Vol 4 No 1 - August 2013

International Journal of Computer Science
and Business Informatics

(IJCSBI.ORG)
ISSN: 1694-2507 (Print)

VOL 4, NO 1
ISSN: 1694-2108 (Online) AUGUST 2013
IJCSBI.ORG
Table of Contents VOL 4, NO 1 AUGUST 2013
Concurrency Control Mechanism for Nested Transactions in Mobile Environment .............................. 1

Ms. Nyo Nyo Yee and Ms. Hninn Aye Thant
Generating Keys in Elliptic Curve Cryptosystems ................................................................................ 1

Dragan Vidakovic and Dusko Parezanovic
Cost Estimation of Information Technology Risks and Instituting Appropriate Controls ........................ 1
Princewill Aigbe and Jackson Akpojaro
An Efficient Access Control Model for Wireless Sensor Network .......................................................... 1

Behzad Molavi, Hamed Bashirpour and Dr. Morteza Nikooghadam
Three Tank System Control Using Neuro - Fuzzy Model Predictive Control .......................................... 1
Adel Abdurahman
The Computer-Linguistic Analysis of Socio-Demographic Profile of Virtual Community Member .......... 1

Yuriy Syerov, Andriy Peleschyshyn and Solomia Fedushko
Using Analytic Hierarchy Process (AHP) to Select and Rank a Strategy Based Technology ..................... 1
Majid Nili Ahmadabadi, Masoud Najafi, Peyman Gholami and Payam Gholami
Explore the Possibility of Moving the Government to the Web 2 in IRAN ............................................. 1
Alireza Shirvani, Ameneh Malmir and Fariba Azizzadeh
International Journal of Computer Science and Business Informatics
IJCSBI.ORG
Concurrency Control Mechanism

for Nested Transactions in Mobile
Environment
Ms. Nyo Nyo Yee
Faculty of Information and Communication Technology
University of Technology (Yatanarpon Cyber City)
Pyin Oo Lwin, Mandalay Division, Myanmar
Ms. Hninn Aye Thant

Faculty of Information and Communication Technology
University of Technology (Yatanarpon Cyber City)
Pyin Oo Lwin, Mandalay Division, Myanmar
ABSTRACT
In mobile environment, mobile host can initiate transactions and that transactions may be
executed at mobile host or fixed host. Most of the transactions use in mobile environment is
flat transactions. In modern world, most of the applications are complex and long-running.
Flat transactions could not work properly in complex and long-running applications.
Moreover, flat transactions can be performed only commit or rollback and cannot save
intermediate results. If transactions rollback, the whole transaction will be re-started. To
solve this problem, we proposed a method that based on closed nested transactions because
nested transactions are suited for complex application and can save intermediate result.
Proposed system is based on existing Two-Shadow Speculative Concurrency Control
(SCC-2S) mechanism that solves concurrency control problem (read-write conflict) for
nested transactions and complex application. Proposed system solves the facts that could
not solve (write-write conflict) in existing SCC-2S algorithm and also adds Priority Control
mechanism to improve the performance of the system and to reduce miss deadlines. This
method is intended for Mobile Real-Time Database System (MRTDBS). Concurrency
Control will perform at the Fixed Host and the results are returned back to the
corresponding Mobile Hosts.
Keywords
Concurrency control, fixed host, flat transaction, real-time database, nested transaction.
1. INTRODUCTION
Mobile Real-time Database System (MRTDBS) provide information to
Mobile Host (Mobile User). Primary objective of MRTDBS is to minimize
missed deadlines. Mobile host can initiate transactions from anywhere and
at anytime. When shared data item is updated by multiple transactions from
mobile devices at the same time, Concurrency Control(CC) techniques are
required to guarantee timely access and correct results (Consistency).
General characteristics of mobile environments like mobility, low
bandwidth, limited battery power, limited storage, frequent disconnections
etc. makes concurrency control more difficult [10].
ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 1

IJCSBI.ORG
Various concurrency control algorithms differ from the time when conflicts
are detected, and the way they are resolved. Pessimistic Concurrency
Control (PCC) and Optimistic Concurrency Control (OCC) alternatives
differ from conflict detection and conflict resolution. PCC locking protocols
detect conflicts as soon as they occur and resolve them using blocking,
while OCC protocols detect conflicts at transactions commit time and
resolve them using restarts.
Speculative Concurrency Control (SCC) algorithms combine the advantages
of both PCC and OCC algorithms, and avoid their disadvantages. SCC
algorithm similar PCC algorithm in those potentially harmful conflicts is
detected as early as possible, and it increases the chances of meeting timing
constraints. SCC resembles OCC in that it allows conflicting transactions to
proceed concurrently, thus it avoids unnecessary delays to meet timely
commitment. SCC allows many shadows for uncommitted transactions. But,
SCC-2S allows a maximum of two shadows per uncommitted transaction to
exist in the system at any point in time: a primary shadow and a standby
shadow [1]. Primary shadow means the original nested transaction query to
access shared data. Standby shadow means the copy of the original query
that does not contain the portion of the query that the primary shadow is
already performed.
The rest of this paper is organized as follows: Section 2 briefly introduce
mobile database environment. In section 3, we present our proposed method
and proposed system architecture. In section 4, we present mathematical
expression of proposed method and Section 5 shows performance analysis
for pessimistic concurrency control and our proposed method. Section 6
draws the conclusion.
2. MOBILE DATABASE ENVIRONMENT

Mobile database environment consists of Mobile Host (MH), Fixed Host
(FH) and Base Station (BS) .The communication of the MH and FH is
supported by BS. FH and BS are connected with a wired network. Some
MH have Database Management System (DBMS) module to perform
database operations. Proposed system architecture contains MHs and FH.
FH has database system module to perform database operation and MH does
not require having database system module. In mobile environment, MH
can process its workload in continuously connected mode or in disconnected
mode or in intermittent connected mode [8]. In proposed system
architecture, mobile host can live intermittent connected mode and after
fixed host had performed database operation, the results are returned back to
the corresponding mobile host.

IJCSBI.ORG
There are three type of data dissemination mode in mobile environments. In
Broadcast Mode (push process), On-Demand Mode (pull process) and
Hybrid Mode [8].Our proposed model use On-Demand Mode.
2.1 Classification of Transactions

There are three types of transactions used in database system. They are flat
transactions, nested transactions and distributed transactions. All of these
transactions have four properties. These properties are Atomicity,
Consistency, Isolation (Independence) and Durability (or Permanency).
Flat transactions access a single database and adequate for simple
applications [10]. Nested Transactions are constructed from a set of sub-
transactions. Each sub-transaction may also have sub-transactions, and
nesting can occur to arbitrary depth. Nesting of transactions can be
represented by a transaction tree. Transaction at the root of the tree is called
top-level transaction (TL-transaction); others are called sub -transactions.
There are two types of nested transaction model, open nested transaction
model and closed nested transaction model.
Figure 1. Open Nested transaction Model
Transactioin T1 Transactioin T2
parent parent
transaction transaction
T11 T21
T12 T22
T13 T23
Figure 2. Closed Nested transaction Model

IJCSBI.ORG
In open nested transaction model, parent transaction does not enforce
restriction of the execution, rollback, and commitment of its sub-
transactions. The parent transaction only invokes sub-transaction, and the
sub-transactions executed independently to each other and to the parent[4].
Open nested transaction has only one parent transaction and the transaction
is broken down smaller parts and can perform parallel between sub-
transaction. Locks are released before parent transaction. Locks are
inherited from parent transactions and perform intra-transaction parallelism
[6]. Figure 1 defines open nested transaction model. In closed nested
transaction model, locks are released after parent transaction and perform
inter-transaction parallelism and can be used for the two or more transaction
access the same data item concurrently [3]. Closed nested transaction is
especially designed for conflict between one nested transaction and other
nested transactions not only between in one transaction. Figure 2 defines
closed nested transaction model.
Distributed transactions concern with the division of transactions due to
need of accessing distributed resources. Special distributed algorithms are
needed to handle locking of data and committing of transactions [9].
2.2 Execution Modes in Mobile Environment

Transactions are initiated at mobile host but may be executed on mobile
host or fixed host or the execution may be distributed between mobile host
and fixed host respectively. There are five execution modes in Mobile
Environment. They are
Complete Execution on Fixed Network
Transaction is initiated at mobile host but is completed executed at fixed
network. In this approach, mobile host acts as a thin client.
Complete Execution on MH
Transactions are initiated at mobile host and are executed on mobile host.
This approach requires mobile hosts to have processing and storage
capabilities as well as managing data. But, reconciliation is needed with
fixed host at some point in time.
Distributed Execution on MH and Wired Network
Transaction is initiated at mobile hosts and the execution is distributed
among mobile host and fixed host. A sub-transaction is executed at fixed
host and another one at mobile host. This approach helps in minimizing the
communication between the fixed host and mobile hosts.
Distributed Execution among several MHs
Transaction is distributed among several mobile hosts for execution. It
provides a peer-peer strategy. A mobile host acts as a server for other

IJCSBI.ORG
mobile hosts so that the execution is distributed between them. The
selection of a mobile host for execution of a transaction is location based.
Distributed Execution among MHs and FHs
Transaction execution is distributed among several mobile hosts and fixed
hosts respectively. In this approach, multiple parties may be involved [7].
3. PROPOSED SYSTEM
In our system, mobile user sends query using an uplink channel (pull
process). To process the request, database server in Fixed Host use proposed
method Two-Shadow Speculative Concurrency Control (SCC-2S) with
Priority that avoids conflict (access the same data) to control concurrent
access. To increase the degree of parallelism in the execution of long
running transaction is primary objective of nested transaction. This system
aim for strict deadline nested transactions to improve inter-transaction
concurrency. Mobile Host (MH) can live intermittent connected mode (not
need to connect the database server) while Fixed Host (FH) perform
database operation. After the database operation had performed, FH returns
the result back to corresponding MH. MH does not require having Database
System (DBMS) module to perform database operations. So, MH acts as a
thin client. Figure 3 define flow diagram for proposed system.

IJCSBI.ORG
Begin
Transaction from
Mobile Hosts
Primary Shadow is created

and executed
End
No Result send to the

If conflicts Process the
corresponding
or not Transaction
Mobile Host
Yes Yes
Yes Check the required data

Check conflict at the
can get only one database
same time
or not
No
No
Standby Shadow is created
Primary shadow is aborted

Standby shadow is promoted to
primary shadow and executed
Figure 3. Flow diagram for proposed system

During the transactions run, if conflicts occur between the transactions,
SCC-2S with Priority algorithm is used to solve the conflict. When the two
transactions encounter (read-write) conflict, the read transaction create the
standby shadow (copy the transaction) where the conflict is detected. This
standby shadow excludes the part of the transaction that the primary shadow
(original transaction) already performed. When the two transactions
encounter (write-write) conflict, the transaction with late time creates the
standby shadow. But the two transactions encounter (write-write) conflict at
the same time, our proposed system uses priority control mechanism to
determine which transaction should create the standby shadow. Figure 4
defines proposed system architecture.

IJCSBI.ORG
RTDBS is controlled by
SCC-2S with Priority
Algorithm
DB DB
Fixed Host
MH
MH
MH MH MH
Figure 4. Proposed system architecture

3.1 Priority Control Mechanism
In this theory, we define Twt1 and Twt2 are write lock-requesting transactions.
Transaction is defined TF if it access data items available at only one
Database Module. Otherwise it is defined TS transaction. If transaction is
TF, it is assigned high priority otherwise it is assigned low priority.
Write Lock Conflict (Twt1, Twt2)
Begin
if Priority(Twt1)> Priority(Twt2)
Create standby shadow for transaction Twt2
else if Priority(Twt1)< Priority(Twt2)
Create standby shadow for transaction Twt1
Else
Create standby shadow that have greater access item
end if
End
3.2 Two Shadow Speculative Concurrency Control(SCC-2S) with
Priority
Speculative Concurrency Control (SCC) is especially designed for real-time
database applications. It relies on the use of redundancy to ensure that
serializable schedules are discovered and adopted as early as possible, that
increase in timing commitment of transactions with strict timing constraints.
Two-Shadow SCC algorithm (SCC-2S), a member of the SCC-nS family,
and minimal use of redundancy. SCC-2S uses at most two shadows for each
transaction, primary shadow and standby shadow. Original SCC-2S
algorithm solves read/write conflict for concurrent transactions. For our

IJCSBI.ORG
contribution, we want to solve write/write conflict for nested transaction and
also add priority control mechanism for nested transaction. The detailed
explanation for SCC-2S is:
Let Tj be any uncommitted transaction in the system. The primary shadow
for Tj runs (among all the other transactions with which Tj conflicts) to
commit. Therefore, it executes without incurring any blocking delays. At
that time, standby shadow for Tj, is subjected to blocking and restart. It is
kept ready to replace the primary shadow, if replacement is needed.
The SCC-2S algorithm resembles Optimistic Concurrency Control with
Broadcast Commit (OCC-BC) algorithm in that primary shadows of
transactions continue to execute either until they validate or commit or until
they are aborted. The difference is that SCC-2S keeps a standby shadow for
each executing transaction to be used if that transaction must abort. The
standby shadow is basically a replica of the primary shadow, except that it is
blocked at the earliest point where a Read-Write conflict is detected
between the transaction it represents and any other uncommitted transaction
in the system. If required, the standby shadow is promoted to become the
primary shadow, and execution is resumed from the point where potential
conflict was discovered [5].
Illustration of SCC-2S works is, shown in Figure 5. The two mobile units
MU1 and MU2 access the same data item x. MU1 execute Transaction T1
to write data item x. MU2 execute Transaction T2 to read data item x. Both
transactions T1 and T2 start with one primary shadow, namely T10 and T20
respectively. When T20 attempts to read object x, a potential conflict is
detected. At this point, a standby shadow, T21, is created. The primary
shadows T10 and T20 execute without interruption, whereas T21 blocks.
Later, if T10 successfully validates and commits on behalf of transaction T1,
the primary shadow T20 is aborted and replaced by T21, which resumes its
execution, we hope to commit before its deadline [2].
Figure 5. Schedule with a standby shadow promotion

IJCSBI.ORG
It is possible that multiple conflicts develop between executing transactions.

The three mobile units MU1, MU2 and MU3 access the same data. MU1
execute Transaction T1 to write data item y. MU2 execute Transaction T2 to
read data item x and data item y. MU3 execute Transaction T3 to write data
item x. Figure 6 illustrates the behavior of SCC-2S when a second conflict
develops between T2 and another transaction T3. In particular, the primary
shadow T10 of T1 attempts to write an object y that both shadows T20 and T21
had previously read. In this case, the primary shadow T21 create the standby
shadow T22 to solve conflict with transaction T1.
The SCC-2S algorithm allows at most two shadows for the same transaction
to co-exist at any given time. In particular, after T21 is promoted to become
the primary shadow for T2, a standby shadow T22 is forked off to account for
the read-write conflict between T21 and T1[2].
Figure 6. Schedule with two standby shadows

For our contribution, we add write-write conflict for concurrency control in
Figure 7. The two mobile units MU1 and MU2 access the same data item x.
MU1 execute transaction T1 to write data item x. MU2 execute Transaction
T2 to write data item x. Write conflict time for transaction T2 late. So
transaction T2 create standby shadow. For example, Figure 8 defines closed
nested transaction with their time. Transaction T1 perform write operation
on three database items(a,x,z) and transaction T2 perform write operation on
three items (b,x,y). Figure 9 shows the time when using our proposed
method.
Figure 7. Schedule with a standby shadow promotion for write-write conflict

IJCSBI.ORG
0 10 20 30 40 50 60 70 80 90 100 110 120 130
Wa Wx Wz
0
T1
10 30 50 70
Wb Wx Wy
0
T2
20 40 60 80
Figure 8. Sub-transactions with their time
0 10 20 30 40 50 60 70 80 90 100 110 120 130
Wa Wx Wz
T10
10 30 50 70
Wb Wx Wy
T20
20 40 60 70
Wx Wy Wx Wy
T21
40 60 70 90 110
Transaction from T1
Standby shadow for T2
commit at time 70 and standby
and block at first time
shadow start operation and finish
at time 110
Figure 9. Proposed method with write-write conflict

But, in Figure 10 write conflicts occur at the same time. At that time, our
system use priority control mechanism. Assume transaction T1 is TF
transaction and transaction T2 is TS transaction. So, the standby shadow T21
is created for transaction T2. Figure 11 shows the time when using our
proposed method (SCC-2S with priority)
Figure 10. Schedule with a standby shadow promotion for write-write conflict
using priority control mechanism

IJCSBI.ORG
0 10 20 30 40 50 60 70 80 90 100 110 120 130
Wa Wx Wz
T10
10 30 50 70
Wb Wx Wy
T20
10 30 50 70
Wx Wy Wx Wy
T21
30 50 70 90 110
Standby shadow for T2 Transaction from T1

and block at first time commit at time 70 and standby
at time 110
Figure 11. Proposed method with write-write conflict with priority
4. MATHEMATICAL EXPRESSION FOR PROPOSED METHOD

Let T = T1,T2 ,T3,, Tm be the set of uncommitted transactions in the
system. Let Tprimary and Tstandby be primary and standby shadows executing
on behalf of the transaction set T, respectively. For each standby shadow T rj
in the system , a set WaitFor(Trj) is maintained , which contains a list of
tuples of the form (Ts , Y), where Ts T and Y is an object of the shared
database. (Ts , Y) WaitFor(Trj) implies that Trj must wait for Ts before
being allowed to read or write object Y. The notation (Ts, - ) WaitFor(Trj)
is used where there exists at least one tuple (Ts , Y) WaitFor(Trj) , for
some object Y. Details of the SCC-2S algorithm are defined as follows:
1) When a new transaction Ts is requested for execution, a primary shadow
Ts0 Tprimary is created and executed.
2) Whenever a primary shadow Tsi wishes to read an object Y that has been
written by another shadow Trj, then:
a) If there is no standby shadow for Ts , a new shadow Tsi+1 for Ts is
created, such that WaitFor (Tsi+1) = {( Tr , Y)}, otherwise
b) Let Tsk be the standby shadow executing on behalf of Ts. If (Tr,,Y)
WaitFor(Tsk ), then WaitFor(Tsk) = WaitFor (Tsk ) U {(Tr , Y)}.
3) Whenever a primary shadow Tsi wishes to write an object X that has been
read by another shadow Trj , then:
a) If there is no standby shadow for Tr , then a new shadow Trj+1 for Tr
is created and executed, such that WaitFor(Trj+1) = {( Ts ,X)}, otherwise
b) Let Trk be the standby shadow executing on behalf of Tr. If (Ts,,X)
WaitFor(Trk ), then Trk is aborted and a new standby shadow Trk+1 is started
with WaitFor(Trk+1) = WaitFor(Trk ) U {(Ts , X )}.

