Accurate time synchronization is fundamental to the correct and efficient operation of Wireless Sensor Networks(WSNs),especially in security-critical,time-sensitive applications.However,most existing protocols degrade...Accurate time synchronization is fundamental to the correct and efficient operation of Wireless Sensor Networks(WSNs),especially in security-critical,time-sensitive applications.However,most existing protocols degrade substantially under malicious interference.We introduce iSTSP,an Intelligent and Secure Time Synchronization Protocol that implements a four-stage defense pipeline to ensure robust,precise synchronization even in hostile environments:(1)trust preprocessing that filters node participation using behavioral trust scoring;(2)anomaly isolation employing a lightweight autoencoder to detect and excise malicious nodes in real time;(3)reliability-weighted consensus that prioritizes high-trust nodes during time aggregation;and(4)convergence-optimized synchronization that dynamically adjusts parameters using theoretical stability bounds.We provide rigorous convergence analysis including a closed-form expression for convergence time,and validate the protocol through both simulations and realworld experiments on a controlled 16-node testbed.Under Sybil attacks with five malicious nodes within this testbed,iSTSP maintains synchronization error increases under 12%and achieves a rapid convergence.Compared to state-ofthe-art protocols like TPSN,SE-FTSP,and MMAR-CTS,iSTSP offers 60%faster detection,broader threat coverage,and more than 7 times lower synchronization error,with a modest 9.3%energy overhead over 8 h.We argue this is an acceptable trade-off for mission-critical deployments requiring guaranteed security.These findings demonstrate iSTSP’s potential as a reliable solution for secure WSN synchronization and motivate future work on large-scale IoT deployments and integration with energy-efficient communication protocols.展开更多
As an important component of internet of things, electronic product code (EPC) system is widely used in many areas. However, the mass deployment of EPC system is frequently degraded by security and privacy problems....As an important component of internet of things, electronic product code (EPC) system is widely used in many areas. However, the mass deployment of EPC system is frequently degraded by security and privacy problems. Therefore, the major researches focus on the design of a secure EPC system with high efficiency. This paper discusses the security requirements of EPC system and presents a universal composable (UC) model for EPC system, the ideal functionality of EPC system is also formally defined with the UC framework. Then a secure protocol for EPC system under UC framework is proposed and the analysis of security and performance of the proposed protocol is given, in comparison with other protocols, the results show that the proposed protocol is UC secure and can provide privacy protection, untraceability, authorized access, anonymity and concurrent security for EPC system. Furthermore, less computation and storage resource are required by the proposed protocol.展开更多
According to the security requirement of the short message service (SMS) industry application, a secure short message communication protocol is proposed. This is an application level protocol constructed on the stan...According to the security requirement of the short message service (SMS) industry application, a secure short message communication protocol is proposed. This is an application level protocol constructed on the standard SMS communication protocol using public key authentication and key agreement without the need of wireless public key infrastructure (WPKI). Secure short message transmission and dynamic key agreement between mobile terminals and the accessing gateway axe realized. The security of the proposed protocol is validated through the BAN logic. Compared with the standard SMS protocol, the effective payload rate of our protocol can reach 91.4%, and subscriber identity module (SIM) tool kit (STK) applications based on our protocol suit well for all kinds of mobile terminals in practical application.展开更多
Efficiency and scalability are still the bottleneck for secure multi-party computation geometry (SMCG). In this work a secure planar convex hull (SPCH) protocol for large-scaled point sets in semi-honest model has...Efficiency and scalability are still the bottleneck for secure multi-party computation geometry (SMCG). In this work a secure planar convex hull (SPCH) protocol for large-scaled point sets in semi-honest model has been proposed efficiently to solve the above problems. Firstly, a novel priva- cy-preserving point-inclusion (PPPI) protocol is designed based on the classic homomorphic encryp- tion and secure cross product protocol, and it is demonstrated that the complexity of PPPI protocol is independent of the vertex size of the input convex hull. And then on the basis of the novel PPPI pro- tocol, an effective SPCH protocol is presented. Analysis shows that this SPCH protocol has a good performance for large-scaled point sets compared with previous solutions. Moreover, analysis finds that the complexity of our SPCH protocol relies on the size of the points on the outermost layer of the input point sets only.展开更多
Based on the deterministic secure quantum communication, we present a novel quantum dialogue protocol with- out information leakage over the collective noise channel. The logical qubits and four-qubit decoherence-free...Based on the deterministic secure quantum communication, we present a novel quantum dialogue protocol with- out information leakage over the collective noise channel. The logical qubits and four-qubit decoherence-free states are introduced for resisting against collective-dephasing noise, collective-rotation noise and all kinds of unitary collective noise, respectively. Compared with the existing similar protocols, the analyses on security and information-theoretical emciency show that the proposed protocol is more secure and emeient.展开更多
