The main function of Internet of Things is to collect and transmit data.At present,the data transmission in Internet of Things lacks effective trust attestation mechanism and trust traceability mechanism of data sourc...The main function of Internet of Things is to collect and transmit data.At present,the data transmission in Internet of Things lacks effective trust attestation mechanism and trust traceability mechanism of data source.To solve the above problems,a trust attestation mechanism for sensing layer nodes is presented.First a trusted group is established,and the node which is going to join the group needs to attest its identity and key attributes to the higher level node.Then the dynamic trust measurement value of the node can be obtained by measuring the node data transmission behavior.Finally the node encapsulates the key attributes and trust measurement value to use short message group signature to attest its trust to the challenger.This mechanism can measure the data sending and receiving behaviors of sensing nodes and track the data source,and it does not expose the privacy information of nodes and the sensing nodes can be traced effectively.The trust measurement for sensing nodes and verification is applicable to Internet of Things and the simulation experiment shows the trust attestation mechanism is flexible,practical and efficient.Besides,it can accurately and quickly identify the malicious nodes at the same time.The impact on the system performance is negligible.展开更多
Post-quantum transport layer security(PQ-TLS)is capable of effectively defending against quantum threats to current network communications,whereas its larger public key and certificate sizes as well as higher computat...Post-quantum transport layer security(PQ-TLS)is capable of effectively defending against quantum threats to current network communications,whereas its larger public key and certificate sizes as well as higher computational overhead may result in a significant performance reduction compared with conventional TLS.In this paper,we present a systematic evaluation of PQ-TLS performance across diverse deployment scenarios to address the following critical research questions.(1)What is the performance behavior of PQ-TLS across different TLS modes?(2)How does PQ-TLS perform across varying client scales?(3)Which network topology is most suitable for PQ-TLS?(4)How does PQ-TLS perform on personal computers(PCs)compared to embedded IoT devices?To the best of our knowledge,this is the first work to comprehensively address these issues,offering implementers some insights into PQ-TLS performance and guidance for optimizing it across diverse scenarios.展开更多
A brief survey on the state-of-the-art research of determining geographic location of IP addresses is presented. The problem of determining the geographic location of routers in Internet Service Provider (ISP) topol...A brief survey on the state-of-the-art research of determining geographic location of IP addresses is presented. The problem of determining the geographic location of routers in Internet Service Provider (ISP) topology measurement is discussed when there is inadequate information such as domain names that could be used. Nine empirical inference rules are provided, and they are respectively (1) rule of mutual inference, (2) rule of locality, (3) rule of ping-pong assignment, (4) rule of bounding from both sides, (5) rule of preferential exit deny, (6) rule of uureachable/timeout, (7) rule of relay hop assignment, (8) rule of following majority, and (9) rule of validity checking based on interface-finding. In totally 2,563 discovered router interfaces of a national ISP topology, only 6.4% of them can be located by their corresponding domain names. In contrast, after exercising these nine empirical inference rules, 38% of them have been located. Two methods have mainly been employed to evaluate the effectiveness of these inference rules. One is to compare the measured topology graph with the graph published by the corresponding ISP. The other is to contact the administrator of the corresponding ISP for the verification of IP address locations of some key routers. The conformity between the locations inferred by the rules and those determined by domain names as well as those determined by whois information is also examined. Experimental results show that these empirical inference rules play an important role in determining the geographic location of routers in ISP topology measurement.展开更多
基金Supported by the National Natural Science Foundation of China(61501007)General Project of Science and Technology Project of Beijing Municipal Education Commission(KM201610005023)
文摘The main function of Internet of Things is to collect and transmit data.At present,the data transmission in Internet of Things lacks effective trust attestation mechanism and trust traceability mechanism of data source.To solve the above problems,a trust attestation mechanism for sensing layer nodes is presented.First a trusted group is established,and the node which is going to join the group needs to attest its identity and key attributes to the higher level node.Then the dynamic trust measurement value of the node can be obtained by measuring the node data transmission behavior.Finally the node encapsulates the key attributes and trust measurement value to use short message group signature to attest its trust to the challenger.This mechanism can measure the data sending and receiving behaviors of sensing nodes and track the data source,and it does not expose the privacy information of nodes and the sensing nodes can be traced effectively.The trust measurement for sensing nodes and verification is applicable to Internet of Things and the simulation experiment shows the trust attestation mechanism is flexible,practical and efficient.Besides,it can accurately and quickly identify the malicious nodes at the same time.The impact on the system performance is negligible.
基金Special Fund for Key Technologies in Blockchain of Shanghai Scientific and Technological Committee(23511100300)。
文摘Post-quantum transport layer security(PQ-TLS)is capable of effectively defending against quantum threats to current network communications,whereas its larger public key and certificate sizes as well as higher computational overhead may result in a significant performance reduction compared with conventional TLS.In this paper,we present a systematic evaluation of PQ-TLS performance across diverse deployment scenarios to address the following critical research questions.(1)What is the performance behavior of PQ-TLS across different TLS modes?(2)How does PQ-TLS perform across varying client scales?(3)Which network topology is most suitable for PQ-TLS?(4)How does PQ-TLS perform on personal computers(PCs)compared to embedded IoT devices?To the best of our knowledge,this is the first work to comprehensively address these issues,offering implementers some insights into PQ-TLS performance and guidance for optimizing it across diverse scenarios.
文摘A brief survey on the state-of-the-art research of determining geographic location of IP addresses is presented. The problem of determining the geographic location of routers in Internet Service Provider (ISP) topology measurement is discussed when there is inadequate information such as domain names that could be used. Nine empirical inference rules are provided, and they are respectively (1) rule of mutual inference, (2) rule of locality, (3) rule of ping-pong assignment, (4) rule of bounding from both sides, (5) rule of preferential exit deny, (6) rule of uureachable/timeout, (7) rule of relay hop assignment, (8) rule of following majority, and (9) rule of validity checking based on interface-finding. In totally 2,563 discovered router interfaces of a national ISP topology, only 6.4% of them can be located by their corresponding domain names. In contrast, after exercising these nine empirical inference rules, 38% of them have been located. Two methods have mainly been employed to evaluate the effectiveness of these inference rules. One is to compare the measured topology graph with the graph published by the corresponding ISP. The other is to contact the administrator of the corresponding ISP for the verification of IP address locations of some key routers. The conformity between the locations inferred by the rules and those determined by domain names as well as those determined by whois information is also examined. Experimental results show that these empirical inference rules play an important role in determining the geographic location of routers in ISP topology measurement.