IJCSBI.ORG
4) A standby shadow Tsi is blocked whenever it wishes to read any object
that has been written on behalf of any of the transactions in WaitFor(Tsi).
5) Whenever it is decided to commit a primary shadow Tsi on behalf of
transaction Ts , then
a) If (Ts , - ) WaitFor(Trj) then the primary shadow of Tr is aborted,
Trj is promoted to become a primary shadow of Tr, and a new backup
shadow Trj+1 is forked off Trj, such that WaitFor (Trj+1) = WaitFor(Trj) - {(
Ts , - )}.
b) Any standby shadow of Ts is aborted[1].
Mathematical expression for write-write conflict
6) Whenever a primary shadow Tri wishes to write an object X that has been
written by another shadow Tsj, if the time of transaction Tri write an object
X is a little late than the time of transaction Tsj write an object X then,
a) If there is no standby shadow for Tr i , then a new shadow Tri+1 for Tr
is forked off, such that WaitFor(Tri+1) = {(Ts ;X)}, otherwise
b) Let Trk be the standby shadow executing on behalf of Tr . If (Ts;X)
WaitFor(Trk), then Trk is aborted and a new standby shadow Trk+1 is started
with WaitFor(Trk+1)= WaitFor(Trk ) U {(Ts;X)}.
Mathematical expression for write-write conflict with priority control
mechanism
7) Whenever a primary shadow Tri wishes to write an object X that has been
written by another shadow Tsj, if the two transaction Tri and Tsj write the
same data object X at the same time , proposed system use priority control
mechanism. We assume transaction Tsj access only one database module and
it is local transaction and transaction Tri access more than one database
module and it is global transaction.
a) If there is no standby shadow for Tri , then a new shadow Tri+1 for Tr
is forked off, such that WaitFor(Tri+1) = {(Ts ;X)}, otherwise
b) Let Trk be the standby shadow executing on behalf of Tr . If (Ts;X)
WaitFor(Trk), then Trk is aborted and a new standby shadow Trk+1 is started
with WaitFor(Trk+1)= WaitFor(Trk ) U {(Ts;X)}.
5. PERFORMANCE ANALYSIS
Most of concurrency control method based on Pessimistic and Optimistic
concurrency control. But in mobile environment, most of the method based
on Optimistic Concurrency Control. In Optimistic Concurrency Control,
each transaction perform database operation using three distinct phases- read
phase, validation phase and write phase. Moreover, Optimistic Concurrency
Control detects conflicts at transaction commit time and resolve them using
restarts. In mobile environment, to use Optimistic Concurrency Control

IJCSBI.ORG
MHs have Database System Module to perform database operations. After
finishing database operation, MHs send result back to FH to check conflicts
or not. If conflicts occur between transactions, only one MH write request is
performed and other MHs must perform database operations again.
Pessimistic concurrency control is based on two phase locking protocol in
which a row is unavailable to users from the time the record is fetched until
it is updated in the database. So, if conflicts occur between transactions,
conflicted transactions perform database operation again. We compare our
proposed method with pessimistic concurrency control because of
pessimistic concurrency control perform database operation at FH. Figure 12
shows write-write conflicts occurs between transactions T1 and T2 .
Transaction T2 finish time is 130. Moreover, if transactions use more than
one database, this method can increase transaction processing time and can
reduce system performance. Figure 13 uses proposed method and
Transaction T2 finish time is 110. So, our proposed method can improve
system performance and can reduce transaction processing time.
0 10 20 30 40 50 60 70 80 90 100 110 120 130
Wa Wx Wz
0
T1
10 30 50 70
Wb Wx Wy
0
T2
70 90 110 130
Figure 12. Pessimistic concurrency control method perform operation and the finish
time for Transaction T2
0 10 20 30 40 50 60 70 80 90 100 110 120 130
Wa Wx Wz
T10
10 30 50 70
Wb Wx Wy
T20
10 30 50 70
Wx Wy Wx Wy
T21
30 50 70 90 110
Standby shadow for T2 Transaction from T1

and block at first time commit at time 70 and standby
at time 110
Figure 13: Proposed method with write/write conflict with priority

IJCSBI.ORG
6. CONCLUSIONS
Two Shadow Speculative Concurrency Control (SCC-2S) with Priority is a
powerful mechanism for concurrency control in Mobile Real-time
Database System (MRTDBS). SCC-2S with Priority provides high respond
time and throughput. SCC-2S with priority relies on redundancy to ensure
that serializable schedules are discovered and adopted as early as possible,
thus increasing the likelihood of the timely commitment of transaction with
strict timing constraints. SCC-2S with Priority decreases the number of
missed deadlines, reduce battery power and memory usage in the system.
In SCC-2S with Priority, shadow transactions execute on behalf of a given
uncommitted transaction so as to protect against the hazards of blockages
and restarts. Moreover, MHs cannot require to have database system
module and MHs can live thin clients.
7. ACKNOWLEDGMENTS
I would like to thank my supervisor, Dr. Hninn Aye Thant, Associate
Professor, Faculty of Information and Communication Technology,
University of Technology (Yatanarpon Cyber City), Pyin Oo Lwin,
Myanmar, for her excellent guidance, where the initial scope of the thesis
was defined, and throughout the process of writing this thesis.
REFERENCES
[1] Azer Bestavros, Speculative Concurrency Control ,Computer Science Department,
Boston University, Boston, 02215, January 27, 1993.
[2] Azer Bestavros , Spyridon Braoudakis , Euthimios Panagos , Performance Evaluation
of Two-Shadow Speculative Concurrency Control, Computer Science Department,
Boston University, Boston, 02215, February 5, 1993.
[3] Ekaterina Pavlova, Igor Nekrestyanov Concurrency Control Protocol for Nested
Transactions in Real-Time Databases , St. Petersburg University, Russia, 1996.
[4] Hamzeh Khazaei, Mobile Database System,Math & Computer Science Department,
Amirkabir University of Technology, (Tehran Polytechnic), Hamzeh.
khazaei@aut.ac.ir
[5] Jun Chen, Yu Fen Wang, Jian Ping Wang, Concurrency Control Protocol for Real-
Time Database and the Analysis Base on Petri Net, Jun Chen et al., 2010, Advanced
Materials Research, 143-144, 12, October, 2010.
[6] Rajesh Badani, Nested Transactions for Concurrent Execution of Rules: Design and
Implementation, University of Florida, 1993.
[7] Salman Abdul Moiz, Supriya N.Pal, Jitendra Kumar3, Lavanya P, Deepak Chandra
Joshi, Venkataswamy G , Concurrency Control In Mobile Environments: Issues &
Challenges, International Journal of Database Management Systems ( IJDMS ) Vol.3,
No.4, November 2011.
[8] Syed Abbas Bukhari , Samuel Rivera Aparicio , A Survey of Current Priority
Assignment Policies (PAP) and Concurrency Control Protocols (CCP) in Real-Time
Database Systems RTBDS. MS Bioinformatics, Sustainable and Resilient
Infrastructures Systems (CEE), 2012.

IJCSBI.ORG
[9] Transaction and Concurrency Control,CS 141b- Distributed Computation
Laboratory, http://www.cs.caltech.edu/~cs141/, February 19, 2004. Transaction and
Concurrency Control,CS 141b- Distributed Computation Laboratory,
http://www.cs.caltech.edu/~cs141/, February 19, 2004.
[10] Vishnu Swaroop, Gyanendra Kumar Gupta, Udai Shanker, Issues In Mobile
Distributed Real Time Databases: Performance And Review , India ,2011.

IJCSBI.ORG
Generating Keys in Elliptic Curve

Cryptosystems
Dragan Vidakovic and Dusko Parezanovic
Gimnazija, Ivanjica, Serbia
ABSTRACT
In this paper, we will present how to find keys elliptic curve cryptosystems (ECC) with
simple tools of Delphi 7 console application, using the software problem solving of the
scalar point multiplication in the field GF (p), where p is an arbitrary prime number.
Keywords
Cryptography, ECC, Point multiplication, Public key, Open source software
1. INTRODUCTION
Since our permanent goal is to have more of our own software [1], we have
decided to present in this paper the software implementation of the scalar
point multiplication in a finite field Fp [2]. Besides this basic motive, there
is one more which seems to be more important the actual prioritizing ECC
over RSA. If we compare ECC to RSA, we can conclude that ECC is faster,
safer and requires significantly less resources (ranging from energetic
resources, up to hardware). So, ECC becomes a better alternative when it
comes to authentication of different mobile devices, in sensor networks, and
wherever there is a need (for a variety of reasons) to avoid the raw and
endless increasing of the number of bits, as it is the case in RSA [3], [4].
There is one more reason why we have opted for this work: despite the fact
that mathematical bases of ECC and RSA are completely different, they are
solved using the same instruments, i.e. tools we have developed [5]. The set
of tools necessary for the formation of a private key in ECC is a real subset
of tools needed for the solving of the same problem in RSA.
Of course, we cannot ignore the fact ( in our intention to introduce a scalar
point multiplication) that both leading schemes of digital signature (ECC
and RSA) are brilliant examples of the application of the theory of finite
fields [6 - 9], where ECC [10-17] is still based on the richness of algebraic
features of elliptic curves , while RSA is based on the assumption of
difficult factoring of large numbers whose only factors are two large
(probably) prime numbers.

IJCSBI.ORG
2. TASK AND AIM
In this paper we do not intend to deal with the theory of elliptic curves,
because there is a lot of good work on that [2],[8], [18-19]. We are
interested in the results of the theory that we wish to encode.
Our goal is to calculate k*P=Q, where P and Q are points (set E) on an
eliptic curve: y2= x3 +ax +b. Operation * denotes the series of Point
doubling and Point adding.
2.1 Point adding
For given two points P(xp,yp), Q(xq,yq) (PQ) in the set E, the group
operator will allow us to calculate a third point R(xr,yr), also in the set E,
such that P + Q = R.
Not difficult to find the coordinates of point R: xr = s2 xp - xq where s2 =2xp
+ xq +xr xp
y r y p
As point R belongs to the straight line (PQ) then s= x r x p
and we find: yr =
yp +s(xr xp)
2.2 Point doubling
For given point P(xp,yp) in the set E, the group operator will allow us to
calculate a third point R(xr,yr), also in the set E, such that P + P = 2P= R.
3x 2p a
xr = s2 -2xp where s= 2y p
and yr= yp +s (xr xp)
2.3 Point multiplication

One of the most important operations for all applications of elliptic curves is
scalar multiplication. Scalar multiplication consists of computing the value
of a large integer multiplied by a point by doing a series of point doublings
and additions until the product point is reached. In this paper we will use
approach for computing k*P was introduced by Montgomery [20].
Algorithm: Binary method
INPUT: An integer k>0 and a point P.
OUTPUT: Q=k*P
1. Set k(kl-1k1k0)2
2. Set P1P, P2=2P.
3. for I from l-2 downto 0 do
If ki=1 then
Set P1P1 +P2, P22P.
Else
Set P2P2+P1, P12P1.

IJCSBI.ORG
4. RETURN (Q=P1)
3. CONSOLE APPLICATION DELPHI 7
In this paragraph, we will encode the algorithm above by a simple tool, and
that is the Console Application Delfi 7 (see Appendix). Our goal is not to
develop the program that is characterized by faultless performance; our goal
is to show that this program does its task (point multiplication) and that it is
possible to solve such a serious task in a simple way which is good for
learning and entering the problem, the way that breaks the concern about the
cryptic of cryptography itself. This way can assure us that applied
cryptography is not as difficult as it seems to be. This program is a really
good base for those who want to optimize and develop their own tool that
wont be just illustrative, but it will be able to serve, considering the fact
that we work with arbitrarily large numbers for which it is only necessary to
set the initial constant in the Unit [21-22].
3.1 Example (Outputs)
NIST (National Institute of Standards and Technology) recommended ten
finite fields [2]. We will observe the prime finite field Fp for p=2192 264 -1
For curve P-192 a= - 3 and base point:
P(XG, YG):
XG = 0x 188da80eb03090f67cbf20eb43a118800f4ff0afd82ff1012
YG= 0x 07192b95ffc8da78631011ed6b24cdd53f977a11e794811
Let k=
1000000000000000000000000000000000000000000000000000000000010
0000000000000000000000000000000000000000000000001000000000000
00000000000000000000000000010001101011
(probably) prime large (160 bit) number. ( k[159]=1, k[100]=1,
k[50]=1,k[10]:=1; k[6]:=1; k[5]:=1; k[3]=1, k[1]=1, k[0]=1). This number
is not random good for cryptography, but was taken to illustrate the
example.
Coordinates of the point Q(X, Y) =k* P(XG, YG) are :
X: 0x a9355c37074c8195faa23d1d071997fe4ea7a2bdec781047
Y:0x 911a232aabeba33b5e8f29743f2837955cd5bf1f74aa9a24
4. ECDSA KEY PAIR

The Elliptic Curve Digital Signature Algorithm (ECDSA) [2] is the elliptic
curve analogue of DSA (Digital Signature Algorithm) [22].
Security of DSA based on the computational intractability of the discrete
logarithm problem (DLP) [23].

IJCSBI.ORG
The mathematical basis for the security of elliptic curve cryptosystems
(ECC) is the computational intractability of the elliptic curve discrete
logarithm problem (ECDLP) [24-25].
To put it simply: It is dificult to find a point P and integer k, given their
product k*P.
4.1 ECC parameters
1. Public key is Q.
2.Private key is k: (we choose)
1000000000000000000000000000000000000000000000000000000000010
0000000000000000000000000000000000000000000000001000000000000
00000000000000000000000000010001101011
3. Modulus:
1111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111
1111101111111111111111111111111111111111111111111111111111111
111111111)
Which we generate the key pair for ECDSA.
4.2 RSA parameters - comparison
Elliptic curve cryptography can provide the same level and type security as
RSA but with much shorter keys. More precisely, ECC takes one-sixth
computational effort to provide the same security that ones get with 1024-
bit RSA, what no comments confirmed the following example:
1024 -bit RSA parameters
1. Public key pair (n,e)
e:111 (we choose)
n: (we count)
1000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000
0000000000010000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000
0000000000000000010000000000000000000000000010000000000000000
0000000000000000000000000000000000100000000000000000000000000
0000000000001101001000010000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000100000000000000000000000000100000
0000000000000000000000000000000000000000000001000000000000000
0000000000000000000000011010010000010000000000000000000000000

IJCSBI.ORG
1000000000000000000000000000100000000000000000000001000000000
0000000000000000010000000000011010010000000000000000000011010
0100000000000000000000000000000000000000000000111100000110000
0000000000000000000000001010100010101001010111
2. Private key d: (we count)
1001001001001001001001001001001001001001001001001001001001001
0010010010010010010010010010010010010010010010010010010010010
0100100100100100100100100100100100100100100100100100100100100
1001001001001001001001001001001001001001001001001001001001001
0010010010100100100100100100100100100100100100100100100100100
1001001001001001001001001001001001001001001001001001001001001
0010010010010010100100100100100100100100100110110110110110110
1101101101101101101101101101101110010010010010010010010010010
0100100100110011100100001001001001001001001001001001001001001
0010010010010010010010010010010010010010010010010010010010010
0100100100100100100100100100110110110110110110110110111001001
0010010010010010010010010010010010010010010010110110110110110
1101101101101101101101111100101101010010010010010010010010010
1001001001001001001001001001011011011011011011011100000000000
0000000000000000001001001001011000001000100100100100100110011
1001000000000000000000000000000000000000000000100010010100100
10010010010010010010010011110010100010111111
3. Modulus: (we count)
1000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000
0000000000010000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000
0000000000000000010000000000000000000000000010000000000000000
0000000000000000000000000000000000100000000000000000000000000
0000000000001101000111101000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000010000000000000000000000000010000
0000000000000000000000000000000000000000000000100000000000000
0000000000000000000000001101000111101000000000000000000000000
0100000000000000000000000000010000000000000000000000100000000
0000000000000000001000000000001101000111100000000000000001101
0001111000000000000000000000000000000000000000011110000010000
00000000000000000000000001010100001110100111000.)

IJCSBI.ORG
5. CONCLUSION
Our paper, as well as other ones, is on the edge of the idea that the best
protection is by using our own tools. In order to achieve this, it is necessary
to increase interest in cryptography [26], and, in our opinion, the best way to
do that is to encode and test cryptographic algorithms.
That is the main reason why we have opted for the simplest console
application. We want to show that it is possible to solve such a significant
task (the scalar point multiplication in a finite field Fp) in an almost
elementary way, without any software-hardware tools.
Thus, the problem becomes more comprehensible to a wider range of
readers, and in a simple way it demonstrates that the applied cryptography is
not as unavailable as it seems to be, or as it is presented.
The false idea of mysterious and too complicated cryptography reduces
interest, refuses and discourages young researchers at the very beginning of
a work, and thus it significantly minimizes the chances for developing our
own tools. Therefore, we become dependent on the software producers, for
whom our secrets become absolutely available. And each country that
intends to protect itself as much as possible must take into account that fact,
so as to protect itself from those who protect our secrets from all the others,
except from them themselves.
REFERENCES
[1] Vidakovic D., Simic D., A Novel Approach To Building Secure Systems, ARES
2007, Vienna, Austria, pp 1074-1084.
[2] Johnson D., Menezes A. and Vanstone S., The Elliptic Curve Digital Signature
Algorithm (ECDSA), Certicom Research, Canada,
[3] Vidakovic D., Nikolic O., Parezanovic D., Acceleration Detection of Large
(Probably) Prime Numbers, International Journal of UbiComp (IJU), Vol.4, No.1,
January 2013
[4] Vidakovic D., Parezanovic D., Nikolic O. and Kaljevic J., Rsa Signature: Behind The
Scenes, Advanced Computing: An International Journal ( ACIJ ), Vol.4, No.2, March
2013.
[5] Vidakovic D., Nikolic O, Kaljevic J. and Parezanovic D., Joint Operation in Public
Key Cryptography, (IJACSA) International Journal of Advanced Computer Science
and Applications, Vol. 4, No.3, 2013
[6] R. Lidl and H. Niederreitter, Introduction to Finite Fields and their Applications,
Cambridge University Press, 1984.
[7] R. Lercier and F. Morain, Counting the number of points on elliptic curves over finite
fields: strategies and performances, Advances in Cryptology Eurocrypt 95, Lecture
Notes in Computer
[8] Avinash Kak, Lecture and Notes on Computer and Network Security,
https://engineering.purdue.edu/kak/compsec/, accesed 15.05.2013.
[9] Schoof R., Elliptic curves over finite fields and the computation of square roots mod
p, Mathematics of Computation, 44 (1985), 483-494.
[10] Koblitz N., Elliptic Curve Cryptosystems, Mathematics of Computation, 48, pp.
203-209, 1987.

IJCSBI.ORG
[11] Miller V., Uses of elliptic curves in cryptography, Advances in Cryptology:
proceedings of Crypto 85, Lecture Notes in Computer Science, vol. 218. New York:
Springer-Verlag, 1986., pp 417-426.
[12] Blake I., Seroussi G. and Smart N., Elliptic Curves in Cryptography, Cambridge
University Press, 1999.
[13] A. Enge, Elliptic Curves and Their Applications to Cryptography An Introduction,
Kluwer Academic Publishers, 1999.
[14] Hasegawa, J. Nakajima and M. Matsui, A practical implementation of elliptic curve
cryptosystems
[15] A. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer Academic Publishers,
Boston, 1993
[16] A. Menezes and S. Vanstone. Elliptic curve cryptosystems and their implementation.
Journal of Cryptology, 1993.
[17] D. R. Stinson, Cryptography, theory and practice, Third Edition, Chapman &
Hall/CRC, 2006.
[18] J. H. Silverman, The arithmetic of elliptic, Springer Verlag, Berlin, 1986.
[19] R. Lercier and F. Morain, Counting the number of points on elliptic curves over finite
fields: strategies and performances, Advances in Cryptology Eurocrypt 95, Lecture
Notes in Computer Science, 921 (1995), Springer-Verlag, 79-94.
[20] Lopez J. and Dahab R., Fast multiplication on elliptic curves over GF(2 m) without
precomputation, http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.26.4712,
Accessed May 2013.
[21] Vidakovic D., Analysis and implementation of asymmetric algorithms for data
secrecy and integrity protection, Master Thesis (mentor Jovan Golic), Faculty of
Electrical Engineering, Belgrade,Serbia, 1999.
[22] Menezes A., van Oorschot P. C.,Vanstone S., Handbook of Applied Cryptography,
CRC Press, New York, 1997.
[23] T. ElGamal, A public key cryptosystem and a signature scheme based on discrete
logarithm problem, IEEE Trans. Info. Theory, IT-31, (1985), pp. 469-472
[24] J. Silverman and J. Suzuki, Elliptic curve discrete logarithms and the index calculus,
Advancesin Cryptology Asiacrypt 98, Lecture Notes in Computer Science, 1514
(1999), Springer-Verlag,110-125.
[25] M. Jacobson, A. Menezes and A. Stein. Solving elliptic curve discrete logarithm
problems using Weil descent. Preprint, 2001.
[26] Koblitz N., Cryptography As a Teaching Tool, Cryptologia, Vol. 21, No. 4 (1997).,
Cryptography As a Teaching Tool, Cryptologia, Vol. 21, No. 4 (1997).
[27] D. Vidakovic, D. Parezanovic, J. Kaljevic, Addition and doubling of points, Journal
of theoretical physics & Cryptography (IJTPC), Vol. 3, July 2013.
APPENDIX
A. NIST recommended prime finite field Fp for p=2192 264 -1
program multiplikacija_nist;
{$APPTYPE CONSOLE}
uses
SysUtils,
{ Unit2mult_200 in '..\..\..\Bin\Unit2mult_200.pas', }
multiplikacija_dalje in 'multiplikacija_dalje.pas';
label 1;
var pxp,pyp,p1x,p1y,p2x,p2y,x2,y2,rez1,rez2:array [0..nn] of integer;