Electronic auctions(e-auctions)remove the physical limitations of traditional auctions and bring this mechanism to the general public.However,most e-auction schemes involve a trusted auctioneer,which is not always cre...Electronic auctions(e-auctions)remove the physical limitations of traditional auctions and bring this mechanism to the general public.However,most e-auction schemes involve a trusted auctioneer,which is not always credible in practice.Some studies have applied cryptography tools to solve this problem by distributing trust,but they ignore the existence of collusion.In this paper,a blockchain-based Privacy-Preserving and Collusion-Resistant scheme(PPCR)for double auctions is proposed by employing both cryptography and blockchain technology,which is the first decentralized and collusion-resistant double auction scheme that guarantees bidder anonymity and bid privacy.A two-server-based auction framework is designed to support off-chain allocation with privacy preservation and on-chain dispute resolution for collusion resistance.A Dispute Resolution agreement(DR)is provided to the auctioneer to prove that they have conducted the auction correctly and the result is fair and correct.In addition,a Concise Dispute Resolution protocol(CDR)is designed to handle situations where the number of accused winners is small,significantly reducing the computation cost of dispute resolution.Extensive experimental results confirm that PPCR can indeed achieve efficient collusion resistance and verifiability of auction results with low on-chain and off-chain computational overhead.展开更多
Modem information technology has been utilized progressively to store and distribute a large amount of healthcare data to reduce costs and improve medical facilities.In this context,the emergence of e-Health clouds of...Modem information technology has been utilized progressively to store and distribute a large amount of healthcare data to reduce costs and improve medical facilities.In this context,the emergence of e-Health clouds offers novel opportunities,like easy and remote accessibility of medical data.However,this achievement produces plenty of new risks and challenges like how to provide integrity,security,and confidentiality to the highly susceptible e-Health data.Among these challenges,authentication is a major issue that ensures that the susceptible medical data in clouds is not available to illegal participants.The smart card,password and biometrics are three factors of authentication which fulfill the requirement of giving high security.Numerous three-factor ECC-based authentication protocols on e-Health clouds have been presented so far.However,most of the protocols have serious security flaws and produce high computation and communication overheads.Therefore,we introduce a novel protocol for the e-Health cloud,which thwarts some major attacks,such as user anonymity,offline password guessing,impersonation,and stolen smart card attacks.Moreover,we evaluate our protocol through formal security analysis using the Random Oracle Model(ROM).The analysis shows that our proposed protocol is more efficient than many existing protocols in terms of computation and communication costs.Thus,our proposed protocol is proved to be more efficient,robust and secure.展开更多
In order to transmit the secure messages,a deterministic secure quantum direct communication protocol,called the "Ping-pong"protocol was proposed by Bostrm and Felbinger [Phys.Rev.Lett.89,187902(2002) ].But ...In order to transmit the secure messages,a deterministic secure quantum direct communication protocol,called the "Ping-pong"protocol was proposed by Bostrm and Felbinger [Phys.Rev.Lett.89,187902(2002) ].But the protocol was proved to have many vulnerabilities,and can be attacked by eavesdroppers.To overcome the problem,an improved security detection strategy which inserts the | 0〉,| 1〉,|+〉and |-〉particles into the messages as the decoy particles randomly in the"Ping-pong"protocol is presented.During the security analysis,the method of the entropy theory is introduced,and three detection strategies are compared quantitatively by using the constraint between the information which eavesdroppers can obtain and the interference introduced.Because of the presence of the trap particles |+〉and |-〉,the detection rate will be no less than 25% when Eve attacks the communication.The security analysis result shows that the efficiency of eavesdropping detection in the presented protocol is higher than the other two,so the detection strategy in the protocol can ensure that the "Ping-pong"protocol is more secure.展开更多
The single planar routing protocol has a slow convergence rate in the large-scale Wireless Sensor Network(WSN).Although the hierarchical routing protocol can effectively cope with large-scale application scenarios,how...The single planar routing protocol has a slow convergence rate in the large-scale Wireless Sensor Network(WSN).Although the hierarchical routing protocol can effectively cope with large-scale application scenarios,how to elect a secure cluster head and balance the network load becomes an enormous challenge.In this paper,a Trust Management-based and Low Energy Adaptive Clustering Hierarchy protocol(LEACH-TM)is proposed.In LEACH-TM,by using the number of dynamic decision cluster head nodes,residual energy and density of neighbor nodes,the size of the cluster can be better constrained to improve energy efficiency,and avoid excessive energy consumption of a node.Simultaneously,the trust management scheme is introduced into LEACH-TM to defend against internal attacks.The simulation results show that,compared with LEACH-SWDN protocol and LEACH protocol,LEACH-TM outperforms in prolonging the network lifetime and balancing the energy consumption,and can effectively mitigate the influence of malicious nodes on cluster head selection,which can greatiy guarantee the security of the overall network.展开更多
Ad-hoc networking has mainly been associated with military battlefield networks. Security has received considerably less attention and the issue needs to be addressed before any successful applications will appear. Du...Ad-hoc networking has mainly been associated with military battlefield networks. Security has received considerably less attention and the issue needs to be addressed before any successful applications will appear. Due to the insecure nature of the wireless link and their dynamically changing topology, wireless ad-hoc networks require a careful and security-oriented approach for designing routing protocols. In this paper, an AODV-based secure routing protocol- ENAODV is presented. A speed-optimized digital signature algorithm is integrated into the routing protocol. The protocol algorithm is implemented with NS-2. The security of the protocol is analyzed. The simulating results show that the performances of ENAODV protocol, such as average node energy consumption, packet delay and packet delivery is nearly the same as standard AODV protocol.展开更多
