5G technology has endowed mobile communication terminals with features such as ultrawideband access,low latency,and high reliability transmission,which can complete the network access and interconnection of a large nu...5G technology has endowed mobile communication terminals with features such as ultrawideband access,low latency,and high reliability transmission,which can complete the network access and interconnection of a large number of devices,thus realizing richer application scenarios and constructing 5G-enabled vehicular networks.However,due to the vulnerability of wireless communication,vehicle privacy and communication security have become the key problems to be solved in vehicular networks.Moreover,the large-scale communication in the vehicular networks also makes the higher communication efficiency an inevitable requirement.In order to achieve efficient and secure communication while protecting vehicle privacy,this paper proposes a lightweight key agreement and key update scheme for 5G vehicular networks based on blockchain.Firstly,the key agreement is accomplished using certificateless public key cryptography,and based on the aggregate signature and the cooperation between the vehicle and the trusted authority,an efficient key updating method is proposed,which reduces the overhead and protects the privacy of the vehicle while ensuring the communication security.Secondly,by introducing blockchain and using smart contracts to load the vehicle public key table for key management,this meets the requirements of vehicle traceability and can dynamically track and revoke misbehaving vehicles.Finally,the formal security proof under the eck security model and the informal security analysis is conducted,it turns out that our scheme is more secure than other authentication schemes in the vehicular networks.Performance analysis shows that our scheme has lower overhead than existing schemes in terms of communication and computation.展开更多
As the adoption of Vehicular Ad-hoc Networks(VANETs)grows,ensuring secure communication between smart vehicles and remote application servers(APPs)has become a critical challenge.While existing solutions focus on vari...As the adoption of Vehicular Ad-hoc Networks(VANETs)grows,ensuring secure communication between smart vehicles and remote application servers(APPs)has become a critical challenge.While existing solutions focus on various aspects of security,gaps remain in addressing both high security requirements and the resource-constrained nature of VANET environments.This paper proposes an extended-Kerberos protocol that integrates Physical Unclonable Function(PUF)for authentication and key agreement,offering a comprehensive solution to the security challenges in VANETs.The protocol facilitates mutual authentication and secure key agreement between vehicles and APPs,ensuring the confidentiality and integrity of vehicle-to-network(V2N)communications and preventing malicious data injection.Notably,by replacing traditional Kerberos password authentication with Challenge-Response Pairs(CRPs)generated by PUF,the protocol significantly reduces the risk of key leakage.The inherent properties of PUF—such as unclonability and unpredictability—make it an ideal defense against physical attacks,including intrusion,semi-intrusion,and side-channel attacks.The results of this study demonstrate that this approach not only enhances security but also optimizes communication efficiency,reduces latency,and improves overall user experience.The analysis proves that our protocol achieves at least 86%improvement in computational efficiency compared to some existed protocols.This is particularly crucial in resource-constrained VANET environments,where it enables efficient data transmission between vehicles and applications,reduces latency,and enhances the overall user experience.展开更多
With the rapid development and widespread adoption of Internet of Things(IoT)technology,the innovative concept of the Internet of Vehicles(IoV)has emerged,ushering in a new era of intelligent transportation.Since vehi...With the rapid development and widespread adoption of Internet of Things(IoT)technology,the innovative concept of the Internet of Vehicles(IoV)has emerged,ushering in a new era of intelligent transportation.Since vehicles are mobile entities,they move across different domains and need to communicate with the Roadside Unit(RSU)in various regions.However,open environments are highly susceptible to becoming targets for attackers,posing significant risks of malicious attacks.Therefore,it is crucial to design a secure authentication protocol to ensure the security of communication between vehicles and RSUs,particularly in scenarios where vehicles cross domains.In this paper,we propose a provably secure cross-domain authentication and key agreement protocol for IoV.Our protocol comprises two authentication phases:intra-domain authentication and cross-domain authentication.To ensure the security of our protocol,we conducted rigorous analyses based on the ROR(Real-or-Random)model and Scyther.Finally,we show in-depth comparisons of our protocol with existing ones from both security and performance perspectives,fully demonstrating its security and efficiency.展开更多
Accurately identifying key nodes is essential for evaluating network robustness and controlling information propagation in complex network analysis. However, current research methods face limitations in applicability ...Accurately identifying key nodes is essential for evaluating network robustness and controlling information propagation in complex network analysis. However, current research methods face limitations in applicability and accuracy. To address these challenges, this study introduces the K-GCN model, which integrates neighborhood k-shell distribution analysis with Graph Convolutional Network(GCN) technology to enhance key node identification in complex networks. The K-GCN model first leverages neighborhood k-shell distributions to calculate entropy values for each node, effectively quantifying node importance within the network. These entropy values are then used as key features within the GCN, which subsequently formulates intelligent strategies to maximize network connectivity disruption by removing a minimal set of nodes, thereby impacting the overall network architecture. Through iterative interactions with the environment, the GCN continuously refines its strategies, achieving precise identification of key nodes in the network. Unlike traditional methods, the K-GCN model not only captures local node features but also integrates the network structure and complex interrelations between neighboring nodes, significantly improving the accuracy and efficiency of key node identification.Experimental validation in multiple real-world network scenarios demonstrates that the K-GCN model outperforms existing methods.展开更多