IJCSBI.ORG
var modu,a,b,k:array [0..nn] of integer;
i,j,s1,l,i1,s,p:integer;
begin
b[64]:=1;
a[0]:=1;
modu[192]:=1; oduzmi(modu,a,modu);
{procedure oduzmi- subtraction}
oduzmi(modu,b,modu);
a[1]:=1;
{XG coordinates}
pxp[12]:=1; pxp[16]:=1; pxp[17]:=1; pxp[18]:=1;
pxp[19]:=1; pxp[20]:=1; pxp[21]:=1; pxp[22]:=1;
pxp[23]:=1; pxp[25]:=1; pxp[31]:=1; pxp[32]:=1;
pxp[34]:=1; pxp[35]:=1; pxp[36]:=1; pxp[37]:=1;
pxp[38]:=1; pxp[39]:=1; pxp[41]:=1; pxp[43]:=1;
pxp[48]:=1; pxp[49]:=1; pxp[50]:=1;pxp[51]:=1;
pxp[52]:=1; pxp[53]:=1; pxp[54]:=1; pxp[55]:=1;
pxp[58]:=1; pxp[60]:=1; pxp[61]:=1; pxp[62]:=1;
pxp[63]:=1;
{YG coordinates}
pyp[15]:=1; pyp[17]:=1; pyp[20]:=1; pyp[21]:=1;
pyp[22]:=1; pyp[23]:=1; pyp[26]:=1; pyp[27]:=1;
pyp[28]:=1; pyp[29]:=1; pyp[33]:=1; pyp[38]:=1;
pyp[40]:=1; pyp[41]:=1; pyp[42]:=1; pyp[43]:=1;
pyp[45]:=1; pyp[46]:=1; pyp[47]:=1; pyp[49]:=1;
pyp[52]:=1; pyp[53]:=1; pyp[54]:=1; pyp[55]:=1;
pyp[56]:=1; pyp[57]:=1; pyp[58]:=1; pyp[61]:=1;
pyp[63]:=1; pyp[65]:=1; pyp[67]:=1;
{(probably) prime number k}
k[159]:=1,k[100]:=1;k[50]:=1;k[10]:=1;k[6]:=1;k[5]:=1;k[3]:=1;k[1]:=1;
k[0]:=1;
s1:=0;
for i:=0 to nn do
begin
p1x[i]:=pxp[i];
p1y[i]:=pyp[i];
end;
{Point multiplication}
duplope(pxp,pyp,a,modu,x2,y2);
for i:=0 to nn do
begin
p2x[i]:=x2[i];
p2y[i]:=y2[i];
end;

IJCSBI.ORG
dokle(k,s1);
for i:=s1-1 downto 0 do
begin
if k[i]=1 then
begin
s:=1;
koji(p1x,p2x,s);
if (s=0) then
begin
{procedure duplope- point doubling}
duplope(p2x,p2y,a,modu,p2x,p2y);
goto 1;
exit;
end;
{procedure dverazne-point addition}
dverazne(p1x,p1y,p2x,p2y,modu,p1x,p1y);
end
else
begin
s:=1;
koji(p1x,p2x,s);
if (s=0) then
begin
goto 1;
exit;
end;
dverazne(p2x,p2y,p1x,p1y,modu,p2x,p2y);
end;
end;
{procedure pisi- bin to hex}
pisi(p1x);
writeln;
pisi(p1y);
readln;
1: begin
if s=0 then
write(' Infiniti Point ');
end; end.
Remark: Appropriate procedures are in [27]

IJCSBI.ORG
Cost Estimation of Information

Technology Risks and Instituting
Appropriate Controls
Princewill Aigbe
Department of Mathematics and Computer Science
Western Delta University
Oghara Delta State
Nigeria
Jackson Akpojaro
Department of Mathematics and Computer Science
Western Delta University
Oghara Delta State
Nigeria
ABSTRACT
Nothing puzzles an enterprises Information Technology (IT) manager like the term cost
value when deciding investments made in IT risk management. Therefore, a detailed
analysis of data-driven approach in managing IT risks and reducing or eliminating
disproportionate expenditure on controls is given. This paper is structured in two major
sections: the risk analysis stage, where IT risks are identified and estimated, and the control
selection stage, where the cost of appropriate control is selected to reduce or eliminate a
given IT risk. The paper works through a selected case study scenario to practically
demonstrate the data-driven approach.
Keywords
Information technology risk, data-driven techniques, enterprise risk management, expenditure.
1. INTRODUCTION
There are many definitions of risk, reflecting that risk means different things
to different people. The International Organization for Standardization
(ISO) definition is that, risk is the potential that a given threat will exploit
vulnerabilities of an asset or group of assets and thereby cause harm to the
organization. This definition is used commonly by the industry since it puts
risk into an organizational context by using the concepts of assets and loss
of value terms that are easily understood by business managers.
Risk is also defined as the possibility of damage or loss [1]. The word risk
denotes that a decision maker knows the possible consequences of a
decision and its relative likelihood at the time the decision was made. The

IJCSBI.ORG
ultimate decisions to be made in IT investments are: estimates are prepared
of the risk and return over the investment holding period (investment
analysis) and risk-return estimates are compared to decide how to allocate
available funds among these investments on a continuing basis (IT portfolio
analysis, selection and management).
In the process of estimating IT risk, the identification of risks and

vulnerabilities, and also understanding the relationship between risk and
control is very important in order to determine the necessary controls
needed to reduce these risks. In the Certified Information Systems Auditor
(CISA) study guide [13], controls are policies, procedures, practices and
organizational structures implemented to reduce identified risks. There are
two key aspects that controls should address: these are what should be
achieved, and what should be avoided. In addition, not only do controls
address operational objectives, but they should also address undesired
events through prevention, detection and correction.
Organizations whose business processes are heavily IT dependent are

threaten with a number of information technologies related risks. These
risks must be carefully identified, classified, and analyzed for the purpose of
estimating their costs. In the process of estimating the cost of a given risk,
some determinants are adopted in the risk analysis stage. These
determinants are risk probability, average restoration cost, and cost at risk. It
is when the cost of a given identified risk has been estimated, that
appropriate control can be instituted to reduce (or eliminate) such risk. In
arriving at the best control to reduce an identified IT risk, there are also
determinants that must be procedurally followed in the control selection
stage. These determinants are residual risk, control lost, cost at risk (with
control), cost of control, and cost-value proposition.
The remaining part of the paper is structured as follows; in Section 2, we

discuss the methodological approaches for analyzing and evaluating risks.
Section 3 specifies the organization we use as case study and method of data
collection. In Section 4, we analyze and discuss our research findings.
Section 5 concludes the work.
2. METHODOLOGY
The estimation of the cost of a given IT risk and the selection of appropriate
control(s) to reduce the risk, using the various determinants highlighted
above is a two-stage process, which involves risk analysis and evaluation of
risk probability.

IJCSBI.ORG
2.1 Risk Analysis
Risk analysis includes the following steps: Explore threats and
Vulnerabilities. These steps explore the threats and vulnerabilities of the
systems, spread across the investigation scope, through a thorough analysis
of the inherent and the interdependent threat sources. The methodology is as
follows:
Establish Investigation Scope: The investigation scope refers to the

systems and the interdependencies that fall under the inspection of
the risk analysis exercise.
Discover Environmental Dependencies: The overall consolidation

of IT infrastructure has been accompanied by increasing technical
linkages and interdependence within and across business. This step
is intended to identify all possible interdependent threat sources,
through clear examination of environmental dependencies of the
system under scope [3]. Environmental dependencies refer to the
handshake or communication points of system under scope with the
business, technology and operational environments (i.e.
development, test, production).
Identify Threats and Vulnerabilities: Based on the inferences

derived from the environmental dependencies, this step analyses all
potential inherent and interdependent threats and vulnerabilities
within investigation scope, by adopting techniques such as manual
interpretation, vulnerability scanning and attack simulation.
2.2 Evaluate Risk Probability

The evaluation of risk probability involves estimating through expert
judgments, historical event analysis, and by drawing inference from the
threat and vulnerability identification step. In [4], the probability of the
threat source attacking the system within the investigation scope was
analyzed. During early stages of the project, the threat and vulnerability
identification exercise reveals significant numbers of newly explored
threats, and insufficient historical data are available to enable a complete
quantitative analysis. In this situation, one may have to strike a balance
between qualitative and quantitative analysis, through expert judgments.
Risk probability evaluation methodology includes the followings:
Classify and Categorize Risks: Risk classification is the process of
analyzing the threats, discovering related patterns and matches
among the threats identified, and classifying the associated patterns
into distinct subsets, which are further tagged to a threat clause.
Based on the aforementioned classification, one may ascertain that

IJCSBI.ORG
controlling an independent threat clause would pass along the
mitigation to all its interrelated subsets. The threat subsets are further
reviewed and categorized against two discrete parameters. These are
threats associated with historical events and newly explored threats,
for there are unique approaches to calculating the risk probability
and cost at risk, which are described in the subsequent risk analysis
stages [5].
Calculate Risk Probability: Risk probability involves calculating

the probability that the threat source will attack the system under
scope, based on the historical events reported over a sampled time
period. Risk probability is calculated as an annual estimate and is
expressed in percentage scale. The selection of a sample period
requires expert Judgement, where reliance has to be placed on
factors such as:
i. The sample time frame reporting of a considerable number of risk

events required to perform meaningful analysis.
ii. The sample time frames lack of witness to a substantial change

to the system under study.
In the event of newly explored threats, one may have to incorporate logical
judgements toward calculation of risk probability, as historical analysis
could not be performed. The threat classification and the threat type could
provide valuable inputs for making judgements. For category of threats
associated with historical events, the risk probability is computed as
follows; let RP denote risk probability, TRV total number of risk events
reported over a sample period, and SR sampled number of years. Then, RP
is computed as;
TRV
RP 100 (1)
SR
2.3 Estimation of Cost at Risk

The cost at risk involves estimating the value of damage that the risk event
can impose to the system under scope. A tangible estimation technique, with
due consideration of direct, indirect and overhead costs, has to be arrived at
by an entity by calculating the cost of the risk event. In the case of newly
explored threats, the calculation of the cost at risk requires expert judgment,
in close liaison with other key elements such as the service impacted and

IJCSBI.ORG
service commitments. For threats associated with historical events, the cost
at risk is computed using the following techniques:
Average Restoration Cost: The average restoration cost is
calculated as the average clean-up costs of all threat subsets
associated with the threat clause for the sampled time period. By
letting ARC denote average restoration cost and SCC, the sum of
clean-up cost; then ARC is computed as,
SCC
ARC (2)
TRV
Cost at Risk: The cost at risk is the restoration cost computed for
the probable number of risk events identified on the system under
study. The calculation should follow a bottom-up approach, whereby
the cost at risk, pertaining to the threat subsets, is calculated first,
followed by the threat clause. The association of the threat clauses
with the systems under study can unveil the cost at risk tagged to the
overall system [6]. The cost at risk without control, CRw is
computed as:
CRw = RP x ARC (3)
2.4 Risk Scoring and Prioritization Tables

Risk prioritization provides a systematic means of prioritizing risks based
on the risk exposure rating, which is computed from the inputs received
from the risk probability and the cost at risk. The methodology is as follows:
Risk Probability Score Table: The risk probability score table

integrates a scoring system to the earlier calculated risk probability
values as critical, medium and low, with rankings assigned at each
level [7]. Table 1 illustrates a simple risk probability scoring system.
Table 1. Risk Probability Scoring System
Risk probability Levels Numeric

range score
10% to 25% Low 1
26% to 60% Medium 2
> 60% Critical 3

IJCSBI.ORG
Prepare Cost at Risk Score Table: Similar to the risk probability
score table, the cost at risk score table utilizes a scoring system to
define high, medium and low cost at risk levels for the earlier
computed cost at risk values. Table 2 illustrates a sample cost at risk
scoring system.
Table 2. Cost at Risk Scoring System
Cost at risk range Levels Numeric

score
10% to 25% Low 1
26% to 60% Medium 2
> 60% Critical 3
Prepare Risk Exposure Score Table: The risk exposure score is

the product of the risk probability score and the cost at risk score.
This is illustrated in Table 3, and it is computed as follows.
RE RP CRw (4)
Table 3. Risk Exposure Scoring System
Risk Exposure Low cost at risk Medium Cost at risk High cost at risk
(1) (2) (3)
Low probability (1) (1,1)
Medium probability (2,2)
(2)
Critical probability (3,3)
(3)
Risk Prioritization Table: This involves integrating a scoring

system to the risk exposure ratings, where the outcome represents
the risk prioritization scores and their corresponding priority levels.
Table 4 shows the risk prioritization scoring system.

IJCSBI.ORG
Table 4. Risk Prioritization Scoring System.
1(LL) Acceptable 0
2(LM,ML) Low 1
3(CL,LH) Medium 2
4(MM) High 3
6(CM,MH) Too High 4
9(CH) Critical 5
2.5 Control Selection

The control selection stage involves the process of determining the
appropriate controls and their costs to mitigate the identified risks. The
following steps are adopted:
Short List Controls: The short-listing of controls involves planning risk
treatment methodologies in controlling the consequences of risk, by
mitigating the risk probability. The Methodology is as follows:
Identify Risk Treatment Plan: The risk prioritization process aids the
business in controlling the analyzed risks through risk treatment
plans. The risk prioritization table provides the business with an
understanding of its current risk exposures and its priorities, which
subsequently would help in controlling risks on an organized
manner. Some risks are considered potentially destructive, in which
case an organization may choose to avoid them completely or it may
seek to transfer them. Other risks may be accepted with no further
actions, depending on the organizations risk acceptance level [8].
Short List Suitable Solutions (Controls): The proposed solution

might be a single control or a combination of controls, based on the
criticality of the risk, where a combination control could be partly
preventive and partly detective in nature. In the event that multiple
proposed solutions subsist for a particular risk item, the most
appropriate ones should be short listed based on cost, adoptability,
maintainability and scalability factors.
2.6 Evaluate Residual Risk for the Proposed Control
The computation of residual risk for the proposed control would allow an
organization to estimate the overall risk factor that will be mitigated on
implementing the said control or solution. If the estimated residual risk level
breaches the organizations risk acceptance threshold, the business could

IJCSBI.ORG
analyze opportunities toward further strengthening the control [1]. The
methodology is as follows:
Identify Control Achieved: Control achieved is calculated through

solution analysis of the shortlisted controls. The solution analysis
exercise is conducted through an assessment comprised of weighted
questionnaire, referencing three key elements such as robustness
factor, operational effectiveness factor and resilience factor. The
score is further translated to a percentage scale, which characterizes
the control achieved.
Calculate Residual Risk: Controls do not always completely

eliminate risk [6]. Any risk remaining after implementing a control
is referred to as residual risk. Though it seems premature to
calculate the residual risk before implementing a control, one could
estimate the effectiveness of the proposed control by calculating the
residual risk based on the previously calculated control achieved
value. The logic behind the calculation of the residual risk for the
proposed control is to identify the amount of control lost on the
probable risk element. The residual risk is calculated thus: let RR be
residual risk and C is control. Then RR is computed as;
RR C RP (5)
where Control lost (C) = (1 - % of control achieved)
2.7 Analysis of Cost-Value Proposition

The calculation of cost-value proposition involves evaluation of the cost-
benefit of implementing the proposed solution (control). The value derived
out of the calculation provides a data-driven decision system for
management to realize the cost-benefit of implementing the proposed
control [10]. The methodology is as follows:
Cost at Risk (with control): The cost at risk calculated with

control provides, as an estimated value of damage, what the risk
event can impose to the system under scope after the
implementation of the proposed control. The estimation utilizes the
input derived from the residual risk toward calculation of the cost at
risk with control. Cost at risk with control is calculated thus: Let
CRc be cost at risk with control and AVc, average restoration cost.
Then CRc is computed as;

IJCSBI.ORG
Cost at Risk with Control (CRC) = Residual Risk (RR) x Average
Restoration Cost (ARC)
CRc RR ARC (6)
Cost of Control: The cost of control is defined as the sum of the

solution cost and the cost at risk with control. The rationale behind
this logic is, on selecting the required control, the business has to
accommodate the solution cost and the cost at risk with control,
since, in most cases, the solution may not control the risk
completely and may leave behind some residual risk when, in turn,
associates a cost factor to it. If the required solution completely
controls the risk without any residual cost, then the cost at risk with
control will be zero and the cost of control is equal to solution cost.
The solution cost must be expressed as an annual spent value. Any
solution has a desired lifetime as any major change or upgrade to
business might demand a change or upgrade to the solution, too.
The solution lifetime value is a judgmental value specific to a
business unit, which, in turn, is driven by the corporation strategy,
core functional domain, etc. If the solution lifetime value is n years,
then the overall solution cost has to be approximated to an annual
value for calculating the cost of control [10]. Hence, cost of control
is calculated thus: let CC be cost of control and SV, solution cost
expressed as annual spent value. Then, CC is computed as;
CC CRc SV (7)
Cost-Value Proposition: The cost-value proposition is calculated

as the difference between the cost at risk without control (calculated
during the risk analysis stage) and the cost of control. The logic is a
straight forward one. If the outcome of the calculation reveals a
positive value, then it is certainly considered cost-effective but if
the value is negative, it is not cost-effective, though it needs an
experts decision to analyze the benefit derived from the investment
[9]. The cost-value proposition is calculated thus: let CP be cost
proposition, then CP is computed as;
CP CRc CC (8)
The outcome of the cost-value proposition provides an effective decision

mechanism for the business to focus on, beyond just controlling IT risks, by
counterbalancing the value toward controlling the risk [12].

IJCSBI.ORG
3. DATA COLLECTION
The work explores secondary data collection method; the data were
extracted from the risk control documents of HBOS Trading and Investment
Company Ltd after a careful and thorough examination. We ensure that data
collected were up-to-date and met the standard specification set out in the
research work. The risk control documents investigated contained data
collected over a period of four years. The data were further categorized,
classified and used in our modes; and the results and findings are presented
in the section below.
4. FINDINGS AND DISCUSSION

HBOS Trading and Investment Company is a financial going concern. Over
the last few years, multiple events were reported on the real-time settlement
systems of this financial institution. As a precursor to controlling the risk
events, the entity sought assistance from external service providers to
review its real-time settlement system and its interface components. A
comprehensive threat and vulnerability analysis were performed on the
systems under review and their environmental dependencies. The review
system within the real-time settlement system scope of investigation had
reported three potential risk events over a sample period of four years. The
risk events are:
Frequent real-time settlement software system failure
Reduction in income generation which may be attributed to risk

event 1
Delayed in authorisation of business processes due to some level

manual procedures.
HBOS Trading and Investment Company had already performed the cost
estimation of fixing the risk events based on the capital, operational, and
resource expenditures. The cost accrued to fixing event 1, event 2, and event
3 was found to be N6,300,000.00, N546,000.00 and N6,020,000.00
respectively. The risk probability of the system under review from our
definition in (1) is given as:
TRV
RP 100
SR
Where;

IJCSBI.ORG
TRV = 3
SR = 4
3
RP 100 = 0.75 or 75% (1)
4
The average restoration cost, ARC for the system is given as
SCC
ARC
TRV
Where;
SCC = N6,300,000.00 + N 546,000.00 + N 6,020,000.00

= N12,586,000.00
TNR = 3
12,586,000.00
ARC (2)
3
= N4,195,333.33
The annual cost at risk, CRw is computed as;
CR RP ARC (3)
= 0.75 4195333.33
= N3,146,499.99
The risk exposure score (in monetary term) is therefore computed as:
RE RP CRw (Without control) (4)

= 0.75 3146499.99
= N2,359,874.99

IJCSBI.ORG
In analyzing the risk probability and the cost at risk elements, one could
infer that a risk probability level of 0.75 is positioned at critical level in the
risk probability scoring table (system) and a cost at risk value of
N3,146,499.99 is rated at a high-impact level in cost at risk scoring table
(system). The risk exposure score is calculated as critical based on the risk
probability and the cost at risk scores.
In continuance to the risk analysis stage, multiple solutions (controls) are

proposed towards mitigation of the identified risks for the review system.
Based on high-level analysis and judgments, the entity in collaboration with
the service providers short-listed a solution (control). This solution (control)
is a thorough and complete enhancement of the application software system
of HBOS Trading and Investment Company with two alternatives namely:
solution 1 (control 1) and solution 2 (control 2) in term of the monetary
value needed to build or institute the control. The cost of implementing
solution 1 (control 1) for HBOS Trading and Investment Company is
N21,000,000.00 and solution 2 (control2) is N14,000,000.00 based on the
control analysis assessment, the percentage control achieved is computed as
82 percent for solution 1 (control 1) and 90 percent for solution 2 (control
2). The residual risk is computed as:
RR C RP
Where,
Control Lost = 1 - % of control achieved
= (1 0.82) for solution 1 (control 1) and
= (1 0.90) for solution 2 (control 2)
Therefore,
RR (1 0.82) 0.75
= 0.135
That is, 13.5% for solution 1 (control 1). For solution 2 (control 2), we have,
RR (1 0.90) 0.75 (5)

= 0.075
That is, 7.5% for solution 2 (control 2).

