effectively collecting data for the location-based_authentication in iot

This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

IEEE SYSTEMS JOURNAL 1

Effectively Collecting Data for the Location-BasedAuthentication in Internet of Things

Yuichi Kawamoto, Student Member, IEEE, Hiroki Nishiyama, Senior Member, IEEE, Nei Kato, Fellow, IEEE,Yoshitaka Shimizu, Atsushi Takahara, Member, IEEE, and Tingting Jiang, Student Member, IEEE

AbstractThe concept of Internet of things (IoT) has attractedattention as a key technology for realizing future industrial society.In the future society, numerous things with sensors are deployedand connected to networks, and data collected from these devicesare used for a wide variety of industrial applications. In this paper,we focus on data collection for location-based authentication sys-tem as an application of industrial IoT. The authentication systemuses ambient information, which is collected from the devices asunique information at a certain place and a certain time. However,since the ambient information changes continuously, it is requiredto collect it in real time from multipoint. Thus, we propose anefficient data collection method considering the requirements fromthe authentication system. The key point is to regulate the networkperformance for data collection by considering the applicationrequirements. Since the location-based authentication system canbe used in many situations and has large expansivity, the proposedwork is considered to significantly contribute to the future indus-trial IoT society. In addition, we demonstrate how to optimizethe operation of our proposal by using mathematical analysis.Moreover, the efficiency of our proposed method is validatedthrough numerical results.

Index TermsAmbient information, authentication, CarrierSense Multiple Access/Collision Avoidance (CSMA/CA), data col-lection, Internet of things (IoT).

I. INTRODUCTION

R ECENTLY, many kinds of applications using collectedinformation from diverse devices via wireless networkshave started to appear in our daily life [1][7]. On that topic, theconcept of Internet of things (IoT) has attracted a lot of attentionas a key technology, which makes innovative applications infuture industrial society [8], [9]. In particular, the research onauthentication and management of IoT devices is one of the hottopics in IoT research area [10], [11]. In this paper, we focuson the location-based authentication system [12][14] as an

Manuscript received December 15, 2014; revised May 25, 2015; acceptedJune 28, 2015. This work was supported in part by the project, CognitiveSecurity: A New Approach to Securing Future Large Scale and DistributedMobile Applications, of Japan-US Network Opportunity: R&D for BeyondTrillions of Objects supported by the National Institute of Information andCommunications Technology (NICT), Japan, and in part by the U.S. NationalScience Foundation Grant CNS-1405747.

Y. Kawamoto, H. Nishiyama, and N. Kato are with the Graduate Schoolof Information Sciences, Tohoku University, Sendai 980-8577, Japan (e-mail:[email protected]; [email protected]; [email protected]).

Y. Shimizu with the NTT Network Innovation Laboratories, NTT Corpora-tion, Yokosuka 239-0847, Japan (e-mail: [email protected]).

A. Takahara with NTT Electronics Corporation, Yokohama 243-0032, Japan(e-mail: [email protected]).

T. Jiang with Virginia Polytechnic Institute and State University, Blacksburg,VA 24061 USA (e-mail: [email protected]).

Digital Object Identifier 10.1109/JSYST.2015.2456878

example of an industrial IoT application. In location-based au-thentication systems, ambient information is collected froma significant number of diverse devices, which are deployed inan IoT society. The ambient information is taken as unique dataand a certain time at a certain place that varies along with thesurrounding network environment. By using the unique ambientinformation, the authentication system can guarantee the userslocation. The authentication system is considered to be usedby many other location-based applications in the industrialsociety. For example, an application can require transmission ofconfidential data to only some limited users in predeterminedareas, such as military facilities or a conference room for asecret meeting. Additionally, it is possible to use this system forcouponing to limited people inside a shop. As just described,a location-based authentication system can be used in manysituations and has large expansivity for the future industrial IoTsociety.

However, a location-based authentication system requirescontinuous collection of ambient information from numerousdevices because the ambient information is always changing.However, due to the limitation of network resources, it is diffi-cult to collect data from numerous devices in real time. Thus,it is necessary to control the data collection in order to improvethe performance of the authentication system. Therefore, in thispaper, we propose a novel data collection method for authenti-cation systems. In this proposal, the data collection is controlledaccording to requirements from the system. Although there aremany previous researches on data collection from sensors, mo-bile terminals, and so on, to improve the network performance,as for the novelty of our research, the proposed method dy-namically controls its parameters according to the surroundingenvironment and the requirements from the application side. Inthis proposal, the freshness and the number of the collected datais controlled to satisfy the requirements. As a result, it improvesthe performance of the authentication system while using thenetwork resources efficiently.

The remainder of this paper is organized as follows. Theauthentication system using ambient information that we focuson in this paper is introduced in Section II. In addition, therequirements from the authentication system to the networkside are presented. In Section III, the supposed system modelis constructed. Additionally, a model to evaluate the accuracyof the authentication system is introduced. Section IV describesour proposed method to effectively collect data from numerousdevices in real time. Section V contains the results of thenumerical analysis. Finally, concluding remarks are providedin Section VI.

1932-8184 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.


2 IEEE SYSTEMS JOURNAL

Fig. 1. Example of the system architecture.

II. LOCATION-BASED AUTHENTICATION

Here, we introduce the location-based authentication systembased on ambient information collected from the devices. Addi-tionally, the authentication systems requirements are describedas the demands from application side to network side.