We present a model based on Computational Temporal Logic(CTL)methods forverifying security requirements of electronic commerce,protocols.The model describes formally theauthentication,confidentiality integrity,non-rep...We present a model based on Computational Temporal Logic(CTL)methods forverifying security requirements of electronic commerce,protocols.The model describes formally theauthentication,confidentiality integrity,non-repudiation denial of serviee and access control ofthe e-lectronic commerce protocols.We illustrate as case study a variant of the Lu-Smolka protocolproposed by Lu-Smolka Moreover,we have discovered two attacks that allow a dishonest user topurchase a good debiting the amountto another user.And also,we compared our work with relativeresearch works and found lhat the formal way of this paper is more general to specify securityprotocols for E-Commerce.展开更多
With the development of cloud computing technology,more and more data owners upload their local data to the public cloud server for storage and calculation.While this can save customers’operating costs,it also poses ...With the development of cloud computing technology,more and more data owners upload their local data to the public cloud server for storage and calculation.While this can save customers’operating costs,it also poses privacy and security challenges.Such challenges can be solved using secure multi-party computation(SMPC),but this still exposes more security issues.In cloud computing using SMPC,clients need to process their data and submit the processed data to the cloud server,which then performs the calculation and returns the results to each client.Each client and server must be honest.If there is cooperation or dishonest behavior between clients,some clients may profit from it or even disclose the private data of other clients.This paper proposes the SMPC based on a Partially-Homomorphic Encryption(PHE)scheme in which an addition homomorphic encryption algorithm with a lower computational cost is used to ensure data comparability and Zero-Knowledge Proof(ZKP)is used to limit the client’s malicious behavior.In addition,the introduction of Oblivious Transfer(OT)technology also ensures that the semi-honest cloud server knows nothing about private data,so that the cloud server of this scheme can calculate the correct data in the case of malicious participant models and safely return the calculation results to each client.Finally,the security analysis shows that the scheme not only ensures the privacy of participants,but also ensures the fairness of the comparison protocol data.展开更多
This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in d...This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in data networks has been increasing owing to the high cyber attacks and potential risks associated with networks spread over distant geographical locations. The MPLS networks ride on the public network backbone that is porous and highly susceptible to attacks and so the need for reliable security mechanisms to be part of the deployment plan. The evaluation criteria concentrated on Voice over Internet Protocol (VoIP) and Video conferencing with keen interest in jitter, end to end delivery and general data flow. This study used both structured questionnaire and observation methods. The structured questionnaire was administered to a group of 70 VPN users in a company. This provided the study with precise responses. The observation method was used in data simulations using OPNET Version 14.5 Simulation software. The results show that the IPSec features increase the size of data packets by approximately 9.98% translating into approximately 90.02% effectiveness. The tests showed that the performance metrics are all well within the recommended standards. The IPSec Based MPLS Virtual private network is more stable and secure than one without IPSec.展开更多
To analyze the security of two-step quantum direct communication protocol (QDCP) by using Einstein-Podolsky Rosen pair proposed by Deng et al. [Phys. Rev. A 68 (2003)042317] in collective-rotation noise channel, a...To analyze the security of two-step quantum direct communication protocol (QDCP) by using Einstein-Podolsky Rosen pair proposed by Deng et al. [Phys. Rev. A 68 (2003)042317] in collective-rotation noise channel, an excellent model of noise analysis is proposed. In the security analysis, the method of the entropy theory is introduced, and is compared with QDCP, an error rate point Qo(M : (Q0, 1.0)) is given. In different noise levels, if Eve wants to obtain the same amount of information, the error rate Q is distinguishable. The larger the noise level ~ is, the larger the error rate Q is. When the noise level ~ is lower than 11%, the high error rate is 0.153 without eavesdropping. Lastly, the security of the proposed protocol is discussed. It turns out that the quantum channel will be safe when Q 〈 0.153. Similarly, if error rate Q〉 0.153 = Q0, eavesdropping information I 〉 1, which means that there exist eavesdroppers in the quantum channel, and the quantum channel will not be safe anymore.展开更多
