The single planar routing protocol has a slow convergence rate in the large-scale Wireless Sensor Network(WSN).Although the hierarchical routing protocol can effectively cope with large-scale application scenarios,how...The single planar routing protocol has a slow convergence rate in the large-scale Wireless Sensor Network(WSN).Although the hierarchical routing protocol can effectively cope with large-scale application scenarios,how to elect a secure cluster head and balance the network load becomes an enormous challenge.In this paper,a Trust Management-based and Low Energy Adaptive Clustering Hierarchy protocol(LEACH-TM)is proposed.In LEACH-TM,by using the number of dynamic decision cluster head nodes,residual energy and density of neighbor nodes,the size of the cluster can be better constrained to improve energy efficiency,and avoid excessive energy consumption of a node.Simultaneously,the trust management scheme is introduced into LEACH-TM to defend against internal attacks.The simulation results show that,compared with LEACH-SWDN protocol and LEACH protocol,LEACH-TM outperforms in prolonging the network lifetime and balancing the energy consumption,and can effectively mitigate the influence of malicious nodes on cluster head selection,which can greatiy guarantee the security of the overall network.展开更多
IEEE 802.16e, as an amendment and corrigendum to the IEEE 802.16-2004, published on 28 February 2006, and intended to update and expand IEEE 802.16-2004 to allow for mobile subscriber stations. This paper summarizes t...IEEE 802.16e, as an amendment and corrigendum to the IEEE 802.16-2004, published on 28 February 2006, and intended to update and expand IEEE 802.16-2004 to allow for mobile subscriber stations. This paper summarizes the key management protocol belonging to security part of the IEEE 802.16e, which includes security negotiation, authorization, key derivation, handshake, and key transportation. While these building blocks are well designed, we point out some unwelcome features for these building blocks. We also give out suggestions to diminish the proposed problems.展开更多
The recent growth of the World Wide Web has sparked new research into using the Internet for novel types of group communication, like multiparty videoconferencing and real-time streaming. Multicast has the potential t...The recent growth of the World Wide Web has sparked new research into using the Internet for novel types of group communication, like multiparty videoconferencing and real-time streaming. Multicast has the potential to be very useful, but it suffers from many problems like security. To achieve secure multicast communications with the dynamic aspect of group applications due to free membership joins and leaves in addition to member's mobility, key management is one of the most critical problems. So far, a lot of multicast key management schemes have been proposed and most of them are centralized, which have the problem of 'one point failure' and that the group controller is the bottleneck of the group. In order to solve these two problems, we propose a Key Management Scheme, using cluster-based End-System Multicast (ESM). The group management is between both 1) the main controller (MRP, Main Rendezvous Point) and the second controllers (CRP, Cluster RP), and 2) the second controllers (CRPs) and its members. So, ESM simplifies the implementation of group communication and is efficient ways to deliver a secure message to a group of recipients in a network as a practical alternative to overcome the difficulty of large scale deployment of traditional IP multicast. In this paper, we analyze different key management schemes and propose a new scheme, namely Advanced Transition/Cluster Key management Scheme (ATCKS) and find it has appropriate performance in security.展开更多
Denial of Service Distributed Denial of Service (DOS) attack, especially (DDoS) attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in ...Denial of Service Distributed Denial of Service (DOS) attack, especially (DDoS) attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in the behaviors of the network and can not deal with the problem exactly. In this paper, we start from the security of the protocol, then we propose a novel theory for security protocol analysis of Denial of Service in order to deal with the DoS attack. We first introduce the conception of weighted graph to extend the strand space model, then we extend the penetrator model and define the goal of anti-DoS attack through the conception of the DoS-stop protocol, finally we propose two kinds of DoS test model and erect the novel formal theory for security protocol analysis of Denial of Service. Our new formal theory is applied in two example protocols. It is proved that the Internet key exchange (IKE) easily suffers from the DoS attacks, and the efficient DoS- resistant secure key exchange protocol (JFK) is resistant against DoS attack for the server, respectively.展开更多
Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global infor...Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.展开更多
PKI and IPSec are the widely used technologies in today's information security area. In this paper ,PKI andIPSec are discussed briefly at first. Then two methods of combining PKI with IPSec are proposed with detai...PKI and IPSec are the widely used technologies in today's information security area. In this paper ,PKI andIPSec are discussed briefly at first. Then two methods of combining PKI with IPSec are proposed with details,andhow to use PKI in IPSec configuration management is also discussed. Finally,it points out that identity of IPSec com-munication entity may be the special user but not limited to IP address with PKI. It also points out that PKI makes a-thentication of IPSec entity more secure and reliable,and makes IPSec configurations more flexible.展开更多
基金supported by the National Natural Science Foundation of China(Grant No.61571303,No.61571004)the Shanghai Natural Science Foundation(Grant No.21ZR1461700)+3 种基金the Shanghai Sailing Program(Grant No.19YF1455800)the National Science and Technology Major Project of China(No.2018ZX03001031)the Fundamental Research Funds for State Key Laboratory of Synthetical Automation for Process Industries(Grant No.PAL-N201703)the National Key Research and Development Program of China-Internet of Things and Smart City Key Program(No.2019YFB2101600,NO.2019YFB2101602,No.2019YFB2101602-03).