A. Location-Based Authentication System UsingAmbient Information

Here, we introduce the assumed location-based authentica-tion system. Fig. 1 shows an example of the system architecture.In this system, ambient information is used as the unique dataat a certain place and a certain time to validate the system users.In [12][14], as the ambient information, some elements suchas service set identifier (SSID), received signal strength (RSS),sequence numbers, and media access control addresses of thepackets are introduced. Since such information changes place toplace and time to time, it can be unique at a certain place and acertain time. For example, where access points (APs), includingmobile ones such as tethering devices and portable WiFi routersshare the same field, the collected ambient information suchas RSS and the list of SSIDs of the APs changes with theirmovement. In this paper, we do not specifically take intoaccount the ambient information elements, but the key point isthat the collected ambient information can be unique, which isused for the authentication system. In the system, it is assumedthat many devices with sensors collect the ambient informationand send the data to the authentication server via network.The server constructs a database with the received data, whichshows the collected ambient information of each point at thetime when the data is collected by the devices.

On the other hand, the system users send the observedambient information at their current place and time to the serverwhen the authentication is required. Here, although we simplycall them users, it could also refer to mobile devices, not onlyhumans. The server checks both the data from the user and thedatabase of the ambient information. If there is a successfulmatch, the presence of the user is guaranteed.

B. Requirements From the Authentication System to theNetwork Side

As aforementioned, the database of ambient informationis used for the matching the data received from the users.However, the ambient information such as the observed list ofSSIDs of APs changes continuously due to their movement.Thus, to ensure the accuracy of the matching in the server,real-time data collection is needed. However, it is impossible tocollect data from numerous devices at the same time due to thelimitation of the network resources. Thus, it is required to keepthe database as fresh as possible by collecting data efficiently.

On the other hand, the density of the collecting points is alsoimportant to validate the accuracy of the authentication. Onlyin very few cases, the data from the user match the databaseperfectly because the ambient information collected by theusers and by the devices are usually different in some factors. Itis because the ambient information is unique at a certain placeand a certain time. Thus, the density of the data collection pointshas a large effect on the accuracy of the authentication. Datacollection from many devices makes it possible to construct thedatabase with ambient information from many points.

Therefore, the key requirements from the authentication sys-tem are to collect ambient information in real time from asmany devices as possible. However, the network resources tocollect the data are limited, whereas the number of devices isassumed to be huge. Thus, it is required to regulate the data col-lection by considering the requirements from the authenticationsystem and the limited network resources.

III. SUPPOSED AUTHENTICATION SYSTEM MODEL

Here, the supposed system model is constructed by using math-ematical expressions. To describe the model, network model isdefined first. Second, the data collection method, which is usedin the network, is introduced. At this time, envisioned delayand throughput in the network is also described. Finally, themodel to evaluate the accuracy of the system is defined.

A. Network Model

We will now describe the supposed network model to collectambient information. In this network model, many devices aredeployed and send the observed ambient information to thenearest AP. To simplify the model, we assume that the devicesare deployed uniformly and the coverage of each AP is dividedperfectly by the coverage of the devices, as shown in Fig. 2.Although there may be a little error because the shape of boththe APs and devices coverages is represented by a hexagonalgrid, it can be considered that the error is small enough to beignored due to the high number of devices covered by an AP.Here, we represent the identification number of each AP as iand the number of the devices, which are in the coverage ofthe AP with identification number i as Ni. Additionally, wedefine the identification number of each device in the coverageof the AP with identification number i as ni(1 ni Ni).Moreover, the circumradius of the coverage of the AP withidentification number i and the circumradius of the devices


KAWAMOTO et al.: EFFECTIVELY COLLECTING DATA FOR THE LOCATION-BASED AUTHENTICATION IN IoT 3

AP

APs coverage ( )

Devices coverage ( )

User(speed is )

device

device

Data at device(current) ff gg hh ii jj

Data at server(collected 10 units time ago) ff gg hh yy zz

device ( )

Data at device(current) aa bb cc dd ee

Data at server(collected 10 units time ago) aa bb cc dd xx

device ( 2)

Data at device and server

Fig. 2. Considered network structure for collecting collect ambient information.

coverage in the AP are defined as Ri and ri, respectively.Additionally, since ri depends on the number of devices, whichsend data, our assumptions result in the following expression:

SAPi = Ni Sdi (1)whereSAPi and Sdi represent the dimension of the APs and thedevices coverage, respectively, where the AP has identificationnumber i. Additionally, SAPi and Sdi are expressed as follows:

SAPi =33

2R2i (2)

Sdi =33

2 r2i . (3)

Thus, from (1)(3), ri is expressed as follows:

ri =RiNi

. (4)

B. CAMA/CA-Based Data Collection Model

Second, the data collection method, which is used in thesupposed network, is represented. Additionally, expected delayand throughput, when the supposed data collection method isused, are introduced. In this paper, it is assumed that eachAP collects data from the devices by using the data collectionmethod based on carrier sense multiple access/collision avoid-ance (CSMA/CA) [15]. Due to the numerous number of devicesin the coverage of each AP, it is impossible to collect the datafrom all devices at the same time. Thus, as the data collectionmethod, it is introduced that the data are collected from limitednumber of devices in a cyclic fashion.