Satellite networks are recognized as the most essential communication infrastructures in the world today,which complement land networks and provide valuable services for their users.Extensive coverage and service stab...Satellite networks are recognized as the most essential communication infrastructures in the world today,which complement land networks and provide valuable services for their users.Extensive coverage and service stability of these networks have increased their popularity.Since eavesdropping and active intrusion in satellite communications are much easier than in terrestrial networks,securing satellite communications is vital.So far,several protocols have been proposed for authentication and key exchange of satellite communications,but none of them fullymeet the security requirements.In this paper,we examine one of these protocols and identify its security vulnerabilities.Moreover,we propose a robust and secure authentication and session key agreement protocol using the elliptic curve cryptography(ECC).We show that the proposed protocol meets common security requirements and is resistant to known security attacks.Moreover,we prove that the proposed scheme satisfies the security features using the Automated Validation of Internet Security Protocols and Applications(AVISPA)formal verification tool and On-the fly Model-Checker(OFMC)and ATtack SEarcher(ATSE)model checkers.We have also proved the security of the session key exchange of our protocol using theReal orRandom(RoR)model.Finally,the comparison of our scheme with similar methods shows its superiority.展开更多
Lightweight and safety are two essential features for large-scale application of radio frequency identification (RFID) tags. Based on the analysis of potential safety problem of RFID and the characteristics of exist...Lightweight and safety are two essential features for large-scale application of radio frequency identification (RFID) tags. Based on the analysis of potential safety problem of RFID and the characteristics of existing typical authentication protocol, a new low-cost RFID tags authentication protocol was proposed. The performance of the new protocol was analyzed. The results show that the protocol can resist replay attacks and concurrent attacks and has nontracking, authenticity, and service availability. In addition, the protocol can also reduce the storage of tags and computation burden to meet the application requirements of low-cost tags.展开更多
Denial of Service Distributed Denial of Service (DOS) attack, especially (DDoS) attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in ...Denial of Service Distributed Denial of Service (DOS) attack, especially (DDoS) attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in the behaviors of the network and can not deal with the problem exactly. In this paper, we start from the security of the protocol, then we propose a novel theory for security protocol analysis of Denial of Service in order to deal with the DoS attack. We first introduce the conception of weighted graph to extend the strand space model, then we extend the penetrator model and define the goal of anti-DoS attack through the conception of the DoS-stop protocol, finally we propose two kinds of DoS test model and erect the novel formal theory for security protocol analysis of Denial of Service. Our new formal theory is applied in two example protocols. It is proved that the Internet key exchange (IKE) easily suffers from the DoS attacks, and the efficient DoS- resistant secure key exchange protocol (JFK) is resistant against DoS attack for the server, respectively.展开更多
In this paper, we propose a partially non-cryptographic security routing protocol (PNCSR) that protects both routing and data forwarding operations through the same reactive approach. PNCSR only apply public-key cry...In this paper, we propose a partially non-cryptographic security routing protocol (PNCSR) that protects both routing and data forwarding operations through the same reactive approach. PNCSR only apply public-key cryptographic system in managing token, but it doesn't utilize any cryptographic primitives on the routing messages. In PNCSR, each node is fair. Local neighboring nodes collaboratively monitor each other and sustain each other. It also uses a novel credit strategy which additively increases the token lifetime each time a node renews its token. We also analyze the storage, computation, and communication overhead of PNCSR, and provide a simple yet meaningful overhead comparison. Finally, the simulation results show the effectiveness of PNCSR in various situations.展开更多
Internet voting protocols is the base of the Internet voting systems. In this paper a new practical Internet voting protocol is introduced. The proposed Internet voting protocol does not apply the strong physical assu...Internet voting protocols is the base of the Internet voting systems. In this paper a new practical Internet voting protocol is introduced. The proposed Internet voting protocol does not apply the strong physical assumptions and has the properties of privacy, completeness, soundness, fairness, invariableness, and universal verifiability, receipt-free and coercion-resistant. At the same time it solves some problems in other internet voting protocols and the verification progress of universal verifiability is simple and efficient.展开更多
Cloud computing becomes an important application development platform for processing user data with high security.Service providers are accustomed to providing storage centers outside the trusted location preferred by...Cloud computing becomes an important application development platform for processing user data with high security.Service providers are accustomed to providing storage centers outside the trusted location preferred by the data owner.Thus,ensuring the security and confidentiality of the data while processing in the centralized network is very difficult.The secured key transmission between the sender and the receiver in the network is a huge challenge in managing most of the sensitive data transmission among the cloud network.Intruders are very active over the network like real authenticated user to hack the personal sensitive data,such as bank balance,health data,personal data,and confidential documents over the cloud network.In this research,a secured key agreement between the sender and the receiver using Kerberos authentication protocol with fingerprint is proposed to ensure security in M-Healthcare.Conditions of patients are monitored using wireless sensor devices and are then transferred to the server.Kerberos protocol helps in avoiding unnecessary communication of authenticated data over the cloud network.Biometric security process is a procedure with the best security in most of the authentication field.Trust node is responsible in carrying data packets from the sender to the receiver in the cloud network.The Kerberos protocol is used in trust node to ensure security.Secured communication between the local health center and the healthcare server is ensured by using a fingerprint feature called minutiae form,which refers to the fingerprint image of both sender and receiver.The computational and communicational cost of the proposed system is lesser when compared with other existing authentication methods.展开更多