IJCSBI.ORG
The cost at risk (with control) is computed as follows:
For solution 1 (control 1), cost at risk with (control) is computed as
CRc RR AVC (6)

CRc 0.135 4195333.33
= N566369.99
Based on judgments, the service providers found the solution life for HBOS
Trading and Investment Companys business environment to be at least four
years. Hence, the solution (control) cost corrected to annual scale for
solution 1 (control 1) is equal N21000000.00/4 = N5250000.00.
For solution 2 (control 2) is N 1400000.00/4 = N350000.00. Then, the cost

of control for the two solutions (controls) is computed as follows:
For solution 1 (control 1);
CC CRc SV
= N566369.99 + N5250000.00
= N5816369.99
CC CRc SV (7)
=N566369.99 + N350000.00
= N916369.99
Hence, the cost value proposition for the two solutions (controls) is
calculated as follows: For solution 1 (control 1);
CP CRc CC (8)
= N3146499.99 N5816369.99
= N -2,669,870.00
CP CRc CC
= N3146499.99 N916369.99

IJCSBI.ORG
= N2,230,130.00
As per the values derived out of the cost-value proposition step, solution 2
(control 2) reveals a positive cost-value and solution 1 (control 1) reveals a
negative cost-value. A positive cost-value outcome provides an encouraging
rationale toward selection of the solution (control).
5. CONCLUSION
The current business environment demands that business services delivered
by businesses must be information technology (IT) based. For businesses to
remain active in the competitive environment, they need to stay abreast of
managing their information technology (IT) risks effectively, and this can be
done by adopting the data-driven technique.
REFERENCES
[1] Rameshkumar, A. V. Looking IT Risk Differently. ISACA Journal, 1 (2010), 10 -12.
[2] Bowman, B., Debray, S. K., and Peterson, L. L. Reasoning about naming systems.
ACM Trans. Program. Lang. Syst., 15, 5 (Nov. 1993), 795-825.
[3] Harold, T. and M. Krouse, M. Information Security Management Handbook, 6th
Edition, Auerback Publications, 2007.
[4] G. Singleton, G. and Tommie, W. What Every IT Auditor should know About
Auditing Information Security. Information Systems Control Journal, 2 ( 2007), 6 9.
[5] Jackub, M. A Service-Oriented Approach to Identification of IT Risk. Proceedings of
the TEHOSS 2005 first IEEE International Conference on Technologies for Homeland
Security and Safety, 2005, 10 11.
[6] Champlain, J. Auditing Information Systems, John Wiley & Sons Inc., 2003.
[7] Sathiyamurthy, S. Is the IT Risk Worth a Control? Defining a Cost-Value Proposition
paradigm for Managing IT Risks. Information Systems Control Journal, 6 (2006),
14 -16.
[8] Srinivas, S. Continuous Auditing through leveraging Technology. Information Systems
Control Journal, 2, (2006), 3 6.
[9] Urs, F. Risk IT: Based on COBIT objectives and principles. ISACA, 4, (2009), 21 -23.
[10] Westerman, G. and Hunter, R. IT Risk: Turning Business Threats into Competitive
Advantage. ISACA and IT Governance Institute, Illinois, (August 2007), 54 66.
[11] Vona, L. W. Fruad Risk Assessment: Building a Fraud Audit Program ISACA and IT
Governance Institute., Illinois, (August 2008), 16 26.
[12] F. K. Reilly, F. K. and Brown, K. Investment Analysis and Portfolio
Management, 12-18, Harcourt College Publisher, Illinois, (July 2002),
[13] D. L. Canon, D. L. Certified Information Systems Auditor (CISA) study guide, 3rd
Edition, March 2011.

IJCSBI.ORG
An Efficient Access Control Model

for Wireless Sensor Network
Behzad Molavi
Department of Computer Engineering, University of imam raze, Mashhad, Iran
MSc. Student in Network Security
Hamed Bashirpour
MSc. Student in Network Security
Dr. Morteza Nikooghadam
Assistant Professor
ABSTRACT
The sensor nodes after a time lose their energy. In this case, to maintain network
performance, new nodes can be added to the network. In the critical applications, the
adversary can take advantage of this opportunity, and enter hostile node to the network. To
prevent hostile node entry, an access control mechanism is needed. In this paper, a model
for access control based on elliptic curve cryptography is proposed. The scheme makes sure
the node authentication. Moreover, it has secure and fast method for key distribution.
Evaluation shows that our efficient scheme compared to other models have less
Computational overhead. Another feature of this model is robustness against denial of
service attack.
Keywords: Sensor nodes, Adversary, Hostile node, Access control, Elliptic curve
cryptography, key distribution, Denial of service, Node authentication.
1. INTRODUCTION
Wireless sensor networks are being developed. Due to the wireless nature of
wireless sensor networks these networks used in many war zones and
seismic monitoring environment. Sensor nodes usually have limited
memory, small size and low processing power, and its energy are limited.
Implement complex encryption algorithms in these networks is very hard.
Sent and received on this network is broadcast to all. Thus one can easily
receive packets from wireless channel. Access control is mechanism for the
prevention of security attacks on wireless sensor networks. Secure access
control caused by use of network resources is performed only by authorized
nodes. Before sending, each node will receive their certificates from a unit
trust. After receiving the certificate, new node can provide a secure
connection with itself neighbors. This access control provide, both
authentication and confidentiality requires. In addition to this scheme is
robust against denial of service. In this paper we use ECDLP1 algorithm for
1
Elliptic Curve Discrete Logarithm problem
ISSN: 1694-2108 | Vol. 4, No. 1. August 2013 1

IJCSBI.ORG
issuing and verifying certificates. Because the ECDLP faster than other
methods such as the ECDSA2.
2. RELATETED WORK
In 2002 SPINS protocol was introduced. The protocol is for data origin
authentication [1]. The main drawback of this protocol is high additional
overhead. Model for key distribution in the sensor networks provided in
2004. These models are only resistant to external attacks and in the internal
attacks are very disabling [2]. In 2007, Yun Zhou et al.s was introduced, an
access control model in wireless sensor network [3]. Although Yun Zhou et
al.s model is perfect, but dos3 attack can run it, In addition, the proposed
model is faster in the generation and distribution of key. In 2009 Huang
presented an access control model. Huang's method wasnt dynamic.
Moreover, Huang's method is insecure [4].
3. REVIEW OF ATTACKS
Any enemy can be directly deployed malicious nodes in environment. In
this case hostile node can hear messages from the other nodes, or inject false
messages into the network. Note to figure 1. for further understanding.
Figure 1. hostile node injection
In the figure 1, is a hostile node. It can Fake data, or inject bogus data into
the network.
In the sybil attack, an enemy node could fake the identity of an authorized
node and introduces itself instead of another node. Figure 2. provides further
understanding.
2
Elliptic curve digital signature algorithm
3
Denial of service

IJCSBI.ORG
Figure 2. Sybil attack
In the figure 2, node forge nodes Identity.

In this attack an enemy get confused routing algorithm. In the wormhole
attack, hostile receive packets from the network then sends the packets to
the other side in the network. This detour reduces performance. Figure 3.
provides further understanding.
Figure 3. Wormhole attack
In the figure 3, detour has been established between and .

Enemy sends waste packets to authorized nodes. In this case authorized
nodes do not have ability to service. Note to figure 4. for further
understanding.
Figure 4. DOS attack

IJCSBI.ORG
4. ASSUMPTIONS
In this scheme, all sensor nodes are same, the range sending all sensor nodes
are similar. public and private keys generated for each sensor node is done
by CA4. All the sensor nodes are programming by the CA before being
placed on the network. After key generation phase for each new nodes, CA
considers the current time as the timestamp. This timestamp is called Ti .
Nodes were fixed in the network. This assumption makes sure that we have
fixed neighbors. In this access control model for each neighbors node
connection, we have key. For example if a node has 10 neighbors, then it
should be has 10 keys. posts in wireless networks are many to one. In fact,
all the sensor nodes will be sent the received data to the sink. To better
understand the issue notice in figure 5.
Figure 5. Sensor network [8]

5. PROPOSED SCHEME
The main scheme takes place in two phases. In this scheme we use elliptic
curve cryptography tools. The first phase, pre deployment is called. In this
phase elliptic curve parameters such as base point, and the elliptic curve
equation coefficients are calculated. For better understanding, read
mathematical preliminaries from the paper [6]. The second phase is related
to the distribution of nodes in the network
5.1 PRE DEPLOYMENT PHASE
First coefficient elliptic curve and base point are determined. Here we use
the notation for the base point. We assume that the order of elliptic curve
is . then, CA select own private key from . We show CA's
private key with k notation. The public key of the CA denote by the symbol
. CAs public key is obtained from equation 1.
(1)
According to the elliptic curve problem, obtain k Based on and is very
difficult. Generate public and private keys of other nodes are similar to CA.
4
Central authority

IJCSBI.ORG
Here the nodes private key denoted by the symbol di. Nodes are chosen
own private key from the range . Nodes public key denoted by
the symbol . Nodes public key is obtained from equation 2.
(2)
CA considers as key generation time. For each node CA selects a random
number that denote by symbol . Then CA Takes from equation 3.
(3)
Each is a point on the elliptic curves and its has two-dimensional .
For each new node, CA determines a time for concatenation new nodes to
network that denote by symbol . For each node the values
append with together and then put it in a hash function. Note to
equation 4 for further understanding.
(4)
According to equation 5, the certification of each node will be produce. In
fact, the pair of is considering as certification.
(5)
Finally CA defines feature behavior such as threshold for packets sending
and operating frequency in the network for each node. These behavioral
parameters denote by symbol .
5.2 NODE DEPLOYMENT PHASE
When a new node enters to network, the new node broadcast (
). The Neighbors must be Check integrity of new node and develop a
session key. Neighbors of the new node, follow these steps.
1. After receiving request from a new node, old node checks behavioral
parameters . If these parameters were unusual, then this request
will reject.
2. Old node compare time stamp with . That the t is current
time. If the new code violated permitted range, then old node reject
request of new node.
3. Old node checks certificate of the new node. If its not valid, then
old node reject request of new node.
4. Old node encrypt own certificate with a nonce by session key, and
then sent cipher text to new node.
5. New node compute session key and then decrypt cipher text by
session key.
6. New node verifier old node certificate.
7. New node encrypts a nonce by session key, and then sends this
message to old node.

IJCSBI.ORG
For better understand we show this hand shake between new node and old
node in the figure 6.
New node Old node

Ni Nj
Ni Li Pi Ti Si Fi
Checks behavioral
parameters of new
node
if |Ti t| > Li Reject

else{ start verifier
phase}
if v=u
{ kij = djPi}
Else Reject
N i N j L j P j Tj {n j <S j Fj >}kij
{ kij = diPj start

verifier phase}
if v=u
Else Reject
N i N j n j {n i}kij
Figure 6. Hand shake
Each node can checks certificate by compute two variable in the equation 6
and 7. If , then the certificate is valid. For more understanding, note
to equation 6 and 7 and 8.
(6)
(7)

IJCSBI.ORG
(8)
Note that, each node can compute session key by own private key and
others public Key. For more understanding, note to equation 9.
(9)
6. SECURITY ANALYSIS
6.1 HOSTILE NODE INJECTIONS AND SYBIL ATTACK
Each node need to certificate for accession to network. Produce certificate is
done just by CA in the pre deployment phase. And forge a certificate is a
hard problem, because its based elliptic curve problem.
6.2 WORMHOLE ATTACK
In this method we define some behavior for each node. One of these
behaviors is distance post. The distance post can Estimate by signal
parameter such as power signal, frequency and so on. If each node do
impinge at the radio basin then probability exist wormhole channel, so other
nodes reject this node.
6.3 DOS ATTACK
Exchange information done by session key. In this model when a node
sends data to neighbors, the neighbors can find out which node sends data
and can compute the number request in each time scale. If the request
number impinge of behavioral threshold then other node reject this node to
avoid dos attack. For more understanding, note to table 1.
Table 1. Previous methods

Previous Not forging Resistant to Being Tracing
methods probability DOS dynamic
Wu et. al Yes No No No
2001
Jeng Wang Yes No No No
2006
Zhou fang Yes No Yes Yes
et. al
2007
Fan Wu et Yes No Yes No
al.s
2012
Our schema Yes Yes Yes Yes

IJCSBI.ORG
7. EVALUATION
For evaluation, we convert all operation to multiplying. Then we proof that
our scheme has low computational overhead against previous methods. For
more understanding, note to table 2.
Table 2. Convert operation

Operation Base multiplying
Exponential functions 240 TMUL
Multiplication on Elliptic Curve 29 TMUL
Add on Elliptic Curve 0.12 TMUL
Add Negligible
Hash Negligible
In our proposed schema, we use ECDLP instead of ECDSA. In the Zhou

fangs model, they use ECDSA for verifier [3]. In the table 3 we show that
ECDSA has low less computational overhead.
Table 3. Evaluation
Method Mathematical expression Time complexity
based mul
ECDSA 2TMUL+TINV+TEC-MUL+THASH 60.12 TMUL+

TINV.HASH
ECDLP 2TMUL+ TEC-MUL+ THASH 59.12 TMUL+THASH
8. CONCLUSIONS
In this paper we introduce an access control for wireless sensor network. We
use ECDLP method for verifying certificate of nodes, because its have low
overhead computation. Moreover in this schema we define some behavior
for each node, to avoid dos attack and worm hole attack. This method
Compared with previous method is more efficient and robust against dos
attack.

IJCSBI.ORG
REFERENCES
[1] A. Perrig, R. Szewczyk, J.D. Tygar, V. Wen, D.E. Culler, SPINS: Security protocols for
sensor networks, Wireless. Networks 8 (September) (2002) 521534.
[2] Y. Zhang, W. Liu, W. Lou, Y. Fang, Location-based compromise-tolerant security
mechanisms for wireless sensor networks, IEEE JSAC, Special Issue on Security in
Wireless Ad Hoc Networks 24 (2) (2006) 247260.
[3] Y. Zhou, Y. Zhang, Y. Fang, 2007. Access control in wireless sensor networks. Ad Hoc
Networks 5 (1), 313.
[4] H.F. Huang, 2009. A novel access control protocol for secure sensor networks.
Computer Standards and Interfaces 31 (2), 272276
[5] Wu. Fan, Pai. Hao-Ting, An adaptable and scalable group access control scheme,
Telematics and Informatics 2012
[6] M. Nikooghadam, A. Zakerolhosseini, Efficient Utilization of Elliptic Curve
Cryptosystem for Hierarchical Access Control, system and software jurnal 2010
[7] X. Zou, Y.S. Dai, E. Bertino, 2008. A practical and flexible key management
mechanism for trusted collaborative computing. In: Proceedings of the IEEE Conference on
Computer Communications (INFOCO, 2008), April, Phoenix)
[8] B. Antoine, B. Bagula, Modelling and Implementation of QoS inWireless Sensor
Networks, Intelligent Systems and Advanced Telecommunication, 12 June 2010
[9] M. Nikooghadam, A. Zakerolhosseini, a protocol for digital sinnature based ECDLP,
2008 asian network jurnal
[10] M. Nikooghadam, F. Safaei & A. Zakerolhosseini. (2010). An efficient key
management scheme for mobile agents in distributed networks, In IEEE, 1st international
conference on parallel, distributed and grid computing.
[11] M. Nikooghadam, & A. Zakerolhosseini. (2009). An efficient blind signature scheme
based on the elliptic curve discrete logarithm problem. The ISC International Journal of
Information Security, 1(2), 125131.
[12] I.F. Akyildiz, W. Su, Y. Sankarasubramaniam, E. Cayirci, 2002. Wireless sensor
networks: a survey. Computer Networks 38 (4), 393422.
[13] Abbasi, A.A., Younis, M., 2007. A survey on clustering algorithms for wireless sensor
networks. Computer Communications 30 (1415), 28262841.
[14] Y. Kim, A. Perrig, G. Tsudik, 2004. Group key agreement efficient in communication.
IEEE Transactions on Computers 53 (7), 905921.

IJCSBI.ORG
Three Tank System Control Using

Neuro - Fuzzy Model Predictive
Control
Adel Abdurahman
Mechanical Engineering Department,
Faculty of Engineering,
Sanaa University
ABSTRACT
Three-tank (3T) system is the most representative didactical equipment used as a bench mark
system for system modeling, identification and control. A real target representing 3T system
has been used for generating data that is used for developing a linear model based on auto-
regressive exogenous (ARX) method, and neuro-fuzzy (NF) network technique. The developed
models have been used as an internal model of the model predictive control (MPC). Control
actions of the NFMPC algorithm has been determined using nonlinear programming methods
based on sequential quadratic programming (SQP) technique. The developed NFMPC
algorithm has shown good performance and set point tracking over the linear MPC algorithm
based on ARX model for controlling the 3T system.
Keywords
Three-tank system, model predictive control (MPC), auto regressive exogenous (ARX) model,
neuro-fuzzy model, sequential quadratic programming (SQP).
1. INTRODUCTION
Liquid level control has a very large application domain in industry, three-tank
(3T) system is the most representative didactical equipment widely used as a
benchmark system for system modeling, identification, control, fault detection
and diagnosis, as well as for fault-tolerant control. The system exhibits typical
characteristics of a strong nonlinearity with different possibilities of
disturbance, which makes the system useful to serve as a test environment for
algorithms concerning state estimation, parameter identification, and control of
hybrid systems.
The three-tank liquid level control system is a multi-input-multi-output
(MIMO) system, but with the valves (actuators) between the tanks closed, each
tank can be treated as a single-input-single-output system (SISO). The typical
challenging control issue involved in the system is the tuning of the level

IJCSBI.ORG
controllers to keep the desired liquid level in each tank in the presence of
disturbances and extreme variations in the process dynamics and tuning
settings. Our goal is to analyze the efficiency of a neuro-fuzzy model predictive
control (NFMPC) on 3T control level system.
There have been a lot of good articles that deals with the three tank system
problem, Popescu and Mastorakis proposed an optimal tuning of PI controller
for the adjustment of the 3T system based on hardware and software knowledge
and adjustment [1], Hao et al. adapted a Fuzzy adaptive Smith predictive
control system that is composed of Smith predictor and fuzzy adaptive
controller [2], the algorithm uses fuzzy adaptive PID control to improve the
resistance ability to random disturbance and Smith predictive control to
overcome the time-delay character of the 3T controlled object, Kovacs, et al.
proposed an optimal control method based on H2/H [3], and Abdelkader et al.
have designed a multiple observer using the principle of interpolation of local
observers and implement it on 3T system under the condition of unknown
inputs [4].
Fuzzy set theory originated by Zadeh [5], was originally developed to
quantitatively and effectively handle problems involving uncertainty, ambiguity
and vagueness, and provides a useful technique for dealing with complex
nonlinear systems faced in the real world. Li and Hu [6] used a combination of
fuzzy Takego-Sugeno dynamic model with Riccati equation as an adaptive
fault control scheme for level control of the 3T system. Pham and Li proposed a
fuzzy inverse reasoning controller using fuzzy relational equation to deduce
control actions appropriate for the desired the 3T system output [7]. Suresh et
al. applied a fuzzy controller to the 3T system to overcome the problem
associated with design and analysis of traditional feedback control systems
which are based on mathematical models [8].
Design of a fuzzy logic controller is accompanied with certain problems
regarding design of membership functions (type and number of membership
functions, their shape and range, etc.), and choosing appropriate fuzzy rules.
Moreover, developing a rule base is one of the most time-consuming parts of
designing a fuzzy logic controller. Usually it is very difficult to transform
human knowledge and experience into a rule base of fuzzy logic controller.
Frequently, designing a fuzzy logic controller requires a number of trial and
error iterations, and even then, it is very difficult to ensure that the designed
controller is an optimal one. Hence there is a need for developing efficient
methods to tune membership functions, i.e. to obtain optimal shapes, ranges

