We present a model based on Computational Temporal Logic(CTL)methods forverifying security requirements of electronic commerce,protocols.The model describes formally theauthentication,confidentiality integrity,non-rep...We present a model based on Computational Temporal Logic(CTL)methods forverifying security requirements of electronic commerce,protocols.The model describes formally theauthentication,confidentiality integrity,non-repudiation denial of serviee and access control ofthe e-lectronic commerce protocols.We illustrate as case study a variant of the Lu-Smolka protocolproposed by Lu-Smolka Moreover,we have discovered two attacks that allow a dishonest user topurchase a good debiting the amountto another user.And also,we compared our work with relativeresearch works and found lhat the formal way of this paper is more general to specify securityprotocols for E-Commerce.展开更多
Denial of Service Distributed Denial of Service (DOS) attack, especially (DDoS) attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in ...Denial of Service Distributed Denial of Service (DOS) attack, especially (DDoS) attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in the behaviors of the network and can not deal with the problem exactly. In this paper, we start from the security of the protocol, then we propose a novel theory for security protocol analysis of Denial of Service in order to deal with the DoS attack. We first introduce the conception of weighted graph to extend the strand space model, then we extend the penetrator model and define the goal of anti-DoS attack through the conception of the DoS-stop protocol, finally we propose two kinds of DoS test model and erect the novel formal theory for security protocol analysis of Denial of Service. Our new formal theory is applied in two example protocols. It is proved that the Internet key exchange (IKE) easily suffers from the DoS attacks, and the efficient DoS- resistant secure key exchange protocol (JFK) is resistant against DoS attack for the server, respectively.展开更多
Accurate time synchronization is fundamental to the correct and efficient operation of Wireless Sensor Networks(WSNs),especially in security-critical,time-sensitive applications.However,most existing protocols degrade...Accurate time synchronization is fundamental to the correct and efficient operation of Wireless Sensor Networks(WSNs),especially in security-critical,time-sensitive applications.However,most existing protocols degrade substantially under malicious interference.We introduce iSTSP,an Intelligent and Secure Time Synchronization Protocol that implements a four-stage defense pipeline to ensure robust,precise synchronization even in hostile environments:(1)trust preprocessing that filters node participation using behavioral trust scoring;(2)anomaly isolation employing a lightweight autoencoder to detect and excise malicious nodes in real time;(3)reliability-weighted consensus that prioritizes high-trust nodes during time aggregation;and(4)convergence-optimized synchronization that dynamically adjusts parameters using theoretical stability bounds.We provide rigorous convergence analysis including a closed-form expression for convergence time,and validate the protocol through both simulations and realworld experiments on a controlled 16-node testbed.Under Sybil attacks with five malicious nodes within this testbed,iSTSP maintains synchronization error increases under 12%and achieves a rapid convergence.Compared to state-ofthe-art protocols like TPSN,SE-FTSP,and MMAR-CTS,iSTSP offers 60%faster detection,broader threat coverage,and more than 7 times lower synchronization error,with a modest 9.3%energy overhead over 8 h.We argue this is an acceptable trade-off for mission-critical deployments requiring guaranteed security.These findings demonstrate iSTSP’s potential as a reliable solution for secure WSN synchronization and motivate future work on large-scale IoT deployments and integration with energy-efficient communication protocols.展开更多
In this paper, a general framework for designing and analyzing password-based security protocols is presented. First we introduce the concept of "weak computational indistinguishability" based on current progress of...In this paper, a general framework for designing and analyzing password-based security protocols is presented. First we introduce the concept of "weak computational indistinguishability" based on current progress of password-based security protocols. Then, we focus on cryptographic foundations for password-based security protocols, i.e., the theory of "weak pseudorandomness". Furthermore, based on the theory of weak pseudorandomness, we present a modular approach to design and analysis of password-based security protocols. Finally, applying the modular approach, we design two kinds of password-based security protocols, i.e., password-based session key distribution (PSKD) protocol and protected password change (PPC) protocol. In addition to having forward secrecy and improved efficiency, new protocols are proved secure.展开更多
Traditional control does not pay much attention to information security problems in system identification enough, which are important in practical applications. This paper focuses on the security problem of input info...Traditional control does not pay much attention to information security problems in system identification enough, which are important in practical applications. This paper focuses on the security problem of input information in a class of system identification problems with noise and binary-valued observations, presents a cryptography based security protocol, and improves it in the range of allowed errors. During solving the identification problem, the improved security protocol can ensure that the input information is not leaked, and thus, can deal with passive attacks effectively. Besides, a quantitative relationship among the input information, the public key in encryption and the number of partieipailts in the improved protocol is shown. Finally, the simulation results show that, the identification algorithm can still achieve the estimation accuracy by adding the improved security protocol. However, compared with the original identification algorithm, the time complexity of the algorithm with the improved security protocol increases.展开更多
