach, itsimpact on federated setup will be noticeably lesser.

We compare eight different single and group user ratios,each spaced five percent apart, to evaluate the authenticationperformance of both user types. For group sizes, we use anormal distribution of all group users. We record the timetaken to provision all single and group user access requests.The results are presented in Fig. 3e, which shows the setupreduces the number of system-wide authentication requests,thereby slashing network access signaling traffic.

We adopt the normalized break-even rate pricing schemepresented in [22] to gain social welfare maximization suchthat both CCNs and CCUs benefit. With real-time pricing andspontaneous access provisioning, CCUs (= N ) are free tomove from a PN to an SN to obtain the best payoff. Froma CCN’s point of view, the movement of users from PNto SN implies a loss of revenue. This loss of revenue canpossibly be compensated by the accrual of SUs to reach anormalized minimum break-even rate [22]. By incorporatingdynamic pricing strategy in which prices are a function ofreal-time demand, the price per session (= P1) and the totalrevenue generated (= R) by a CCN is computed as follows

P1 = f (x) , R = P1 ∗N (3)

With both SUs and dynamic pricing in play, let A0 be thefraction of PUs lost, A1 the fraction of SUs gained, P1 theprice per session for PUs, and P2 the price per session forSUs.

P1 = f (N (1−A0)) (4)

P2 = f (N (1−A0 +A1)) (5)

From (3), (4), and (5), we formulate break-even rate as follows

P1 ∗N (A0) ≤ P2 ∗N (1−A0 +A1) (6)

P2

P1=

A0

(1−A0 +A1)(7)

Accordingly, if we assume a CCN’s yearly churn rate of PUsis 21.6% (= A0) and its gain rate of SUs is approximately halfthis number [24], the plot in Fig. 3f shows the daily cumulativerevenue generated with dynamic pricing in the presence ofonly PUs vis-à-vis both PUs and SUs is identical.

VI. CONCLUSION AND REMARKS

We investigate a holistic architecture to enable spontaneousprovisioning of unaccredited users in cognitive cellularnetworks. To achieve this, we embrace the traditional 3Asecurity architecture and extend it to a 5A security model thatencompasses network access, user assertion, authentication,authorization, and accounting. The work conceives twoextensions to the Diameter protocol to implement networkaccess and user assertion. Our simulations based on a proof-of-principle prototype demonstrates, across multiple trafficmodels, the adapted design can improve user provisioningtimes by at least 13% when compared to current conventions.We juxtapose several combinations of single and group userauthentications. Our design can also reduce internal networkaccess signaling appreciably due to a marked reduction inthe total number of authentication requests. While the positedapproach puts forward an end-to-end framework to increasespectral efficiency and improve network utilization, its realworld realization depends on not just technological advancesbut also policy progress. For future work, we intend to quan-tify network signaling performance and analyze spontaneousprovisioning in an open access spectrum regime.

REFERENCES

[1] Radiocommunication Sector of ITU, IMT Traffic Estimates for theYears 2020 to 2030, ser. M. The International TelecommunicationsUnion, July 2015, Accessed on 2016-03-14. [Online]. Available:https://www.itu.int/pub/R-REP-M.2370-2015

[2] R. Engelman, K. Abrokwah, G. Dillon, G. Foster, G. Godfrey,T. Hanbury, C. Lagerwerff, W. Leighton, M. Marcus, R. Noel,J. Payton, J. Tomchin, J. Williams, and A. Yang, Report ofthe Spectrum Efficiency Working Group. United States FederalCommunications Commission Spectrum Policy Task Force, Nov 2002,Accessed on 2016-03-14. [Online]. Available: https://transition.fcc.gov/sptf/files/SEWGFinalReport_1.pdf

[3] Y. Liu, L. X. Cai, X. Shen, and H. Luo, “Deploying Cognitive CellularNetworks under Dynamic Resource Management,” IEEE Wireless Com-munications, vol. 20, no. 2, pp. 82–88, April 2013.

[4] C. Kuilin and D. Ran, C-RAN - The Road Towards Green RAN.China Mobile Research Institute, Oct 2011, Accessed on 2016-03-14. [Online]. Available: http://labs.chinamobile.com/cran/wp-content/uploads/CRAN_white_paper_v2_5_EN.pdf

[5] M. Chiosi, D. Clarke, P. Willis, A. Reid, J. Feger, M. Bugenhagen,W. Khan, M. Fargano, C. Cui, H. Deng, J. Benitez, U. Michel,H. Damker, K. Ogaki, T. Matsuzaki, M. Fukui, K. Shimano, D. Delisle,Q. Loudier, C. Kolias, I. Guardini, E. Demaria, R. Minerva, A. Manza-lini, D. LÃspez, F. J. R. Salguero, F. Ruhl, and P. Sen, Network FunctionsVirtualisation - An Introduction, Benefits, Enablers, Challenges & Callfor Action. Darmstadt, Germany: The European TelecommunicationsStandards Institute, 2012.

[6] Q. Zhao and B. M. Sadler, “A Survey of Dynamic Spectrum Access,”IEEE Signal Processing Magazine, vol. 24, no. 3, pp. 79–89, May 2007.