First, to decide the number of devices to send data, the lengthof the data collecting interval and the ratio of devices to senddata among all devices is determined. Here, the interval lengthand the ratio are defined as Ti and i, respectively. Then, thenumber of devices to send data in an interval is expressed asNi i. At this time, the value of ri in the interval is representedas follows:

ri =Rii Ni

. (5)

Additionally, the devices, which decide to send data setone more parameter, namely, wni , which denotes the waitingperiod before sending data at the interval. The device withidentification number i starts its data sending process when wniseconds have passed after the interval had started. This way,each device decides when it starts its data sending process ran-domly during the interval by setting the value of wni between0 and Ti.

After setting these parameters, each device starts its datasending process according to wni during time period Ti. Ad-ditionally, in the data sending process, CSMA/CA is used asthe access control scheme. Here, we assume that the devicescovered by the same AP are close enough to each other toperform carrier sensing successfully. In the process of the datasending, each device checks the usage condition of the channeland starts sending data if it does not sense the usage of thechannel by other devices for a random period called backofftime. In this process, the backoff time, BT , is calculated asthe following expression:

BT = z l (6)

where z and l represent a random number and the length of atime slot, respectively. Additionally, the value of z is chosenfrom the range between 0 and CW , which is called contentionwindow. The backoff time counts down, whereas the devicedoes not sense the usage of the channel, and when the backofftime reaches 0, the device starts to send data. However, sinceeach device sets the value of wni randomly between 0 and Tiin our proposal, sometimes another device may be using thechannel already. If the device senses the other devices usageof the channel, it stops counting down the backoff time andwaits for a certain period of time. After waiting, the devicestarts to count down the backoff time again, whereas the devicedoes not sense the usage of the channel and starts to senddata when the backoff time reaches 0. On the other hand, ifthe data collision occurs due to multiple devices sending dataat the same time, the devices choose the backoff time againfrom the range between 0 and CW . At this time, the valueof CW is set to longer than that of the previous selectionin order to decrease the probability that the data collision



occurs again. The value of CW is decided from the followingexpression:

CW = (CWmin + 1) 2m 1 (7)where CWmin and m show the minimum size of the contentionwindow and the number of retransmissions, respectively. Thesize of the contention window increases along with the numberof retransmission, as shown in (7), and stops when the valueexceeds the value of CWmax, which shows the maximum sizeof the contention window. After that, z is chosen randomly fromthe range between 0 and CWmax repeatedly. This way, eachdevice sends data to the server via the nearest AP.

At this time, the expectation waiting time until each devicestarts the data sending process is also calculated by usingthe models we constructed earlier. In the aforementioned datacollection method, each device starts the data sending processrandomly during the interval, Ti. Thus, the expectation waitingtime until it starts the data sending process after the intervalhas started is expressed as Ti/2. Additionally, the expectationvalue of the required time when the data transmission fails andthe retransmission is carried out in several occasions, , isexpressed as follows:

=

1m=0

pi (1 pi)m 2m CWmin l

2

+

m=

pi (1 pi)m CWmax l2

(8)

where pi represents the probability that the data transmissionfrom a device succeeds and denotes the number of retransmis-sions when the size of the contention window reaches CWmax.Using (7), the value of can be calculated as follows:

=1

log 2 log

(CWmax + 1

CWmin + 1

). (9)

Thus, the expectation value of the waiting time until the datasending is finished is expressed as (Ti/2) + .

Next, we describe the model to calculate the throughput inthe supposed network. When Ti and i are set, since eachdevice starts the data sending process randomly during theinterval, the rate data received from the devices at the AP, Gi(packets/slot), is expressed as follows:

Gi =i Ni l

Ti. (10)

Here, we assume that each device sends only one packet to theAP through its data sending process. Additionally, the trafficarrival rate at the AP can be assumed to follow the Poissondistribution because each device waits a random period beforesending the data. At this time, since CSMA/CA is supposedto be used as the access control scheme in this proposal, theprobability that the data transmission from a device succeeds,pi, is expressed as follows [16]:

pi =eaGi

Gi (1 + 2a) + eaGi (11)

where a denotes the ratio of propagation delay to packet trans-mission time. Moreover, the throughput, i.e., i (packets/slot),is expressed as follows:

i = Gi pi = Gi eaGi

Gi (1 + 2a) + eaGi . (12)

C. Accuracy of the Authentication SystemHere, the model to evaluate the accuracy of the system is

constructed. First, the definition of the accuracy is defined.Second, the model to calculate the accuracy is constructed withsome mathematical expressions.

1) Definition: To evaluate the accuracy, two metrics are usedin consideration of the system requirements mentioned in theprevious section. The first metric is the freshness of the data-base. We define the freshness, namely, f , as the concordancerate between the data of ambient information in the databaseof the server and the ambient information, which is observedin real time at the same point. As shown in Fig. 2, if theambient information observed from the device with identifi-cation number ni is 20% different from the data saved in theserver observed previously at the same device, the freshnessof the data in the server is expressed as fni = 0.8. Since theambient information is considered to change over time, thevalue of f decreases with time. We define changing rate ofthe freshness of the ambient information observed at the devicewith identification number ni as xni . The changing rate showsthe degree of change in the observed ambient information perunit time. From the definition, the average value of xni inthe 10 units time is described as 0.02 in Fig. 2, whereas theaverage value of xni+1 in the 10 units time is 0.04, whichmeans the changing rate at the device with identification num-ber ni+1 is larger than that of the device with identificationnumber ni.