Security protocols play more and more important roles with wide use in many applications nowadays. Cur- rently, there are many tools for specifying and verifying secu- rity protocols such as Casper/FDR, ProVerif, or A...Security protocols play more and more important roles with wide use in many applications nowadays. Cur- rently, there are many tools for specifying and verifying secu- rity protocols such as Casper/FDR, ProVerif, or AVISPA. In these tools, the intruder's ability, which either needs to be specified explicitly or set by default, is not flexible in some circumstances. Moreover, whereas most of the existing tools focus on secrecy and authentication properties, few supports privacy properties like anonymity, receipt freeness, and coer- cion resistance, which are crucial in many applications such as in electronic voting systems or anonymous online transac- tions. In this paper, we introduce a framework for specifying security protocols in the labeled transition system (LTS) se- mantics model, which embeds the knowledge of the par- ticipants and parameterizes the ability of an attacker. Us- ing this model, we give the formal definitions for three types of privacy properties based on trace equivalence and knowledge reasoning. The formal definitions for some other security properties, such as secrecy and authentica- tion, are introduced under this framework, and the veri- fication algorithms are also given. The results of this pa- per are embodied in the implementation of a SeVe mod- ule in a process analysis toolkit (PAT) model checker, which supports specifying, simulating, and verifying se- curity protocols. The experimental results show that a SeVe module is capable of verifying many types of secu- rity protocols and complements the state-of-the-art securityverifiers in several aspects. Moreover, it also proves the abil- ity in building an automatic verifier for security protocols re- lated to privacy type, which are mostly verified by hand now.展开更多
Lightweight and safety are two essential features for large-scale application of radio frequency identification (RFID) tags. Based on the analysis of potential safety problem of RFID and the characteristics of exist...Lightweight and safety are two essential features for large-scale application of radio frequency identification (RFID) tags. Based on the analysis of potential safety problem of RFID and the characteristics of existing typical authentication protocol, a new low-cost RFID tags authentication protocol was proposed. The performance of the new protocol was analyzed. The results show that the protocol can resist replay attacks and concurrent attacks and has nontracking, authenticity, and service availability. In addition, the protocol can also reduce the storage of tags and computation burden to meet the application requirements of low-cost tags.展开更多
In order to transmit the secure messages,a deterministic secure quantum direct communication protocol,called the "Ping-pong"protocol was proposed by Bostrm and Felbinger [Phys.Rev.Lett.89,187902(2002) ].But ...In order to transmit the secure messages,a deterministic secure quantum direct communication protocol,called the "Ping-pong"protocol was proposed by Bostrm and Felbinger [Phys.Rev.Lett.89,187902(2002) ].But the protocol was proved to have many vulnerabilities,and can be attacked by eavesdroppers.To overcome the problem,an improved security detection strategy which inserts the | 0〉,| 1〉,|+〉and |-〉particles into the messages as the decoy particles randomly in the"Ping-pong"protocol is presented.During the security analysis,the method of the entropy theory is introduced,and three detection strategies are compared quantitatively by using the constraint between the information which eavesdroppers can obtain and the interference introduced.Because of the presence of the trap particles |+〉and |-〉,the detection rate will be no less than 25% when Eve attacks the communication.The security analysis result shows that the efficiency of eavesdropping detection in the presented protocol is higher than the other two,so the detection strategy in the protocol can ensure that the "Ping-pong"protocol is more secure.展开更多
Ad-hoc networking has mainly been associated with military battlefield networks. Security has received considerably less attention and the issue needs to be addressed before any successful applications will appear. Du...Ad-hoc networking has mainly been associated with military battlefield networks. Security has received considerably less attention and the issue needs to be addressed before any successful applications will appear. Due to the insecure nature of the wireless link and their dynamically changing topology, wireless ad-hoc networks require a careful and security-oriented approach for designing routing protocols. In this paper, an AODV-based secure routing protocol- ENAODV is presented. A speed-optimized digital signature algorithm is integrated into the routing protocol. The protocol algorithm is implemented with NS-2. The security of the protocol is analyzed. The simulating results show that the performances of ENAODV protocol, such as average node energy consumption, packet delay and packet delivery is nearly the same as standard AODV protocol.展开更多
With the development of cloud computing technology,more and more data owners upload their local data to the public cloud server for storage and calculation.While this can save customers’operating costs,it also poses ...With the development of cloud computing technology,more and more data owners upload their local data to the public cloud server for storage and calculation.While this can save customers’operating costs,it also poses privacy and security challenges.Such challenges can be solved using secure multi-party computation(SMPC),but this still exposes more security issues.In cloud computing using SMPC,clients need to process their data and submit the processed data to the cloud server,which then performs the calculation and returns the results to each client.Each client and server must be honest.If there is cooperation or dishonest behavior between clients,some clients may profit from it or even disclose the private data of other clients.This paper proposes the SMPC based on a Partially-Homomorphic Encryption(PHE)scheme in which an addition homomorphic encryption algorithm with a lower computational cost is used to ensure data comparability and Zero-Knowledge Proof(ZKP)is used to limit the client’s malicious behavior.In addition,the introduction of Oblivious Transfer(OT)technology also ensures that the semi-honest cloud server knows nothing about private data,so that the cloud server of this scheme can calculate the correct data in the case of malicious participant models and safely return the calculation results to each client.Finally,the security analysis shows that the scheme not only ensures the privacy of participants,but also ensures the fairness of the comparison protocol data.展开更多
