The mega-constellation is a major future development direction for space-based technologies in communications,navigation,remote sensing,and other fields.However,there are marked security threats to the mega-constellat...The mega-constellation is a major future development direction for space-based technologies in communications,navigation,remote sensing,and other fields.However,there are marked security threats to the mega-constellation.Traditional password-based security protection techniques are inefficient for vast node access authentication because they lack a unified management system and methodology.To address the aforementioned issues,this work presents a mega-constellation node security access authentication technique based on sharding blockchain via the“1+N+1”mega-constellation security and trustworthiness architecture.We build a distributed node security access authentication system based on functional domains and functional cross-domains,and we develop mathematical models for the complexity of messaging and space,the throughput of transactions,and the overall estimation of sharding blockchain systems.The results demonstrate that every indicator outperforms conventional blockchain techniques,which has major implications for mega-constellation by creating a complete link security and trustworthiness system.A universal solution for the number of consensus nodes I and the number of shards N is found,which can be used to guide parameter design in mega-constellation sharding blockchain systems.展开更多
5G-R is the main type of next-generation mobile communication system for railways,offering highly reliable broadband data transmission services for intelligent railway operations.In the light of meeting the bearing de...5G-R is the main type of next-generation mobile communication system for railways,offering highly reliable broadband data transmission services for intelligent railway operations.In the light of meeting the bearing demands of the 5G-R network,a comprehensive data transmission platform is proposed.This platform enables unified accession for various data service systems and applies Software Defined Network(SDN)technology for dynamic routing selection and high-effective data forwarding.Based on shared key lightweight access authentication technology,two-way identity authentication is performed for mobile terminals and network-side devices,ensuring the legitimacy verification of heterogeneous terminals within the application domain.展开更多
When Internet of Things(IoT)nodes access the network through wireless channels,the network is vulnerable to spoofing attacks and the Sybil attack.However,the connection of massive devices in IoT makes it difficult to ...When Internet of Things(IoT)nodes access the network through wireless channels,the network is vulnerable to spoofing attacks and the Sybil attack.However,the connection of massive devices in IoT makes it difficult to manage and distribute keys,thus limiting the application of traditional high-level authentication schemes.Compared with the high-level authentication scheme,the physical layer authentication scheme realizes the lightweight authentication of users by comparing the wireless channel characteristics of adjacent packets.However,traditional physical layer authentication schemes still adopt the one-to-one authentication method,which will consume numerous network resources in the face of large-scale IoT node access authentication.In order to realize the secure access authentication of IoT nodes and regional intrusion detection with low resource consumption,we propose a physical layer authentication mechanism based on convolution neural network(CNN),which uses the deep characteristics of channel state information(CSI)to identify sending nodes in different locations.Specifically,we obtain the instantaneous CSI data of IoT sending nodes at different locations in the pre-set area,and then feed them into CNN for training to procure a model for IoT node authentication.With its powerful ability of data analysis and feature extraction,CNN can extract deep Spatio-temporal environment features of CSI data and bind them with node identities.Accordingly,an authentication mechanism which can distinguish the identity types of IoT nodes located in different positions is established to authenticate the identity of unknown nodes when they break into the pre-set area.Experimental results show that this authentication mechanism can still achieve 94.7%authentication accuracy in the case of a low signalto-noise ratio(SNR)of 0 dB,which means a significant improvement in authentication accuracy and robustness.展开更多
Big data has a strong demand for a network infrastructure with the capability to support data sharing and retrieval efficiently. Information-centric networking (ICN) is an emerging approach to satisfy this demand, w...Big data has a strong demand for a network infrastructure with the capability to support data sharing and retrieval efficiently. Information-centric networking (ICN) is an emerging approach to satisfy this demand, where big data is cached ubiquitously in the network and retrieved using data names. However, existing authentication and authorization schemes rely mostly on centralized servers to provide certification and mediation services for data retrieval. This causes considerable traffic overhead for the secure distributed sharing of data. To solve this problem, we employ identity-based cryptography (IBC) to propose a Distributed Authentication and Authorization Scheme (DAAS), where an identity-based signature (IBS) is used to achieve distributed verifications of the identities of publishers and users. Moreover, Ciphertext-Policy Attribnte-based encryption (CP-ABE) is used to enable the distributed and fine-grained authorization. DAAS consists of three phases: initialization, secure data publication, and secure data retrieval, which seamlessly integrate authentication and authorization with the in- terest/data communication paradigm in ICN. In particular, we propose trustworthy registration and Network Operator and Authority Manifest (NOAM) dissemination to provide initial secure registration and enable efficient authentication for global data retrieval. Meanwhile, Attribute Manifest (AM) distribution coupled with automatic attribute update is proposed to reduce the cost of attribute retrieval. We examine the performance of the proposed DAAS, which shows that it can achieve a lower bandwidth cost than existing schemes.展开更多
