A tree-based approach for secure key distribution in wireless sensor networks

Persistent Authenticated Dictionaries and TheirApplications⋆Aris Anagnostopoulos1,Michael T.Goodrich2,and Roberto Tamassia1 puter Science,Brown University.Email:{aris,rt}@puter Science,University of California,Irvine.Email:goodrich@ Abstract.We introduce the notion of persistent authenticated dictio-naries,that is,dictionaries where the user can make queries of the type“was element e in set S at time t?”and get authenticated answers.Appli-cations include credential and certificate validation checking in the past(as in digital signatures for electronic contracts),digital receipts,andelectronic tickets.We present two data structures that can efficientlysupport an infrastructure for persistent authenticated dictionaries,andwe compare their performance.1IntroductionAt its core,nonrepudiation involves making cryptographically strong statements about the past.Although we digitally sign statements in the present,we only worry about enforcing statements made in the past.Consider,for example,the following scenarios:–Alice executed a digital mortgage two years ago and now is in default.The bank can only sue Alice if it can prove that she was in fact the one who digitally signed the mortgage contract.(Moreover,the exact history of Alice’s digital certificates may be crucial here,for her signature should remain valid even if her private key was compromised and her digital certificate revoked even just a few weeks after she signed the contract.)–Bob signed a digital receipt for Alice’s electronic payment and then shipped her a defective item.Alice must be able to prove that Bob truly was the one who signed that receipt.–A company,,issued a signed digital ticket to Alice for the opera,but Alice is refused entry to the performance.She needs to be able to prove that indeed issued that ticket and was also authorized to do so.–A company,,has published an online catalog that advertised widgets at$1a piece on the day they accepted a digital purchase order(PO) for100widgets from Alice.Now the company has raised the price to$100 and is demanding$10,000from Alice.She needs to be able to prove that$1 was the valid price for widgets on the day they accepted her digital PO.Thus,in order to enforce nonrepudiation on important contractual statements, such as in these examples,we need to have in place a mechanism for checking credentials,certificates,and published information in the past.Ideally,we would like there to be a collection of potentially untrusted directories that can answer historical queries about such items.1.1Problem Definition and ApplicationsPut more abstractly,the problem we address involves three types of parties: a trusted source,untrusted directories,and users.The source defines afinite set S of elements that evolves over time through insertions and deletions of elements.Each directory,acting as a query agent for the source maintains a copy of set S and receives time-stamped updates from the source together with update authentication information,such as signed statements about the update and the current elements of the set.A user performs membership queries on the set S of the type“was element e in S at time t?”but instead of contacting the source directly,it queries one of the directories.The contacted directory provides the user with a yes/no answer to the query together with query authentication information,which yields a cryptographic proof of the answer assembled by combining statements signed by the source.The user then verifies the proof by relying solely on its trust in the source and the availability of public information about the source that allows the user to check the source’s signature.We call the data structure used by the directory to maintain the set S,together with the protocol for queries and updates a persistent authenticated dictionary(PAD).The PAD abstract data type extends the usual notion of an authenticated dictionary[15],where the queries are only of the form“is element e currently in S?”.Thus,a PAD has the added burden of having to archive the entire history of updates sent by the source to the directories.Moreover,the directories must be able to provide answers and proofs for queries related to any time,past or present.We show,in Fig.1,a schematic view of a persistent authenticated dictionary.The design of a persistent authenticated dictionary should address the fol-lowing goals:–Low computational cost:The computations performed internally by each entity(source,directory,and user)should be simple and fast.More impor-tantly,the space needed to archive historical copies of S should be small.–Low communication overhead:source-to-directory communication(update authentication information)and directory-to-user communication(query au-thentication information)should be kept as small as possible.–High security:the authenticity of the data provided by a directory should be verifiable with a high degree of certainty.In addition to the motivating examples given above,applications of persis-tent authenticated dictionaries include third-party publication of historical data on the Internet[3]and historical certificate revocation checking in public keyFig.1.Persistent authenticated dictionary.infrastructures[9,15,1,2,8,5].In the third-party publication application[3], the source is a trusted organization(e.g.,a stock exchange)that produces and maintains historical integrity-critical content(e.g.,stock prices)and allows third parties(e.g.,Web portals),to publish this content on the Internet so that it be-comes widely disseminated.The publishers store copies of the content produced by the source and process queries on such content made by the users.In the certificate revocation application[9,15,1,2,8,5],the source is a cer-tification authority(CA)that digitally signs certificates binding entities to their public keys,thus guaranteeing their validity.Nevertheless,certificates are some-times revoked(e.g.,if a private key is lost or compromised,or if someone loses his authority to use a particular private key).Thus,the user of a certificate must be able to verify that a given certificate used to validate someone for a historic contract was not revoked at the time the contract was executed.To facilitate such queries,certificate revocation directories process historic revocation status queries on behalf of users.The results of such queries need to be trustworthy, for they often form the basis for electronic commerce transactions.In this paper,we present a new scheme for persistent authenticated dictio-naries,based on efficient persistent data structures known as red-black trees and skip lists.Our structures are secure,as well as being fast and space efficient in terms of the parameters n,which denotes the current number of elements of the set S,and m,which denotes the total number of updates the source has performed.1.2Previous and Related WorkWe are not aware of any previous work on persistent authenticated dictionaries. We summarize prior work on ephemeral authenticated dictionaries,where only the current version of S is maintained,and on persistent(non-authenticated) dictionaries.Ephemeral Authenticated Dictionaries.Work has been done on ephemeral au-thenticated dictionaries primarily in the context of certificate revocation.The traditional method for certificate revocation(e.g.,see[9])is for the CA(source) to sign a statement consisting of a timestamp plus a hash of the list of all re-voked certificates,called certificate revocation list(CRL),and periodically send the signed CRL to the directories.A directory then just forwards that entire signed CRL to any user who requests the revocation status of a certificate.This approach is secure,but it is inefficient:the update and query authentication information has sizeΘ(n).Moreover,to turn the CRL approach into a persis-tent authenticated dictionary requires that every CRL ever issued be archived at the directories.Thus,if m CRLs have been issued,this solution requires in the worst case quadratic O(m2)storage space at each directory.In other words,the CRL-based approach is a simple but very inefficient solution for the persistent authenticated dictionary problem.There are other more space-efficient methods for implementing ephemeral authenticated dictionaries.But methods for adapting them to the persistent context are not obvious.The hash tree scheme introduced by Merkle[13]can be used to implement a static authenticated dictionary,which supports the initial construction of the data structure followed by query operations,but not update operations(without complete rebuilding).Still,the only obvious way to make a hash tree persistent is to checkpoint the entire tree at each time quantum,which is clearly not space efficient.Kocher[12]also advocates a static hash tree approach for realizing an au-thenticated dictionary,but simplifies somewhat the processing done by the user to validate that an item is not in the set ing techniques from incremental cryptography,Naor and Nissim[15]dynamize hash trees to support the inser-tion and deletion of elements using2-3trees.Other certificate revocation schemes based on variations of hash trees have been recently proposed in[2,5,10],as well,but do not deviate significantly from the above approaches.Goodrich and Tamassia[6,7]have proposed an authenticated-dictionary scheme based on the skip-list data structure that has asymptotically the same performance as[15]but it is simpler to implement.Still,like other previous so-lutions,their data structure is ephemeral—it only stores the most recent copy of the set S.Persistent Data Structures.Researchers have worked on persistent data struc-tures for other abstract data types besides authenticated dictionaries.The idea of path copying in a tree,for example,which is a component in some of our so-lutions,has been used in non-authenticated contexts by several researchers(e.g. Myers[14]and Reps,Teitelbaum and Demers[17]).Sarnak and Tarjan[18]pro-posed the node-copying method and use persistent trees to solve the planar point location problem,while Driscoll,Sarnak,Sleator and Tarjan[4]developed tech-niques for making linked data structures persistent.Nevertheless,none of these previous schemes for making data structures persistent have directly addressed the need for authentication or directory distribution.1.3Summary of ResultsWe present two data structures for implementing PADs,based on the dictionary data structures known as red-black trees and skip lists.Our solutions allow for element insertions and removals in the current set S to run in O(log n) time and queries in the past to run in O(log m)time.More importantly,our solutions use only O(log n)additional space per update.