基金this project under Geran Putra Inisiatif(GPI)with reference of GP-GPI/2023/976210。
文摘Accurate time synchronization is fundamental to the correct and efficient operation of Wireless Sensor Networks(WSNs),especially in security-critical,time-sensitive applications.However,most existing protocols degrade substantially under malicious interference.We introduce iSTSP,an Intelligent and Secure Time Synchronization Protocol that implements a four-stage defense pipeline to ensure robust,precise synchronization even in hostile environments:(1)trust preprocessing that filters node participation using behavioral trust scoring;(2)anomaly isolation employing a lightweight autoencoder to detect and excise malicious nodes in real time;(3)reliability-weighted consensus that prioritizes high-trust nodes during time aggregation;and(4)convergence-optimized synchronization that dynamically adjusts parameters using theoretical stability bounds.We provide rigorous convergence analysis including a closed-form expression for convergence time,and validate the protocol through both simulations and realworld experiments on a controlled 16-node testbed.Under Sybil attacks with five malicious nodes within this testbed,iSTSP maintains synchronization error increases under 12%and achieves a rapid convergence.Compared to state-ofthe-art protocols like TPSN,SE-FTSP,and MMAR-CTS,iSTSP offers 60%faster detection,broader threat coverage,and more than 7 times lower synchronization error,with a modest 9.3%energy overhead over 8 h.We argue this is an acceptable trade-off for mission-critical deployments requiring guaranteed security.These findings demonstrate iSTSP’s potential as a reliable solution for secure WSN synchronization and motivate future work on large-scale IoT deployments and integration with energy-efficient communication protocols.
基金supported by the National Natural Science Foundation of China (60972077, 61121061)the Fundamental Research Funds for the Central Universities (BUPT2012RC0216)the National Science and technology key project(2010ZX03003-003-01)
文摘As an important component of internet of things, electronic product code (EPC) system is widely used in many areas. However, the mass deployment of EPC system is frequently degraded by security and privacy problems. Therefore, the major researches focus on the design of a secure EPC system with high efficiency. This paper discusses the security requirements of EPC system and presents a universal composable (UC) model for EPC system, the ideal functionality of EPC system is also formally defined with the UC framework. Then a secure protocol for EPC system under UC framework is proposed and the analysis of security and performance of the proposed protocol is given, in comparison with other protocols, the results show that the proposed protocol is UC secure and can provide privacy protection, untraceability, authorized access, anonymity and concurrent security for EPC system. Furthermore, less computation and storage resource are required by the proposed protocol.
基金This work was supported by the Mobile Police Project of China(No.J1GAB23W013)National High Technology Research and Development Program of China(863 Program,No.2007AA01Z479).
文摘According to the security requirement of the short message service (SMS) industry application, a secure short message communication protocol is proposed. This is an application level protocol constructed on the standard SMS communication protocol using public key authentication and key agreement without the need of wireless public key infrastructure (WPKI). Secure short message transmission and dynamic key agreement between mobile terminals and the accessing gateway axe realized. The security of the proposed protocol is validated through the BAN logic. Compared with the standard SMS protocol, the effective payload rate of our protocol can reach 91.4%, and subscriber identity module (SIM) tool kit (STK) applications based on our protocol suit well for all kinds of mobile terminals in practical application.
基金Supported by the Young Scientists Program of CUEB(No.2014XJQ016,00791462722337)National Natural Science Foundation of China(No.61302087)+1 种基金Young Scientific Research Starting Foundation of CUEBImprove Scientific Research Foundation of Beijing Education
文摘Efficiency and scalability are still the bottleneck for secure multi-party computation geometry (SMCG). In this work a secure planar convex hull (SPCH) protocol for large-scaled point sets in semi-honest model has been proposed efficiently to solve the above problems. Firstly, a novel priva- cy-preserving point-inclusion (PPPI) protocol is designed based on the classic homomorphic encryp- tion and secure cross product protocol, and it is demonstrated that the complexity of PPPI protocol is independent of the vertex size of the input convex hull. And then on the basis of the novel PPPI pro- tocol, an effective SPCH protocol is presented. Analysis shows that this SPCH protocol has a good performance for large-scaled point sets compared with previous solutions. Moreover, analysis finds that the complexity of our SPCH protocol relies on the size of the points on the outermost layer of the input point sets only.
基金Supported by the Foundation and Frontier Research Program of Chongqing Science and Technology Commission of China under Grant No cstc2016jcyjA0571
文摘Based on the deterministic secure quantum communication, we present a novel quantum dialogue protocol with- out information leakage over the collective noise channel. The logical qubits and four-qubit decoherence-free states are introduced for resisting against collective-dephasing noise, collective-rotation noise and all kinds of unitary collective noise, respectively. Compared with the existing similar protocols, the analyses on security and information-theoretical emciency show that the proposed protocol is more secure and emeient.