As the second metric, we consider the amount of data col-lected at the same time. The amount of data collecting pointshas an effect on the accuracy of the authentication system. Wecall it the density of data collection. When a user attempts toauthenticate with the server by sending the observed ambientinformation, the matching protocol between the sent data andthe database in the server is executed. The server then matchesthe similarity of the data received from the devices to the datareceived from the users. From the result of the matching, thecell that the users are located in can be determined. At that time,since the maximum error of the users point is represented by ri,small values of ri can provide a higher accuracy to the system.Thus, high density of data collecting points provides a largeramount of data collected simultaneously, resulting in a higheraccuracy to the system.

As aforementioned, the two metrics, freshness and densityof data collection, are used to evaluate the accuracy of theauthentication system. However, high density of data collectionmeans collecting data from many devices, which causes adecrease in real-time performance of the data collection dueto the limitation of network resources. Thus, there is a trade-off relationship between the freshness and density of datacollection. Hence, it is required to control the data collection



by considering both metrics at the same time to improve theperformance of the system.

However, since the freshness changes as time goes by,whereas the density guarantees the accuracy of distance be-tween the user and the device collecting the ambient informa-tion, a method to evaluate the system by using both metricsat the same time is needed. For such occasions, we use themovement of system users to evaluate the density. Here, wedefine the average moving speed of users inside the coverage ofan AP with identification number i as vi. As aforementioned,the density of data collection affects the maximum error inprecising the users location, which is represented as ri. Byconsidering the movement of the user, the reliability of the data,which is guaranteed to have a maximum error of ri + vi is thesame as the reliability of the data with a guaranteed maximumerror of ri after a unit of time has passed. That is becauseri + vi is actually the size of the area where the user can be ina unit of time after the data guaranteeing the maximum erroras ri is collected. Thus, it can be defined that the freshnessdegradation per second is equal to the degradation level of theguaranteed maximum error of the measured distance. There-fore, by evaluating these two metrics, we can regulate the datacollection to achieve high accuracy of the system.

2) Evaluation Model: Finally, we describe the model toevaluate the accuracy of the authentication system. We defineAni as the accuracy when a user close to the device withidentification number ni uses the authentication system. Whenthe data are received by the server, the value of Ani is equal to1 and it decrease as time goes by. Here, we denote the value ofAni after t have passed as Ani(t). In this paper, the accuracy isdefined with the freshness and the guaranteed maximum errorof the users point. The freshness f changes as time goes by.Thus, the freshness after t passed, namely, fni(t), is expressedas follows:

fni(t) = 1 t xni . (13)The guaranteed maximum error of the measured users lo-

cation is expressed as ri. Additionally, the error of the userscalculated position is turned into a metric with a time unitby considering the average moving speed of the users insidethe coverage of the AP. Thus, maximum accuracy degradationlevel, which is related to the maximum error of the users cal-culated position is expressed as ri/vi. Therefore, the minimumaccuracy t units time after the data was collected at a user closeto the device with identification number as ni is expressed asfollows:

Ani(t) = fni(t)rivi

xni . (14)

To improve the accuracy of the authentication system, eachAP collects data to maximize the average value of Ani of alldevices under the APs coverage. Here, the average value ofAni(t) of all the devices under its coverage at arbitrary timingis defined as Ai(t), which is expressed as follows:

Ai(t) =1

Ni

Nini=1

fni(t)rivi

xi (15)

Procedure 1 Parameters adjustment mechanism1: Calculate Ti and i to maximize Ai(Ti) at the server2: Seti according to the configuration in theprevious interval3: Each AP broadcasts the values of Ti and i to devices

inside its coverage4: Each device decides whether to send data or not according

to i5: Each device sets wni randomly between 0 and Ti6: / Start data sending process during time period Ti /7: Devices that decide to send data start data sending

processes8: Server counts the amount of data received from each AP9: / After the time period Ti /

10: if The amount of collected data is smaller than i Nithen

11: i = i 12: else13: i = i + 14: end if

where xi denotes the average changing rate of the freshness ofthe ambient information at the users in the coverage of the AP.This way, the model to evaluate the accuracy is constructed.

IV. PROPOSED DATA COLLECTION METHOD

Here, first, we introduce the procedure of the proposed datacollection method. Second, the way to maximize the accuracyof the authentication system is described.

A. Procedure of the Proposed Data Collection MethodIn the proposed method, the density and the freshness of

the collected data is considered to improve the accuracy of theauthentication system. To improve the density of the collecteddata, it is controlled how many devices data are collectedwithin a determined interval. To decide the number of de-vices, the length of the interval and the throughput of thedata collection are controlled. To collect data from as manydevices as possible, the number of devices to send its data inthe determined interval is controlled in order to achieve thehighest throughput as possible. At the same time, the lengthof the interval is also controlled to achieve high accuracy ofthe authentication system. Additionally, it is also controlledwhich devices data is collected within a determined interval. Inthis selection of the devices, the changing rate of the freshnessof ambient information at the devices is taken into account.Since the changing rate is different for each device due to thedifference of the surrounding network environment, the deviceswith higher changing rate are selected on a priority basis inthe proposed method. By selecting the devices with higherchanging rate, we can avoid a bigger drop in the freshness ofthe specified device.