(Recall that n is the number of elements in the current set S and m is number of updates that have occurred so far.)Thus,our solutions are significantly more efficient than the CRL-based approach or checkpointing-based approaches,which requireΘ(n) additional space for archiving S at each historic time quantum.We describe the theoretical foundations behind our solution to the persistent authenticated dictionary problem in Section2.In addition,we claim that our methods are simple,which is an often ne-glected,but important aspect of computer security solutions,for implementa-tion correctness is as important as theoretic soundness.To support this claim,we have implemented our solutions and have performed a number of benchmarking tests,which we report on in Section3.2Making Authenticated Dictionaries PersistentWe use and extend some ideas from previous work on persistent data structures to create our solutions to the persistent authenticated dictionary(PAD)abstract data type.Let us therefore begin with a quick review.A Quick Review of Persistent Data Structures.Most of the data structures are ephemeral in the sense that whenever the user performs an update to them he destroys the previous version.If the previous version is retained and we can do queries to them we talk about persistent data structures.We can even talk about fully persistent data structures if we can make updates and not only queries to previous versions.In more detail,the operations that a persistent data structure S supports arefind(e,t),which determines whether element e was in S at time t,insert(e), which inserts element e into S(at current time),and delete(e),which removes element e from S(at current time).In our case,we maintain the data structure in both the source and the di-rectories.When the user queries a directory if an element e was in the source at some time t,the directory returns“yes”if e existed in the source at time t along with a proof of its existence,or“no”if e did not exist in the source at time t along with a proof of its nonexistence.The proof must permit the user to verify that the answer is authentic(i.e.,it is as trustworthy as if it were directly signed by the source)and that it is current(i.e.,it corresponds to time t).Depending on the application we can use one of the two versions of the PADs which differ in the way they define time.In particular we can have:–Discrete time where we can think that the dictionary holds several versions whose time is numbered sequentially with integers starting at0.When a user performs a query,t equals the time of one of the versions,and the dictionary searches the corresponding version and returns an answer that allows the user to verify that indeed the dictionary searched version at time t.–Continuous time where we can define the time over any set for which there exist a complete order.The versions of the dictionary are ordered according to that order.Whenever a user queries the directory about time t,the direc-tory must provide an answer corresponding to the latest dictionary version at time t′that is earlier than t;moreover,it must provide information for the user to verify that indeed t′is the time of the version that should have been queried and that does not exist a version at time t′′such that t′<t′′≤t.We have developed two data structures that implement PADs,one based on the red-black tree and the other based on the skip-list data structures.2.1PADs Based on Red-Black TreesWe denote the element stored at a node v as elem(v).The version of the red-black tree we use,has all the values stored only at the external nodes.We use the internal nodes to make queries to the tree and to store authentication information.The value stored at each internal node equals the maximum value of the left subtree;the values at the right subtree are greater than that value.When we want to make an insertion to the tree of an element with value e that does not exist into the tree,first wefind the external node v containing the minimum element elem(v),such that elem(v)>e.We then create a new internal node w to replace v and we set as the left child of w a new external node u such that elem(u)=e and as the right child the node v.1 Finally we perform the necessary reconstructions and recolorings.A deletion of a node is performed in the opposite manner.The persistent red-black tree is a modification of the red-black tree.Each node u has also afield time(u)where we store the timestamp of its creation. Each addition or deletion to the tree does not change the current tree nodes but instead it adds new nodes with timestamp value that of the current time.In Fig.2we can see an example of an instance of a red-black tree.The bold lines denote black nodes and edges,while the normal ones denote red.The label at the top of each node(in Fig.2all are0for simplicity)denotes the timestamp value.Suppose we want to add a new element(e=18).We can see the new tree created in Fig.3,where the timestamp of the new nodes has taken the current time value(here just1for simplicity).Because at each update operation we copy the whole path from a node up to the root,this method is called path-copying method.Note that we have as many signed roots as update operations.Details of the operations follow in the next paragraphs.66101520615000000Fig.2.The tree before the inser-tion.661015206151820615180000001111Fig.3.The tree after the insertion of ele-ment 18.In our scheme we use an authenticated persistent red-black tree.Each node u has stored one more value,auth(u ),that is used for authentication;auth(u )equals elem(u )if u is an external node,and the concatenation of the auth()values of u ’s children if u is an internal node.h must be a collision-free hash function.Finally the root of every version of the tree (for the different update times)is signed.In summary,each node u contains three fields:elem(u ),time(u ),and auth(u ).We describe now the details of the operations.Insertion.At every insert operation,the old version of the tree doesn’t change at all (except for the colors of the nodes and edges as we will see later).We find the external node u that will be the father of the new node.Then we make a copy of the nodes on the path,from the root down to u to which we assign a timestamp value equal to the current time.We perform then the insertion by creating a new node as we saw before.We denote here a node x as x 0for the old version,and x 1for the new version that is copied.If along the path,a node v that is copied has a child w that is also copied,we add the edge from the node v 1to w 1.For the rest of the edges of v 0to some other node z 0we add an edge from v 1to z 0.We can see an example in Figures 2,3.Since we have a red-black tree,we must color the new nodes.Every node v 1will be colored with the same color with v 0,and the insertion will be done normally.After the insertion we may have to perform some transformations on the tree,namely some rotations and recolorings.The recolorings are easy,since we can overwrite the old colors of any node of any previous version of the tree.The colors are used only for the update operations,so we do not need to keep track of the old ones—we do not make updates in the past.Rotations are also simple;they will be done only on the new version of the tree and they will affect only the new nodes and the links originating from them.Finally we must compute the values elem()and auth()for all the new nodes created.These operations are straightforward and we can perform them as we create the new nodes,in O (log n )time.In particular,we must compute only two elem()values,the one of the new external node,and that of its parent (which has the same value).We must compute the auth()values of all the O (log n )new nodes.Finally,if r 1is the root of the last version of the tree(just created)and r0is the root of the just previous version,then the source signs(auth(r1),time(r1),time(r0)).