基金supported by the National Key R&D Program of China (No.2020YFB1005500)the Leading-edge Technology Program of Jiangsu Natural Science Foundation (No.BK20202001)+1 种基金the Fundamental Research Funds for the Central Universities (No.XJSJ23040)the Postdoctoral Science Foundation of Jiangsu Province (No.2021K596C)。
文摘Electronic auctions(e-auctions)remove the physical limitations of traditional auctions and bring this mechanism to the general public.However,most e-auction schemes involve a trusted auctioneer,which is not always credible in practice.Some studies have applied cryptography tools to solve this problem by distributing trust,but they ignore the existence of collusion.In this paper,a blockchain-based Privacy-Preserving and Collusion-Resistant scheme(PPCR)for double auctions is proposed by employing both cryptography and blockchain technology,which is the first decentralized and collusion-resistant double auction scheme that guarantees bidder anonymity and bid privacy.A two-server-based auction framework is designed to support off-chain allocation with privacy preservation and on-chain dispute resolution for collusion resistance.A Dispute Resolution agreement(DR)is provided to the auctioneer to prove that they have conducted the auction correctly and the result is fair and correct.In addition,a Concise Dispute Resolution protocol(CDR)is designed to handle situations where the number of accused winners is small,significantly reducing the computation cost of dispute resolution.Extensive experimental results confirm that PPCR can indeed achieve efficient collusion resistance and verifiability of auction results with low on-chain and off-chain computational overhead.
文摘Modem information technology has been utilized progressively to store and distribute a large amount of healthcare data to reduce costs and improve medical facilities.In this context,the emergence of e-Health clouds offers novel opportunities,like easy and remote accessibility of medical data.However,this achievement produces plenty of new risks and challenges like how to provide integrity,security,and confidentiality to the highly susceptible e-Health data.Among these challenges,authentication is a major issue that ensures that the susceptible medical data in clouds is not available to illegal participants.The smart card,password and biometrics are three factors of authentication which fulfill the requirement of giving high security.Numerous three-factor ECC-based authentication protocols on e-Health clouds have been presented so far.However,most of the protocols have serious security flaws and produce high computation and communication overheads.Therefore,we introduce a novel protocol for the e-Health cloud,which thwarts some major attacks,such as user anonymity,offline password guessing,impersonation,and stolen smart card attacks.Moreover,we evaluate our protocol through formal security analysis using the Random Oracle Model(ROM).The analysis shows that our proposed protocol is more efficient than many existing protocols in terms of computation and communication costs.Thus,our proposed protocol is proved to be more efficient,robust and secure.
基金supported by Specialized Research Fund for the Doctoral Program of Higher Education of China under Grant No.20060013007National Natural Science Foundation of Beijing under Grant No.4092029National Natural Science Foundation of China under Grant No.60873001
文摘In order to transmit the secure messages,a deterministic secure quantum direct communication protocol,called the "Ping-pong"protocol was proposed by Bostrm and Felbinger [Phys.Rev.Lett.89,187902(2002) ].But the protocol was proved to have many vulnerabilities,and can be attacked by eavesdroppers.To overcome the problem,an improved security detection strategy which inserts the | 0〉,| 1〉,|+〉and |-〉particles into the messages as the decoy particles randomly in the"Ping-pong"protocol is presented.During the security analysis,the method of the entropy theory is introduced,and three detection strategies are compared quantitatively by using the constraint between the information which eavesdroppers can obtain and the interference introduced.Because of the presence of the trap particles |+〉and |-〉,the detection rate will be no less than 25% when Eve attacks the communication.The security analysis result shows that the efficiency of eavesdropping detection in the presented protocol is higher than the other two,so the detection strategy in the protocol can ensure that the "Ping-pong"protocol is more secure.
基金supported by the National Natural Science Foundation of China(Grant No.61571303,No.61571004)the Shanghai Natural Science Foundation(Grant No.21ZR1461700)+3 种基金the Shanghai Sailing Program(Grant No.19YF1455800)the National Science and Technology Major Project of China(No.2018ZX03001031)the Fundamental Research Funds for State Key Laboratory of Synthetical Automation for Process Industries(Grant No.PAL-N201703)the National Key Research and Development Program of China-Internet of Things and Smart City Key Program(No.2019YFB2101600,NO.2019YFB2101602,No.2019YFB2101602-03).
文摘The single planar routing protocol has a slow convergence rate in the large-scale Wireless Sensor Network(WSN).Although the hierarchical routing protocol can effectively cope with large-scale application scenarios,how to elect a secure cluster head and balance the network load becomes an enormous challenge.In this paper,a Trust Management-based and Low Energy Adaptive Clustering Hierarchy protocol(LEACH-TM)is proposed.In LEACH-TM,by using the number of dynamic decision cluster head nodes,residual energy and density of neighbor nodes,the size of the cluster can be better constrained to improve energy efficiency,and avoid excessive energy consumption of a node.Simultaneously,the trust management scheme is introduced into LEACH-TM to defend against internal attacks.The simulation results show that,compared with LEACH-SWDN protocol and LEACH protocol,LEACH-TM outperforms in prolonging the network lifetime and balancing the energy consumption,and can effectively mitigate the influence of malicious nodes on cluster head selection,which can greatiy guarantee the security of the overall network.