User’s data is considered as a vital asset of several organizations.Migrating data to the cloud computing is not an easy decision for any organization due to the privacy and security concerns.Service providers must e...User’s data is considered as a vital asset of several organizations.Migrating data to the cloud computing is not an easy decision for any organization due to the privacy and security concerns.Service providers must ensure that both data and applications that will be stored on the cloud should be protected in a secure environment.The data stored on the public cloud will be vulnerable to outside and inside attacks.This paper provides interactive multi-layer authentication frameworks for securing user identities on the cloud.Different access control policies are applied for verifying users on the cloud.A security mechanism is applied to the cloud application that includes user registration,granting user privileges,and generating user authentication factor.An intrusion detection system is embedded to the security mechanism to detect malicious users.The multi factor authentication,intrusion detection,and access control techniques can be used for ensuring the identity of the user.Finally,encryption techniques are used for protecting the data from being disclosed.Experimental results are carried out to verify the accuracy and efficiency of the proposed frameworks and mechanism.The results recorded high detection rate with low false positive alarms.展开更多
The popularity of the Internet of Things(IoT)has enabled a large number of vulnerable devices to connect to the Internet,bringing huge security risks.As a network-level security authentication method,device fingerprin...The popularity of the Internet of Things(IoT)has enabled a large number of vulnerable devices to connect to the Internet,bringing huge security risks.As a network-level security authentication method,device fingerprint based on machine learning has attracted considerable attention because it can detect vulnerable devices in complex and heterogeneous access phases.However,flexible and diversified IoT devices with limited resources increase dif-ficulty of the device fingerprint authentication method executed in IoT,because it needs to retrain the model network to deal with incremental features or types.To address this problem,a device fingerprinting mechanism based on a Broad Learning System(BLS)is proposed in this paper.The mechanism firstly characterizes IoT devices by traffic analysis based on the identifiable differences of the traffic data of IoT devices,and extracts feature parameters of the traffic packets.A hierarchical hybrid sampling method is designed at the preprocessing phase to improve the imbalanced data distribution and reconstruct the fingerprint dataset.The complexity of the dataset is reduced using Principal Component Analysis(PCA)and the device type is identified by training weights using BLS.The experimental results show that the proposed method can achieve state-of-the-art accuracy and spend less training time than other existing methods.展开更多
SIN(Space Information Network)is expected to play an increasing role in providing real-time,flexible,and integrated communication and data transmission services in an efficient manner.Nowadays,SIN has been widely deve...SIN(Space Information Network)is expected to play an increasing role in providing real-time,flexible,and integrated communication and data transmission services in an efficient manner.Nowadays,SIN has been widely developed for position navigation,environment monitor,traffic management,counter-terrorism,etc.However,security is a major concern in SIN,since the satellites,spacecrafts,and aircrafts are susceptible to a variety of traditional/specific network-based attacks,including eavesdropping,session hijacking,and illegal accessing.The network architecture and security issues of SIN were reviewed.Various security requirements were discussed that should be considered when designing SIN.And existing solutions proposed to meet these requirements were surveyed.The key challenges and key technologies that still require extensive research and development for securing SIN were indentifed.展开更多
基金the specific grant from China’s National Social Science Foundation (U23B2025 and U22B2014).
文摘The mega-constellation is a major future development direction for space-based technologies in communications,navigation,remote sensing,and other fields.However,there are marked security threats to the mega-constellation.Traditional password-based security protection techniques are inefficient for vast node access authentication because they lack a unified management system and methodology.To address the aforementioned issues,this work presents a mega-constellation node security access authentication technique based on sharding blockchain via the“1+N+1”mega-constellation security and trustworthiness architecture.We build a distributed node security access authentication system based on functional domains and functional cross-domains,and we develop mathematical models for the complexity of messaging and space,the throughput of transactions,and the overall estimation of sharding blockchain systems.The results demonstrate that every indicator outperforms conventional blockchain techniques,which has major implications for mega-constellation by creating a complete link security and trustworthiness system.A universal solution for the number of consensus nodes I and the number of shards N is found,which can be used to guide parameter design in mega-constellation sharding blockchain systems.
文摘5G-R is the main type of next-generation mobile communication system for railways,offering highly reliable broadband data transmission services for intelligent railway operations.In the light of meeting the bearing demands of the 5G-R network,a comprehensive data transmission platform is proposed.This platform enables unified accession for various data service systems and applies Software Defined Network(SDN)technology for dynamic routing selection and high-effective data forwarding.Based on shared key lightweight access authentication technology,two-way identity authentication is performed for mobile terminals and network-side devices,ensuring the legitimacy verification of heterogeneous terminals within the application domain.
基金This work was supported by National Natural Science Foundation of China(No.61871404,61801435).