(The previous timestamp is necessary only in the case of continuous time;we give more details later.)Deletion.A delete operation is similar to an insert.We copy the path from the root down to the node to be deleted,we remove the nodes(one external and one internal node will be deleted),and then perform the necessary rotations and recolorings.Here we must be careful,since the rotations in this case may also affect nodes not existing in the new path created.So before the rotation,these nodes must also be copied.During the deletion we may require to perform in the worst case at most a logarithmic number of recolorings and two rotations.In total,except for the path of the node deleted,it may be necessary to copy at most4additional nodes; therefore,we copy only a logarithmic number of nodes.Finally we compute the necessary elem()and auth()values and sign the new root,by the method we described in the Insertion paragraph.Again,we must compute all the auth()values of the O(log n)new nodes,and the only internal elem()value that we must alter is the value of the node that followed the removed external node in the infix traversal of the tree.Query.Afind operation can query the PAD at any time in the past(or present) tofind if an element e existed at that time.Say that we want to query for time t1and we have the two consecutive tree versions for times t0and t2,where t0≤t1<t2,assuming that t2exists.In the following,assume that r0is the root with timestamp t0,r2is the root with timestamp t2and r3is the root with the largest timestamp that is less than t0,if it exists.In order to search for e we work on the tree originating from the root r0of time t0.We distinguish two cases:–The element e exists in the tree at time t0:The dictionary returns to the user the answer“yes”,the root r0signed by the source(i.e.,the signature of(auth(r0),time(r0),time(r3))),the root r2signed by the source, that is,the signature of(auth(r2),time(r2),time(r0)),the element e,and the sequence Q(e)of the hashes of the siblings of the nodes of the path from the root of the tree to e.The user can verify that the answer is valid from the sequence Q(e)and the source’s signature of the root.–The element e does not exist in the tree at time t0:In this case,let e′be the maximum element that exists in the tree and is smaller than e,and e′′the minimum element that exists in the tree and is greater than e.The dictionary returns to the user the answer“no”,the root r0with timestamp t0 and the root r1with timestamp t1,signed by the source like in the previous case,the elements e′and e′′,and the sequences Q(e′)and Q(e′′)defined as before.The user can verify now that both e′and e′′exist in the tree and that they are consecutive external nodes(hence e is not between them).The root r2has to be included only in the case of continuous time.The reason is to prove that there is not another version of the tree at time t4suchthat t 0<t 4≤t 1<t 2which may have different information concerning C .The user can now verify that the version that immediately follows the one that corresponds to time t 0is at time t 2since it is included in the signature.Summarizing the above results,we have the following theorem:Theorem 1.A persistent authenticated dictionary can be implemented with a persistent authenticated red-black tree.The time needed for an update operation is O (log n )and for a query operation is O (log m ),where n is the number of elements of the last version and m is the total number of versions.The total space requirement is O ( m i =1log n i ),where n i is the number of elements of version i .Proof.We perform an update to the last version of the tree,which has n el-ements.The update operation requires the addition of O (log n )new nodes,O (log n )changes to the tree structure (including recolorings)and the computa-tion of O (log n )new hash values.Therefore,it can be performed in time O (log n ).A query on version i requires a binary search on the root of the trees to find the appropriate version of the tree,which takes time O (log m ),a search in the tree to find the appropriate node(s),which needs O (log n i )steps,and the creation and return of the response,which is done in O (log n i )steps.Since n i cannot be greater than m ,the overall time requirement of a query is O (log m ).The space required for the i -th update is O (log n i ):the insert operations need to copy only the nodes of the path of the new node,while the delete operations may need to copy at most 4additional nodes.By the property of red-black trees the total path length is O (log n i ),hence,the total space is O ( m i =1log n i ).2Note that the above time complexity results hold when we have continuous time.In the case of discrete time,we can find the appropriate root for a query just by a table lookup in constant time,and in this case the total query time is O (log n i ).Also,note that when we query the last version,the time is reduced to O (log n ),as in the ephemeral authenticated dictionary.2.2PADs Based on Skip ListsThe skip-list data structure [16]is an efficient means for storing a set S of elements from an ordered universe.Briefly,a skip list consists of a collection of linked lists S 0,S 1,...,S k (where S i contains a randomly selected subset of the items in S i −1,plus two additional values −∞and +∞),and links between them.We can see an example in Fig.4.With high probability (whp 2),skip lists have the same asymptotic performance as red-black trees.However,experimental studies (e.g.,see [16])have shown that they often outperform in practice 2-3trees,red-black trees,and other deterministic search tree structures.S5S4S3S2S1S0Fig.4.(a)An example of a skip list.All the lines indicate links of the data structure.(b)The answer authentication information for the presence of element x=39(and for the absence of element42)consists of the signed time-stamped value f(v11)of the source element and the sequence Q(x)=(44,39,38,f(w3),f(u4),f(u6),f(w7),f(u8),f(u10)). The user recomputes f(v11)by accumulating the elements of the sequence with the hash function h,and verifies that the computed value of f(v11)is equal to the value signed by the source[6,7].The arrows denote theflow of authentication information. Commutative Hashing.To simplify the verification process,commutative crypto-graphic hash functions are introduced in[6].A hash function h is commutative if h(x,y)=h(y,x)for all x and y.A commutative hash function is commu-tatively collision resistant[6]if,given(a,b),it is difficult to compute a pair (c,d)such that h(a,b)=h(c,d)while(a,b)=(c,d)and(a,b)=(d,c).Given a cryptographic hash function g that is collision resistant in the usual sense,the commutative hash function,h(x,y)=g(min{x,y},max{x,y})is commutatively collision resistant if x and y have the same length[6].Authenticated Dictionary Based on a Skip ing the skip-list data structure and commutative hashing,we can design a scheme for authenticated dictionaries, similar to the one based on balanced trees.It has the same asymptotic perfor-mance but it avoids many complications that arise in the implementation of the hash trees,leading to easier and less error-prone implementations.An example of the data structure and of an authenticated query is in Fig.4.For more details refer to[6,7].PAD Based on a Skip List.We can apply the path-copying idea to the au-thenticated skip list and create a persistent authenticated skip list.First,we make the following observation,which allows us to have an efficient implemen-tation:for the operations supported by the skip list,some of the nodes and links are unnecessary and can be omitted.The skip list then looks like that of Fig.5. We can see now that in this form the skip list is essentially a binary tree(whose root is the node in the highest-level list with the value−∞)and so we can apply the path-copying method.We have to be careful however to copy all the nodes whose out-links or authentication information change.S5S4S3S2S1S0Fig.5.(a)A tree-like representation of a skip list.(b)Insertion of element21with height5.The new nodes and links are bold,while the dashed ones exist only in the previous version.It is important to mention that when we do an update,we do not change the existing nodes of the skip list—we only add new nodes.Therefore,by storing links to the appropriate root nodes we can make queries to any version of the dictionary.We describe now in detail the operations.Insertion.Assume that we want to insert element e and that e′is the largest element that is smaller than e.On the search path p we will reach element e′that belongs to the list S0.We insert the element e and hence the authentication data of e′in S0changes;the change of the authentication data propagates up to the root node along the path p that we followed to reach e′.In other words, the nodes of p(and of course the nodes of the new element)are the only nodes whose authentication data changes.Finally,some of the links to the right of the nodes on p—basically,those that belong to nodes that are lower than the height of the new element—must be set to null and be replaced by links that originate from the new elements.Therefore,the new nodes that we create are exactly those that belong to p plus those of the new element e.Fig.5shows an example of an insertion.The number of the new nodes that we create equals the length of the search path to the element e′plus the number of the new nodes for the new element. Both of these are O(log n)whp.The number of hashes that we have to compute is at most equal to the number of the new nodes(although for some of the nodes the authentication data is equal to that of the node below and does not have to be recomputed).Deletion.Assume that we want to remove element e from the skip list and that e′is the element immediately preceding e.We follow the path p to element e′. Since we remove the element next to e′(i.e.,e),the authentication data of e′in S0changes.Again,the change propagates up to the root node only along p,and the only links to the right that must change are in p.Therefore,the only nodes that we must duplicate are those in p,which with high probability are O(log n). Also,the number of the hashes to compute equals at most the number of the new nodes and so it is O(log n)whp.。