This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in d...This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in data networks has been increasing owing to the high cyber attacks and potential risks associated with networks spread over distant geographical locations. The MPLS networks ride on the public network backbone that is porous and highly susceptible to attacks and so the need for reliable security mechanisms to be part of the deployment plan. The evaluation criteria concentrated on Voice over Internet Protocol (VoIP) and Video conferencing with keen interest in jitter, end to end delivery and general data flow. This study used both structured questionnaire and observation methods. The structured questionnaire was administered to a group of 70 VPN users in a company. This provided the study with precise responses. The observation method was used in data simulations using OPNET Version 14.5 Simulation software. The results show that the IPSec features increase the size of data packets by approximately 9.98% translating into approximately 90.02% effectiveness. The tests showed that the performance metrics are all well within the recommended standards. The IPSec Based MPLS Virtual private network is more stable and secure than one without IPSec.展开更多
To analyze the security of two-step quantum direct communication protocol (QDCP) by using Einstein-Podolsky Rosen pair proposed by Deng et al. [Phys. Rev. A 68 (2003)042317] in collective-rotation noise channel, a...To analyze the security of two-step quantum direct communication protocol (QDCP) by using Einstein-Podolsky Rosen pair proposed by Deng et al. [Phys. Rev. A 68 (2003)042317] in collective-rotation noise channel, an excellent model of noise analysis is proposed. In the security analysis, the method of the entropy theory is introduced, and is compared with QDCP, an error rate point Qo(M : (Q0, 1.0)) is given. In different noise levels, if Eve wants to obtain the same amount of information, the error rate Q is distinguishable. The larger the noise level ~ is, the larger the error rate Q is. When the noise level ~ is lower than 11%, the high error rate is 0.153 without eavesdropping. Lastly, the security of the proposed protocol is discussed. It turns out that the quantum channel will be safe when Q 〈 0.153. Similarly, if error rate Q〉 0.153 = Q0, eavesdropping information I 〉 1, which means that there exist eavesdroppers in the quantum channel, and the quantum channel will not be safe anymore.展开更多
In this paper, we propose a partially non-cryptographic security routing protocol (PNCSR) that protects both routing and data forwarding operations through the same reactive approach. PNCSR only apply public-key cry...In this paper, we propose a partially non-cryptographic security routing protocol (PNCSR) that protects both routing and data forwarding operations through the same reactive approach. PNCSR only apply public-key cryptographic system in managing token, but it doesn't utilize any cryptographic primitives on the routing messages. In PNCSR, each node is fair. Local neighboring nodes collaboratively monitor each other and sustain each other. It also uses a novel credit strategy which additively increases the token lifetime each time a node renews its token. We also analyze the storage, computation, and communication overhead of PNCSR, and provide a simple yet meaningful overhead comparison. Finally, the simulation results show the effectiveness of PNCSR in various situations.展开更多
Group key exchange protocols are basic protocols to provide privacy and integrity in secure group communication. This paper discusses the security of one type of group key exchange protocols and defines the kind of pr...Group key exchange protocols are basic protocols to provide privacy and integrity in secure group communication. This paper discusses the security of one type of group key exchange protocols and defines the kind of protocols as broadcaster group protocols. It points out two attacks on this kind of protocols. The first attack can be avoided by using fresh values in each action during one session of the group protocol. The second attack should be related with concrete application. It also proposes a dynamic key agreement protocol as an example of solutions at the last part of the paper.展开更多
Semi-device-independent quantum key distribution (SDI-QKD) has been proposed by applying the quantum dimension correlation, and the security relies on the violation of quantum dimension witness inequalities. We prov...Semi-device-independent quantum key distribution (SDI-QKD) has been proposed by applying the quantum dimension correlation, and the security relies on the violation of quantum dimension witness inequalities. We prove the security of the SDI-QKD protocol under the depolarization channel by considering the quantum dimension witness inequalities and minimum entropy and the specific process of the QKD protocol, combining with a four- quantum-state preparation and three measurement bases. We also provide the relationship between the dimension witness value, the error rate and the security key rate by the numerical simulation.展开更多
Modem information technology has been utilized progressively to store and distribute a large amount of healthcare data to reduce costs and improve medical facilities.In this context,the emergence of e-Health clouds of...Modem information technology has been utilized progressively to store and distribute a large amount of healthcare data to reduce costs and improve medical facilities.In this context,the emergence of e-Health clouds offers novel opportunities,like easy and remote accessibility of medical data.However,this achievement produces plenty of new risks and challenges like how to provide integrity,security,and confidentiality to the highly susceptible e-Health data.Among these challenges,authentication is a major issue that ensures that the susceptible medical data in clouds is not available to illegal participants.The smart card,password and biometrics are three factors of authentication which fulfill the requirement of giving high security.Numerous three-factor ECC-based authentication protocols on e-Health clouds have been presented so far.However,most of the protocols have serious security flaws and produce high computation and communication overheads.Therefore,we introduce a novel protocol for the e-Health cloud,which thwarts some major attacks,such as user anonymity,offline password guessing,impersonation,and stolen smart card attacks.Moreover,we evaluate our protocol through formal security analysis using the Random Oracle Model(ROM).The analysis shows that our proposed protocol is more efficient than many existing protocols in terms of computation and communication costs.Thus,our proposed protocol is proved to be more efficient,robust and secure.展开更多