With the recent advances in quantum computing,the key agreement algorithm based on traditional cryptography theory,which is applied to the Internet of Things(IoT)scenario,will no longer be secure due to the possibilit...With the recent advances in quantum computing,the key agreement algorithm based on traditional cryptography theory,which is applied to the Internet of Things(IoT)scenario,will no longer be secure due to the possibility of information leakage.In this paper,we propose a anti-quantum dynamic authenticated group key agreement scheme(AQDA-GKA)according to the ring-learning with errors(RLWE)problem,which is suitable for IoT environments.First,the proposed AQDA-GKA scheme can implement a group key agreement against quantum computing attacks by leveraging an RLWE-based key agreement mechanism.Second,this scheme can achieve dynamic node management,ensuring that any node can freely join or exit the current group.Third,we formally prove that the proposed scheme can resist quantum computing attacks as well as collusion attacks.Finally,the performance and security analysis reveals that the proposed AQDA-GKA scheme is secure and effective.展开更多
As the cornerstone of future information security,quantum key distribution(QKD)is evolving towards large-scale hybrid discrete-variable/continuous-variable(DV/CV)multi-domain quantum networks.Meanwhile,multicast-orien...As the cornerstone of future information security,quantum key distribution(QKD)is evolving towards large-scale hybrid discrete-variable/continuous-variable(DV/CV)multi-domain quantum networks.Meanwhile,multicast-oriented multi-party key negotiation is attracting increasing attention in quantum networks.However,the efficient key provision for multicast services over hybrid DV/CV multi-domain quantum networks remains challenging,due to the limited probability of service success and the inefficient utilization of key resources.Targeting these challenges,this study proposes two key-resource-aware multicast-oriented key provision strategies,namely the link distance-resource balanced key provision strategy and the maximum shared link key provision strategy.The proposed strategies are applicable to hybrid DV/CV multi-domain quantum networks,which are typically implemented by GG02-based intra-domain connections and BB84-based inter-domain connections.Furthermore,the multicast-oriented key provision model is formulated,based on which two heuristic algorithms are designed,i.e.,the shared link distance-resource(SLDR)dependent and the maximum shared link distance-resource(MSLDR)dependent multicast-oriented key provision algorithms.Simulation results verify the applicability of the designed algorithms across different multi-domain quantum networks,and demonstrate their superiority over the benchmark algorithms in terms of the success probability of multicast service requests,the number of shared links,and the key resource utilization.展开更多
Quantum key distribution(QKD)optical networks can provide more secure communications.However,with the increase of the QKD path requests and key updates,network blocking problems will become severe.The blocking problem...Quantum key distribution(QKD)optical networks can provide more secure communications.However,with the increase of the QKD path requests and key updates,network blocking problems will become severe.The blocking problems in the network can become more severe because each fiber link has limited resources(such as wavelengths and time slots).In addition,QKD optical networks are also affected by external disturbances such as data interception and eavesdropping,resulting in inefficient network communication.In this paper,we exploit the idea of protection path to enhance the anti-interference ability of QKD optical network.By introducing the concept of security metric,we propose a routing wavelength and time slot allocation algorithm(RWTA)based on protection path,which can lessen the blocking problem of QKD optical network.According to simulation analysis,the security-metric-based RWTA algorithm(SM-RWTA)proposed in this paper can substantially improve the success rate of security key(SK)update and significantly reduce the blocking rate of the network.It can also improve the utilization rate of resources such as wavelengths and time slots.Compared with the non-security-metric-based RWTA algorithm(NSM-RWTA),our algorithm is robust and can enhance the anti-interference ability and security of QKD optical networks.展开更多
In recent years,intensified environmental pollution and climate change have increasingly exposed the world to natural disasters such as earthquakes and floods,resulting in substantial economic losses[1].These disaster...In recent years,intensified environmental pollution and climate change have increasingly exposed the world to natural disasters such as earthquakes and floods,resulting in substantial economic losses[1].These disasters frequently damage terrestrial communication infrastructures,making the rapid deployment of emergency communication networks in affected areas critical in increasing rescue efficiency[2].展开更多
The identification of key nodes plays an important role in improving the robustness of the transportation network.For different types of transportation networks,the effect of the same identification method may be diff...The identification of key nodes plays an important role in improving the robustness of the transportation network.For different types of transportation networks,the effect of the same identification method may be different.It is of practical significance to study the key nodes identification methods corresponding to various types of transportation networks.Based on the knowledge of complex networks,the metro networks and the bus networks are selected as the objects,and the key nodes are identified by the node degree identification method,the neighbor node degree identification method,the weighted k-shell degree neighborhood identification method(KSD),the degree k-shell identification method(DKS),and the degree k-shell neighborhood identification method(DKSN).Take the network efficiency and the largest connected subgraph as the effective indicators.The results show that the KSD identification method that comprehensively considers the elements has the best recognition effect and has certain practical significance.展开更多