介绍数学知识的英语文章Mathematics is a fundamental and universal languagethat provides a framework for understanding and analyzing the world around us. It encompasses a wide range of concepts, including numbers, shapes, patterns, and relationships, and plays a crucial role in fields such as science, engineering, economics, and technology. In this article, we will explore some key aspects of mathematics, its significance, and its applications.First and foremost, mathematics is the study of numbers and their operations, such as addition, subtraction, multiplication, and division. It also includes the study of abstract structures, such as sets, groups, and fields, which serve as the foundation for more advanced mathematical concepts. Through the use of symbols and notation, mathematicians are able to express complex ideas and relationships in a concise and precise manner.One of the most fascinating aspects of mathematics isits ability to describe and analyze patterns and relationships in the natural world. For example, mathematical principles govern the motion of celestial bodies, the growth of populations, and the behavior of waves and particles. By using mathematical models, scientists and researchers can make predictions and test hypotheses, leading to a deeper understanding of the underlying mechanisms of the universe.Furthermore, mathematics provides powerful tools for problem-solving and decision-making. Whether it's calculating the trajectory of a spacecraft, optimizing the efficiency of a manufacturing process, or designing cryptographic algorithms for secure communication, mathematics offers a systematic approach to tackling real-world challenges. Its applications in fields such as computer science, finance, and logistics have revolutionized the way we live and work.In addition to its practical applications, mathematics also fosters critical thinking and reasoning skills. Through the process of formulating and proving theorems,students of mathematics learn to analyze problems, construct logical arguments, and think abstractly. This not only enhances their problem-solving abilities but also equips them with a valuable mindset for approaching complex issues in other disciplines.In conclusion, mathematics is a rich and diverse field with profound implications for our understanding of the world and our ability to shape it. Its role in science, technology, and everyday life cannot be overstated, and its beauty lies in its ability to reveal the hidden order and structure underlying the universe. By studying mathematics, we gain not only knowledge but also a powerful set of tools for exploring the unknown and making meaningful contributions to society.。