IJCSBI.ORG
and number of membership functions, etc. and to obtain optimal rule base. A
neuro-fuzzy modeling technique recently developed overcomes all the
problems previously mentioned. Neuro-fuzzy technique is based on
determining the parameters of fuzzy models using optimization algorithms
developed in neural network training. There have been some good articles
dealing with the problem of nonlinearity using neuro-fuzzy technique and
applied it to different industrial processes [9 12]. Moreover, the application of
neuro-fuzzy technique to 3T system has been appointed by Hu and Rose [13],
they proposed a generalized predictive controller (GPC) using a radial basis
function (RBF) based neuro-fuzzy model to perform the online multi-step
prediction and the controller design. Mok and Chan [14] proposed a fault
detection and isolation scheme based on fuzzy rules constructed from neuro-
fuzzy network that models the residual of the 3T system.
In this research, we are aiming on developing a neuro-fuzzy and ARX models
of the 3T system based on the data generated for a real target. The developed
models are incorporated in the model predictive control (MPC) algorithm.
2. NEURO-FUZZY IDENTIFICATION OF DYNAMICAL
SYSTEMS
A key issue to address when designing a nonlinear model predictive control
(NMPC) controller is the choice of process model, and the type of model
structure of the nonlinear process model to be used. There are models based on
fundamental relationship which are very complex or not available at all. There
are models based on empirical data such as Voltera Kernels, Fourier series,
wavelets, RBF and multilayer perceptron (MLP) that have shown to provide
useful unified presentation for a wide class of non-linear systems for more
information about nonlinear models utilized for NMPC see [15]. The use of
fuzzy systems for nonlinear identification is not motivated only by their
approximation capabilities but also by their capacity to extract linguistic
information in the form of IF-THEN rules which typically describe compact
sets.
The task of model identification can be mainly concentrated on the estimation
of rules, the distribution of fuzzy sets and the centers of the membership
function, the adjustability of the mentioned parameters allow the fuzzy model
to adapt to the addressed process. Because fuzzy logic and NN encode the
information in a parallel and distributed architecture in a numerical framework,
hence it is possible to convert fuzzy logic architecture to a NN in order to adjust
these parameters in the fuzzy model. This method of adjusting fuzzy model

IJCSBI.ORG
parameters using the training algorithms in NN literature is defined as neuro-

fuzzy identification.
To build a neuro-fuzzy model of dynamic system based on the input-output
data [16]. The output of the dynamic system at time t is y(t) and the input u(t).
The data set will be described as
(1)
Mapping from past data Zt-1 to the next output y(t) is called the estimated output
of the predictor model
(2)
The essence of identification using fuzzy systems is to tray represent the

function by means of a fuzzy model. The form of a fuzzy system is a
parameterizable mapping is
(3)
Where, is the vector of parameters to be chosen (position and shape of the

membership function, consequence of the rules, etc.). The choice of these
parameters is guided by the information embedded in the data. The structure of
equation 2 is a very general structure and it has a drawback that the data set is
continuously increasing, for this reason, it is better to use a vector of fixed
dimension. So the general model will have the following form.
(4)
The vector is known as the regression vector and which takes the form of the
nonlinear auto-regressive exogenous (NARX) model structure with time delay
td and the order of the polynomial ny and nu.
(5)
Using this parameterization, our problem is concentrated on choosing

regressors in (t), finding the structure of fuzzy system f(.,.) and finding the
parameters of the fuzzy system. The regressors are chosen in a way that can

IJCSBI.ORG
be implemented in our MPC algorithm, the fuzzy model structure and

parameters finding were obtained using Fuzzy logic Toolbox in MatLab
environment.
3. NEURO-FUZZY MODEL PREDICTIVE CONTROL (NFMPC)
Model predictive control (MPC) scheme (Figure 1) is based on the receding
horizon control approach, which can be summarized by the following steps:
Predict the system output over the range of future times.
Assume that the desired outputs are known.
Choose a set of future control, which minimizes the future errors
between the predicted future output and the future desired output.
Use the first element of future control moves as a current input, and
repeat the whole process at the next instant.
Nonlinear y
r + Optimizer Plant
- (SQP) Past and
present
Past, outputs
present
and NF
future model y
inputs
Figure 1. Neuro-fuzzy model predictive control structure

The first step in receding horizon control is to predict the system over the range
of future times. This could be done by using a one-step ahead predictor
Equation 6. The k-step ahead prediction of the system output can be calculated
by shifting the expression forward in time while substituting predictions for
actual measurements where these do not exist Equation 6.
y (t k ) f nn [ y (t k 1),........., y (t k min[ k , n y ]),
y t 1,................, y t max[ n y k ,0],
u t k t d ,............, u t k t d nu ] (6)

IJCSBI.ORG
It is assumed that the observation of the output is available up to time t-1 only;
for this reason, the output y (t ) of the neuro-fuzzy network model enters the
expression instead of the real output y(t).
The objective function is the sum of square errors of the residuals between
predicted outputs and the set point values over the prediction horizon; a term
penalizing the rate of change of the manipulated variable is often included as
well. Mathematically, the NFMPC problem can be stated in vector form as
follows:
J (t ,U (t )) y [ R(t 1) Y (t 1)]T [ R(t 1) Y (t 1)] u U T (t )U (t )

y E T (t 1) E (t 1) u U T (t )U (t ) (7)
where
R(t+1) = [r(t + 1), , r(t + p)]T
E(t+1) = [e(t +1 / t), , e(t + p / t)]T
Y (t 1) [ y (t 1 / t ), ...., y (t p / t )]T
U (t ) [u(t ), ...., u(t m 1)]T
e(t k / t ) r (t k ) y (t k / t ) for k 1,...., p
subjected to,
ylow y y high
u low u u high
(8)
where m is the control horizon, p is the prediction horizon, u and y are the

weighting coefficients matrices, Y (t 1) is the predicted output vector, R(t+1)
is the set point vector, and U(t) is the rate of change of the manipulated
variable (u(t) = u(t)-u(t-1)).
4. THREE TANK LABORATORY TEST-BED
The tested-bed plant figure 2 consists of three tanks that can be filled with two
identical, independent pumps acting on the tank 1 and 2. The pumps deliver the

IJCSBI.ORG
liquid flows Q1 and Q2 and they can be continuously manipulated from a flow
of 0 to a maximum flow Qmax. The follows in the pipes between tank 1 1nd tank
2 and the third tank are manipulated using switched valves V1 and V3. These
interaction can be seen from the following mathematical model of the three
tank (3T) system [17]:
Figure 2. Three tank system
(9)
(10)
(11)
where t represents time, and h1, h2, h3 represent the liquid levels in each tank; A
represents the cross section of the tanks; and Q1, Q2 denote the flow rates of
pumps 1 and 2; Qij denotes the flow rates between tank Ti and Tj (j = 0
represents the system output) and Qileak (i = 1 or 2 or 3) represents the output
flow of the respective tank when the leak valve is open. These three balance
equations make explicit that the volume variance in each tank is equal to the
sum of the flow rates that enter and leave the tank. However flows Q13, Q32 and
Q20 are still unknown in equations 9, 10, and 11. To obtain them, the
Torricellis Law is used:
(12)

IJCSBI.ORG
where azi is the outflow coefficient, sgn(z) is the sign of the argument zi, g is
the gravitation constant, and Sn is the cross sectional area of the connecting
pipes. So, the resulting equations to calculate the partial flows are:
(13)
(14)
(15)
In this paper, our concerned is to maintain the level of the liquid in the tank by
manipulating pump liquid flow.
5. CONTROL OF THREE TANK SYSTEM USING NFMPC
ALGORITHM
The neuro-fuzzy model predictive controller algorithm (NFMPC) mentioned in
the previous section is applied to 3T system by implementing the fuzzy system
model as an internal model of the MPC. For the purpose of developing the
neuro-fuzzy model a input/output samples data that capture the relationship
between the inputs and outputs of the system should be collected. In addition,
these data should span across the entire scope of possible variation. The
training data were generated by forcing the pump flow with a uniform random
signal of 0.27 minimum value and maximum value 0.58 as shown in Figure 3.
The data collected is used for developing a linear autoregressive exogenous
(ARX) model and the neuro-fuzzy model. The RBF network model will be
used in the nonlinear NFMPC algorithm while the linear ARX model will be
used in the linear MPC algorithm, and a comparison between these control
algorithms will be considered.

IJCSBI.ORG
Liquid Level
14
12
10
H [cm]
4
0 200 400 600 800 1000 1200 1400 1600 1800 2000
0.7
0.6
Pump Flow [m3/s]
0.5
0.4
0.3
0.2
0 200 400 600 800 1000 1200 1400 1600 1800 2000
Time [seconds]
Figure 3. Sample training data

The linear ARX model is identified using the simulated input/output data in the
following form equation 16, where the structure of the model is defined by
giving the time delay td, and the order of the polynomials ny and nu,
respectively. The structure with parameters td = 2, ny = nu = 2 gives the best
estimation with 70% validation using the Identification System in the MatLab
environment.
y (t ) f [ y (t 1),....., y (t n y ),
(16)
u t td ,....., u t td nu ]
The resulting ARX model has the following form equation 17 without
considering the noises model.
(17)

IJCSBI.ORG
Figure 4 demonstrates the prediction of the identified model by showing how

this ARX model can not accurately predict the behavior of the fermentation
process, although the overall dynamic characteristics are captured.
Based on the above ARX structure and the input/output data figure 3, a neuro-
fuzzy model was identified. Once the neuro-fuzzy model is obtained, some
validation tests should be considered. Model validation was performed by
application on unseen data Figure 5. The output is generated and compared
with the output of the nonlinear simulation with the same inputs. The results of
this test shows good agreement between the output of the plant (target data) and
neuro-fuzzy (output data).
For the closed-loop simulation, the control algorithms were set up with the
neuro-fuzzy network model and the linear ARX model described earlier, and
the new set points were introduced.
Measured and simulated model output
3
0
H[cm]
-1
-2
-3
-4
7.4 7.6 7.8 8 8.2 8.4 8.6 8.8 9
Time (samples) 4
x 10
Figure 4. ARX linear model prediction dashed (- - -), measured output solid ().

IJCSBI.ORG
13
12
11
10
H [cm}
5
0 100 200 300 400 500 600
Time (samples)
Figure 5. ARX linear model prediction dashed (- - -), measured output solid ().
The tuning parameters were chosen so that the integrated square error (ISE)
between the simulated output and set point is minimized, as p =20, m = 2, u =
0.95 and y = 1. The set point changes were implemented as step changes
around nominal values of 0.4158 for the input (Pump flow (m3/s)), 8.5 for the
output (Liquid Level (H cm)), and no filtering was included in the feedback
path.
Figure 6 presents the closed loop response of the system for LMPC and
NFMPC algorithms, where it can be noticed that the controllers bring the liquid
level to the new set points, and they perform the task in a short time. Although,
the LMPC gives better output response than NFMPC, but its input response
shows a overshoot comparing to the response of the NFMPC. This is because
the NFMPC uses an iterative optimization technique which takes long time to
process the process a solution than the model inversion technique used in the
linear case. Overalls, the NFMPC controller has shown good capability to
capture the non-linear dynamics of the fermentation process and respond well
to the set point changes.

IJCSBI.ORG
11
10
9
H [cm]
6
0 200 400 600 800 1000
0.5
Pump Flow
-0.5
0 200 400 600 800 1000
Time [seconds]
Key: NFMPC (), LMPC (- - - -)

Figure 6. Closed-loop response to different set point changes for different algorithms
6. CONCLUSION
This work has presented a model predictive control for controlling a 3T system.
To overcome the complexity of the analytical model of this process, the process
was modeled using the neuro-fuzzy network from the data generated from the
real target, while the other model was developed using the ARX parametric
method. The main advantage of the neuro-fuzzy and ARX models compared to
the analytical model of the system is that the former design of a controller of a
process does not need detailed knowledge about the process, which is a feature
that might be of crucial importance in the case of complex processes. The
developed models have been used as an internal model of the model predictive
control showing good response and ability to capture the dynamic response of
the 3T system to set point tracking. It can be conclude that the developed
NFMPC controller good performance over the LMPC and would therefore be
of significant advantage to the process industry.
REFERENCES
[1] Marius-Constantin Popescu and Nikos E. Mastorakis,. Optimal flow control of a three tank
system. International Journal of Mathematics and Computers in Simulation. 4, 3 (2009),
179186.

IJCSBI.ORG
[2] Cui Hao, Denghua Li, and Shuhua Peng. The fuzzy adaptive Smith-PID control of three
tank - system. 2nd International Workshop on Intelligent Systems and Applications (ISA)
(May 22-23, 2010). 1- 4.
[3] Levente Kovcs, Endre Borbly, and Zoltn Beny. Optimal control of the three tank
system in H2/H space. 5th Slovakian-Hungarian Joint Symposium on Applied Machine
Intelligence and Informatics (Poprad, Slovakia, January 25-26, 2007). 137 143.
[4] Akhenak Abdelkader A., Chadli. Mohammed, Maquin Didier, Ragot Jose. State estimation
via multiple observer. The Three Tank System in Proceedings of the 5th IFAC Safe Process
(Washington, USA, 2003). 245-251.
[5] Zadeh, L. A. Fuzzy sets. Information Control. 8, (1965) 338- 353.
[6] Yimin Li, and Shousong Hu. T-S Fuzzy fault-tolerant control via Riccati equation. World
Journal of Modelling and Simulation. 1, 1 (2005), 27-34.
[7] Li, D., and Pham D. T. Fuzzy control of a three-tank system. Journal of Mechanical
Engineering Science. 5, 215 (2001), 505-510.
[8] Maruthai Suresh, Gunna Jeersamy Srinivasan, and Ranganathan Rani Hemamalini.
Serbian Journal of Electrical Engineering. 6, 1, (May 2009), 1-14.
[9] Jonas B. Waller and Hannu, T. Toivonen. A neuro-fuzzy model predictive controller
applied to a ph-neutralization process. 15th Triennial World Congress (Barcelona, Spain,
2002 IFAC).
[10] Manish Kumar and Devendra P. Garg. Neuro-fuzzy control applied to multiple cooperating
robots. Industrial Robot: An International Journal. 32, 3 (2005), 234239.
[11] Yu M. Zhang, and Radovan Kovacevic (1998). Neuro-fuzzy model-based predictive
control of weld fusion zone geometry. IEEE Transaction on Fuzzy Systems. 6, 3 (Augost
1998), 389-401.
[12] LIU Xiang-Jie LIU Ji-Zhen. Constrained power plant coordinated predictive control using
neuro-fuzzy model. ACTA Automatica Sinica. 32, 5 (September, 2006), 785790.
[13] Hu J. Q., and Rose E. Generalized predictive control using a neuro-fuzzy model.
International Journal of Systems Science.30, 1 (1999), 117-122.
[14] Mok H. T., and Chan C. W. Fault detection and isolation of three-tank system using neuro-
fuzzy networks with local approaches. UKACC International Conference on Control 2008
(University of Manchester, Manchester, UK, Sept. 2-4, 2008).
[15] Waller, Jonas B., Jinglu Hu and Kotaro Hirasawa. Non-linear model predictive control
utilizing a neuro-fuzzy predictor. In Proceedings of the IEEE Conference on SMC 2000
(Nashville, Tennessee, USA, October 8-11, 2000).
[16] Jairo Espinosa, Joos Vandewalle and Vincent Wertz (2004). Fuzzy logic, identification and
predictive control, Springer - Verlag London Limited 2005.
[17] Dormido R.,. Vargas H, Duro N., Snchez J., Dormido-Canto S., Farias G., Esquembre F.,
and Dormido S. Development of a web-based control laboratory for automation
technicians: The Three-Tank System. IEEE Transactions on Education (2007 IEEE), 1-10.

IJCSBI.ORG
The Computer-Linguistic Analysis

of Socio-Demographic Profile of
Virtual Community Member
Yuriy Syerov, Andriy Peleschyshyn, Solomia Fedushko
Social Communications and Information Activities Department,
Lviv Polytechnic National University,
Ukraine, Lviv, S. Bandery street 12,
ABSTRACT
This article considers the current problem of investigation and development of computer-
linguistic analysis of socio-demographic profile of virtual community member. Web-
members socio-demographic characteristics profile validation based on analysis of socio-
demographic characteristics. The topicality of the paper is determined by the necessity to
identify the web-community member by means of computer-linguistic analysis of their
information track. The formal model of basic socio-demographic characteristics of virtual
communities member is formed. The structural model of lingvo-communicative indicators
of socio-demographic characteristics of the web-members and common algorithm of the
formation of lingvo-communicative indicators based on processing training sample are
developed. Types of the computer-linguistic analysis of indicative characteristics are
studied and classifications of lingvo-communicative indicators of gender, age and sphere of
activities of web-community member is established. Also, the formal model of the basic
socio-demographic characteristics of web-communities member is introduced.
Keywords
Socio-demographic, indicative characteristic, marker, web-community member, personal
data, validation.
1. INTRODUCTION
The computer-linguistic analysis of socio-demographic analysis of the web-
community member consists in the analysis of members information track.
Nowadays, developing the method of personal data validation [1, 2] of the
maximum amount of information about virtual community member is an
important issue in the fields of social communication and internet-
marketing. To achieve the aim, the following research tasks should be
fulfilled: to form the model of basic socio-demographic characteristics of
virtual communities member; to develop the structural model of indicators
of socio-demographic characteristics of the web-community members and
common algorithm of the formation of lingvo-communicative indicators
based on processing training sample; to study the types of the computer-
linguistic analysis of indicative characteristics; to establish classifications of
lingvo-communicative indicators; to introduce the formal model of the basic
characteristics of virtual communities member.

IJCSBI.ORG
2. BACKGROUND STUDY
Sets of lingvo-communicative indicators for verification of the socio-
demographic characteristics of web-communitys members were forming by
experts. The base of this research was studding scientific theories and the
ideology of the leading scientists.
A new introduction to the study of the relation between gender and language
use are investigations of the leading experts in the fields: gender differences
in the level of speech key phrases [3], modern approaches to the study of
language and gender [4], sociolinguistic analysis of discussions of
conferences [5], comparison relations style of gender speech and world
perception [6], gender research of language in online communication [3] [7]
[8], comparison of managers language [9], experimental investigations of
conversations of married couples [10], gender language research in three
communities with different social relations [11].
A modern approach to the study of language and age are investigations of
the outstanding scientists in the fields: web-communication of adolescents
[12], sociolect of adolescents [13], methods and means of internet-
communications of adolescents [7], teen style [14].
Studies of language and sphere of activities are investigations of the leading
scientists in the fields: Physico-Mathematical, Technical and Economic
sphere [16], Chemicals sphere [17] [18], Sociological, Historical,
Philosophical and Political sphere [19] [20], Natural sphere [21], Medical
sphere [22], Philological-Pedagogical sphere [23], Sphere of Architecture
and Art [24], Sphere of Physical Training and Sport [25], Agricultural
sphere [26],Military sphere [27], Legal sphere [28] [29]
3. STRUCTURAL MODEL OF LINGVO-COMMUNICATIVE

INDICATORS OF SOCIO-DEMOGRAPHIC CHARACTERISTICS
The structural model of lingvo-communicative indicators of socio-
demographic characteristics of the web-community members is consisting
of four levels. Figure 1 shows that socio-demographic characteristics are
determined by set values. Each of studied characteristics has two
determinate values. By-turn, one of the values of socio-demographic
characteristics necessarily is assigned to each web-community

IJCSBI.ORG
members.
VALUE OF SDCH
LINGUISTIC MARKERS
...
ADULT
MARKER 1
AGE
...
LINGVO-COMMUNICATIVE INDICATORS
SOCIO-DEMOGRAPHIC CHARACTERISTICS
ADOLESCENT MARKER 2
... MARKER 3
MAN
...
GENDER
... MARKER N
WOMAN
INDICATIVE GRAPHIC
CHARACTERISTICS MARKERS
...
EDUCATED
MARKER 1
EDUCATION
...
UNEDUCATED MARKER 2
... MARKER 3
TECHNICAL
...
SPHERE
... MARKER N
HUMANITARIAN
Figure 1. Scheme of the structural model of lingvo-communicative indicators of socio-

demographic characteristics of the web-community members
Every one of level components of the structural model of lingvo-
communicative indicators of socio-demographic characteristics of the web-
community members will consider further in this study.
3.1 Notion of socio-demographic characteristics
The socio-demographic characteristics [30] are necessary to consider
because these characteristics are base for formation of socio-demographic
profiles of web-communitys member. In social communication the socio-
demographic characteristics are defined as a set of basic characteristics of
the account in web community. Analysis of socio-demographic
characteristics of virtual communitys member lies in the forming socio-
demographic profile's [31] of web-communitys member. The socio-
demographic characteristics are provided by member of this web-
community.
In general, the socio-demographic characteristics include: age, gender,
material security, position, marital status, education level, profession and
work experience, employment, location, religious and political views, etc.
The notion of socio-demographic characteristics has a wide range of use in
many sciences. Socio-demographic characteristics are defined in various
fields as important parameters [32].