文摘The single planar routing protocol has a slow convergence rate in the large-scale Wireless Sensor Network(WSN).Although the hierarchical routing protocol can effectively cope with large-scale application scenarios,how to elect a secure cluster head and balance the network load becomes an enormous challenge.In this paper,a Trust Management-based and Low Energy Adaptive Clustering Hierarchy protocol(LEACH-TM)is proposed.In LEACH-TM,by using the number of dynamic decision cluster head nodes,residual energy and density of neighbor nodes,the size of the cluster can be better constrained to improve energy efficiency,and avoid excessive energy consumption of a node.Simultaneously,the trust management scheme is introduced into LEACH-TM to defend against internal attacks.The simulation results show that,compared with LEACH-SWDN protocol and LEACH protocol,LEACH-TM outperforms in prolonging the network lifetime and balancing the energy consumption,and can effectively mitigate the influence of malicious nodes on cluster head selection,which can greatiy guarantee the security of the overall network.
基金Supported by the National Natural Science Foundation of China (60473027)
文摘IEEE 802.16e, as an amendment and corrigendum to the IEEE 802.16-2004, published on 28 February 2006, and intended to update and expand IEEE 802.16-2004 to allow for mobile subscriber stations. This paper summarizes the key management protocol belonging to security part of the IEEE 802.16e, which includes security negotiation, authorization, key derivation, handshake, and key transportation. While these building blocks are well designed, we point out some unwelcome features for these building blocks. We also give out suggestions to diminish the proposed problems.
文摘The recent growth of the World Wide Web has sparked new research into using the Internet for novel types of group communication, like multiparty videoconferencing and real-time streaming. Multicast has the potential to be very useful, but it suffers from many problems like security. To achieve secure multicast communications with the dynamic aspect of group applications due to free membership joins and leaves in addition to member's mobility, key management is one of the most critical problems. So far, a lot of multicast key management schemes have been proposed and most of them are centralized, which have the problem of 'one point failure' and that the group controller is the bottleneck of the group. In order to solve these two problems, we propose a Key Management Scheme, using cluster-based End-System Multicast (ESM). The group management is between both 1) the main controller (MRP, Main Rendezvous Point) and the second controllers (CRP, Cluster RP), and 2) the second controllers (CRPs) and its members. So, ESM simplifies the implementation of group communication and is efficient ways to deliver a secure message to a group of recipients in a network as a practical alternative to overcome the difficulty of large scale deployment of traditional IP multicast. In this paper, we analyze different key management schemes and propose a new scheme, namely Advanced Transition/Cluster Key management Scheme (ATCKS) and find it has appropriate performance in security.
基金This work is supported by National Natural Science Foundation of China under contract 60902008.
文摘Denial of Service Distributed Denial of Service (DOS) attack, especially (DDoS) attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in the behaviors of the network and can not deal with the problem exactly. In this paper, we start from the security of the protocol, then we propose a novel theory for security protocol analysis of Denial of Service in order to deal with the DoS attack. We first introduce the conception of weighted graph to extend the strand space model, then we extend the penetrator model and define the goal of anti-DoS attack through the conception of the DoS-stop protocol, finally we propose two kinds of DoS test model and erect the novel formal theory for security protocol analysis of Denial of Service. Our new formal theory is applied in two example protocols. It is proved that the Internet key exchange (IKE) easily suffers from the DoS attacks, and the efficient DoS- resistant secure key exchange protocol (JFK) is resistant against DoS attack for the server, respectively.
文摘Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.
文摘PKI and IPSec are the widely used technologies in today's information security area. In this paper ,PKI andIPSec are discussed briefly at first. Then two methods of combining PKI with IPSec are proposed with details,andhow to use PKI in IPSec configuration management is also discussed. Finally,it points out that identity of IPSec com-munication entity may be the special user but not limited to IP address with PKI. It also points out that PKI makes a-thentication of IPSec entity more secure and reliable,and makes IPSec configurations more flexible.