规范的参考文献格式一、参考文献的类型参考文献(即引文出处）的类型以单字母方式标识，具体如下：M——专著C——论文集N—-报纸文章J-—期刊文章D——学位论文R——报告S-—标准P-—专利A——文章对于不属于上述的文献类型，采用字母“Z”标识。

常用的电子文献及载体类型标识：［ＤＢ/OL]-—联机网上数据（database online)[DB/MT］—-磁带数据库（database on magnetic tape)［Ｍ/CD]--光盘图书(monograph on CD ROM）［ＣＰ／DK］-—磁盘软件（computer program on disk）［Ｊ／ＯＬ］——网上期刊(serial online)［ＥＢ/OL］——网上电子公告(electronic bulletin board online)对于英文参考文献，还应注意以下两点：①作者姓名采用“姓在前名在后”原则，具体格式是：姓，名字的首字母。

如：Malcolm Richard Cowley 应为：Cowley, M。

R.,如果有两位作者,第一位作者方式不变，&之后第二位作者名字的首字母放在前面，姓放在后面，如：Frank Norris 与Irving Gordon应为：Norris, F。

& I。

Gordon.；②书名、报刊名使用斜体字，如：Mastering English Literature，English Weekly。

二、参考文献的格式及举例1．期刊类【格式】［序号]作者.篇名［J].刊名,出版年份,卷号(期号）：起止页码.【举例】[1] 周融，任志国，杨尚雷，厉星星。

对新形势下毕业设计管理工作的思考与实践［J]。

电气电子教学学报，2003（6）：107-109。

［2] 夏鲁惠。

高等学校毕业设计（论文）教学情况调研报告［J]。

高等理科教育，2004（1):46-52。

[3］Heider，E.R.＆D.C。

Oliver。

树屋英语作文Tree HouseTree houses have always been a fascinating concept for many people. The idea of living high up in the trees, surrounded by nature, is both thrilling and peaceful. In this essay, I will discuss the appeal of tree houses, their benefits, and the potential challenges of living in one.Firstly, the appeal of tree houses lies in their close connection to nature. Being elevated off the ground allows for a unique perspective of the surrounding environment. The sounds of birds chirping, leaves rustling, and the wind blowing through the branches create a serene atmosphere. Additionally, the feeling of being nestled among the trees provides a sense of tranquility that is hard to find elsewhere.Moreover, tree houses offer a sense of adventure and freedom. Climbing up to the house and having the ability to peek out at the world below can be exhilarating. It provides a break from the hustle and bustle of everydaylife, allowing one to escape and find solace in thepeaceful surroundings.Furthermore, there are numerous benefits to living in a tree house. For one, the environmental impact is minimal.By utilizing the existing trees as a foundation, the needfor extensive construction is reduced. This eco-friendly approach aligns with the growing trend of sustainable living. Additionally, tree houses often require creativeand innovative design solutions, making them an exciting architectural challenge.In terms of challenges, living in a tree house does come with its own set of obstacles. One of the primary concernsis safety. Ensuring that the structure is stable and secure is essential, as living at a height presents inherent risks. Weather conditions must also be taken into account, as strong winds and heavy rain can pose a threat to theintegrity of the tree house.Another challenge is the practicality of daily living. Access to amenities such as running water, electricity, and waste disposal can be more complicated in a tree house. However, with advancements in technology and design, thesechallenges can be overcome through the use of sustainable and off-grid solutions.In conclusion, the allure of tree houses lies in their unique connection to nature and the sense of adventure they offer. While there are challenges to consider, the benefits of living in a tree house, such as minimal environmental impact and the opportunity for creative design, make them an appealing housing option. Whether for a weekend getaway or a permanent residence, tree houses continue to capture the imagination of people of all ages.树屋树屋一直以来都是许多人着迷的概念。

中山大学软件学院本科生期末考试考试科目：《数据库系统原理》（A卷）学年学期：2014学年第3学期姓名：学院/系：软件学院学号：考试方式：开卷年级专业：考试时长：120分钟班别：第八条：“考试作弊者，不授予学士学位。