In traditional networks , the authentication is performed by certificate authoritys(CA),which can't be built in distributed mobile Ad Hoc Networks however. In this pa per, we propose a fully self-organized public k...In traditional networks , the authentication is performed by certificate authoritys(CA),which can't be built in distributed mobile Ad Hoc Networks however. In this pa per, we propose a fully self-organized public key management based on bidirectional trust model without any centralized authority that allows users to generate their public-private key pairs, to issue certificates, and the trust relation spreads rationally according to the truly human relations. In contrast with the traditional self-organized public-key management, the average certificates paths get more short, the authentication passing rate gets more high and the most important is that the bidirectional trust based model satisfys the trust re quirement of hosts better.展开更多
Vehicle ad-hoc networks have developed rapidly these years,whose security and privacy issues are always concerned widely.In spite of a remarkable research on their security solutions,but in which there still lacks con...Vehicle ad-hoc networks have developed rapidly these years,whose security and privacy issues are always concerned widely.In spite of a remarkable research on their security solutions,but in which there still lacks considerations on how to secure vehicleto-vehicle communications,particularly when infrastructure is unavailable.In this paper,we propose a lightweight certificateless and oneround key agreement scheme without pairing,and further prove the security of the proposed scheme in the random oracle model.The proposed scheme is expected to not only resist known attacks with less computation cost,but also as an efficient way to relieve the workload of vehicle-to-vehicle authentication,especially in no available infrastructure circumstance.A comprehensive evaluation,including security analysis,efficiency analysis and simulation evaluation,is presented to confirm the security and feasibility of the proposed scheme.展开更多
Secure key distribution among classical parties is impossible both between two parties and in a network. In this paper, we present a quantum key distribution (QKD) protocol to distribute secure key bits among one qu...Secure key distribution among classical parties is impossible both between two parties and in a network. In this paper, we present a quantum key distribution (QKD) protocol to distribute secure key bits among one quantum party and numerous classical parties who have no quantum capacity. We prove that our protocol is completely robust, i.e., any eavesdropping attack should be detected with nonzero probability. Our calculations show that our protocol may be secure against Eve's symmetrically individual attack.展开更多
This paper develops a QKD (quantum key distribution)-based queueing model to investigate the data delay on QKD link and network, especially that based on trusted relays. It shows the mean packet delay performance of...This paper develops a QKD (quantum key distribution)-based queueing model to investigate the data delay on QKD link and network, especially that based on trusted relays. It shows the mean packet delay performance of the QKD system. Furthermore, it proposes a key buffering policy which could effectively improve the delay performance in practice. The results will be helpful for quality of service in practical QKD systems.展开更多
This study concerns security issues of the emerging Wireless Body Sensor Network (WBSN) formed by biomedical sensors worn on or implanted in the human body for mobile healthcare appli-cations. A novel authenticated sy...This study concerns security issues of the emerging Wireless Body Sensor Network (WBSN) formed by biomedical sensors worn on or implanted in the human body for mobile healthcare appli-cations. A novel authenticated symmetric-key establishment scheme is proposed for WBSN,which fully exploits the physiological features obtained by network entities via the body channel available in WBSN but not other wireless networks. The self-defined Intrinsic Shared Secret (ISS) is used to replace the pre-deployment of secrets among network entities,which thus eliminates centralized services or au-thorities essential in existing protocols,and resolves the key transport problem in the pure symmet-ric-key cryptosystem for WBSN as well. The security properties of the proposed scheme are demon-strated in terms of its attack complexity and the types of attacks it can resist. Besides,the scheme can be implemented under a light-weight way in WBSN systems. Due to the importance of the ISS concept,the analysis on using false acceptance/false rejection method to evaluate the performance of ISS for its usage in the scheme is also demonstrated.展开更多
This paper develops a general hypercube-based key predistribution scheme for establishing pairwise keys between sensor nodes using polynomials, which is parameterized by the dimension of hypercube and the Hamming dist...This paper develops a general hypercube-based key predistribution scheme for establishing pairwise keys between sensor nodes using polynomials, which is parameterized by the dimension of hypercube and the Hamming distance threshold variables. The scheme addresses the weaknesses of existing key predistribution schemes, which have either worse security or lower efficiency. It exhibits a nice property--when the Hamming distance between any two neighboring sensor nodes is less than the pre-defined threshold, the pairwise key can be established directly. Extensive performance and security analysis shows that by increasing Hamming distance threshold value, we can trade off the resilience against node capture attack for higher probability of direct pairwise key establishment, so as to save the energy consumption which is the most important issue for sensor networks.展开更多