To address security and privacy issues in radio frequency identification (RFID) traceability networks, a multi-layer privacy and security framework is proposed, which includes four facets: a security model, a communic...To address security and privacy issues in radio frequency identification (RFID) traceability networks, a multi-layer privacy and security framework is proposed, which includes four facets: a security model, a communication protocol, access permission and privacy preservation. According to the security requirements that are needed in an RFID system, a security model that incorporates security requirements that include privacy of tag data, privacy of ownership, and availability of tag identity is introduced. Using this model, a secure communication protocol that can be used for anti-counterfeiting, automatic identification and privacy preservation is then developed. In order to manage the number of parties, data records of items, and complicated transitions of access permissions in an item-level traceability context, a well-designed access control protocol is proposed to parties that can prove the physical possession of an item;meanwhile, to address the privacy issues during data sharing in an RFID network, a vision of database systems that take responsibility for the privacy of the data they manage is also presented.展开更多
According to the security requirement of the short message service (SMS) industry application, a secure short message communication protocol is proposed. This is an application level protocol constructed on the stan...According to the security requirement of the short message service (SMS) industry application, a secure short message communication protocol is proposed. This is an application level protocol constructed on the standard SMS communication protocol using public key authentication and key agreement without the need of wireless public key infrastructure (WPKI). Secure short message transmission and dynamic key agreement between mobile terminals and the accessing gateway axe realized. The security of the proposed protocol is validated through the BAN logic. Compared with the standard SMS protocol, the effective payload rate of our protocol can reach 91.4%, and subscriber identity module (SIM) tool kit (STK) applications based on our protocol suit well for all kinds of mobile terminals in practical application.展开更多
The resilient storage outsourcing schemes in mobile cloud computing are analyzed. It is pointed out that the sharing-based scheme (ShS) has vulnerabilities regarding confidentiality and integrity; meanwhile, the cod...The resilient storage outsourcing schemes in mobile cloud computing are analyzed. It is pointed out that the sharing-based scheme (ShS) has vulnerabilities regarding confidentiality and integrity; meanwhile, the coding-based scheme (COS) and the encryption-based scheme (EnS) have vulnerabilities on integrity. The corresponding attacks on these vulnerabilities are given. Then, the improved protocols such as the secure sharing-based protocol (SShP), the secure coding-based protocol (SCoP) and the secure encryption- based protocol (SEnP), are proposed to overcome these vulnerabilities. The core elements are protected through public key encryptions and digital signatures. Security analyses show that the confidentiality and the integrity of the improved protocols are guaranteed. Meanwhile, the improved protocols can keep the frame of the former schemes and have higher security. The simulation results illustrate that compared with the existing protocols, the communication overhead of the improved protocols is not significantly increased.展开更多
The bad behaviors of some users and the drawbacks of public bicycles have hindered the promotion of public bicycles. The current problems include low utilization rate, uneven distribution, high loss rate and insecure ...The bad behaviors of some users and the drawbacks of public bicycles have hindered the promotion of public bicycles. The current problems include low utilization rate, uneven distribution, high loss rate and insecure lock. However, there is few feasible research in this new field. To address these issues of public bicycles, we propose a public bicycle operating system(PBOS). PBOS involves three key technologies: 1) To acquire a dynamic password and realize bicycle self-rescue, we devise an intelligent lock that utilizes the Internet of Things(IoT) to establish Bluetooth connection with user's mobile phone. 2) To avoid bicycle loss and improve the security of data transmission, we design a space-time security protocol to work between bicycle's intelligent lock, mobile app, and server. 3) To increase the average utilization rate and distribution, we present a cooperative game model for bicycle scheduling. Finally, we evaluate the performance and validate the theoretical properties of PBOS through extensive simulations.展开更多
基金Supported by the Natural Science Foundation ofthe Department of Education of Guangdong Province(Z03001)
文摘We present a model based on Computational Temporal Logic(CTL)methods forverifying security requirements of electronic commerce,protocols.The model describes formally theauthentication,confidentiality integrity,non-repudiation denial of serviee and access control ofthe e-lectronic commerce protocols.We illustrate as case study a variant of the Lu-Smolka protocolproposed by Lu-Smolka Moreover,we have discovered two attacks that allow a dishonest user topurchase a good debiting the amountto another user.And also,we compared our work with relativeresearch works and found lhat the formal way of this paper is more general to specify securityprotocols for E-Commerce.