IJCSBI.ORG
Every socio-demographic characteristic of virtual communitys member is
determining by analysis of linguistic features (markers) in virtual
communitys members communication. Thus, the socio-demographic
characteristics are a set of social estimation criteria and important
parameters of human activity.
3.1.1 Definition of lingvo-communicative indicators
Lingvo-communicative indicators are special features of language and
communication of online communitys members, which can be traced in his
information track. The lingvo-communicative indicators determine the
community member belonging to a particular set of socio-demographic
characteristics. Lingvo-communicative indicator of socio-demographic
characteristics of virtual communitys members is a set of linguistics and
graphic features that are inherent to a web-communication specific online
community member. These indicators establish identity virtual member to
the set of socio-demographic characteristics and determine the value of
socio-demographic characteristics, actually. That is, the person in the course
of communicative activity uses features that helps expert to explore gender
and age identity, level of education, field of interest. For example, smiles,
lexical and graphic signs, etc.
3.1.2 Definition of markers
In view of the fact that linguistic and communication indicators are set
linguistic and graphic markers that define certain socio-demographic
characteristics of online community members using computer-linguistic
processing of the virtual communities content. The definition of the marker
looks like this explanation: marker is linguistic or graphic feature, which
contains information about the socio-demographic beginning of anonymous
web-member and identifies the authenticated web-community member and
group of web-community member and their socio-demographic identity.
Thus, markers are features of online-communication of web-member that in
information track are traced. According to the type of content markers are
divided into: graphical and linguistic markers. Linguistic marker is a
language feature (word, phrase or sentence) of internet-communication that
indicates belonging of the author of web-community content to certain
socio-demographic characteristic. Graphic marker is a graphic figure
(avatars or visual identification, user bars, emotions, etc.) that indicates
belonging of the author of web-community content to certain socio-
demographic characteristic. Vector of markers by method of computer-
linguistic processing of virtual web-community member information track is
obtained.

IJCSBI.ORG
Indicative characteristic
Linguistic markers Graphic markers
Types of analysis of linguistic markers Types of analysis of graphic markers

Sentence-level
Word-level analysis
analysis of the Avatars analysis Userbars analysis
of the content
content
Phrase-level analysis
Emoticons analysis
of the content
Figure 2. Types of the computer-linguistic analysis of indicative characteristics

Types of the computer-linguistic analysis of indicative characteristics in the
Figure 2 are showed.
3.2 Common algorithm of the formation of lingvo-communicative
indicators based on processing training sample
The common algorithm of the formation of lingvo-communicative
indicators based on processing training sample consists of the following
stages (See Figure 3):
Information track formation
Information acquisition from

reliable sources Process of formation of sets
of indicators for training
sample
Formation of lingvo-
communicative indicators based Processing of indicative
on processing training sample characteristics by statistical
method
System of lingvo-communicative
Classification of indicators for
indicators
each value of social-
demographic characteristics
Validation of classification in
information systems of multi-
computer monitoring
Figure 3. Scheme of common algorithm of the formation of lingvo-communicative

indicators based on processing training sample
Currently the most important stages of the algorithm will be reviewed:

IJCSBI.ORG
3.2.1 System of lingvo-communicative indicators
System of lingvo-communicative indicators is the basis for the software
development for the personal information validation of virtual community
members by means of "Socio-demographic characteristics verifier".
3.2.2 Processing of indicative characteristics by statistical method
In this stage of algorithm implemented automated statistical data analysis
using application packages that ensure factor, cluster and
discriminant analysis.
3.2.3 Validation of classification in information systems of multi-computer
monitoring
Verification of algorithm results carried out by using automated data-
processing monitoring system.
3.2.4 Process of formation of sets of indicators for training sample
Process of formation of sets of indicators for training sample consists in
three stages.
Automatic markers search
Determination of indicative
characteristics
Formation of the set of

lingvo-communicative
indicators
Figure 4. Scheme of formation of lingvo-communicative indicators based on

processing training sample
Figure 4 shows the steps of the process of formation of sets of indicators for
training sample.
3.3 Formation of lingvo-communicative indicators based on processing
training sample
The moderators and administrators must accurately track socio-demographic
characteristic identity of web-community members in order to prevent
conflicts in the virtual community. The method of determining socio-
demographic characteristic of web-community members to improve the
management of virtual communities is used. Context of messages and
themes of discussion significantly effect on the result of this research. This
fact in the study is taken into consideration and diversified training sample
of users messages of all web-forums topics is realized. The discussions in

IJCSBI.ORG
the threads of these forums are equally considered. All these discussions in
connection with a variety of interests and passions of men and women,
adults and adolescents are aroused.
3.3.1 Formation of gender lingvo-communicative indicators
The analysis of a set of gender linguistic characteristics of virtual
community members describe as follows:
GendU i Gend j U i ji1 (1)

Gend
N

where Gend j U i ji1
NGend
set of gender lingvo-communicative indicator of
Gend
web-community member; N i number of certain gender lingvo-
communicative indicator of web-community member.
The classification of lingvo-communicative indicators of gender is shown in
Table 1.
Table 1. Classification of lingvo-communicative indicators of gender
Indicator of gender Denotation

The emotional component Gender-A
Cultural aspects Gender-B
References Gender-C
Guidelines and instructions Gender-D
Lexical aspect Gender-E
Method of expressing content Gender-F
Timeframe Gender-G
Insignificance Gender-H
Power, influence and authoritativeness Gender-I
Beneficiation of language Gender-J
Composition Gender-K
Concretization Gender-L
3.3.2 Formation of age lingvo-communicative indicators
The analysis of a set of age linguistic characteristics of virtual community
members describe as follows:
AgeUi Age j Ui ji1 (2)

NAge
where Age j U i ji1 set of age lingvo-communicative indicator of web-

N Age
Age
community member; N i number of certain age lingvo-communicative
indicator of web-community member, U i .
Table 2 shows classification of lingvo-communicative indicators of age.

IJCSBI.ORG
Table 2. Classification of lingvo-communicative indicators of age
Indicator of age Denotation

Affiliative and aggressive style Age-A
Slang variation Age-B
Modulation of voice and sound similarity Age-C
Text economy Age-D
Non-codified units and non-verbal means Age-E
Deformalization Age-F
3.3.3 Formation of sphere of activity of lingvo-communicative indicators

The analysis of a set of sphere linguistic characteristics of virtual
community members describe as follows:
SphereU i Sphere j U i ji1

NSphere
(3)
where Sphere j U i ji1

NSphere
set of sphere lingvo-communicative indicator of
Sphere
web-community member; N i number of certain sphere lingvo-
communicative indicator of web-community member.
The classification of lingvo-communicative indicators of sphere of activity
is offered in Table 3.
Table 3. Classification of lingvo-communicative indicators of sphere of activity
Indicator of sphere of activity Denotation

Physico-Mathematical, Technical and
Sphere-A
Economic sphere Monday
Chemicals sphere Sphere-B
Sociological, Historical, Philosophical and
Sphere-C
Political sphere
Natural sphere Sphere-D
Medical sphere Sphere-E
Philological-Pedagogical sphere Sphere-F
Sphere of Architecture and Art Sphere-G
Sphere of Physical Training and Sport Sphere-H
Agricultural sphere Sphere-I
Legal sphere Sphere-J
Military sphere Sphere-K

IJCSBI.ORG
3.4 A common model of lingvo-communicative indicators of socio-
demographic characteristics of the web-community members
In this part of paper the formal model of the basic socio-demographic
characteristics of virtual communities member is introduced. Our socio-
demographic characteristics model expresses the basic socio-demographic
characteristics as ordered set of reliable socio-demographic characteristics
of virtual communitys member, and is described by a mathematical
equation. The socio-demographic characteristics model includes only basic
socio-demographic characteristics of virtual communities member, such as
"age", "sphere of activity" and "gender".
As previously was mentioned, researchers defined the information track as a
set of all personal data of virtual communitys member and the results of his
communicative activity - the content, which is created by web member. The
socio-demographic characteristics model of member virtual community
socio-demographic profile describe as follows:

SDCh(U*)
N
SDP U SDCh j U j1
(4)

SDCh(U*)
N
where SDCh j U j1 ordered set of socio-demographic
SDCh
characteristics of community member U*; N (U*) quantity of these
characteristics of member U*.
In the particular case, a set of socio-demographic characteristics is described
as:

SDCh U age U , edu U , gend U , sphere U , (5)
where SDCh(U*) a set of socio-demographic characteristics, U* web-
community member, age(U*) a set of age-indicator of web-community
member, edu(U*) a set of education-indicator of web-community member,
gend(U*) a set of gender-indicator of web-community member,
sphere(U*) a set of sphere-indicator of web-community member.
For the convenience of the analysis of a set of linguistic and communicative
indicators of age, gender and sphere of activity a virtual community member
is describe as follows:
IndIOi Ind j IOi ji1

(IO)
N Ind
(6)
where Ind j IOi ji1

(IO)
N Ind
vector of lingvo-communicative indicator of web-
community member, IO indicative characteristics, Ind lingvo-

IJCSBI.ORG
(IO)
communicative indicator, N iInd number of these lingvo-communicative
indicator of web-community member.
The value of ibelongs to the set of natural numbers ( i N ) for
investigated socio-demographic characteristics. However,
1) socio-demographic characteristic "gender" 1 i 12 , because this socio-
demographic characteristicis determined twelve lingvo-communicative
indicators.
2) socio-demographic characteristic "age" is determined six lingvo-
communicative indicators, so 1 i 6 .
3) socio-demographic characteristic "sphere of activity" is determined
eleven lingvo-communicative indicators, so 1 i 11 .
The monoatomic indicative characteristics of lingvo-communicative
indicator of web-community member determine the specific markers,
weight of markers and regulations of use:
IOi Mi , W, R (7)
where Mi , W, R vector of specific features, M i marker, W weight of

markers, R regulations of use.On the other part, the atomic indicator is
defined as:
Indk IO j jNI (8)
k
where IO j jNI the set of indicative characteristics, IO j j-th indicative

k
characteristics, NIk set of numbers of indicative characteristics that

indicative set is included (or formed).
Each of the indicative characteristic is described by vector of markers:
IO Markeri i1 (9)
N Mr
Mr
where Markeri i1 the set of markers, Markeri i-th marker, N
N Mr

number of elements in the set Marker .
The socio-demographic characteristic of web-forum member is a set of pairs
of markers and weights of markers. Weighting factor (weight of markers) is
a factor of expression measures of certain marker of socio-demographic
characteristics in the track information of web-community member.
Weighting factor define the importance of marker for certain lingvo-
communicative indicator of socio-demographic characteristic:

IJCSBI.ORG
N
M IOi
IOi Markerj , ij (10)
j1
where Markerj Marker marker from a set of markers; ij weighting

factor Markerj of certain indicative characteristic IO i ; N MIOi number of
markers of indicative characteristic IO i .
Markers of web-community content (is created by user Useri ) are
automatically detected using specialize software. This data form a set of
markers of certain indicator of socio-demographic characteristic of web-
member MarkerListUseri .
MarkerListUseri Marker (11)
Based on information track of web-community member the extent of
congruence Useri with indicative characteristic IO p defined by:
N MIUseri
pj n ij
Useri , IOp j1
KMIIOIp (12)
N

j1
pj

where pj IO p , Markerj weighting factor Markerj of indicative

characteristic IO p , n ij n Content i , Markerj number of markers using
Markerj in content of web-community member Content i .
During the analysis only just significant socio-demographic characteristic

for proposed model of socio-demographic profile of web-community
member are investigated (including age, gender and sphere of activity).
4. CONCLUSIONS
A question of urgent importance in the web-forum management and
moderation is the development of a new approach to data verification which
gives community members when they are resisted. The formal model of
basic socio-demographic characteristics of virtual communities member is
formed. The structural model of lingvo-communicative indicators of socio-
demographic characteristics of the web-community members and common
algorithm of the formation of lingvo-communicative indicators based on
processing training sample are developed. Types of the computer-linguistic
analysis of indicative characteristics are studied and classifications of
lingvo-communicative indicators of gender, age and sphere of activities of
web-community member are established. Also, the formal model of the

IJCSBI.ORG
basic socio-demographic characteristics of virtual communities member is
introduced. As the result of analysis the verifiable personal information
web-community members and its socio-demographic profile are obtained.
So, the issue of socio-demographic profile of virtual communitys member
verifying is investigated. The socio-demographic profile of virtual
communitys member helps automatically administrated and monitored the
web-forums. Thus, this paper presents a new approach to developing
computer-linguistic method of socio-demographic profile formation.
5. REFERENCES
[1] Fedushko, S., Syerov, Y.Design of registration and validation algorithm of members
personal data, International Journal of Informatics and Communication Technology
(IJ-ICT), Vol.2, No.2, July 2013, 93-98.
Available:http://iaesjournal.com/online/index.php/IJICT/article/view/3960
[2] Peleschyshyn, A., Syerov, Yu., Fedushko, S.Developing algorithm of registration and
validation of personal data on web-community member.Journal of the Lviv Polytechnic
National University: Computer Science and Information Technology, Lviv, (ed.) NU
LP, 686, 238-244, 2010.
[3] Lakoff, R. Language and Woman's Place, Harper & Row, New York, 1975.
[4] Greenfield, P. M., Subrahmanyam, K.Online discourse in a teen chatroom: New codes
and new modes of coherence in a visual medium.Journal of Applied Developmental
Psychology, 24, 2003, 713-738.
[5] Dubois, B. L., Crouch, I.The question of tag questionsin women's speech: They don't
really use more of them, do they? Language in Society,4, 1975, 289-294.
[6] Kumar, R., Raghavan, P., Rajagopalan, S., Tomkins, A. Trawling the Web for
Emerging Cyber-Communities. Computer Networks, 1999.
Available:http://www.almaden.ibm.com/cs/k53/trawling.ps.
[7] Witmer, D., Katzman, S.On-line Smiles: Does Gender Make a Difference in the Use of
Graphic Accents.Journal of Computer-Mediated Communication.NA, 2(4), 1997.
[8] Herring, S., Kouper, I., Scheidt, L., Wright, E.Women and children last: The discursive
construction of weblogs. Blogosphere: Rhetoric, Community, and Culture of Weblogs,
2004. Available:http://blog.lib.umn.edu/blogosphere/women_and_children
[9] Tannen, D.Gender and Discourse. Oxford, Oxford University Press, 1995.
[10] Fasold, R., Fishman, P., Sociolinguistics of Language. Conversation insecurity,1990.
[11] Milroy, R. Language and Social Networks.Montgomery, 1986.
[12] Arinze, B., Ridings, C., Gefen, D.Some Antecedents and Effects of Trust in Virtual
Communities.Journal of Strategic Information Systems, 11,2002, 271295.
[13] Huffaker, D.The educated blogger: Using weblogs to promote literacy in the
classroom. First Monday, January 4, 9 (6), 2004.
Available:http://www.firstmonday.dk/issues/issue9_6/huffaker/index.html
[14] Schiano, D., Chen, C., Ginsberg, J., Gretarsdottir, U., Huddleston, M., Isaacs, E.Teen
use of messaging media.Proceedings of the ACM Conference on Human Factors in
Computing Systems. Minneapolis, New York, ACM Press, 2002, 594-595.

IJCSBI.ORG
[15] Stoller, F., Horn, B., Grabe, W., Robinson, M.Evaluative review in materials
development. Journal of English for Academic Purposes, 5(3), 2006, 174192.
[16] Andonie, R., Dzitac, I. How to write a good paper in computer science and how will it
be measured by ISI Web of Knowledge.International Journal of Computers,
Communications & Control. 4, 2010, 432-446.
[17] Beall, H., Trimbur, J.A short guide to writing about chemistry (2nd ed.). Longman,
New York, 2001.
[18] Paulson, D. R.Writing for chemists: Satisfying the CSU upper-division writing
requirement. Journal of Chemical Education, 78, 2001, 1047-1049.
[19] Pearce, R.How To Write a Good History Essay. Available:
http://www.historytoday.com/robert-pearce/how-write-good-history-essay.Last
accessed 29th July 2013.
[20] Hiemstra, R.Writing articles for professional journals (5th ed.). Retrieved January 15,
2007. Available: http://www-distance.syr.edu/apa5th.html
[21] Stockton, S.Students and professionals writing biology: Disciplinary work and
apprentice storytellers. Language and Learning Across the Disciplines, 1(2), 1994, 79-
104.
[22] Gehlbach, S. H., Interpreting the Medical Literature, 4th ed.; McGraw Hill Medical
Publishing Division, New York, 2002.
[23] Biber, D., Conrad, S., & Reppen, R. Corpus linguistics: Investigating structure and
use. Cambridge University Press, Cambridge, 1998.
[24] Richardson, M.Practical Tips for Writing a Journal Article.NSF GK-12 Fellow
University of Illinois at Urbana-Champaign, 2007.
[25] Mackenzie, B.Talk the athlete's language if you wish to communicate effectively.
Available:http://www.brianmac.co.uk/articles/scni5a1.htm.
[26] Schleicher, J.How to Talk Farmer. Available: http://www.grit.com/Community/How-
to-Talk-Farmer.aspx.November/December 2007.
[27] Balabin, V.The modern U.S. military slang as a problem of translation.Logos, Kyiv,
2002.
[28] Asprey, M.Plain Language for Lawyers. Federation Press, 2003.
[29] Phillips, .Lawyers' Language: The Distinctiveness of Legal Language. Taylor&
Francis, 14 Jan. 2004.
[30] Fedushko, S.Peculiarities of definition and description of the socio-demographic
characteristics in social communication.Journal of the Lviv Polytechnic National
University: Computer Science and Information Technology, 694, 2011,75-85.
[31] Fedushko, S., Peleschyshyn, O., Peleschyshyn, A., Syerov, Y.The verification of
virtual community member's socio-demographic characteristics profile,Advanced
Computing: An International Journal (ACIJ), Vol.4, No.3, May, 2013,29-38.
Available: http://airccse.org/journal/acij/papers/4313acij03.pdf
[32] Fedushko, S.Disclosure of Web-members Personal Information in Internet.Conference
of Modern information technologies in economics, management and education, Lviv,
2010, 163-165.