基金This work was supported by China Nature Science Fund .Serial No.60073059and60273078
文摘Ad-hoc networking has mainly been associated with military battlefield networks. Security has received considerably less attention and the issue needs to be addressed before any successful applications will appear. Due to the insecure nature of the wireless link and their dynamically changing topology, wireless ad-hoc networks require a careful and security-oriented approach for designing routing protocols. In this paper, an AODV-based secure routing protocol- ENAODV is presented. A speed-optimized digital signature algorithm is integrated into the routing protocol. The protocol algorithm is implemented with NS-2. The security of the protocol is analyzed. The simulating results show that the performances of ENAODV protocol, such as average node energy consumption, packet delay and packet delivery is nearly the same as standard AODV protocol.
基金Supported by the Natural Science Foundation ofthe Department of Education of Guangdong Province(Z03001)
文摘We present a model based on Computational Temporal Logic(CTL)methods forverifying security requirements of electronic commerce,protocols.The model describes formally theauthentication,confidentiality integrity,non-repudiation denial of serviee and access control ofthe e-lectronic commerce protocols.We illustrate as case study a variant of the Lu-Smolka protocolproposed by Lu-Smolka Moreover,we have discovered two attacks that allow a dishonest user topurchase a good debiting the amountto another user.And also,we compared our work with relativeresearch works and found lhat the formal way of this paper is more general to specify securityprotocols for E-Commerce.
基金supported by the National Natural Science Foundation of China under Grant No.(62202118.61962009)And in part by Natural Science Foundation of Shandong Province(ZR2021MF086)+1 种基金And in part by Top Technology Talent Project from Guizhou Education Department(Qian jiao ji[2022]073)And in part by Foundation of Guangxi Key Laboratory of Cryptography and Information Security(GCIS202118).
文摘With the development of cloud computing technology,more and more data owners upload their local data to the public cloud server for storage and calculation.While this can save customers’operating costs,it also poses privacy and security challenges.Such challenges can be solved using secure multi-party computation(SMPC),but this still exposes more security issues.In cloud computing using SMPC,clients need to process their data and submit the processed data to the cloud server,which then performs the calculation and returns the results to each client.Each client and server must be honest.If there is cooperation or dishonest behavior between clients,some clients may profit from it or even disclose the private data of other clients.This paper proposes the SMPC based on a Partially-Homomorphic Encryption(PHE)scheme in which an addition homomorphic encryption algorithm with a lower computational cost is used to ensure data comparability and Zero-Knowledge Proof(ZKP)is used to limit the client’s malicious behavior.In addition,the introduction of Oblivious Transfer(OT)technology also ensures that the semi-honest cloud server knows nothing about private data,so that the cloud server of this scheme can calculate the correct data in the case of malicious participant models and safely return the calculation results to each client.Finally,the security analysis shows that the scheme not only ensures the privacy of participants,but also ensures the fairness of the comparison protocol data.
文摘This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in data networks has been increasing owing to the high cyber attacks and potential risks associated with networks spread over distant geographical locations. The MPLS networks ride on the public network backbone that is porous and highly susceptible to attacks and so the need for reliable security mechanisms to be part of the deployment plan. The evaluation criteria concentrated on Voice over Internet Protocol (VoIP) and Video conferencing with keen interest in jitter, end to end delivery and general data flow. This study used both structured questionnaire and observation methods. The structured questionnaire was administered to a group of 70 VPN users in a company. This provided the study with precise responses. The observation method was used in data simulations using OPNET Version 14.5 Simulation software. The results show that the IPSec features increase the size of data packets by approximately 9.98% translating into approximately 90.02% effectiveness. The tests showed that the performance metrics are all well within the recommended standards. The IPSec Based MPLS Virtual private network is more stable and secure than one without IPSec.
基金Supported by the National Natural Science Foundation of China under Grant Nos 61472048,61402058,61272511,61472046,61202082 and 61370194the Beijing Natural Science Foundation under Grant No 4152038the China Postdoctoral Science Foundation Funded Project under Grant No 2014M561826
文摘To analyze the security of two-step quantum direct communication protocol (QDCP) by using Einstein-Podolsky Rosen pair proposed by Deng et al. [Phys. Rev. A 68 (2003)042317] in collective-rotation noise channel, an excellent model of noise analysis is proposed. In the security analysis, the method of the entropy theory is introduced, and is compared with QDCP, an error rate point Qo(M : (Q0, 1.0)) is given. In different noise levels, if Eve wants to obtain the same amount of information, the error rate Q is distinguishable. The larger the noise level ~ is, the larger the error rate Q is. When the noise level ~ is lower than 11%, the high error rate is 0.153 without eavesdropping. Lastly, the security of the proposed protocol is discussed. It turns out that the quantum channel will be safe when Q 〈 0.153. Similarly, if error rate Q〉 0.153 = Q0, eavesdropping information I 〉 1, which means that there exist eavesdroppers in the quantum channel, and the quantum channel will not be safe anymore.