The procedure is summarized in Procedure 1. In this pro-posal, as aforementioned, we control how many devices and



which devices send the data to maximize the accuracy of theauthentication system.

First, to decide the optimal number of devices to send data,the length of the data collecting interval, i.e., Ti, and the ratioof devices to send data among all devices, i, are calculatedat the authentication server. A large interval decreases the datafreshness, but it allows a larger number of devices to senddata in an interval. Thus, the values of these parameters aredecided to maximize the accuracy of the authentication system.A detailed description of this maximization is in the nextsection. Additionally, devices whose ambient information has afast changing rate have priority in sending data in this proposal.To control it, a threshold is introduced to decide whether to senddata or not at each device. In our proposal, each device decidesto send data in the interval when fni falls below the threshold,denoted by i(0 i 1), at the start of the interval. The valueof i is set for each AP and reconfigured at every intervalaccording to the results of the data collection. Additionally,in this procedure, the initial value of i is set temporarily. Byadjusting the value of i, the number of devices to send data inthe interval is controlled to achieve data collection from i Nidevices. The values of Ti and i are broadcasted from each APto the devices inside its coverage. The devices receiving theparameters decide whether to send data or not according to i.After that, the devices which decide to send data set the waitingperiod before sending data at the interval, i.e., wni , randomlybetween 0 and Ti. After setting these parameters, each devicestarts its data sending process. During the interval Ti, the servercalculates the amount of data received from each AP. Afterthe time period Ti, if the amount of data collected from theAP with identification number i is smaller or larger than theoptimal number of devices to send data, which is expressedas i Ni, the value of i is reconfigured in a way that onlyi Ni devices participate in the data collection. If the amountof collected data is smaller, is subtracted from i to increasethe number of devices that send data in that interval. However,if the amount of collected data is too big, is added to i todecrease the number of devices that send data in that interval.The value of has an effect on the capability of staying closeto the optimal value of in the proposal, but we use it asa constant value in this paper. This way, the amount of col-lected data is controlled to achieve data collection from i Nidevices.

By executing this procedure repeatedly while dynamicallycontrolling the parameters to adequately collect data from thedevices in the network, the accuracy of the authenticationsystem is maximized. This way, we can collect data as fresh aspossible from as many devices as possible, which improves theaccuracy of the authentication system under the limited networkresources. Thus, it contributes to the development of location-based authentication systems. Moreover, the proposal is alsoapplicable to existing network infrastructure by introducingminor parameters adjustment to the server and authenticationapplication. Furthermore, the basic procedure of the data collec-tion method can be applied to various kinds of systems, whichuse data collection by considering the requirements from theapplication side.

TABLE IPARAMETER SETTINGS

B. Maximization of the AccuracyHere, how to maximize the accuracy of the authentication

system is represented through a mathematical analysis on thedata collection based on the constructed model, which is shownin Section III. Since the objective of the data collection is tomaximize the accuracy of the authentication system, the authen-tication server calculates it at the start of the every intervals,which is denoted by Ai(Ti). In this analysis, it is assumedthat the number of devices to start the data sending process isperfectly controlled by an adequate value of i, which meansthat the number of devices to start the data sending process inthe proposed procedure is equal to i Ni. Then, the objectivefunction of the maximization is expressed by using (5) and (15)as follows:

Ai(Ti) =1

Ni

Nini=1

fni(Ti)Ri Ni

1vi

xi. (16)

In the aforementioned expression, fni(Ti) andi are controlledby the proposed method to improve the density of the col-lected data.

At this time, from (10), the relationship between Ti and i isexpressed as follows:

i =Gi TiNi l . (17)

From the analysis on the throughput in previous researches[17], [18], it is shown that the function of i, which is describedas (12), is convex upward with the value of Gi. Thus, thereis a value of Gi that achieves maximum throughput. Since thevalue of a in (12) is a constant value depending on the networkenvironment, Gi is calculated from (12). Thus, by using (17),the value of i can be controlled only by Ti.

On the other hand, the value of fni(Ti) shows the expectedfreshness of the collected data at the end of the interval. Sincethe freshness of the data collected from the devices with asuccessful transmission to the AP is expected to decrease during(Ti/2) and the freshness of the data of other devices witha failed transmission decreases during Ti, fni(Ti) is expressedas follows:

fni(Ti) =

{1(Ti2

) xni

} i pi

+ (fni(0) Ti xni) (1 i pi) (18)

where fni(0) shows the value of fni(t) at the start of theinterval. As shown in this expression, the value of fni(Ti) isalso controlled by Ti.



Fig. 3. Existence of the maximized accuracy and the tradeoff relationship between the freshness and density of the collected data. (a) fi(Ti). (b) D(Ti).(c) Ai(Ti).

Therefore, by controlling the value of Ti, the objective func-tion can be maximized. Thus, the value of Ti, which maximizesthe objective function, i.e., T opti , is expressed as follows:

T opti = argmaxTi

Ai(Ti). (19)

V. PERFORMANCE EVALUATION

Here, the existence of the optimal value of Ti to maximize theaccuracy of the authentication system is described. Addition-ally, the effectiveness of the proposed method is also presented.The mathematical results are provided by using the analysis inprevious sections.