Since the QKD network can overcome the distance limitation and expand the point-to-point QKD system to a multi-user key distribution system, some testing QKD networks have been built. However, all of this previous res...Since the QKD network can overcome the distance limitation and expand the point-to-point QKD system to a multi-user key distribution system, some testing QKD networks have been built. However, all of this previous research seldom focused on the routing mechanism of QKD network in detail. Therefore, this paper focuses on the routing issue in trust relaying QKD network, builds a model of the trust relaying QKD network and proposes a secret-key-aware routing method. In our method, a dynamic model for the residual local key is proposed to forecast the residual local key quantity of each QKD link more accurately, and the cost of QKD link and relaying path are defined by multiple affecting factors, e.g. the generation, consumption rate and the local key depletion index. The proposed method is implemented and evaluated in a simulation environment. The simulation results show that our routing method can increase the success rate of key exchange, make all the QKD links participate key exchange with almost equal opportunity to achieve load balance, and trade off the local key generation and consumption of each QKD link. Therefore, our proposed method can contribute to effectively improve the holistic performance of the trust relaying QKD network.展开更多
Wireless sensor networks are open architectures, so any potential threat can easily intercept, wiretap and counterfeit the information. Therefore, the safety of WSN is very important. Since any single key system canno...Wireless sensor networks are open architectures, so any potential threat can easily intercept, wiretap and counterfeit the information. Therefore, the safety of WSN is very important. Since any single key system cannot guarantee the security of the wireless sensor network for communications, this paper introduces a hierarchical key management scheme based on the different abilities of different sensor nodes in the clustered wireless sensor network. In this scheme, the nodes are distributed into several clusters, and a cluster head must be elected for each cluster. Private communication between cluster heads is realized through the encryption system based on the identity of each head while private communication between cluster nodes in a same cluster head is achieved through the random key preliminary distribution system. Considering the characteristics of WSN, we adopt dynamic means called dynamic cluster key management scheme to deal with master key, so master key will be updated according to the changed dynamic network topology. For cluster head node plays a pivotal role in this scheme, a trust manage-ment system should be introduced into the election of the cluster head which will exclude the malicious node from outside the cluster, thus improve the whole network security.展开更多
Internet key exchange (IKE) is an automated key exchange mechanism that is used to facilitate the transfer of IPSec security associations (SAs). Public key infrastructure (PKI) is considered as a key element for provi...Internet key exchange (IKE) is an automated key exchange mechanism that is used to facilitate the transfer of IPSec security associations (SAs). Public key infrastructure (PKI) is considered as a key element for providing security to new distributed communication networks and services. In this paper, we concentrate on the properties of the protocol of Phase 1 IKE. After investigating IKE protocol and PKI technology, we combine IKE protocol and PKI and present an implementation scheme of the IKE based on PKI. Then, we give a logic analysis of the proposed protocol with the BAN-logic and discuss the security of the protocol. The result indicates that the protocol is correct and satisfies the security requirements of Internet key exchange.展开更多
Secure authentication between user equipment and 5G core network is a critical issue for 5G system.However,the traditional authentication protocol 5 G-AKA and the centralized key database are at risk of several securi...Secure authentication between user equipment and 5G core network is a critical issue for 5G system.However,the traditional authentication protocol 5 G-AKA and the centralized key database are at risk of several security problems,e.g.key leakage,impersonation attack,MitM attack and single point of failure.In this paper,a blockchain based asymmetric authentication and key agreement protocol(BC-AKA)is proposed for distributed 5G core network.In particular,the key used in the authentication process is replaced from a symmetric key to an asymmetric key,and the database used to store keys in conventional 5G core network is replaced with a blockchain network.A proof of concept system for distributed 5G core network is built based on Ethereum and ECC-Secp256 k1,and the efficiency and effectiveness of the proposed scheme are verified by the experiment results.展开更多
The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key managemen...The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key management scheme is responsible for secure distributing group keys among valid nodes of the group. Based on the key-insulated encryption (KIE), we propose a group key management scheme (KIE-GKMS), which integrates the pair-wise key pre-distribution for WSN. The KIE-GKMS scheme updates group keys dynamically when adding or removing nodes. Moreover, the security analysis proves that the KIE-GKMS scheme not only obtains the semantic security, but also provides the forward and backward security. Finally, the theoretical analysis shows that the KIE-GKMS scheme has constant performance on both communication and storage costs in sensor nodes.展开更多
基金supported in part by the National Natural Science Foundation of China under Grant 61941113,Grant 61971033,and Grant 61671057by the Henan Provincial Department of Science and Technology Project(No.212102210408)by the Henan Provincial Key Scientific Research Project(No.22A520041).