基金This work is supported by National Natural Science Foundation of China under contract 60902008.
文摘Denial of Service Distributed Denial of Service (DOS) attack, especially (DDoS) attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in the behaviors of the network and can not deal with the problem exactly. In this paper, we start from the security of the protocol, then we propose a novel theory for security protocol analysis of Denial of Service in order to deal with the DoS attack. We first introduce the conception of weighted graph to extend the strand space model, then we extend the penetrator model and define the goal of anti-DoS attack through the conception of the DoS-stop protocol, finally we propose two kinds of DoS test model and erect the novel formal theory for security protocol analysis of Denial of Service. Our new formal theory is applied in two example protocols. It is proved that the Internet key exchange (IKE) easily suffers from the DoS attacks, and the efficient DoS- resistant secure key exchange protocol (JFK) is resistant against DoS attack for the server, respectively.
基金this project under Geran Putra Inisiatif(GPI)with reference of GP-GPI/2023/976210。
文摘Accurate time synchronization is fundamental to the correct and efficient operation of Wireless Sensor Networks(WSNs),especially in security-critical,time-sensitive applications.However,most existing protocols degrade substantially under malicious interference.We introduce iSTSP,an Intelligent and Secure Time Synchronization Protocol that implements a four-stage defense pipeline to ensure robust,precise synchronization even in hostile environments:(1)trust preprocessing that filters node participation using behavioral trust scoring;(2)anomaly isolation employing a lightweight autoencoder to detect and excise malicious nodes in real time;(3)reliability-weighted consensus that prioritizes high-trust nodes during time aggregation;and(4)convergence-optimized synchronization that dynamically adjusts parameters using theoretical stability bounds.We provide rigorous convergence analysis including a closed-form expression for convergence time,and validate the protocol through both simulations and realworld experiments on a controlled 16-node testbed.Under Sybil attacks with five malicious nodes within this testbed,iSTSP maintains synchronization error increases under 12%and achieves a rapid convergence.Compared to state-ofthe-art protocols like TPSN,SE-FTSP,and MMAR-CTS,iSTSP offers 60%faster detection,broader threat coverage,and more than 7 times lower synchronization error,with a modest 9.3%energy overhead over 8 h.We argue this is an acceptable trade-off for mission-critical deployments requiring guaranteed security.These findings demonstrate iSTSP’s potential as a reliable solution for secure WSN synchronization and motivate future work on large-scale IoT deployments and integration with energy-efficient communication protocols.
基金the National Natural Science Foundation of China (Grant Nos. 60025205 and 60673083)
文摘In this paper, a general framework for designing and analyzing password-based security protocols is presented. First we introduce the concept of "weak computational indistinguishability" based on current progress of password-based security protocols. Then, we focus on cryptographic foundations for password-based security protocols, i.e., the theory of "weak pseudorandomness". Furthermore, based on the theory of weak pseudorandomness, we present a modular approach to design and analysis of password-based security protocols. Finally, applying the modular approach, we design two kinds of password-based security protocols, i.e., password-based session key distribution (PSKD) protocol and protected password change (PPC) protocol. In addition to having forward secrecy and improved efficiency, new protocols are proved secure.
基金supported by the National Key Basic Research Program of China(973 Program)under Grant No.2014CB845301the National Natural Science Foundation of China under Grant No.61227902
文摘Traditional control does not pay much attention to information security problems in system identification enough, which are important in practical applications. This paper focuses on the security problem of input information in a class of system identification problems with noise and binary-valued observations, presents a cryptography based security protocol, and improves it in the range of allowed errors. During solving the identification problem, the improved security protocol can ensure that the input information is not leaked, and thus, can deal with passive attacks effectively. Besides, a quantitative relationship among the input information, the public key in encryption and the number of partieipailts in the improved protocol is shown. Finally, the simulation results show that, the identification algorithm can still achieve the estimation accuracy by adding the improved security protocol. However, compared with the original identification algorithm, the time complexity of the algorithm with the improved security protocol increases.