A. Parameter Settings

The parameter settings are summarized in Table I. In thisnumerical analysis, the accuracy of the authentication systemconstructed by devices under an APs coverage is evaluated.The radius of the coverage of the AP is set to 30 m. Addi-tionally, we assume that the users and the devices are deployedrandomly in the coverage of the AP. The users average movingspeed is set to 1 m/s. The number of devices in the coverageof the AP is set to 1000. As the parameters used in the processof the data collection, the length of a time slot and the ratio ofpropagation delay to packet transmission time are set to 50 sand 10, respectively.

B. Existence of the Optimal Value of TiFirst, the existence of an optimal value of Ti, which max-

imizes the accuracy of the authentication system is proved.Fig. 3(a) and (b) shows the change in the freshness and densityof the collected data to the value of the interval, respectively.Here, as the index to evaluate the density of the collected data,the value, which is equal to (ri/vi) xni that is the secondterm of (16) is used. Additionally, we express the index asD(Ti) in this evaluation. Moreover, Fig. 3(c) shows the changein accuracy when the value of the interval is varied. FromFig. 3(c), it is clearly shown that there is an optimal value ofTi, which maximizes the accuracy of the authentication system.This is because there is a tradeoff relationship between thefreshness and density of the collected data with different valuesof the interval that can be confirmed from Fig. 3(a) and (b). A

Fig. 4. Change in the accuracy when the value of the changing rate of thefreshness of the ambient information is varied.

large interval causes the freshness of each data to decrease, butit allows a larger number of devices to send data in the interval.Thus, the optimal value of Ti to maximize the accuracy exists.

C. Accuracy of the Authentication SystemSecond, we evaluate the effectiveness of the proposed

method by contrasting it with the case where the proposedmethod is not used. In this numerical analysis, the case wherethe proposed method is not used is defined as the case where alldevices in the coverage of the AP try to send data in an interval.In that case, the interval is set to the same value of the proposal.Fig. 4 shows the change in the accuracy when the value of thechanging rate of the freshness of the ambient information isvaried. From the result, it is shown that the proposed data col-lection method achieved higher values of accuracy than the casewhere the proposed method is not used at all times. The reasonwhy the accuracy decreases with the increase of the averagevalue of changing rate of the freshness is that a large value ofthe changing rate of the freshness causes an increase in thedegradation level of the freshness in an interval. However,it is understood that the proposed data collection achievedhigher accuracy whenever the value of the changing rate of thefreshness changes.

Additionally, Fig. 5 shows accuracy in each case where thevalue of fni(0) is set to 0.6, 0.7, and 0.8, respectively. From theresult, it can be seen that the proposed method always achieveshigher accuracy than the case where the proposal is not used.Therefore, it is confirmed that the proposed data collection



0.5

0.6

0.7

0.8

0.9A i

(Ti)

With proposal Without proposal

f (0) = 0.8 f (0) = 0.7 f (0) = 0.6ni nini

Fig. 5. Accuracy in each case where the value of fni (0) is set to 0.6,0.7, and 0.8.

method achieves to improve accuracy of the location-basedauthentication system efficiently.

VI. CONCLUSION

In order to make the future industrial IoT possible, manykinds of industrial IoT applications have been developed, andthe collaboration with network systems becomes essential.In this vein, we focused on data collection for a location-based authentication system as an application for the industrialsociety. Since the authentication system requires collectionof data called ambient information from numerous devicesin a real-time basis, an efficient data collection method tosatisfy the requirements from the application side with thelimited network resources is necessary. Thus, we proposed anovel data collection method for location-based authenticationsystems. In this proposal, to improve the performance of thesystem, some parameters for the network control were adjusteddynamically according to requirements from the system andthe surrounding network environment. Therefore, our proposedmethod resulted in an improved accuracy of the location-based authentication system by using the network resourcesefficiently.

As for the future works, we aim to consider the inhomo-geneous devices distribution. Since inhomogeneous devicesdistribution causes the collected ambient information to havedifferent density, a method to control the distribution of de-vices data transmission is necessary. Additionally, anotherinteresting research area is on the characteristic features of theambient information, which can improve the performance of theauthentication method in various applications.

REFERENCES[1] Y. Kawamoto, H. Nishiyama, N. Kato, N. Yoshimura, and S. Yamamoto,

Internet of things (IoT): Present state and future prospects, IEICE Trans.Inf. Syst., vol. E97-D, no. 10, pp. 25682575, Oct. 2014.

[2] Y. Kawamoto, H. Nishiyama, Z. M. Fadlullah, and N. Kato, Effectivedata collection via satellite-routed sensor system (SRSS) to realize global-scaled Internet of things, IEEE Sens. J., vol. 13, no. 10, pp. 36453654,Oct. 2013.

[3] S. Balasubramaniam and J. Kangasharju, Realizing the Internet of nanodevices: Challenges, solutions, and applications, Computer, vol. 46,no. 2, pp. 6268, Feb. 2013.

[4] S. Tozlu, M. Senel, W. Mao, and A. Keshavarzian, Wi-Fi enabled sen-sors for Internet of things: A practical approach, IEEE Commun. Mag.,vol. 50, no. 6, pp. 134143, Jun. 2012.