文摘5G technology has endowed mobile communication terminals with features such as ultrawideband access,low latency,and high reliability transmission,which can complete the network access and interconnection of a large number of devices,thus realizing richer application scenarios and constructing 5G-enabled vehicular networks.However,due to the vulnerability of wireless communication,vehicle privacy and communication security have become the key problems to be solved in vehicular networks.Moreover,the large-scale communication in the vehicular networks also makes the higher communication efficiency an inevitable requirement.In order to achieve efficient and secure communication while protecting vehicle privacy,this paper proposes a lightweight key agreement and key update scheme for 5G vehicular networks based on blockchain.Firstly,the key agreement is accomplished using certificateless public key cryptography,and based on the aggregate signature and the cooperation between the vehicle and the trusted authority,an efficient key updating method is proposed,which reduces the overhead and protects the privacy of the vehicle while ensuring the communication security.Secondly,by introducing blockchain and using smart contracts to load the vehicle public key table for key management,this meets the requirements of vehicle traceability and can dynamically track and revoke misbehaving vehicles.Finally,the formal security proof under the eck security model and the informal security analysis is conducted,it turns out that our scheme is more secure than other authentication schemes in the vehicular networks.Performance analysis shows that our scheme has lower overhead than existing schemes in terms of communication and computation.
基金supported in part by the Jiangsu“Qing Lan Project”,Natural Science Foundation of the Jiangsu Higher Education Institutions of China(Major Research Project:23KJA520007)Postgraduate Research&Practice Innovation Program of Jiangsu Province(No.SJCX25_1303).
文摘As the adoption of Vehicular Ad-hoc Networks(VANETs)grows,ensuring secure communication between smart vehicles and remote application servers(APPs)has become a critical challenge.While existing solutions focus on various aspects of security,gaps remain in addressing both high security requirements and the resource-constrained nature of VANET environments.This paper proposes an extended-Kerberos protocol that integrates Physical Unclonable Function(PUF)for authentication and key agreement,offering a comprehensive solution to the security challenges in VANETs.The protocol facilitates mutual authentication and secure key agreement between vehicles and APPs,ensuring the confidentiality and integrity of vehicle-to-network(V2N)communications and preventing malicious data injection.Notably,by replacing traditional Kerberos password authentication with Challenge-Response Pairs(CRPs)generated by PUF,the protocol significantly reduces the risk of key leakage.The inherent properties of PUF—such as unclonability and unpredictability—make it an ideal defense against physical attacks,including intrusion,semi-intrusion,and side-channel attacks.The results of this study demonstrate that this approach not only enhances security but also optimizes communication efficiency,reduces latency,and improves overall user experience.The analysis proves that our protocol achieves at least 86%improvement in computational efficiency compared to some existed protocols.This is particularly crucial in resource-constrained VANET environments,where it enables efficient data transmission between vehicles and applications,reduces latency,and enhances the overall user experience.
基金supported by the Startup Foundation for Introducing Talent of Nanjing University of Information Science and Technology and Natural Science Foundation of Shandong Province,China(Grant no.ZR202111230202).
文摘With the rapid development and widespread adoption of Internet of Things(IoT)technology,the innovative concept of the Internet of Vehicles(IoV)has emerged,ushering in a new era of intelligent transportation.Since vehicles are mobile entities,they move across different domains and need to communicate with the Roadside Unit(RSU)in various regions.However,open environments are highly susceptible to becoming targets for attackers,posing significant risks of malicious attacks.Therefore,it is crucial to design a secure authentication protocol to ensure the security of communication between vehicles and RSUs,particularly in scenarios where vehicles cross domains.In this paper,we propose a provably secure cross-domain authentication and key agreement protocol for IoV.Our protocol comprises two authentication phases:intra-domain authentication and cross-domain authentication.To ensure the security of our protocol,we conducted rigorous analyses based on the ROR(Real-or-Random)model and Scyther.Finally,we show in-depth comparisons of our protocol with existing ones from both security and performance perspectives,fully demonstrating its security and efficiency.
基金Supported by the National Natural Science Foundation of China(Grant No.12031002)。
文摘Accurately identifying key nodes is essential for evaluating network robustness and controlling information propagation in complex network analysis. However, current research methods face limitations in applicability and accuracy. To address these challenges, this study introduces the K-GCN model, which integrates neighborhood k-shell distribution analysis with Graph Convolutional Network(GCN) technology to enhance key node identification in complex networks. The K-GCN model first leverages neighborhood k-shell distributions to calculate entropy values for each node, effectively quantifying node importance within the network. These entropy values are then used as key features within the GCN, which subsequently formulates intelligent strategies to maximize network connectivity disruption by removing a minimal set of nodes, thereby impacting the overall network architecture. Through iterative interactions with the environment, the GCN continuously refines its strategies, achieving precise identification of key nodes in the network. Unlike traditional methods, the K-GCN model not only captures local node features but also integrates the network structure and complex interrelations between neighboring nodes, significantly improving the accuracy and efficiency of key node identification.Experimental validation in multiple real-world network scenarios demonstrates that the K-GCN model outperforms existing methods.