文摘Security protocols play more and more important roles with wide use in many applications nowadays. Cur- rently, there are many tools for specifying and verifying secu- rity protocols such as Casper/FDR, ProVerif, or AVISPA. In these tools, the intruder's ability, which either needs to be specified explicitly or set by default, is not flexible in some circumstances. Moreover, whereas most of the existing tools focus on secrecy and authentication properties, few supports privacy properties like anonymity, receipt freeness, and coer- cion resistance, which are crucial in many applications such as in electronic voting systems or anonymous online transac- tions. In this paper, we introduce a framework for specifying security protocols in the labeled transition system (LTS) se- mantics model, which embeds the knowledge of the par- ticipants and parameterizes the ability of an attacker. Us- ing this model, we give the formal definitions for three types of privacy properties based on trace equivalence and knowledge reasoning. The formal definitions for some other security properties, such as secrecy and authentica- tion, are introduced under this framework, and the veri- fication algorithms are also given. The results of this pa- per are embodied in the implementation of a SeVe mod- ule in a process analysis toolkit (PAT) model checker, which supports specifying, simulating, and verifying se- curity protocols. The experimental results show that a SeVe module is capable of verifying many types of secu- rity protocols and complements the state-of-the-art securityverifiers in several aspects. Moreover, it also proves the abil- ity in building an automatic verifier for security protocols re- lated to privacy type, which are mostly verified by hand now.
基金Supported by the Natural Science Foundation of China(6097011561003268)
文摘Lightweight and safety are two essential features for large-scale application of radio frequency identification (RFID) tags. Based on the analysis of potential safety problem of RFID and the characteristics of existing typical authentication protocol, a new low-cost RFID tags authentication protocol was proposed. The performance of the new protocol was analyzed. The results show that the protocol can resist replay attacks and concurrent attacks and has nontracking, authenticity, and service availability. In addition, the protocol can also reduce the storage of tags and computation burden to meet the application requirements of low-cost tags.
基金supported by Specialized Research Fund for the Doctoral Program of Higher Education of China under Grant No.20060013007National Natural Science Foundation of Beijing under Grant No.4092029National Natural Science Foundation of China under Grant No.60873001
文摘In order to transmit the secure messages,a deterministic secure quantum direct communication protocol,called the "Ping-pong"protocol was proposed by Bostrm and Felbinger [Phys.Rev.Lett.89,187902(2002) ].But the protocol was proved to have many vulnerabilities,and can be attacked by eavesdroppers.To overcome the problem,an improved security detection strategy which inserts the | 0〉,| 1〉,|+〉and |-〉particles into the messages as the decoy particles randomly in the"Ping-pong"protocol is presented.During the security analysis,the method of the entropy theory is introduced,and three detection strategies are compared quantitatively by using the constraint between the information which eavesdroppers can obtain and the interference introduced.Because of the presence of the trap particles |+〉and |-〉,the detection rate will be no less than 25% when Eve attacks the communication.The security analysis result shows that the efficiency of eavesdropping detection in the presented protocol is higher than the other two,so the detection strategy in the protocol can ensure that the "Ping-pong"protocol is more secure.
基金This work was supported by China Nature Science Fund .Serial No.60073059and60273078
文摘Ad-hoc networking has mainly been associated with military battlefield networks. Security has received considerably less attention and the issue needs to be addressed before any successful applications will appear. Due to the insecure nature of the wireless link and their dynamically changing topology, wireless ad-hoc networks require a careful and security-oriented approach for designing routing protocols. In this paper, an AODV-based secure routing protocol- ENAODV is presented. A speed-optimized digital signature algorithm is integrated into the routing protocol. The protocol algorithm is implemented with NS-2. The security of the protocol is analyzed. The simulating results show that the performances of ENAODV protocol, such as average node energy consumption, packet delay and packet delivery is nearly the same as standard AODV protocol.
基金supported by the National Natural Science Foundation of China under Grant No.(62202118.61962009)And in part by Natural Science Foundation of Shandong Province(ZR2021MF086)+1 种基金And in part by Top Technology Talent Project from Guizhou Education Department(Qian jiao ji[2022]073)And in part by Foundation of Guangxi Key Laboratory of Cryptography and Information Security(GCIS202118).