[5] L. Xu et al., Smart community: An Internet of things application, IEEECommun. Mag., vol. 49, no. 11, pp. 6875, Nov. 2011.

[6] P. Vlacheas et al., Enabling smart cities through a cognitive managementframework for the Internet of things, IEEE Commun. Mag., vol. 51,no. 6, pp. 102111, Jun. 2013.

[7] G. Kortuem, F. Kawsar, D. Fitton, and V. Sundramoorthy, Smart objectsas building blocks for the Internet of things, IEEE Internet Comput.,vol. 14, no. 1, pp. 4451, Jan./Feb. 2010.

[8] D. X. Li, H. Wu, and L. Shancang, Internet of things in industries:A survey, IEEE Trans. Ind. Informat., vol. 10, no. 4, pp. 22332243,Nov. 2014.

[9] M. R. Palattella et al., On optimal scheduling in duty-cycled industrialIoT applications using IEEE802.15.4e TSCH, IEEE Sens. J., vol. 13,no. 10, pp. 36553666, Oct. 2013.

[10] S. L. Keoh, S. S. Kumar, and H. Tschofenig, Securing the Internet ofthings: A standardization perspective, IEEE Internet Things J., vol. 1,no. 3, pp. 265275, Jun. 2014.

[11] H. Debiao and S. Zeadally, An analysis of RFID authentication schemesfor Internet of things in healthcare environment using elliptic curvecryptography, IEEE Internet Things J., vol. 2, no. 1, pp. 7283,Feb. 2015.

[12] J. D. Nielsen, J. I. Pagter, and M. B. Stausholm, Location privacy viaactively secure private proximity testing, Proc. IEEE Int. Conf. PERCOMWorkshops, Mar. 1923, 2012, pp. 381386.

[13] L. Xiao, Q. Yan, W. Lou, G. Chen, and Y. T. Hou, Proximity-based security techniques for mobile users in wireless networks,IEEE Trans. Inf. Forensics Security, vol. 8, no. 12, pp. 20892100,Dec. 2013.

[14] Y. Zheng, M. Li, W. Lou, and Y. T. Hou, SHARP: Private proximitytest and secure handshake with cheat-proof location tags, in Proc. 17thESORICS, Pisa, Italy, Sep. 2012.

[15] Y. Yang and T. S. P. Yum, Delay distributions of slotted ALOHAand CSMA, IEEE Trans. Commun., vol. 51, no. 11, pp. 18461857,Nov. 2003.

[16] L. Kleinrock and F. A. Tobagi, Packet switching in radio channels:Part I-carrier sense multiple-access modes and their throughput-delaycharacteristics, IEEE Trans. Commun., vol. 23, no. 12, pp. 14001416,Dec. 1975.

[17] F. Wang, D. Li, and Y. Zhao, Analysis and compare of slottedand unslotted CSMA in IEEE 802.15.4, in Proc. 5th Int. Conf. WiCom,Sep. 2426, 2009, pp. 15.

[18] Y. Cheng, H. Li, P. J. Wan, and X. Wang, Wireless mesh network capacityachievable over the CSMA/CA MAC, IEEE Trans. Veh. Technol., vol. 61,no. 7, pp. 31513165, Sep. 2012.

Yuichi Kawamoto (S12) received the B.E. degreein information engineering from Tohoku University,Sendai, Japan, in 2011 and the M.S. degree fromthe Graduate School of Information Science (GSIS),Tohoku University, in 2013, where he is currentlyworking toward the Ph.D. degree.

Dr. Kawamoto was the recipient of the BestPaper Awards in some international conferences,including IEEEs flagship events, namely, the In-ternational Wireless Communications and MobileComputing Conference (IWCMC13) and the IEEE

Global Communications Conference in 2013 (GLOBECOM13). In addition,he was the recipient of the Satellite Communications Research Award in thefiscal year of 2011 from the Institute of Electronics, Information and Commu-nication Engineers. He is the recipient of Japan Society for the Promotion ofScience (JSPS) in 2013.



Hiroki Nishiyama (SM13) received the M.S. andPh.D. degrees in information science from TohokuUniversity, Sendai, Japan, in 2007 and 2008, respec-tively.

He is currently an Associate Professor with theGraduate School of Information Sciences, TohokuUniversity. He has authored or coauthored over 140peer-reviewed papers, including many high-qualitypublications in prestigious IEEE journals and con-ferences. His research interests cover a wide range ofareas, including satellite communications, unmanned

aircraft system networks, wireless and mobile networks, ad hoc and sensornetworks, green networking, and network security. One of his outstandingachievements is relay-by-smartphone, which makes it possible to share infor-mation among many people by using only WiFi functionality of smartphones.

Dr. Nishiyama is a member of the Institute of Electronics, Informationand Communication Engineers (IEICE). He served as a Cochair for SelectedAreas in Communications Symposium of IEEE International Conference onCommunications 2014 (ICC14) and a Cochair for Cognitive Radio and Net-works Symposium of IEEE ICC15. He currently serves as an Associate Editorof the IEEE Transactions on Vehicular Technology, an Associate Editor forSpringer Peer-to-Peer Networking and Applications journal, and the Secretaryof the IEEE Communications Society Sendai Chapter. He was a recipient ofthe best paper awards from many international conferences, including IEEEsflagship events, such as the IEEE Global Communications Conference in 2010(GLOBECOM10), GLOBECOM13, and GLOBECOM14 and the IEEEWireless Communications and Networking Conference in 2012 (WCNC12)and WCNC14. He was also a recipient of the 2009 FUNAI FoundationsResearch Incentive Award for Information Technology, the IEICE Communi-cations Society Academic Encouragement Award 2011, the IEEE Communica-tions Society Asia-Pacific Board Outstanding Young Researcher Award 2013,and the Special Award of the 29th Advanced Technology Award for Creativityin 2015.