基金Supported by the National Engineering Research Center of Classified Protection and Safeguard Technology for Cybersecurity(No.C23640-XD-07)the Open Foundation of Key Laboratory of Cyberspace Security of Ministry of Education of China and Henan Key Laboratory of Network Cryptography(No.KLCS20240301)。
文摘With the recent advances in quantum computing,the key agreement algorithm based on traditional cryptography theory,which is applied to the Internet of Things(IoT)scenario,will no longer be secure due to the possibility of information leakage.In this paper,we propose a anti-quantum dynamic authenticated group key agreement scheme(AQDA-GKA)according to the ring-learning with errors(RLWE)problem,which is suitable for IoT environments.First,the proposed AQDA-GKA scheme can implement a group key agreement against quantum computing attacks by leveraging an RLWE-based key agreement mechanism.Second,this scheme can achieve dynamic node management,ensuring that any node can freely join or exit the current group.Third,we formally prove that the proposed scheme can resist quantum computing attacks as well as collusion attacks.Finally,the performance and security analysis reveals that the proposed AQDA-GKA scheme is secure and effective.
基金supported by the National Natural Science Foundation of China(Grant Nos.62201276,62350001,U22B2026,and 62425105)the Innovation Program for Quantum Science and Technology(Grant No.2021ZD0300701)the Key R&D Program(Industry Foresight and Key Core Technologies)of Jiangsu Province(Grant No.BE2022071)。
文摘As the cornerstone of future information security,quantum key distribution(QKD)is evolving towards large-scale hybrid discrete-variable/continuous-variable(DV/CV)multi-domain quantum networks.Meanwhile,multicast-oriented multi-party key negotiation is attracting increasing attention in quantum networks.However,the efficient key provision for multicast services over hybrid DV/CV multi-domain quantum networks remains challenging,due to the limited probability of service success and the inefficient utilization of key resources.Targeting these challenges,this study proposes two key-resource-aware multicast-oriented key provision strategies,namely the link distance-resource balanced key provision strategy and the maximum shared link key provision strategy.The proposed strategies are applicable to hybrid DV/CV multi-domain quantum networks,which are typically implemented by GG02-based intra-domain connections and BB84-based inter-domain connections.Furthermore,the multicast-oriented key provision model is formulated,based on which two heuristic algorithms are designed,i.e.,the shared link distance-resource(SLDR)dependent and the maximum shared link distance-resource(MSLDR)dependent multicast-oriented key provision algorithms.Simulation results verify the applicability of the designed algorithms across different multi-domain quantum networks,and demonstrate their superiority over the benchmark algorithms in terms of the success probability of multicast service requests,the number of shared links,and the key resource utilization.
基金funded by Youth Program of Shaanxi Provincial Department of Science and Technology(Grant No.2024JC-YBQN-0630)。
文摘Quantum key distribution(QKD)optical networks can provide more secure communications.However,with the increase of the QKD path requests and key updates,network blocking problems will become severe.The blocking problems in the network can become more severe because each fiber link has limited resources(such as wavelengths and time slots).In addition,QKD optical networks are also affected by external disturbances such as data interception and eavesdropping,resulting in inefficient network communication.In this paper,we exploit the idea of protection path to enhance the anti-interference ability of QKD optical network.By introducing the concept of security metric,we propose a routing wavelength and time slot allocation algorithm(RWTA)based on protection path,which can lessen the blocking problem of QKD optical network.According to simulation analysis,the security-metric-based RWTA algorithm(SM-RWTA)proposed in this paper can substantially improve the success rate of security key(SK)update and significantly reduce the blocking rate of the network.It can also improve the utilization rate of resources such as wavelengths and time slots.Compared with the non-security-metric-based RWTA algorithm(NSM-RWTA),our algorithm is robust and can enhance the anti-interference ability and security of QKD optical networks.
基金supported in part by the National Natural Science Foundation of China(U2441226).
文摘In recent years,intensified environmental pollution and climate change have increasingly exposed the world to natural disasters such as earthquakes and floods,resulting in substantial economic losses[1].These disasters frequently damage terrestrial communication infrastructures,making the rapid deployment of emergency communication networks in affected areas critical in increasing rescue efficiency[2].
基金supported by the National Natural Science Foundation of China(Grant No.61961019)the Youth Key Project of the Natural Science Foundation of Jiangxi Province of China(Grant No.20202ACBL212003).