文摘With the development of cloud computing technology,more and more data owners upload their local data to the public cloud server for storage and calculation.While this can save customers’operating costs,it also poses privacy and security challenges.Such challenges can be solved using secure multi-party computation(SMPC),but this still exposes more security issues.In cloud computing using SMPC,clients need to process their data and submit the processed data to the cloud server,which then performs the calculation and returns the results to each client.Each client and server must be honest.If there is cooperation or dishonest behavior between clients,some clients may profit from it or even disclose the private data of other clients.This paper proposes the SMPC based on a Partially-Homomorphic Encryption(PHE)scheme in which an addition homomorphic encryption algorithm with a lower computational cost is used to ensure data comparability and Zero-Knowledge Proof(ZKP)is used to limit the client’s malicious behavior.In addition,the introduction of Oblivious Transfer(OT)technology also ensures that the semi-honest cloud server knows nothing about private data,so that the cloud server of this scheme can calculate the correct data in the case of malicious participant models and safely return the calculation results to each client.Finally,the security analysis shows that the scheme not only ensures the privacy of participants,but also ensures the fairness of the comparison protocol data.
文摘This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in data networks has been increasing owing to the high cyber attacks and potential risks associated with networks spread over distant geographical locations. The MPLS networks ride on the public network backbone that is porous and highly susceptible to attacks and so the need for reliable security mechanisms to be part of the deployment plan. The evaluation criteria concentrated on Voice over Internet Protocol (VoIP) and Video conferencing with keen interest in jitter, end to end delivery and general data flow. This study used both structured questionnaire and observation methods. The structured questionnaire was administered to a group of 70 VPN users in a company. This provided the study with precise responses. The observation method was used in data simulations using OPNET Version 14.5 Simulation software. The results show that the IPSec features increase the size of data packets by approximately 9.98% translating into approximately 90.02% effectiveness. The tests showed that the performance metrics are all well within the recommended standards. The IPSec Based MPLS Virtual private network is more stable and secure than one without IPSec.
基金Supported by the National Natural Science Foundation of China under Grant Nos 61472048,61402058,61272511,61472046,61202082 and 61370194the Beijing Natural Science Foundation under Grant No 4152038the China Postdoctoral Science Foundation Funded Project under Grant No 2014M561826
文摘To analyze the security of two-step quantum direct communication protocol (QDCP) by using Einstein-Podolsky Rosen pair proposed by Deng et al. [Phys. Rev. A 68 (2003)042317] in collective-rotation noise channel, an excellent model of noise analysis is proposed. In the security analysis, the method of the entropy theory is introduced, and is compared with QDCP, an error rate point Qo(M : (Q0, 1.0)) is given. In different noise levels, if Eve wants to obtain the same amount of information, the error rate Q is distinguishable. The larger the noise level ~ is, the larger the error rate Q is. When the noise level ~ is lower than 11%, the high error rate is 0.153 without eavesdropping. Lastly, the security of the proposed protocol is discussed. It turns out that the quantum channel will be safe when Q 〈 0.153. Similarly, if error rate Q〉 0.153 = Q0, eavesdropping information I 〉 1, which means that there exist eavesdroppers in the quantum channel, and the quantum channel will not be safe anymore.
基金Supported bythe National Natural Science Foundationof China (60403027)
文摘In this paper, we propose a partially non-cryptographic security routing protocol (PNCSR) that protects both routing and data forwarding operations through the same reactive approach. PNCSR only apply public-key cryptographic system in managing token, but it doesn't utilize any cryptographic primitives on the routing messages. In PNCSR, each node is fair. Local neighboring nodes collaboratively monitor each other and sustain each other. It also uses a novel credit strategy which additively increases the token lifetime each time a node renews its token. We also analyze the storage, computation, and communication overhead of PNCSR, and provide a simple yet meaningful overhead comparison. Finally, the simulation results show the effectiveness of PNCSR in various situations.
基金Supported by the National Natural Science Foun-dation of China (90104005 ,60473023) the National High Tech-nology Research and Development Programof China (863 Program)(2002AA41051)
文摘Group key exchange protocols are basic protocols to provide privacy and integrity in secure group communication. This paper discusses the security of one type of group key exchange protocols and defines the kind of protocols as broadcaster group protocols. It points out two attacks on this kind of protocols. The first attack can be avoided by using fresh values in each action during one session of the group protocol. The second attack should be related with concrete application. It also proposes a dynamic key agreement protocol as an example of solutions at the last part of the paper.
基金Supported by the National Basic Research Program of China under Grant No 2013CB338002the National Natural Science Foundation of China under Grant Nos 11304397 and 61505261
文摘Semi-device-independent quantum key distribution (SDI-QKD) has been proposed by applying the quantum dimension correlation, and the security relies on the violation of quantum dimension witness inequalities. We prove the security of the SDI-QKD protocol under the depolarization channel by considering the quantum dimension witness inequalities and minimum entropy and the specific process of the QKD protocol, combining with a four- quantum-state preparation and three measurement bases. We also provide the relationship between the dimension witness value, the error rate and the security key rate by the numerical simulation.