”------------以下为试题区域，共7道大题，总分100分,考生请在答题纸上作答------------1. (10 marks) Let R = {A, B, C, D, E, F, G} and F = {AB→C, A→C, A→E, B→C, EF→EG, G→F}. Answer the following three questions.1)(4 marks) Compute the minimal cover of F.B→CA→CA→EEF→GG→F2)(4 marks) Decompose R into 3NF relations.{B, C}, {A, C, E}, {E, F, G} and {A, B, D, F} (OR {A, B, D, G})3)(2 marks) Is the composition in (b2) in BCNF? Briefly explain your answer.No. For {E, F, G} and G→F, G is not a candidate key.2. (10 marks)Assume there is an employee database Employee (eid: 8 bytes, ename: 16 bytes, did: 4 bytes, email: 12 bytes), where eid and ename are respectively the id and name of an employee and did is the id of the department in which the employee works. Suppose there are 50,000 employee records and 500 departments (i.e. each department has 100 employees on average). A page size is 1,000 bytes and a pointer costs 4 bytes.1)(4 marks) Assume that the employee file is sorted sequentially on did and there is noindex. Estimate the page access cost for retrieving the records of all employees working in a department with a given did. (You should show your argument and the main steps of the estimation clearly in the answer.)AnswerRecord size = 40 bytes, 25 records per page, 2,000 pages.Finding the first record requires log22000 + 3 more pages to search theremaining records (each dept has 100 employees which are distributed in 4pages).2)(6 marks) Assume only 20 pages of main memory are available for running theexternal sorting of the employee file on did.•How many PASSes are needed for the external sorting?•In each PASS, how many runs are created?•What is the total cost of the sorting in terms of pages?Answer:3 PASSes:PASS 0: 2000 pages / 20 pages per run = 100 runsPASS 1: ceil (100 runs / 19 runs per run) = 6 runsPASS 2: 1 runTotal cost: (2000 pages read per pass + 2000 pages write per pass) * 2 PASSes +2000 pages read per pass = 10000 pages (Note: Output is not counted!)Or: 2000 * (2 * 2 + 1) = 10000 pages transfer.3. (10 marks) Suppose a bookstore has the following five relational tables:BOOK (BID, TITLE, AID, SUBJECT, QUANTITY_IN_STOCK)AUTHOR (AID, NAME) CUSTOMER (CID, NAME)ORDER_DETAILS (OID, BID , QUANTITY) ORDER (OID, CID , ORDER_YEAR)In the above tables, keys are underlined and foreign keys are in italics . Each author has authored at least one book in the store. Each book has exactly one author. Each order is made by exactly one customer and has one or more associated record in ORDER_DETAILS (e.g., an order may contain different books).Express the following query using (i) SQL expressions, (ii) the relational algebra (RA).Find the distinct customer IDs (CID) of customers who have purchased more than 10 identical books in one order at least once.(i) SELECT DISTINCT CIDFROM ORDER_DETAILS od, ORDER oWHERE QUANTITY >= 10 AND od.OID = o.OID(ii)CID (σQUANTITY ≥ 10 (ORDER_DETAILSOID ORDER ))4. (10 marks) A B+ tree with n=5 is shown in Figure 1, in which only search keys are shown and pointers to the file system are hidden. We want to insert a data entry with search key “23”.Figure 1. A B+ Tree Structure1) Which of the following descriptions about the insertion operation is correct?A.The B+ tree contains 2 levels after insertion. 2 node splits are needed duringinsertion. The root node contains search key “15”.B.The B+ tree contains 3 levels after insertion. 1 node split is needed duringinsertion. The root node contains search key “20”.C.The B+ tree contains 3 levels after insertion. 2 node splits are needed duringinsertion. The root node contains search key “15”.D.The B+ tree contains 3 levels after insertion. 2 node splits are needed duringinsertion. The root node contains search key “20”.Answer: C2)We want to delete the data entry with search key “7”. How many leaf nodes store onlytwo data values after deletion?A.2B. 3C. 4D.5Answer: A5. (20 marks)You are given an initial hash structure with three keys already inserted as below. The hash function is h(x) = x mod 16. Draw five extendable hash structures corresponding for each insertion of the following search key values K: 7, 15, 20, 37, 18. Assume each bucket can hold two keys and the search key values arrive in the given order (i.e. 7 being the first coming key and 18 being the last one).You should follow the convention used by lecture slides: binary hash indices starting from the least significant bit. (E.g. 1 is the least significant bit of the 4 digit binary number 0001.)AnswerInsert 7Insert 15 and 20Insert 37Insert 186. (25 Marks) Consider a database consisting of the following three relation schemas:SAILORS (sid, sname, rating, age)BOATS (bid, bname, color)RESERVES (sid, bid, date, rname)The meaning of the attributes in the above schemas is self-explanatory. For example, sid is the sailor identity number and bname is the name of the boat. The primary keys of the relations are underlined. The attribute sid in RESERVES is a foreign key referencing SAILORS. The attribute bid in RESERVES is a foreign key referencing BOATS.The relation SAILORS has 100,000 tuples and 100 tuples of SAILORS fit into one page. The relation BOATS has 50,000 tuples and 25 tuples of BOATS fit into one page. The relation RESERVES has 10,000 tuples and 20 tuples of RESERVES fit on one page. We assume all attribute values and pointers in these three relations, if needed to be considered, are of the same size.(a)(10 marks) Assume that we use Indexed Nested Loop Join to computeSAILORS RESERVES using SAILORS as the outer relation. RESERVES have a primary B+-tree index with 2 levels on the join attribute. Estimate the cost of the join in terms of pages.Number of SAILORS pages: br = 100,000/100 = 1,000Number of SAILORS Tuples: nr = 100,000.The cost is br+ c * nr = 1,000 + (2+1) * 100,000 = 301,000.(b)(5 mark)Assume that 26% of the sailors have the rating bigger than 5. Estimate theresult size of sid(σrating>5 SAILORS) in terms of pages.Size = 26% * 100,000 / 100/4 = 65 pages260 divided by 4, for there is projection and all the attributes have same size(c)(10 marks) Consider the following two strategies to compute the join operationSAILORS BOATS RESERVES.Strategy 1: (SAILORS BOATS) RESERVESStrategy 2: (SAILORS RESERVES) BOATSWhich strategy is better? Explain the reason(s) of your choice based on the size of the intermediate result using the above strategies.Strategy 2 is better.Because in Strategy 1, SAILORS BOATS is equal to the cross-product of the two relations and the size of the join result will become as large as 100,000 * 50,000 = 5,000,000,000 tuples. This intermediate result is very large and later when joining this intermediate result with RESERVES, the cost is also large.In comparison, in Strategy 2, SAILORS RESERVES has only 10,000 tuples. And later when joining this intermediate result with BOATS, the cost is also small.7. (15 Marks) Consider a schedule S which consists of four transactions as follows:S = <T3_R(U), T2_R(X), T2_W(X), T3_R(X), T1_R(Y), T1_W(Y), T3_W(X), T1_R(Z), T4_R(Z), T4_W(Z), T2_W(Y), T3_R(Y)>The notation is self-explanatory. For example, T1_R(X) means that transaction T1 reads item X.(a)(5 marks) Fill in the following table representing S with the usual notations in lectureslides. The first operation R(U) has been shown in the table. Show clearly all conflicting pairs with downward arrows on the operations.(b)(5 marks) Construct the precedence graph of S. Explain why or why not the schedule isconflict-serializable.Precedence Graph of S:No cycle.(c)(5 marks) Suppose the format of the “commit” operation is Ci where i = 1, 2, 3, or 4.For example, the operation C1 means that the transaction T1 commits. Append all the commit statements to S so that the schedule becomes recoverable. For example, one append can be SC4C3C2C1 which means running S and then C4, C3, C2, C1. (Note that you should NOT change the sequence of the operations in S other than appending S with the four commit statements to make the schedule recoverable.)Recoverable (but not cascadeless) schedule: SC1C2C3C4 or (SC1C2C4C3) or (SC1C4C2C3) (Note: any permutation of Ci satisfies the commit order constraints: C1→C2, C1→C3, C1→C4, C2→C3 is correct)。