文摘The identification of key nodes plays an important role in improving the robustness of the transportation network.For different types of transportation networks,the effect of the same identification method may be different.It is of practical significance to study the key nodes identification methods corresponding to various types of transportation networks.Based on the knowledge of complex networks,the metro networks and the bus networks are selected as the objects,and the key nodes are identified by the node degree identification method,the neighbor node degree identification method,the weighted k-shell degree neighborhood identification method(KSD),the degree k-shell identification method(DKS),and the degree k-shell neighborhood identification method(DKSN).Take the network efficiency and the largest connected subgraph as the effective indicators.The results show that the KSD identification method that comprehensively considers the elements has the best recognition effect and has certain practical significance.
基金Supported by the National Natural Science Funda-tion of China (60403027)
文摘In traditional networks , the authentication is performed by certificate authoritys(CA),which can't be built in distributed mobile Ad Hoc Networks however. In this pa per, we propose a fully self-organized public key management based on bidirectional trust model without any centralized authority that allows users to generate their public-private key pairs, to issue certificates, and the trust relation spreads rationally according to the truly human relations. In contrast with the traditional self-organized public-key management, the average certificates paths get more short, the authentication passing rate gets more high and the most important is that the bidirectional trust based model satisfys the trust re quirement of hosts better.
基金This work was supported in part by the National Natural Science Foundation of China under Grant No.61170217,61272469,61303212,61332019,and Grant No.U1135004,and by the Fundamental Research Founds for National University,China University of Geosciences
文摘Vehicle ad-hoc networks have developed rapidly these years,whose security and privacy issues are always concerned widely.In spite of a remarkable research on their security solutions,but in which there still lacks considerations on how to secure vehicleto-vehicle communications,particularly when infrastructure is unavailable.In this paper,we propose a lightweight certificateless and oneround key agreement scheme without pairing,and further prove the security of the proposed scheme in the random oracle model.The proposed scheme is expected to not only resist known attacks with less computation cost,but also as an efficient way to relieve the workload of vehicle-to-vehicle authentication,especially in no available infrastructure circumstance.A comprehensive evaluation,including security analysis,efficiency analysis and simulation evaluation,is presented to confirm the security and feasibility of the proposed scheme.
基金Project supported by the National Natural Science Foundation of China (Grant No 10774039)
文摘Secure key distribution among classical parties is impossible both between two parties and in a network. In this paper, we present a quantum key distribution (QKD) protocol to distribute secure key bits among one quantum party and numerous classical parties who have no quantum capacity. We prove that our protocol is completely robust, i.e., any eavesdropping attack should be detected with nonzero probability. Our calculations show that our protocol may be secure against Eve's symmetrically individual attack.
基金Project supported by National Fundamental Research Program of China (Grant No 2006CB921900)National Natural Science Foundation of China (Grant Nos 60537020 and 60621064)Knowledge Innovation Project of Chinese Academy of Sciences
文摘This paper develops a QKD (quantum key distribution)-based queueing model to investigate the data delay on QKD link and network, especially that based on trusted relays. It shows the mean packet delay performance of the QKD system. Furthermore, it proposes a key buffering policy which could effectively improve the delay performance in practice. The results will be helpful for quality of service in practical QKD systems.
基金the High Technology Research and Development Program of Jiangsu Province (No.BG2005001)Hong Kong Innovation and Technology Fund (No.ITS/99/02).
文摘This study concerns security issues of the emerging Wireless Body Sensor Network (WBSN) formed by biomedical sensors worn on or implanted in the human body for mobile healthcare appli-cations. A novel authenticated symmetric-key establishment scheme is proposed for WBSN,which fully exploits the physiological features obtained by network entities via the body channel available in WBSN but not other wireless networks. The self-defined Intrinsic Shared Secret (ISS) is used to replace the pre-deployment of secrets among network entities,which thus eliminates centralized services or au-thorities essential in existing protocols,and resolves the key transport problem in the pure symmet-ric-key cryptosystem for WBSN as well. The security properties of the proposed scheme are demon-strated in terms of its attack complexity and the types of attacks it can resist. Besides,the scheme can be implemented under a light-weight way in WBSN systems. Due to the importance of the ISS concept,the analysis on using false acceptance/false rejection method to evaluate the performance of ISS for its usage in the scheme is also demonstrated.
基金Supported by the National High-Technology Research and Development Program of China (863 Program)(2006AA01Z422)the National Natural Science Foundation of China(60672102)
文摘This paper develops a general hypercube-based key predistribution scheme for establishing pairwise keys between sensor nodes using polynomials, which is parameterized by the dimension of hypercube and the Hamming distance threshold variables. The scheme addresses the weaknesses of existing key predistribution schemes, which have either worse security or lower efficiency. It exhibits a nice property--when the Hamming distance between any two neighboring sensor nodes is less than the pre-defined threshold, the pairwise key can be established directly. Extensive performance and security analysis shows that by increasing Hamming distance threshold value, we can trade off the resilience against node capture attack for higher probability of direct pairwise key establishment, so as to save the energy consumption which is the most important issue for sensor networks.