文摘Modem information technology has been utilized progressively to store and distribute a large amount of healthcare data to reduce costs and improve medical facilities.In this context,the emergence of e-Health clouds offers novel opportunities,like easy and remote accessibility of medical data.However,this achievement produces plenty of new risks and challenges like how to provide integrity,security,and confidentiality to the highly susceptible e-Health data.Among these challenges,authentication is a major issue that ensures that the susceptible medical data in clouds is not available to illegal participants.The smart card,password and biometrics are three factors of authentication which fulfill the requirement of giving high security.Numerous three-factor ECC-based authentication protocols on e-Health clouds have been presented so far.However,most of the protocols have serious security flaws and produce high computation and communication overheads.Therefore,we introduce a novel protocol for the e-Health cloud,which thwarts some major attacks,such as user anonymity,offline password guessing,impersonation,and stolen smart card attacks.Moreover,we evaluate our protocol through formal security analysis using the Random Oracle Model(ROM).The analysis shows that our proposed protocol is more efficient than many existing protocols in terms of computation and communication costs.Thus,our proposed protocol is proved to be more efficient,robust and secure.
基金Program for New Century Excellent Talents in University of Fujian Province (No.X04139)
文摘To address security and privacy issues in radio frequency identification (RFID) traceability networks, a multi-layer privacy and security framework is proposed, which includes four facets: a security model, a communication protocol, access permission and privacy preservation. According to the security requirements that are needed in an RFID system, a security model that incorporates security requirements that include privacy of tag data, privacy of ownership, and availability of tag identity is introduced. Using this model, a secure communication protocol that can be used for anti-counterfeiting, automatic identification and privacy preservation is then developed. In order to manage the number of parties, data records of items, and complicated transitions of access permissions in an item-level traceability context, a well-designed access control protocol is proposed to parties that can prove the physical possession of an item;meanwhile, to address the privacy issues during data sharing in an RFID network, a vision of database systems that take responsibility for the privacy of the data they manage is also presented.
基金This work was supported by the Mobile Police Project of China(No.J1GAB23W013)National High Technology Research and Development Program of China(863 Program,No.2007AA01Z479).
文摘According to the security requirement of the short message service (SMS) industry application, a secure short message communication protocol is proposed. This is an application level protocol constructed on the standard SMS communication protocol using public key authentication and key agreement without the need of wireless public key infrastructure (WPKI). Secure short message transmission and dynamic key agreement between mobile terminals and the accessing gateway axe realized. The security of the proposed protocol is validated through the BAN logic. Compared with the standard SMS protocol, the effective payload rate of our protocol can reach 91.4%, and subscriber identity module (SIM) tool kit (STK) applications based on our protocol suit well for all kinds of mobile terminals in practical application.
基金The National Natural Science Foundation of China( No. 60902008)the Key Laboratory Hi-Tech Program of Changzhou City( No. CM20103003)+1 种基金the Key Laboratory Program of Information Network Security of Ministry of Public Security (No. C12602)the Science and Technology Supporting Project of Changzhou City ( No. CE20120030)
文摘The resilient storage outsourcing schemes in mobile cloud computing are analyzed. It is pointed out that the sharing-based scheme (ShS) has vulnerabilities regarding confidentiality and integrity; meanwhile, the coding-based scheme (COS) and the encryption-based scheme (EnS) have vulnerabilities on integrity. The corresponding attacks on these vulnerabilities are given. Then, the improved protocols such as the secure sharing-based protocol (SShP), the secure coding-based protocol (SCoP) and the secure encryption- based protocol (SEnP), are proposed to overcome these vulnerabilities. The core elements are protected through public key encryptions and digital signatures. Security analyses show that the confidentiality and the integrity of the improved protocols are guaranteed. Meanwhile, the improved protocols can keep the frame of the former schemes and have higher security. The simulation results illustrate that compared with the existing protocols, the communication overhead of the improved protocols is not significantly increased.
基金Supported by the National Key Research and Development Program of China(2016YFB0501805)the National Natural Science Foundation of China(61573262)
文摘The bad behaviors of some users and the drawbacks of public bicycles have hindered the promotion of public bicycles. The current problems include low utilization rate, uneven distribution, high loss rate and insecure lock. However, there is few feasible research in this new field. To address these issues of public bicycles, we propose a public bicycle operating system(PBOS). PBOS involves three key technologies: 1) To acquire a dynamic password and realize bicycle self-rescue, we devise an intelligent lock that utilizes the Internet of Things(IoT) to establish Bluetooth connection with user's mobile phone. 2) To avoid bicycle loss and improve the security of data transmission, we design a space-time security protocol to work between bicycle's intelligent lock, mobile app, and server. 3) To increase the average utilization rate and distribution, we present a cooperative game model for bicycle scheduling. Finally, we evaluate the performance and validate the theoretical properties of PBOS through extensive simulations.