IJCSBI.ORG
Using Analytic Hierarchy Process

(AHP) to Select and Rank a
Strategy Based Technology
Majid Nili Ahmadabadi
Department of Management,
Islamic Azad University, Najafabad Branch,
Isfahan, Iran
Masoud Najafi
Department of Management,
Islamic Azad University, Najafabad Branch,
Isfahan, Iran
Peyman Gholami
Young Researchers and Elite Club, Arak Branch
Islamic Azad University
Arak, Iran
Payam Gholami
Department of Mechanic,
Iran University of science and technology,
ABSTRACT
Increasing development of used tools and equipment in industries has resulted in their
various and new applications in industries. In today's competitive world a collection of
these tools are known as technology. Each organization has its own missions and goals and
to this end experts and lites of organizations design their specific plans. Based on these
plans and strategies (business strategies in particular), organizations are willing to choose
the best and relevant technology. So choosing a technology without considering the strategy
is something in vain. With due consideration to different criteria, in order to make the best
choice, multi criteria decision making (MCDM) techniques can be used. In this paper, we
have tried to present a favorable model for technology selection by using a suitable
modeling. To determine the priority of technologies and choose the most auspicious
technology, analytic hierarchy process (AHP) has been used.
Keywords
MCDM techniques, AHP, Technology Strategy, Business strategy, Ranking.
1. INTRODUCTION
Technology plays a crucial role in competitions. The shorter life cycle and a
phenomenon by the name of global market in todays competitive world
have brought about new challenges for developing countries in broadening
their technologies [1]; for many years, technological changes and
innovations, driven by research and development have been the most

IJCSBI.ORG
important sources of productivity growth and increased welfare [2].
Developing countries import technologies; however, a certain amount of
R&D capacity is necessary in the host economy for absorbing them i.e. the
imported technologies should be adapted to local conditions applied for
alternative uses. In order to best make use of these changing situations some
important factors such as Technological competencies, amount of
investment, technology sourcing and competition should be managed
strategically. Developing a long term strategic plan as well as determining
the firms investment priorities and preferences in the field of technology
which is known as technology strategy (TS) is the first step of technology
management. [3]. TS is a concept dates back to the period of World War II
[4].
The aim of a business strategy is to achieve a permanent advantage which
results in competitive prominence. Having access to accurate and correct
information from all of the engaged parties of the society is the prerequisite
for providing strategic management, long term policy makings, and macro
plannings and etc. [5]. This strategy might be a mixed strategy or a sole
strategy. It should be pre- planned consciously and the superior
technologies, goods or services, customers and the future targets of the
company should be taken into account. Technologies of the company should
be controlled and based on a well- defined plan; it should be put into
operation. An effective management is based on getting technological and
commercial strategies related successfully.
This paper has been organized in this way: after presenting a brief literature
of the published works in section 2, concepts and definitions will be
completely clarified in section 3, section 4 brings about different models of
TS; following this section in section 5 of the paper TS elements will be
explained. In section six we will present the practical aspect of the work and
its formulizations and following these the numerical results of the study will
have been offered and at last in section 7 result.
2. BACKGROUND STUDY
There are extensive range of techniques and mechanisms which are used for
development of strategies for technological progress.
AHP is a research method to support rational decision making on several
qualitative factors [6]. AHP is a highly outstanding management tool for
complex multi-criteria decision problems and was developed as a
methodology that can present flexible solution on qualitative and
quantitative problems [7].
The recent studies on AHP application are in various fields including
strategy planning, evaluation of projects and technology selection. Chen and
Huang (2004) used AHP to high-tech industry evaluation which enables
decision-makers to rank order high-tech industries for inclusion in the new
science-based industrial park [8]. Liu and Shih proposed a novel product

IJCSBI.ORG
recommendation methodology that combined group decision-making and
data mining techniques, and applied AHP to determine the relative weights
of the variables in evaluating customer lifetime value or loyalty [9]. Lee,
Chen, and Chang proposed an approach based on the fuzzy analytic
hierarchy process and balanced scorecard for evaluating an IT department in
the manufacturing industry in Taiwan [18]. Duran and Aguilo suggested, an
AHP based on fuzzy numbers multi-attribute method for the evaluation and
justification of an advanced manufacturing system [11]. Cebeci used AHP
method to select suitable ERP system for textile industry. The FAHP, a
fuzzy extension of the multi-criteria decision-making technique AHP, was
used to compare these ERP system solutions [12]. Chen and Wang found
the critical operational factors of the information service industry in
developing the market for using AHP method and provided a referential
framework for operations in the information service industry [13]. They
examined how the choice of a typical commercial application software
product company affected its investment project for the strategy of entering
the target market using AHP.
Models of technology strategy (TS) formulation can be categorized from
multiple perspectives. Some of the conducted studies in the field of TS are:
Formulating national strategy of nanotechnology proposed by Ghazinoory et
al [14], they proposed their model using STEEP analysis, SWOT analysis,
critical technologies, and technology planning approach.
In this paper, we have discussed about different concepts of (TS) and at the
end technology selection has been conducted by means of Analytic
Hierarchy Process (AHP).
3. CONCEPTS AND DEFINITIONS
3.1 Strategy
The concept of strategy will be clarified by reviewing some of the
conducted studies in this field.
The first dimension of strategy is used for establishing the organizational
purpose in terms of its long term goals and resource allocation policies. This
dimension of strategy is supported by a definition given by Chandler (1962):
Strategy is the determination of the basic long- term goals of an enterprise,
and the adoption of courses of actions and the allocation of resources
necessary to carry out these goals.
The second dimension of strategy is related to competitive advantage.
Michael Porterin his second book defines competitive strategy as:
The search for a favorable competitive position in an industry, the
fundamental in which competition occurs. Competitive strategy aims to
establish a profitable and sustainable position against the forces that
determine industry competition[15].

IJCSBI.ORG
3.2 Technology
By a simple look at some technology related text different kinds of
definitions can be perceived. Some of the common definitions of this
concept are as follows:
Taregh Khalil states: technology is the whole used knowledge, products,
processes, tools, methods and systems for manufacturing goods and services
[16]. And somewhere else Stephen Robins states that technology is all the
necessary data, tools and processes used for altering the input to output [17].
3.3 Technology strategy

The technological
Technology strategy is a sort of plan which is used for guiding new ventures
on the development and use of technological capabilities [18].
Another definition offered by Ford for TS is as an aspect of business
strategy which is concerned with exploiting, developing, and maintaining
the sum total of the companys knowledge and abilities. Vernet and Arasti
refer to TS as the firms priority in technology development directing the
firms future directions in technological issues [3].
4. MODELS OF TS
In order to codify TS, there are some common models which can be used.
Some of these models are Porter, Majluf, Ford & Saren, Burgelman &
Maidique, and Chiesa. Three of these models will be explained.
4.1 Porter model
The term value chain first was used by Michael Porter. Linking the
activities of the organization to the organizations competitive position is
the matter of discussion for value chain analysis Figure 1.It evaluates
whether a specific kind of activity can add to the organizations products or
services[18].
Figure 1. Porters model of value chain

IJCSBI.ORG
In Porters value chain two kinds of activities can be found: primary
activities and support activities. Primary activities are those connected with
creation or delivery of a product or service. They can be classified into five
main areas: inbound logistics, operations, outbound logistics, marketing and
sales, and service. These primary activities are concerned with support
activities and are helpful in improving their effectiveness or efficiency. Four
main areas of support activities are: procurement, technology development,
human resource management, and infrastructure.
Delivering a product or service for which the customer is willing to pay is
the implication that margin is looking for [19].
4.2Ford & Saren

This model has been presented in 1996. In this model technology strategy
talks about, creating, keeping and using technology. The elements of the
technology are: accessing, managing and exploiting the technology.
Accessing can be either internal (R&D) or external (purchasing the
technology) as well as exploitation in which using the companys products
and processes is internal and selling the license is external[20].
4.3 Burgelman and Maidique

In this model the strategy technology has emanated from technological
merits of the company. Based on this strategy, the resulted experience from
performance of ST brings about the future technological merits and
technology strategies. Indeed, the codifying process of the operational TS is
periodical and their revising is vital [21].
5. TS ELEMENTS
5.1 Main technology
The manufactured products by each company are either based on a set of
technologies related to a collection of existing merits or technologies owned
by other companies. Each of these technologies should be identified and
based on their partial importance in the company should be classified.
Technologies in a company consist of three layers; distinctive (core), basic
and external. Distinctive or core technologies are in the center of these
layers, basic technologies in the middle and external technologies in the
outer layer.
5.1.1 External technologies

These technologies are provided by other companies and their impacts on
competitive level of the company are not so much such as packing
technologies. They arent needed to be controlled or possessed by the
company.

IJCSBI.ORG
5.1.2 Basic technologies
These technologies are essential to keep staying and competing in the
commerce world but they cannot result in a considerable difference
5.1.3 Distinctive technologies

These technologies are a basis for meeting the present and future needs;
therefore, they should be developed. This feature can result in an obvious
competitive advantage and entrepreneurship. They can make sensible
differences with competitors.
6. FORMULIZATION
It is used for providing an appropriate concept from the content; for example
considering the situation which areas of the technology is fruitful to invest
and which areas should be postponed and which of them should be
neglected. This step consists of three stages: technology evaluation,
appropriate technology selection and identification of technological projects.
6.1 Technology evaluation

The goals of this stage: are accumulating some information regarding
technology development at the time being and in future, evaluating the
weight and importance of each technology and assessing the strength of the
company in terms of competitiveness in those special fields. Some of the
main activities of this stage are: identification of the changing technologies,
analyzing the impacts of technologies competitiveness and technological
strength as well.
6.1.1 Identification of the changing technologies

A collection of technological knowledge and skill which effect on the
competitive status of the company leads in technology. Some criteria for
better recognition of the technology are:
- partial analysis of technological structure of the company
- assessment of potential technologies capable of affecting future
markets
6.1.2 Analyzing the impacts of technologies competitiveness
The aim of this stage is to determine the competitive importance of the
technologies and its connection with market competitive factors. This
analysis should recognize the extent that a technology backs up the
competitive factors of a company as well as its importance for future
competition.
6.2 Technology selection

The aim of this stage is to identify critical technologies. Based on the
importance, weight and preference of the technologies different amount of

IJCSBI.ORG
investment are allocated. In order to select an auspicious and relevant
technology AHP has been used figure 2. The first step in this process is to
create a graphical sketch of this problem in which goals, criteria and
alternatives have been illustrated [22].
Suitable technology
selection
R & D investment Other tech activities Compatibility

level investment level
Investment in
Investment in
comparison to Investment as a sale
comparison to main investment Human resources Tools & equipement Invest allocation Advantage rights structure staff output Other systems
progressive percentage
competitors
competitors
CT1 CT 2 CT 3 CT 4 CT 5 CT n
Figure 2. AHP tree of technology selection
After determining the partial weight of the criteria, the weight of each
critical technology is identified and the auspicious technology is selected.
The outcome of this stage is a list of priorities about critical technologies. At
end of this paper a numerical example for technology selection is presented
as follows.
A company intends to select technology using AHP. To this end, first the
intended model should be composed, and then option importance matrix is
formed according to table 1.
Table 1. Pair- wise comparison of the criteria
C O R
C 1 2 3
O 1/2 1 2
R 1/3 1/2 1
The weight of each criterion has been specified in table 2.

IJCSBI.ORG
Table 2. Criteria weight

Criteria Weight
C 0.53
O 0.28
R 0.19
Then, with due attention to different criteria, each sub criterions weight is
specified. At first, pair-wise comparison matrixes should be formed. These
are according to table 3,4 and 5and following it the local weight should be
done which is according to table 6.
Table 3.Pair- wise comparison of each of the sub criterion of criteria No 1
1 2 3 4
1 1 1/5 2 1/3
2 5 1 1/2 1/2
3 1/2 2 1 1/2
4 3 1/5 2 1

1 2 3 4
1 1 3 1/3 2
2 1/3 1 5 2
3 3 1/5 1 1/3
4 1/2 1/2 3 1

1 2 3 4
1 1 3 5 1/2
2 1/3 1 1/2 5
3 1/5 2 1 1/3
4 2 1/5 3 1

IJCSBI.ORG
Table 6. The local weight of the sub criteria
Criteria No.1 Criteria No.2 Criteria No.3
Sub criteria 1 0.04 0.31 0.77
Sub criteria 2 0.41 0.53 0.08
Sub criteria 3 0.16 0.04 0.01
Sub criteria 4 0.39 0.12 0.12
In this stage, in table 7the sub criterion weight is resulted by multiplying the
local weights in weight of the criteria which is similar to table 7
Table 7. The weight of each sub criterion

Criteria No.1 Criteria No.2 Criteria No.3
Sub criteria 1 0.022 0.089 0.147
Sub criteria 2 0.214 0.148 0.016
Sub criteria 3 0.086 0.009 0.003
Sub criteria 4 0.206 0.033 0.023
Following the above stages pair- wise comparison of each six technologies
considering each of the sub criteria should be conducted. After normalizing
each of the matrixes, the technology priority matrix considering the sub
criteria are formed which is the same as table 8.
Table 8.The comparison of the technologies based on the sub criteria

Technologies
Sub 1 2 3 4 5 6
criteria
1 0.18 0.21 0.15 0.11 0.18 0.17
2 0.11 0.19 0.21 0.15 0.15 0.19
3 0.20 0.19 0.17 0.11 0.25 0.08
4 0.20 0.15 0.11 0.22 0.14 0.18
5 0.14 0.13 0.13 0.20 0.23 0.17
6 0.08 0.11 0.18 0.22 0.26 0.15
7 0.22 0.18 0.22 0.09 0.16 0.13
8 0.10 0.14 0.21 0.14 0.23 0.18

IJCSBI.ORG
9 0.13 0.17 0.15 0.22 0.18 0.15
10 0.20 0.21 0.17 0.11 0.08 0.23
11 0.11 0.17 0.18 0.20 0.18 0.16
12 0.16 0.19 0.22 0.14 0.18 0.11
At the end, in order to rank each of the technologies, total amount of each
obtained scores of the technologies in sub criterion is used in the weight of
the criteria. Ranking of the technologies is the same as table 9.
Table 9. Ranking of the technologies

Rank Scores Technologies
4 0.1615 1
1 0.1868 2
2 0.1830 3
3 0.1630 4
5 0.1598 5
6 0.1418 6
7. RESULTS
As it was mentioned, the goal of TS is to achieve a permanent advantage
which results in competitive prominence. All issues regarding technology
should be consciously studied, planned and chosen to achieve the foresaid
competitive prominence. Organizational goals can be achieved in the
competitive environment using the appropriate technology. TS is the
approach to this end. Different criteria are presented for useful selection of
the technology. In this paper, TS codifying models have been taken into
consideration. A model has been presented for formulization of TS in which
AHP has been used for the auspicious technology selection.
8. REFERENCES
[1] Kartiko, P., Don, S., Graham, M., & Roos, D. Implementing a technology strategy
in developing countries the experience of the Indonesian rolling stock industry.
Technological Forecasting & Social Change, 70, 163176. 2003
[2] Edquist, C. Systems of Innovation Approaches Their Emergence and
Characteristics. In C. Edquist, and M. McKelvey (Eds.), Systems of Innovation:
Growth, Competitiveness and Employment (p.38).UK: Cheltenham
[3] Edward Elgar.2000

IJCSBI.ORG
[4] Arasti, M. R., & Packniat, M. A classification of models for technology Strategy
formulation. International Association for Management of Technology.
http://www.iamot.org/conference/index.php/ocs/9/paper/view/1886/885/ [accessed
on August 17, 2012]. 2011
[5] Henderson, B. D. The Origin of Strategy. Harvard Business Review, 139-143.
[6] http://www.abo.fi/~mbrannba/GSM/henderso.pdf [accessed on July 3, 2012]
[7] Niliahmadabadi, M. Najafi, M, Gholami, P.Use of Intelligent Business, a Method
for Complete Fulfillment of e-government, International Journal of Computer
Science and Business Informatics. 2013
[8] Saaty, T. L. (1971).On polynomials and crossing numbers of complete graphs.
Journal of Combinatorial Theory, 10, 183184.
[9] Sangjae, L. Wanki, K. Young, M, K. Kyong, J, O. Using AHP to determine
intangible priority factors for technology transfer adoption. Expert Systems with
Applications 39 (2012) 63886395
[10] Chen, C. J., & Huang, C. C. A multiple criteria evaluation of high-tech industries
for the science- based industrial park in Taiwan. Information & Management,
41(7), 839851.2004
[11] Liu, D. R., & Shih, Y. Y. Integrating AHP and data mining for product
recommendation based on customer lifetime Value. Information & Management,
42(3), 387400. 2005
[12] Lee, A. H. I., Chen, W. C., & Chang, C. J..A fuzzy AHP and BSC approach for
evaluating performance of IT department in the manufacturing industry in Taiwan.
Expert Systems with Applications, 34(1), 96107. 2008
[13] Duran, O., & Aguilo, J. Computer-aided machine-tool selection based on a Fuzzy-
AHP approach. Expert Systems with Applications, 34(3), 17871794.2008
[14] Cebeci, C. Fuzzy AHP-based decision support system for selecting ERP systems in
textile industry by using balanced score card. Expert Systems with
Applications,36(5), 89008909. 2009
[15] Chen, M. K., & Wang, S. C. The critical factors of success for information service
industry in developing international market: Using analytic hierarchy process
(AHP) approach. Expert Systems with Applications, 37(1), 694704.2010
[16] Ghazinoory, Divsalar, A., & Soofi, A. S. (2009). A new definition and framework
for the development of a national technology strategy: The case of nanotechnology
for Iran. Technological Forecasting & Social Change, 76, 835848.
http://dx.doi.org/10.1016/j.techfore.2008.10.004
[17] Hax, A., and Majluf, N. Strategy and strategy formation process. Sloan School of
Management, MIT, http://dspace.mit.edu/bitstream, [Accessed on 21 May 2013]
[18] Khalil, T. M. Management of technology- the key to competitiveness and wealth
creation, Boston: McGraw-Hill, 2000
[19] Robins, S. Organization Theory, Translated By Dr. Alvani, M. and Danaeifard, H.
[20] Shaker, A, Z. Technology strategy and new venture performance: a study of
corporate- sponsored and independent biotechnology ventures. Journal of business
venturing11, 289 321, 1991

IJCSBI.ORG
[21] Dagmar, R. Recklies Management Project. Gmbh, www.fao.org/fileadmin/ user_
upload/fisheries/value chain [Accessed on 23 May 2013]
[22] Ford, D. and Saren, M. Technology Strategy for Business, Thomson Business
Press, pp.41-169, 1996.
[23] Burgelman R.A. Maidique, S.C. Wheelwright.Strategic Management of
Technology and Innovation. McGraw Hill. 2001
[24] Pourghodsi, H. Analytic Hierarchy Process (AHP), Tehran, Amirkabir publications,
2012

IJCSBI.ORG
Explore the Possibility of Moving

the Government to the Web 2 in
IRAN
Alireza Shirvani
Assistant Professor of management Esfahan, Science and Research Branch, Islamic Azad
University, Iran
Ameneh Malmir
Department of management Esfahan, Science and Research Branch, Islamic Azad
University, Iran
Fariba Azizzadeh
Department of management Esfahan, Science and Research Branch, Islamic Azad
University, Iran
ABSTRACT
In the age of digital information, it seems the government has increased expectations of
citizens. The Government expects the flow of information between citizens and government
agencies to support multilateral. In line with the need to recognize the need to engage with
citizens and citizen-oriented content, state agencies to use Web 2 tools have on your
website. Due to the lack of adequate scientific research in the field of web applications in
public section, this paper focuses on the use of Web tools in public 2 that have concentrated
in Hamadan. This type of survey is run on the target application. All employees of the
governmental statistical population of 44,352 people in the province in the years 2012 and
selected sample of 380 the Morgan. Methods of data collection, web questionnaire with 20
questions and 2 were estimated using Cronbach's alpha reliability coefficient of 85.2
percent. Presumptive level data analysis was done using the Z test. This article has been
tested four hypotheses. The components include: creating information symmetry services,
solutions and policy is made the results of testing this hypothesis is rejected and the supply
is undesirable citizens.
Keywords
Citizenship Resources, State Machines, Web 2 "Social Networks (Facebook), Media or
Multimedia Sharing, Wikis, Blogs, Micro Blogging (Twitter) and Chat."
1. INTRODUCTION
Web 2 is the next generation Internet infrastructure in terms of speed and
still lacks a precise definition, but it is, how to create, publish, and interact
with other people through a new generation of network infrastructure and
tools that have been defined. The definition of "Tem Orily's" Web 2
represents the second generation of Internet services such as social networks
like MySpace and communication tools [2].Through various platforms
enabled by Web 2.0 technologies, citizens can collectively create public

IJCSBI.ORG
information, provide service, and take part in policy processes [1]. In the
past two years, various businesses, technical experts and academic
authorities have been many discussions about Web 2 [3]. News, articles,
reviews associated with Web 2 is too high and should be acknowledged that
shook the internet web 2. Has been launched, many sites held conferences to
promote the concept that made it even into existence the first journal
special issue web 2. Web 2 opponents know that it is only a passing wave to
the internet has died. But what is clear web 2 whatever it is associated with
many fans. The interesting thing is there that everyone defines it in a way
that gives a different impression. Web 2 can be considered an umbrella on
new technologies to improve the user experience of the web beyond the
capabilities of traditional HTML (Web 1) is given. It can be a series of
activities that helps the users to easily design websites, online communities
and web tools to connect their services [4].
Government programs, there is evidence of innovation and creativity. In this
regard, it is noteworthy electronic structures of citizen participation in
government through public mobilization and deployment of web agents,
web 2. In addition to extensive cooperation with government websites, users
presence in the social networking websites are also significant and have an
active presence in social networking sites, such as public Facebook,
YouTube, and so on as well as [8]. In addition, national portals and
ministerial websites, tools such as discussion boards (forums), blogs, online
chat, online polls and surveys, email newsletters, and other interactive tools
for users to efficiently and properly use said [16]. These tools, users can
help government agencies involved in decisions [15].
2. BACKGROUND STUDY
Contests, wikis, social networking and social voting are identified as the
main strategies for citizen sourcing that uses technologies. The four
strategies are described in terms of how a government agency can acquire
the wisdom of crowds and from whom. Information and communication
technologies are categorized in terms of bilateral or multilateral digital
communication that allows citizens to participate in collective decision-
making and cooperation in carrying out a task via online networks provide
[17]. Some government agencies are now serving their policy and are based
on information from public sources. This new trend is called citizenship
resources how to get services that are necessary to meet the requirements of
their duties, and how they make these decisions [7]. Just some of the
researchers and administrators of the concept of citizenship resources they
use [10].
This section presents a framework for assessing how citizen-sourcing
projects work. The framework approaches assessment of citizen-sourcing
projects from three perspectives: design, process, and outcome. This section

IJCSBI.ORG
seeks to create understanding about the contexts in which the
aforementioned benefits are made possible. Table 1 suggests a set of three
key dimensions to view a variety of citizen- sourcing projects.
Table 1. Dimensions of citizen-sourcing
Dimension Category
Purpose Image making
Information creation
Service coproduction
Problem solving
Policy making
Type of wisdom collected Professional skills and knowledge
Innovative ideas
Strategy Contest
Wiki
Social networking
Social voting
As described in Table 2, two main purposes of citizen-sourcing initiatives

are identified and may be expressed as cool (making a cool image of
government as an adopter of cutting-edge technologies) or hot (fostering
citizens' enthusiastic participation in mass collaboration projects).The
appropriateness and quality of the design of the Government 2.0 platform
for citizen-sourcing are vital to the performance of citizen-sourcing. There
are four facets of design which need to be considered: socio technical
design, functional design, procedural design, and Government 2.0 policy
design [9].
Government agencies under pressure to keep pace with citizens and business
expectations tend to adopt new technologies to simply demonstrate we're
doing it too. The Center for Technology in Government (2009) asked
county government professionals in New York State, What value can your
agency gain from using social media tools? Interestingly, making a cool
agency image was a typical response, while other frequently given
responses indicated that social media tools could enable collaboration,
instant information sharing, and virtual community building [18]. The
responses related to coolness included increasing public perception of the
agency as being in touch or social and readily able to react quickly to
emerging technologies; reaching younger citizens; attracting the next
generation of workers; and enhancing the citizenry's image of government.