Nei Kato (F13) received the B.S. degree from Poly-technic University, Tokyo, Japan, in 1986, and theM.S. and Ph.D. degrees in information engineeringfrom Tohoku University, Sendai, Japan, in 1988 and1991, respectively.

He joined the Computer Center of Tohoku Uni-versity as an Assistant Professor in 1991, and waspromoted to Full Professor position with the Gradu-ate School of Information Sciences, Tohoku Univer-sity, in 2003. He became a Strategic Adviser to thePresident of Tohoku University in 2013. He has been

engaged in research on computer networking, wireless mobile communications,satellite communications, ad hoc & sensor & mesh networks, smart grid, andpattern recognition. He has published more than 300 papers in peer-reviewedjournals and conference proceedings.

Dr. Kato currently serves as a Member-at-Large on the Board of Governors,IEEE Communications Society, the Chair of IEEE Ad Hoc & Sensor NetworksTechnical Committee, the Chair of IEEE ComSoc Sendai Chapter, the Editor-in-Chief of IEEE Network Magazine, the Associate Editor-in-Chief of IEEEInternet of Things Journal, and an Area Editor of IEEE TRANSACTIONS ONVEHICULAR TECHNOLOGY. He has served as the Chair of IEEE ComSocSatellite and Space Communications Technical Committee (20102012), theChair of IEICE Satellite Communications Technical Committee (20112012).He was the recipient of the Minoru Ishida Foundation Research Encourage-ment Prize(2003), the Distinguished Contributions to Satellite CommunicationsAward from the IEEE Communications Society, Satellite and Space Com-munications Technical Committee (2005), the FUNAI information ScienceAward (2007), the TELCOM System Technology Award from Foundationfor Electrical Communications Diffusion (2008), the IEICE Network SystemResearch Award (2009), the IEICE Satellite Communications Research Award(2011), the KDDI Foundation Excellent Research Award (2012), and the IEICECommunications Society Distinguished Service Award (2012), DistinguishedContributions to Disaster-resilient Networks R&D Award from Ministry ofInternal Affairs and Communications, Japan (2014), seven Best Paper Awardsfrom IEEE GLOBECOM/WCNC/VTC, and IEICE Communications SocietyBest Paper Award (2012). Aside from his academic activities, he also serveson the Expert Committee of Telecommunications Council, Ministry of InternalAffairs and Communications, and as the chairperson of ITU-R SG4 and SG7,Japan. He is a Distinguished Lecturer of IEEE Communications Society andVehicular Technology Society. He is a Fellow of Institute of Electronics,Information and Communication Engineers.

Yoshitaka Shimizu received the B.E. and M.S. de-grees in electrical engineering from Tokyo Instituteof Technology, Yokohama, Japan, in 1995 and 1997,respectively.

He joined NTT Wireless Systems Laboratories in1997. He is currently engaged in the research and de-velopment of wireless access systems with the NTTNetwork Innovation Laboratories, NTT Corporation.

Atsushi Takahara (M12) received the B.S., M.S.,and Dr. Eng. degrees from Tokyo Institute of Tech-nology, Yokohama, Japan, in 1983, 1985, and 1988,respectively.

In 1988, he joined NTT LSI Laboratories, wherehe researched formal methods of very large scale in-tegration design, reconfigurable architectures, and IPprocessing. From 2003 to 2008, he was the Directorof Service Development and Operations Department,Visual Communications Division, NTT Bizlink, Inc.,where he developed and operated an IP-based visual

communication service. From 2008 to 2011, he was the Executive Managerof Media Innovation Laboratory with NTT Network Innovation Laboratories.,where he became the Director from 2011 to 2015. Since 2015, he has been theSenior Vice President for the Sales and Marketing Group with NTT ElectronicsCorporation, Yokosuka, Japan. His current research interests are IP networkingfor real-time communication applications, IP infrastructure technologies, andoptical transport technologies.

Dr. Takahara is a member of the Association for Computing Machinery; theInstitute of Electronics, Information and Communication Engineers; and theInformation Processing Society of Japan.

Tingting Jiang (S11) received the B.S. degree(summa cum laude) in computer science from Vir-ginia Polytechnic Institute and State University (Vir-ginia Tech), Blacksburg, VA, USA, in 2007. She iscurrently working toward the Ph.D. degree in com-puter science at Virginia Tech. She is also currentlya Full-Time Software Engineer with Virginia TechUniversity Libraries.

During 20072009, she was a Software Engineerwith Intrexon Corporation, Blacksburg. Her researchareas are in wireless networking and cyber security.

Ms. Jiang was a recipient of a National Science Foundation Graduate Re-search Fellowship (20112014) and a Microsoft Research Graduate WomensScholarship (2011).

effectively collecting data for the location-based_authentication in iot

Documents