文摘When Internet of Things(IoT)nodes access the network through wireless channels,the network is vulnerable to spoofing attacks and the Sybil attack.However,the connection of massive devices in IoT makes it difficult to manage and distribute keys,thus limiting the application of traditional high-level authentication schemes.Compared with the high-level authentication scheme,the physical layer authentication scheme realizes the lightweight authentication of users by comparing the wireless channel characteristics of adjacent packets.However,traditional physical layer authentication schemes still adopt the one-to-one authentication method,which will consume numerous network resources in the face of large-scale IoT node access authentication.In order to realize the secure access authentication of IoT nodes and regional intrusion detection with low resource consumption,we propose a physical layer authentication mechanism based on convolution neural network(CNN),which uses the deep characteristics of channel state information(CSI)to identify sending nodes in different locations.Specifically,we obtain the instantaneous CSI data of IoT sending nodes at different locations in the pre-set area,and then feed them into CNN for training to procure a model for IoT node authentication.With its powerful ability of data analysis and feature extraction,CNN can extract deep Spatio-temporal environment features of CSI data and bind them with node identities.Accordingly,an authentication mechanism which can distinguish the identity types of IoT nodes located in different positions is established to authenticate the identity of unknown nodes when they break into the pre-set area.Experimental results show that this authentication mechanism can still achieve 94.7%authentication accuracy in the case of a low signalto-noise ratio(SNR)of 0 dB,which means a significant improvement in authentication accuracy and robustness.
文摘Big data has a strong demand for a network infrastructure with the capability to support data sharing and retrieval efficiently. Information-centric networking (ICN) is an emerging approach to satisfy this demand, where big data is cached ubiquitously in the network and retrieved using data names. However, existing authentication and authorization schemes rely mostly on centralized servers to provide certification and mediation services for data retrieval. This causes considerable traffic overhead for the secure distributed sharing of data. To solve this problem, we employ identity-based cryptography (IBC) to propose a Distributed Authentication and Authorization Scheme (DAAS), where an identity-based signature (IBS) is used to achieve distributed verifications of the identities of publishers and users. Moreover, Ciphertext-Policy Attribnte-based encryption (CP-ABE) is used to enable the distributed and fine-grained authorization. DAAS consists of three phases: initialization, secure data publication, and secure data retrieval, which seamlessly integrate authentication and authorization with the in- terest/data communication paradigm in ICN. In particular, we propose trustworthy registration and Network Operator and Authority Manifest (NOAM) dissemination to provide initial secure registration and enable efficient authentication for global data retrieval. Meanwhile, Attribute Manifest (AM) distribution coupled with automatic attribute update is proposed to reduce the cost of attribute retrieval. We examine the performance of the proposed DAAS, which shows that it can achieve a lower bandwidth cost than existing schemes.
文摘User’s data is considered as a vital asset of several organizations.Migrating data to the cloud computing is not an easy decision for any organization due to the privacy and security concerns.Service providers must ensure that both data and applications that will be stored on the cloud should be protected in a secure environment.The data stored on the public cloud will be vulnerable to outside and inside attacks.This paper provides interactive multi-layer authentication frameworks for securing user identities on the cloud.Different access control policies are applied for verifying users on the cloud.A security mechanism is applied to the cloud application that includes user registration,granting user privileges,and generating user authentication factor.An intrusion detection system is embedded to the security mechanism to detect malicious users.The multi factor authentication,intrusion detection,and access control techniques can be used for ensuring the identity of the user.Finally,encryption techniques are used for protecting the data from being disclosed.Experimental results are carried out to verify the accuracy and efficiency of the proposed frameworks and mechanism.The results recorded high detection rate with low false positive alarms.
基金supported by National Key R&D Program of China(2019YFB2102303)National Natural Science Foundation of China(NSFC61971014,NSFC11675199)Young Backbone Teacher Training Program of Henan Colleges and Universities(2021GGJS170).
文摘The popularity of the Internet of Things(IoT)has enabled a large number of vulnerable devices to connect to the Internet,bringing huge security risks.As a network-level security authentication method,device fingerprint based on machine learning has attracted considerable attention because it can detect vulnerable devices in complex and heterogeneous access phases.However,flexible and diversified IoT devices with limited resources increase dif-ficulty of the device fingerprint authentication method executed in IoT,because it needs to retrain the model network to deal with incremental features or types.To address this problem,a device fingerprinting mechanism based on a Broad Learning System(BLS)is proposed in this paper.The mechanism firstly characterizes IoT devices by traffic analysis based on the identifiable differences of the traffic data of IoT devices,and extracts feature parameters of the traffic packets.A hierarchical hybrid sampling method is designed at the preprocessing phase to improve the imbalanced data distribution and reconstruct the fingerprint dataset.The complexity of the dataset is reduced using Principal Component Analysis(PCA)and the device type is identified by training weights using BLS.The experimental results show that the proposed method can achieve state-of-the-art accuracy and spend less training time than other existing methods.
基金supported by The National Basic Research Program of China(973 program)(2012CB315905)The National Natural Science Foundation of China(61272501,61370190,61003214)The Natural Science Foundation of Beijing(4132056).
文摘SIN(Space Information Network)is expected to play an increasing role in providing real-time,flexible,and integrated communication and data transmission services in an efficient manner.Nowadays,SIN has been widely developed for position navigation,environment monitor,traffic management,counter-terrorism,etc.However,security is a major concern in SIN,since the satellites,spacecrafts,and aircrafts are susceptible to a variety of traditional/specific network-based attacks,including eavesdropping,session hijacking,and illegal accessing.The network architecture and security issues of SIN were reviewed.Various security requirements were discussed that should be considered when designing SIN.And existing solutions proposed to meet these requirements were surveyed.The key challenges and key technologies that still require extensive research and development for securing SIN were indentifed.