IJCSBI.ORG
Citizen-sourcing also fits other serious purposes. Government agencies can
crowd-source their way out of problems. Many agencies begin citizen-
sourcing projects with the expectation that citizen-sourced innovative ideas
will contribute to improving information, services, solutions or policies [5].
Table 3 shows a shift in the perspective from the traditional government
model to the citizen-sourcing model. One of the primary goals of adopting
citizen-sourcing is to involve citizens as co-producers of knowledge and
information [12]. For example, users of San Francisco's 311 Twitter service
Twitter.com.SF311) instantly share information about infrastructure
problems (e.g., potholes) with other citizens and the city government, and
request various non-emergency city services (e.g., street cleaning). The
municipal authority immediately responds to each tweet (a post or status
update with 140 characters or less on Twitter, a micro-blogging service) and
reports on the progress of solutions or repairs. By sending tweets, San
Francisco citizens who use Twitter can directly provide the 311 service
agency and fellow citizens with updated information and alerts.
Table 2. Citizen-sourcing: cool or hot?
Cool Hot
Image making (look cool!) Information creation with citizens
Service improvement with citizens
Solution development with citizens
Policy making with citizens
Furthermore, solutions are deliverables made possible by citizen-sourcing.

Collective intelligence can help government agencies to solve some
problems that government professionals could not, and at a lower cost. This
is what is currently taking place in the National Aeronautics and Space
Administration (NASA). Not only can crowd-sourcing provide
technological solutions, but also suggestions for solving general problems in
societies. For example, Ideas For Seattle (IdeasForSeattle.org) is filled with
vigorous debates about diverse metropolitan issuese.g., permitting on-
street parking of scooters, expanding light rail, installing sidewalks, and
revitalizing public parks.
Seattle citizens share their own ideas about the problems citizens face,
evaluate posted ideas, and make comments on them. The city government
considers citizens' postings on the website as potential solutions, and then
reflects back to citizens what it learned from posted ideas and comments.
Citizen engagement is introduced into the policy process by using citizen-
sourcing to enlarge and enhance policy-advisory processes, policymaking,
and policy feedback. The diversity of experience, opinions, and knowledge

IJCSBI.ORG
within a group can render the whole greater than the sum of its parts.
Effective citizen participation can extend the body of evidence available to
decision-makers; widen the range of views and experiences considered
under policy impact, and harness civic energies of citizens to solve public
problems [19]. For some agencies, Government 2.0 may now become a new
source of policy advice, enabling policymakers to bring together divergent
ideas that would not come from traditional sources of policy advice [13].
Table 3. Paradigm shift to citizen-sourcing
Traditional government Citizen-sourcing
Information dissemination model Information creation model
Service provision model Service coproduction model
Solution purchase model Solution creation model
Policy enforcement model Policy making model
Governments can source two types of information from citizens:

professional knowledge and innovative ideas. On the one hand, semi-
professional knowledge and skills outside a government agency can
contribute to problem solving. On the other hand, the public, or the greater
population, can provide governments with novel and innovative ideas on a
given topic. Governments solicit semi-professional expertise, a collection of
which can become professional knowledge. Collective intelligence can
solve given problems in less time and with less money [11]. A
representative example is NASA's project to crowd-source solutions. When
NASA scientists were stymied in devising a formula to predict solar flares
in 2009, they posted their problem online and offered a prize to anyone who
could provide a solution. The online contest, which awarded the winning
solution entrant with a $30,000 prize, led NASA to find the best solution.
The new approach of on-demand problem solving enables NASA to tap into
up-and coming professional knowledge distributed to amateur scientists and
external professionals outside the agency in an easier way.
Concerning a variety of general issues more directly related to improving
the quality of living, government agencies would like to hear from the larger
population of citizens. The public's ideas are sometimes innovative enough
to outperform and outsmart opinion leaders and policy makers. Ordinary
people may possess useful information to enhance governmental decision
making, regardless of their professional status [6]. Given opportunities to
share opinions on government, citizens are able to offer something more
than the static responses made available to them in regular voting, opinion
polls, and surveys.

IJCSBI.ORG
Table 4. Evaluation criteria
Focus Criteria
Design Socio technical design
evaluation Functional design
Procedural design
Government 2.0 policy design
Transparency
Process Openness of information about operations
evaluation
and decisions of government
Openness of information for participation
and collaboration
Openness of participation and collaboration processes
Participation
Inclusiveness
Representativeness
Diversity
Collaboration
Communication
Partnership
Deliberation
Effectiveness
Outcome Impact
evaluation
The framework for assessing citizen-sourcing: This section presents a

framework for assessing how citizen-sourcing projects work. The
framework approaches assessment of citizen-sourcing projects from three
perspectives: design, process, and outcome. Table 4 summarizes the core
criteria of evaluation.
Design evaluation: The appropriateness and quality of the design of the
Government 2.0 platform for citizen-sourcing are vital to the performance of
citizen-sourcing. There are four facets of design which need to be
considered: socio technical design, functional design, procedural design, and
Government 2.0 policy design. Failures in designing Web pages, interfaces,
software, or information systems often come from overlooking the
organizational and institutional sides of the ICTs used. From this ensemble

IJCSBI.ORG
view of e-government, the design of a Government 2.0 platform is
inevitably socio technical.
Process evaluation: The process for citizen-sourcing projects also needs to
be evaluated in terms of the three pillar goals of the Open Government
Directive. The basic description of the three principles is drawn from the
Memorandum for the Heads of Executive Departments and Agencies [14].
Outcome evaluation: A remaining concern in evaluating citizen-sourcing is
its outcome. Two key components should be evaluated. The primary one is
the effectiveness of a final product itself (idea, solution, or policy draft)
created by citizen-sourcing. The lexicographic definition of effectiveness
denotes producing a result that is wanted (Merriam-Webster Dictionary)
or more specifically the degree to which objectives are achieved and the
extent to which targeted problems are solved
(www.businessdictionary.com). Breul (2010) introduced key guiding
principles of sourcing policy, the top of which is support agency missions,
goals, and objectives. Hence, to evaluate the effectiveness of citizen-
sourcing, government agencies should examine. The extent to which its
outcomes are aligned to their missions, goals, and objectives, the
performance of citizen-sourcing should be evaluated in terms of its intended
purpose information creation, service delivery, problem solving, or policy
making. Second, whether the product exerts an impact on government
should be examined. In other words, the impact of participatory inputs on
the work of government should be assessed. If citizen-sourcing is only
initiated to create the appearance of keeping pace with citizens who use new
technologies, its impact would hardly be of central importance.
3. METHODOLOGY
The main question: the use of Web tools in public 2 what is Hamedan
province?
The research hypotheses are:
Hypothesis 1 - The function of e-government in Hamedan province by
creating information.
Hypothesis 2 - The function of e-government in Hamedan province based
on constituency service.
Hypothesis 3 - The function of e-government in Hamedan province, based
on a solution.
Hypothesis 4 - The function of government in Hamedan province under the
policy.
Government agencies can use to gather collective resources, to solve their
problems. Many organizations, civil sourcing projects with the expectation
that they will creative ideas of citizenship sourcing an important role in
improving the information, services, practices, or policies will play.

IJCSBI.ORG
Model of resources through Citizens
model
Create policy
Model creating Compatibility service Creating Data
solutions model Model
Leadership from the Facilitator Search Social labeling systems Wikis

top of the pyramid
Creating an Data Recovery Sharing re information Blogs

organizational
perspective
Commitment to Two-way flow of Data Management on People gathering
provide resources information-sharing the Web (2) Censures and Offers
Actual support change Urgent messaging Organizing information Website and Blog
Run Fast Social Networks System RSS Manuals
Figure 1. Model of resources through Citizens

This research was a descriptive - cross sectional analysis. In order to
investigate the possibility of moving to Hamedan province was in public
web 2. As the population studied, all employees of the Executive Office of
the device in eight districts Hamedan province included Hamadan Malayer,
Skinheads, Tuyserkan, Kabudarahang, Asadabad, Bahar, and Razan studied.
State executive agencies are: State executive offices that are using the
current budget.
For the sample of the study population sampled in each area to explain the
purpose of the state is of interest. For a sample size of Morgan is used, then
according to the figures of employee performance through the information
office hit Hamedan number 44352 areas of each province was determined
using Morgan. A total of 380 samples were taken in this study were
gathered , the number of systematic random sampling method the systematic
use of statistical sampling frame so that all the employees were exposed to
various devices, The sampling fraction and sampling interval sampling of
what you state apparatus 65, respectively, were determined.
A questionnaire was prepared to collect information to assess the state
agencies that are characteristic of Web 2 using the citizenship issue
presented by the source Frameworks 2.0 Taewoo Nam written and other
studies. The questions of the questionnaire studies with respect to the

IJCSBI.ORG
objectives of the study and Likert measure (1 = completely disagree to 5 =
very much agree) be determined then the reliability of the questionnaire
utilizes view of the experts and its reliability by test-retest reliability of the
experts and the proliferation of test questionnaire Alpha 85.2% was used. Z-
test was used in this study.
5. RESULTS
It was 380 employees in eight regional executive of in Hamedan province.
Table 6 contains the descriptive analysis, where eight employees
participated in the study area includes: 75 patients (20%), Malayer 60
patients (16%), Nahavand 50 patients (13%), 50 Tuyserkan (13%),
Kabudarahang 38 patients (10%), Asad Abad, 38 patients (10%), Bahar 35
(9%) and Razan 34 (9%) through the sampling of the entire executive staff
participated.
Table 5. Number of Divided Cities
Name regions Number Percent
Hamedan 75 20
Malayer 60 16
Nahavand 50 13
Tuyserkan 50 13
Kabudarahang 38 10
Asad abad 38 10
Bahar 35 9
Razan 34 9
Sum 380 100
Table 6. Results of descriptive analysis data
Standard The
error of Standard number
the mean deviation mean of data
0.05102 0.99456 2.1368 380 wikis Creating
0.04564 0.89913 1.9684 380 blogs information
people gather
0.04674 0.90987 1.9868 379
feedback
Website and
0.05108 0.99450 2.1715 379
Blog
0.04607 0.89816 2.0263 380 Manuals
Social Compatible
0.05104 0.99498 2.1605 380 labeling Services
systems
0.04583 0.89348 1.9665 380 Sharing re

IJCSBI.ORG
information
Data
Management
0.04631 0.90285 2.0132 380 on the Web
(2)
Organizing
0.04787 0.93310 2.0053 380
information
System RSS
0.04646 0.90567 1.9816 380
Facilitator Creating
0.05084 0.99146 2.1658 380
Search solutions
Data
0.04661 0.90867 1.9868 380
Recovery
Two-way
flow of
0.04837 0.94296 1.9974 380
information-
sharing
Urgent
0.05154 1.00464 2.1579 380
messaging
Social
0.04705 0.91725 1.9816 380
Networks
Leadership Policy
from the top Making
0.04691 0.91452 2.0079 380
of the
pyramid
Creating an
0.04757 0.9273 2.0105 380 organizational
perspective
Commitment
0.04654 0.90725 1.9895 380 to provide
resources
Actual
0.04849 0.94148 1.9151 377 support
change
0.04644 0.90524 1.8921 380 Run Fast
The first hypothesis is a performance of e-government in Hamedan province

based on creating information. Both of the upper and lower limit is negative,
the average value of the test is smaller and the larger table size is calculated
from the Z, the H0 hypothesis is rejected.

IJCSBI.ORG
The second hypothesis is a performance of e-government in Hamedan
province based on the assumption that Compatible service. Both of the
upper and lower limit is negative, the average value of the test is smaller and
the larger table size is calculated from the Z, the H0 hypothesis is rejected.
The third hypothesis based on the performance of e-government in
Hamedan province a solution. Both of the upper and lower limit is negative,
the average value of the test is smaller and the larger table size is calculated
The fourth hypothesis based on the performance of government in Hamedan
province under the policy. Both of the upper and lower limit is negative, the
average value of the test is smaller and the larger table size is calculated
The results of this study confirmed the low use of Web 2 tools in public and
of Hamadan, especially in terms of creating and construction services and
creating solutions to policy making. The first hypothesis is creating
performance of e-government in Hamedan province based on creating
information. Experimental results show that information is creating
component of wikis, blogs, people gather feedback, websites, blogs,
manuals are , has not been implemented in the province. The performance of
e-government in Hamedan province based on the assumption that service.
Services, including: social labeling systems, feedback information in web
information management, organization, information system, an RSS feed is.
According to test results, the hypothesis is rejected and in the province are
very poor service levels.
The third hypothesis is based on the performance of e-government in
Hamedan province creating a solution. Creating solutions are also
components that include: facilitating search, retrieve information, the mutual
information sharing, instant messaging, social networking, where these
components are also in poor condition.
The fourth hypothesis that is performance of government in Hamedan
province based on the policy making. Policy making, including leadership
from the top of the pyramid is creating an organizational vision,
commitment and resources to support real change, rapid implementation.
The authors believe that this could be the reasons for the low utilization rate
of in Hamedan province is in public: Lack of familiarity with web
applications 2, not subject knowledge to use Web 2 tools lack the necessary
infrastructure such as the Internet did not develop software and hardware
required in this area. Based on the findings, we can conclude that the use of
these tools in the province of state agencies is low. In other words, state
agencies under in Hamedan province of the tools they use and this could be
interested in this area of research independently.

IJCSBI.ORG
6. CONCLUSIONS
The results of this survey, state agencies in designing websites for better
management of resources and technological tools necessary to help support
web 2 and state agencies to focus on the empowerment of human resources
information technology infrastructures equipping the knowledge of
Information Technology. Also, identify the appropriate Web 2 tools and
applications to creating a suitable policy information, services, creating
solutions and making developed in public policy. This infrastructure has
been created in small parts of the province such as municipalities and
certainly in other sectors will also be applicable to consider.
REFERENCES
[1] Bawden, D. After the Amazoogle: Web 2.0 and information research [Editorial].
Journal of Documentation, 61(4), 46146, 2007.
[2] Bolan, K., Meg C., and Rob C. Web, Library, and Teen Services 2.0. Young Adult
Library Services Winter 2007.pp 40-44.
[3] Burhanna, Kenneth J., Jamie, S. and Joseph Salem J. R. No Natives Here: A Focus
Group Study of Student Perceptions of Web 2.0 and the Academic Library. The
Journal of Academic Librarianship, 35(6), pp. 523532, 2009.
[4] Bittle, S., Haller, C., & Kadlec, A. Promising Practices in Online Engagement.
NewYorkCenter for Advances in Public Engagement, Public Agenda. Retrieved July
1, 2009.
[5] Bonaccorsi, A., and Rossi, C. Altruistic individuals, selfish firms? The structure of
motivation in Open Source software. Retrieved July 1, 2004.
[6] Brabham, D. C. Crowd sourcing the public participation process for planning projects.
Planning Theory, 8(3), 242262, 2009.
[7] Breul, J. D. Practitioner's perspectiveImproving sourcing decisions. Public
Administration Review, 70(S1), 193200, 2010.
[8] Burke, M., Marlow, C., & Lento, T. Feed me: Motivating newcomer contribution in
social networking sites. Paper presented at the CHI, 2009, Boston.
[9] DiMaio, A. Government 2.0: A Gartner definition. Retrieved July 1, 2009.
[10] Dutton, W. H. Networking distributed public expertise: Strategies for citizen sourcing
advice to government. Retrieved July 1, 2011.
[11] Howe, J. Crowd sourcing: Why the power of the crowd is driving the future of
business .New York: Random House, 2009.
[12] Johannessen, M. R. Different theory, different result: Examining how different theories
lead to different insights in government 2.0 research. Proceedings of the 1st
Scandinavian Conference of Information Systems and the 33rd Information Systems
Research in Scandinavia (IRIS) Seminar, Skrping, Denmark August,pp 2024, 2010.
[13] Lukensmeyer, C. J., and Torres, L. H. Citizensourcing: Citizen participation in a
networked nation. In K. Yang, & E. Bergrud (Eds.), Civic engagement in a network
society (pp 207233), 2008.
[14] Obama, B. Memory and umfor the heads of executive departments and agencies:
Transparency and open government. January 21. Retrieved July 1, 2009.

IJCSBI.ORG
[15] Rafaeli, S., and Ariel, Y. Online motivational factors: Incentives for participation and
contribution in Wikipedia. In A. Barak (Ed.), Psychological aspects of cyberspace:
Theory, research, applications (pp. 243267), 2008.
[16] Ramos, M., and Piper, P. S. Letting the grass grows: Grassroots information on blogs
and wikis. Reference Services Review, 34(4), 570574, 2006.
[17] Shkabatur, J. Cities @ crossroads: Digital technology and local democracy in America.
Brooklyn Law Review, 76(4) Retrieved July 1, (2011).
[18] Tapscott, D., and Williams, A. D. Wiki nomics: How mass collaboration changes
everything. New York: Penguin Group, (2008)..
[19] Verba, S., Schlozman, K. L., and Brady, H. E. Voice and equality: Civic voluntarism in
American politics. Cambridge, MA: Harvard University Press, (1995).

Vol 4 No 1 - August 2013

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Vol 4 No 1 - August 2013

Încărcat de

Drepturi de autor:

Formate disponibile

International Journal of Computer Science

and Business Informatics

ISSN: 1694-2507 (Print)

Concurrency Control Mechanism for Nested Transactions in Mobile Environment .............................. 1

Generating Keys in Elliptic Curve Cryptosystems ................................................................................ 1

An Efficient Access Control Model for Wireless Sensor Network .......................................................... 1

The Computer-Linguistic Analysis of Socio-Demographic Profile of Virtual Community Member .......... 1

Concurrency Control Mechanism

Ms. Hninn Aye Thant

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 1

2. MOBILE DATABASE ENVIRONMENT

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 2

2.1 Classification of Transactions

Figure 1. Open Nested transaction Model

Figure 2. Closed Nested transaction Model

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 3

2.2 Execution Modes in Mobile Environment

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 4

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 5

Primary Shadow is created

No Result send to the

Yes Check the required data

Standby Shadow is created

Primary shadow is aborted

Figure 3. Flow diagram for proposed system

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 6

Figure 4. Proposed system architecture

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 7

Figure 5. Schedule with a standby shadow promotion

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 8

It is possible that multiple conflicts develop between executing transactions.

Figure 6. Schedule with two standby shadows

Figure 7. Schedule with a standby shadow promotion for write-write conflict

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 9

0 10 20 30 40 50 60 70 80 90 100 110 120 130

Figure 8. Sub-transactions with their time

0 10 20 30 40 50 60 70 80 90 100 110 120 130

Figure 9. Proposed method with write-write conflict

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 10

0 10 20 30 40 50 60 70 80 90 100 110 120 130

Standby shadow for T2 Transaction from T1

Figure 11. Proposed method with write-write conflict with priority

4. MATHEMATICAL EXPRESSION FOR PROPOSED METHOD

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 11

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 12

0 10 20 30 40 50 60 70 80 90 100 110 120 130

0 10 20 30 40 50 60 70 80 90 100 110 120 130

Standby shadow for T2 Transaction from T1

Figure 13: Proposed method with write/write conflict with priority

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 13

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 14

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 15

Generating Keys in Elliptic Curve

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 1

2.3 Point multiplication

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 2

4. ECDSA KEY PAIR

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 3

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 4

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 5

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 6

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 7

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 8

ISSN: 1694-2108 | Vol. 4, No. 1. AUGUST 2013 9