组织种树的作文英语Organizing a Tree Planting EventPlanting trees is a simple yet impactful action that can contribute to a healthier and more sustainable environment. As individuals and communities, we have the power to make a positive difference by organizing tree planting events. These events not only beautify our surroundings but also provide numerous environmental benefits that can have a lasting impact on our local ecosystems.One of the primary reasons to organize a tree planting event is to increase the overall tree canopy in a given area. Trees play a crucial role in absorbing and storing carbon dioxide, a greenhouse gas that contributes to climate change. By planting more trees, we can help mitigate the effects of climate change and improve air quality. Additionally, trees provide shade, which can help reduce energy consumption by lowering the need for air conditioning, and they also help prevent soil erosion and improve water quality by filtering runoff.Another important aspect of organizing a tree planting event is the educational and community-building opportunities it presents. Byinvolving members of the community, especially young people, in the tree planting process, we can foster a sense of environmental stewardship and encourage a deeper appreciation for the natural world. Participants can learn about the importance of trees, proper planting techniques, and the various species that thrive in the local ecosystem.When planning a tree planting event, it is crucial to consider several key factors to ensure its success. The first step is to identify a suitable location for the event. This may involve working with local authorities or landowners to secure a suitable site, such as a public park, a school campus, or a community green space. It is important to consider factors like soil quality, sunlight exposure, and accessibility when selecting the planting site.Next, it is necessary to determine the types of trees that will be planted. This decision should be based on the local climate, soil conditions, and the desired aesthetic and environmental benefits. Consulting with local horticulturists or environmental organizations can help identify the most appropriate tree species for the area.Organizing the logistics of the event is another essential aspect. This includes securing the necessary equipment and materials, such as shovels, gloves, and the trees themselves. It is also important to ensure that the event is well-publicized and that participants areaware of the date, time, and location. Collaborating with local organizations, schools, or community groups can help increase the event's visibility and attract a larger turnout.On the day of the event, it is crucial to have a well-organized plan in place to ensure a smooth and efficient tree planting process. This may involve dividing participants into smaller groups, providing clear instructions on proper planting techniques, and designating specific areas for each group to work in. It is also important to have a plan in place for the ongoing maintenance and care of the newly planted trees, such as regular watering and monitoring.One of the most rewarding aspects of organizing a tree planting event is the sense of community and environmental stewardship that it can foster. By bringing people together to work towards a common goal, we can create a sense of shared responsibility and ownership over the local environment. This can lead to increased civic engagement, a greater appreciation for the natural world, and a stronger commitment to environmental conservation.In conclusion, organizing a tree planting event is a powerful way to make a positive impact on our local environment and communities. By increasing the tree canopy, providing educational opportunities, and fostering a sense of environmental stewardship, we can contribute to a more sustainable and livable future for all. Whetherit's a small-scale event in a local park or a large-scale initiative involving multiple organizations, every tree planted can make a difference in the fight against climate change and the preservation of our natural resources.。