文摘Satellite networks are recognized as the most essential communication infrastructures in the world today,which complement land networks and provide valuable services for their users.Extensive coverage and service stability of these networks have increased their popularity.Since eavesdropping and active intrusion in satellite communications are much easier than in terrestrial networks,securing satellite communications is vital.So far,several protocols have been proposed for authentication and key exchange of satellite communications,but none of them fullymeet the security requirements.In this paper,we examine one of these protocols and identify its security vulnerabilities.Moreover,we propose a robust and secure authentication and session key agreement protocol using the elliptic curve cryptography(ECC).We show that the proposed protocol meets common security requirements and is resistant to known security attacks.Moreover,we prove that the proposed scheme satisfies the security features using the Automated Validation of Internet Security Protocols and Applications(AVISPA)formal verification tool and On-the fly Model-Checker(OFMC)and ATtack SEarcher(ATSE)model checkers.We have also proved the security of the session key exchange of our protocol using theReal orRandom(RoR)model.Finally,the comparison of our scheme with similar methods shows its superiority.
基金Supported by the Natural Science Foundation of China(6097011561003268)
文摘Lightweight and safety are two essential features for large-scale application of radio frequency identification (RFID) tags. Based on the analysis of potential safety problem of RFID and the characteristics of existing typical authentication protocol, a new low-cost RFID tags authentication protocol was proposed. The performance of the new protocol was analyzed. The results show that the protocol can resist replay attacks and concurrent attacks and has nontracking, authenticity, and service availability. In addition, the protocol can also reduce the storage of tags and computation burden to meet the application requirements of low-cost tags.
基金This work is supported by National Natural Science Foundation of China under contract 60902008.
文摘Denial of Service Distributed Denial of Service (DOS) attack, especially (DDoS) attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in the behaviors of the network and can not deal with the problem exactly. In this paper, we start from the security of the protocol, then we propose a novel theory for security protocol analysis of Denial of Service in order to deal with the DoS attack. We first introduce the conception of weighted graph to extend the strand space model, then we extend the penetrator model and define the goal of anti-DoS attack through the conception of the DoS-stop protocol, finally we propose two kinds of DoS test model and erect the novel formal theory for security protocol analysis of Denial of Service. Our new formal theory is applied in two example protocols. It is proved that the Internet key exchange (IKE) easily suffers from the DoS attacks, and the efficient DoS- resistant secure key exchange protocol (JFK) is resistant against DoS attack for the server, respectively.
基金Supported bythe National Natural Science Foundationof China (60403027)
文摘In this paper, we propose a partially non-cryptographic security routing protocol (PNCSR) that protects both routing and data forwarding operations through the same reactive approach. PNCSR only apply public-key cryptographic system in managing token, but it doesn't utilize any cryptographic primitives on the routing messages. In PNCSR, each node is fair. Local neighboring nodes collaboratively monitor each other and sustain each other. It also uses a novel credit strategy which additively increases the token lifetime each time a node renews its token. We also analyze the storage, computation, and communication overhead of PNCSR, and provide a simple yet meaningful overhead comparison. Finally, the simulation results show the effectiveness of PNCSR in various situations.
基金Supported by the National Natural Science Foundation of China (60373087,60473023)
文摘Internet voting protocols is the base of the Internet voting systems. In this paper a new practical Internet voting protocol is introduced. The proposed Internet voting protocol does not apply the strong physical assumptions and has the properties of privacy, completeness, soundness, fairness, invariableness, and universal verifiability, receipt-free and coercion-resistant. At the same time it solves some problems in other internet voting protocols and the verification progress of universal verifiability is simple and efficient.
文摘Cloud computing becomes an important application development platform for processing user data with high security.Service providers are accustomed to providing storage centers outside the trusted location preferred by the data owner.Thus,ensuring the security and confidentiality of the data while processing in the centralized network is very difficult.The secured key transmission between the sender and the receiver in the network is a huge challenge in managing most of the sensitive data transmission among the cloud network.Intruders are very active over the network like real authenticated user to hack the personal sensitive data,such as bank balance,health data,personal data,and confidential documents over the cloud network.In this research,a secured key agreement between the sender and the receiver using Kerberos authentication protocol with fingerprint is proposed to ensure security in M-Healthcare.Conditions of patients are monitored using wireless sensor devices and are then transferred to the server.Kerberos protocol helps in avoiding unnecessary communication of authenticated data over the cloud network.Biometric security process is a procedure with the best security in most of the authentication field.Trust node is responsible in carrying data packets from the sender to the receiver in the cloud network.The Kerberos protocol is used in trust node to ensure security.Secured communication between the local health center and the healthcare server is ensured by using a fingerprint feature called minutiae form,which refers to the fingerprint image of both sender and receiver.The computational and communicational cost of the proposed system is lesser when compared with other existing authentication methods.