文摘Since the QKD network can overcome the distance limitation and expand the point-to-point QKD system to a multi-user key distribution system, some testing QKD networks have been built. However, all of this previous research seldom focused on the routing mechanism of QKD network in detail. Therefore, this paper focuses on the routing issue in trust relaying QKD network, builds a model of the trust relaying QKD network and proposes a secret-key-aware routing method. In our method, a dynamic model for the residual local key is proposed to forecast the residual local key quantity of each QKD link more accurately, and the cost of QKD link and relaying path are defined by multiple affecting factors, e.g. the generation, consumption rate and the local key depletion index. The proposed method is implemented and evaluated in a simulation environment. The simulation results show that our routing method can increase the success rate of key exchange, make all the QKD links participate key exchange with almost equal opportunity to achieve load balance, and trade off the local key generation and consumption of each QKD link. Therefore, our proposed method can contribute to effectively improve the holistic performance of the trust relaying QKD network.
基金supported by National Natural Science Foundation of China Grant No. 60803150, No.60803151the National High Technology Research and Development Program of China under grant Nos.2008AA01Z411+1 种基金the Key Program of NSFC-Guangdong Union Foundation under Grant No.U0835004China Postdoctoral Science Foundation No. 20090451495
文摘Wireless sensor networks are open architectures, so any potential threat can easily intercept, wiretap and counterfeit the information. Therefore, the safety of WSN is very important. Since any single key system cannot guarantee the security of the wireless sensor network for communications, this paper introduces a hierarchical key management scheme based on the different abilities of different sensor nodes in the clustered wireless sensor network. In this scheme, the nodes are distributed into several clusters, and a cluster head must be elected for each cluster. Private communication between cluster heads is realized through the encryption system based on the identity of each head while private communication between cluster nodes in a same cluster head is achieved through the random key preliminary distribution system. Considering the characteristics of WSN, we adopt dynamic means called dynamic cluster key management scheme to deal with master key, so master key will be updated according to the changed dynamic network topology. For cluster head node plays a pivotal role in this scheme, a trust manage-ment system should be introduced into the election of the cluster head which will exclude the malicious node from outside the cluster, thus improve the whole network security.
文摘Internet key exchange (IKE) is an automated key exchange mechanism that is used to facilitate the transfer of IPSec security associations (SAs). Public key infrastructure (PKI) is considered as a key element for providing security to new distributed communication networks and services. In this paper, we concentrate on the properties of the protocol of Phase 1 IKE. After investigating IKE protocol and PKI technology, we combine IKE protocol and PKI and present an implementation scheme of the IKE based on PKI. Then, we give a logic analysis of the proposed protocol with the BAN-logic and discuss the security of the protocol. The result indicates that the protocol is correct and satisfies the security requirements of Internet key exchange.
基金supported by National Key Research and Development Program of China under Grant 2021YFE0205300Tianjin Natural Science Foundation(19JCYBJC15700)。
文摘Secure authentication between user equipment and 5G core network is a critical issue for 5G system.However,the traditional authentication protocol 5 G-AKA and the centralized key database are at risk of several security problems,e.g.key leakage,impersonation attack,MitM attack and single point of failure.In this paper,a blockchain based asymmetric authentication and key agreement protocol(BC-AKA)is proposed for distributed 5G core network.In particular,the key used in the authentication process is replaced from a symmetric key to an asymmetric key,and the database used to store keys in conventional 5G core network is replaced with a blockchain network.A proof of concept system for distributed 5G core network is built based on Ethereum and ECC-Secp256 k1,and the efficiency and effectiveness of the proposed scheme are verified by the experiment results.
基金Project(61100201) supported by National Natural Science Foundation of ChinaProject(12ZZ019) supported by Technology Innovation Research Program,Shang Municipal Education Commission,China+1 种基金Project(LYM11053) supported by the Foundation for Distinguished Young Talents in Higher Education of Guangdong Province,ChinaProject(NCET-12-0358) supported by New Century Excellent Talentsin University,Ministry of Education,China
文摘The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key management scheme is responsible for secure distributing group keys among valid nodes of the group. Based on the key-insulated encryption (KIE), we propose a group key management scheme (KIE-GKMS), which integrates the pair-wise key pre-distribution for WSN. The KIE-GKMS scheme updates group keys dynamically when adding or removing nodes. Moreover, the security analysis proves that the KIE-GKMS scheme not only obtains the semantic security, but also provides the forward and backward security. Finally, the theoretical analysis shows that the KIE-GKMS scheme has constant performance on both communication and storage costs in sensor nodes.