16 Port Nway Fast EthernetPoE Web Smart SwitchUser’s ManualVer:1.3.3- 0 -- 1 -Web Smart Switch ConfigurePlease follow the steps to configure this Web Smart switch.Step 1: Use a twisted pair cable to connect this switch to your PC.Step 2: Set your PC’s IP to 192.168.2.xx.Step 3: Open the web browser (like IE…), and go to 192.168.2.1 Then you will see the login screen.ID and the password: admin- 2 -Step 4: After the authentication procedure, the home page shows up.Select one of the configurations by clicking the icon.- Administrator - Port Management - VLAN Setting - Per Port Counter - QoS Setting - Security- Spanning Tree - Trunking- Backup/Recovery - Miscellaneous - LogoutAdministrator: Authentication Configuration1. Change the user name and the password.2. Click “Update” to confirm the new change. Now, you can use the new user name and the password.- 3 -Administrator: System IP Configuration1. Change the IP address: type the new IP address or selectDHCP IP configuration.2. Click “Update” to confirm the new change.“Setting Process OK!!” will be shown on the screen.Now, the setting of “System IP Configuration” is finished.- 4 -Administrator: System StatusMAC address and system version will be shown on the screen.1.Change the new comment of this switch by typing the newcomment.2.Click “Update” to confirm the new change.Now, the setting of “System Status” is finished.- 5 -Administrator: Load Default Setting1.Click “Load” to back to the factory default setting.**Note: Recover switch default setting excluding the IP address, User name and Password.Now, the default is loaded.- 6 -Administrator: Firmware UpdateFollow the instruction on the screen to update the new firmware. Please contact with your sales agents to get the latest firmware information.- 7 -Administrator: Reboot Device1. Click “Confirm” to reboot the device. Now, the setting of “Reboot Device” is finished.- 8 -Port Management: Port ConfigurationSelect the “Port No.” - configure the mode below:1. “Auto-Nego” - enable/disable Auto-Negotiation.2. “Speed” - 10M or 100M mode for the selected port.3.“Duplex” - Full or Half-Duplex mode for the selected port.4. “Pause” - enable/disable for the selected port.5. “Backpressure” - enable/disable for the selected port.6. “Tx Cap (Capability) ” - enable/disable for the selected port.7. “Addr. Learning” - enable/disable for the selected port. Now, the setting of “Port Configuration” is finished.- 9 -Port Management: Port MirroringPort Mirroring is used to mirror traffic, RX, TX or TX&RX, from Source port to Destination port for analysis.1.Select the Destination port: you can choose port 1 to port 162.Select the Source port: by clicking the checking box of theport.3.Click “Update” to save the setting.Now, the setting of “Port Mirroring” is finished.- 10 -Port Management: Bandwidth Control1.Select the “Port No.”: you can choose port 1 to port 162.“TX Rate Value”: set the transmission rate of the selected port.(0:Full speed; 1~255:Specified bandwidth.)3.“RX Rate Value”: set the receiving rate of the selected port. (0:Full speed; 1~255: Specified bandwidth.)4.“Resolution” : Low: 32 kbps / High: 512 kbps5.Click “Update” to confirm the setting or “LoadDefault”. Now, the setting of “Bandwidth Control” is finished.- 11 -Port Management: Broadcast Storm Control1.“Threshold” - Set the threshold from 1~63.2.“Enable Port” - per port to define the status of broadcast packets.3.Click “Update” to confirm the setting.Now, the setting of “Broadcast Storm Control” is finished.- 12 -Port Management: PoE ConfigurationRemote access and monitor the attached PD (Powered Device) status by using Enable/Disable function.1.Enable: POE of the port is able to supply power to the attachedPD (Powered Device)2.PSE Current & Minimum Output Power: The status of theport current and minimum output power.3. POE class: each POE port will detect the class of the attachedPD (Powered Device)4. Click “Update” to confirm and finish the setting.Now, the setting of “PoE Configuration” is finished.- 13 -VLAN Setting: VLAN ModeThere are two VLAN modes : Port Based VLAN and Tagged VLAN. Click “Change VLAN mode” to select the mode.**If the Port Based VLAN function is enabled, Multi to 2 setting and tag Based VLAN will be disabled automatically.Now, the setting of “VLAN Mode” is finished.- 14 -VLAN Setting: VLAN Member Setting (Port Based)You can select a port group.1. Click the port numbers: which you want to put them into theselected VLAN group.2. Click “Update” to confirm and finish the setting.3. Click “LoadDefualt” to back to the original factory setting. Now, the setting of “VLAN Mode” is finished.- 15 -VLAN Setting: Multi to 2 SettingThis is a special design for easily setting the switch VLAN into “VLAN Per Port“.1.Choose “Destination Port No”.2.Choose “Disable Port”3.“Disable Port” – choose the port which you don’t want to use4.Click “Update” to confirm and finish the setting.After this setting, all ports can only connect to destination ports.- 16 -Per Port Counter: Counter CategoryYou can read the transmitting and receiving packet of the connecting port.Click “Refresh” or “Clear” the data.- 17 -QoS Setting: Priority ModeThere are three Priority Modes to select.1.“First-in-First-Out” - the first receiving packet will be firstlytransmitted.2.“All-High-before-Low” – All packets will be assigned to eitherQ2(high) piority queue or Q1(low)priority queue.3.“4 Queue WRR (Weight-Round-Robin)” - set the ratio ofthe transmitting packet for the low priority to high priority. 4.Click “Update” to confirm and finish the setting.- 18 -- 19 - QoS Setting: Class of ServiceYou can set QoS mode of per port by different bases.TCP/UDP > TP TPS/DS > 802.1P > Physical port1.“TCP/UDP Port” – Q1 ~ Q4 options are effective for theselected physical port only. “Drop” option is the global setting for all physical ports.The packet queue will be transferred based on the number of “4 Queue WRR” on QoS Setting: Priority Mode.**WRR –Q1/Q2/Q3/Q4**“Drop” - packets will be dropped.2. “IP TOS/DS” – “Priority Setting”: Q1 ~ Q4; “IP TOS/DS PortSetting” - It means the packets with special IP will befirstly transmitted.3. “802.1p” – Priority mapping table as the screen shown.4. “Physical port” - you can select the port which you want toconfigure as Q1~Q4 priority.5. Click “Update” to confirm and finish the setting.Now, the setting of “Class of Service” is finished.- 20 -Security: MAC Address FilterSet special MAC address to activate on the selected port1.Choose “Select Port” – port 1~162.“Binding” – “Enable”: allow the packet with the specifiedsource MAC address to enter this port.3.Click “Update” to confirm and finish the setting.Now, the setting of “MAC Address Filter” is finished.- 21 -Security: TCP_UDP Filter ConfigurationYou can enable or disable this function of per port.If the “Function Enable” is “Enable”, please kindly check the following setting:1.“Port Filtering Rule” –“Deny”: the outgoing packets to the selected port with selected- 22 -protocol will be dropped and other protocols will beforwarded.“Allow”: the selected protocol will be forwarded and otherprotocol will be dropped.2.“Secure Port” – choose secure ports which you want.**Note 1:a.The secure WAN port should be set at the physical portwhich is connected to the server.b.Once this function is enabled, the switch will check thedestination TCP/UTP port number at the outgoing directionof the secure WAN port.If the condition matches, this packet will be dropped or forwarded.**Note 2: The description of Secure WAN port is shown on the bottom of this screen.3. “Protocol” – choose protocols which you want.4. Click “Update” to confirm and finish the setting.Now, the setting of “TCP/UDP Filter Configuration” is finished.- 23 -Spanning Tree: STP Bridge SettingsThis setting is to avoid the loop network.1.Select the “STP Mode”- choose “Disable”, “STP” or “RSTP”2.Set the “Bridge Priority” – Set the priority of the Bridge3.Set the period of “Hello Time” packet – Provides the time periodbetween root bridge configuration messages.4.Set the “Max Age” – Indicates when the current configurationmessage should be deleted.5.Set the “Forward Delay” time – Provides the length of time thatbridges should wait before transitioning to a new state after a topology change. (If a bridge transitions too soon, not all network links might be ready to change their state, and loops can result.)6. Click “Update” to confirm and finish the setting.Now, the setting of “STP Bridge Settings” is finished.- 24 -Spanning Tree: STP Port Settings1.Choose “Port No.” : Port 1 ~ Port 162. Choose “Priority”: 0~ 2403. “RPC” = Root Path Cost: 0 = AUTO. When the loop is found, the STP/RSTP will calculate the cost of its path.- 25 -Trunking: Link Aggregation SettingsThere are two groups to choose and max. for each group is 4 ports. Click “Submit” to confirm and finish the setting.“State” – Enable / Disable“Type” – LACP/ Static“Activity” – Active/Passive: Both switches use “LACP” to configure the Trunk, at least one of them should be “Active”.- 26 -Backup/RecoveryFollow the instruction on the screen to update the original setting. “Backup” - Click “Download” to confirm the setting. “Recovery” – select a file and key in the password Click “Update”to confirm the setting.- 27 -Miscellaneous: Miscellaneous Setting1.“Output Queue Aging Time” - You can set queue aging time intodifferent milliseconds or disable this function.2.“VLAN Striding” – You can enable/disable this function.3.“IGMP Snooping V1 & V2” – You can enable/disable thisfunction.4.“VLAN Uplink Setting” – Set “uplink1 or uplink2” or “Clearuplink1” or “Clear uplink2”5.Click “Update” to confirm and finish the setting.6.- 28 -Logout: You can click “Logout” to logout.- 29 -。