[7] M. Nakhjiri and M. Nakhjiri, AAA and Network Security for MobileAccess Radius, Diameter, EAP, PKI and IP Mobility. John Wiley &Sons, 2005.

[8] J. "Arkko, G. Zorn, V. Fajardo, and J. Loughney, “Diameter BaseProtocol,” Internet Requests for Comments, The Internet EngineeringTask Force, RFC 6733, Oct 2012, Accessed on 2016-03-14. [Online].Available: https://tools.ietf.org/html/rfc6733

[9] E. "P. Eronen, T. Hiller, and G. Zorn, “Diameter ExtensibleAuthentication Protocol (EAP) Application,” Internet Requests forComments, The Internet Engineering Task Force, RFC 4072,Aug 2005, Accessed on 2016-03-14. [Online]. Available: https://tools.ietf.org/html/rfc4072

[10] Oracle Communications, LTE Diameter Signaling Index. OracleCorporation, May 2015, Accessed on 2016-03-14. [Online].Available: https://www.oracle.com/webfolder/s/delivery_production/docs/FY16h1/doc8/LTEDIAMETERSIGNALINGINDEX.pdf

[11] T. Aura and M. Roe, “Reducing Reauthentication Delay in WirelessNetworks,” in First International Conference on Security and Privacyfor Emerging Areas in Communications Networks (SECURECOMM’05),May 2005, pp. 139–148.

[12] J. Zhang, Y. Zhang, H. Zhang, Y. Sun, and Z. Li, “Trust-Based FastAuthentication for Mobile IPv6 Networks,” in IEEE GLOBECOM 2008- IEEE Global Telecommunications Conference, Nov 2008, pp. 1–5.

[13] R. Wienzek and R. Persaud, NETWORKING 2006. Networking Tech-nologies, Services, and Protocols; Performance of Computer and Com-munication Networks; Mobile and Wireless Communications Systems:5th International IFIP-TC6 Networking Conference, Coimbra, Portugal,May 15-19, 2006. Proceedings. Berlin, Heidelberg: Springer BerlinHeidelberg, 2006, ch. Fast Re-authentication for Handovers in WirelessCommunication Networks, pp. 556–567.

[14] Z. J. Fu, M. Shin, J. C. Strassner, N. Jain, V. Ram, and W. A. Arbaugh,Autonomic and Trusted Computing: 4th International Conference, ATC2007, Hong Kong, China, July 11-13, 2007. Proceedings. Berlin,Heidelberg: Springer Berlin Heidelberg, 2007, ch. AAA for SpontaneousRoaming Agreements in Heterogeneous Wireless Networks, pp. 489–498.

[15] A. M. Almuhaideb, M. A. Alhabeeb, P. D. Le, and B. Srinivasan, “Flex-ible Authentication Technique for Ubiquitous Wireless Communicationusing Passport and Visa Tokens,” Journal of Telecommunications, vol. 1,Mar 2010.

[16] E. Bertino and K. Takahashi, Identity Management: Concepts, Technolo-gies, and Systems (Artech House Information Security and Privacy).Boston, MA London: Artech House, 2010.

[17] I. Broustis, G. S. Sundaram, and H. Viswanathan, “GroupAuthentication: A New Paradigm for Emerging Applications,”Bell Labs Technical Journal, vol. 17, no. 3, pp. 157–173, 2012.

[18] M. Jones and H. Tschofenig, “The Diameter ‘Application Bridgingfor Federated Access Beyond Web (ABFAB)’Application,” InternetRequests for Comments, The Internet Engineering Task Force,Internet-Draft, Mar 2012, Accessed on 2016-03-14. [Online]. Available:https://tools.ietf.org/html/draft-jones-diameter-abfab-01

[19] J. Zhu and M. Qi, “Group Authentication,” Internet Requestsfor Comments, The Internet Engineering Task Force, InternetDraft, Feb 2014, Accessed on 2016-03-14. [Online]. Available:https://tools.ietf.org/html/draft-zhu-ace-groupauth-00

[20] H. Droste, G. Zimmermann, M. Stamatelatos, N. Lindqvist, O. Bulakci,J. Eichinger, V. Venkatasubramanian, U. Dotsch, and H. Tullberg,“The METIS 5G Architecture: A Summary of METIS Work on 5GArchitectures,” in Vehicular Technology Conference (VTC Spring), 2015IEEE 81st, Nov 2015, pp. 1–5.

[21] T. M. Knoll, “Life-cycle Cost Modelling for NFV/SDN based Mo-bile Networks,” in Telecommunication, Media and Internet Techno-Economics (CTTE), 2015 Conference of, Nov 2015, pp. 1–8.

[22] J. M. Peha and S. Panichpapiboon, “Real-time Secondary Markets forSpectrum,” Telecommunications Policy, vol. 28, no. 7, pp. 603–618,2004.

[23] D. Willkomm, S. Machiraju, J. Bolot, and A. Wolisz, “Primary Usersin Cellular Networks: A Large-Scale Measurement Study,” in NewFrontiers in Dynamic Spectrum Access Networks, 2008. DySPAN 2008.3rd IEEE Symposium on, Oct 2008, pp. 1–11.

[24] A. Lemmens and S. Gupta, “Managing Churn to Maximize Profits,”Harvard Business School, Sept 2013.