Accurate time synchronization is fundamental to the correct and efficient operation of Wireless Sensor Networks(WSNs),especially in security-critical,time-sensitive applications.However,most existing protocols degrade...Accurate time synchronization is fundamental to the correct and efficient operation of Wireless Sensor Networks(WSNs),especially in security-critical,time-sensitive applications.However,most existing protocols degrade substantially under malicious interference.We introduce iSTSP,an Intelligent and Secure Time Synchronization Protocol that implements a four-stage defense pipeline to ensure robust,precise synchronization even in hostile environments:(1)trust preprocessing that filters node participation using behavioral trust scoring;(2)anomaly isolation employing a lightweight autoencoder to detect and excise malicious nodes in real time;(3)reliability-weighted consensus that prioritizes high-trust nodes during time aggregation;and(4)convergence-optimized synchronization that dynamically adjusts parameters using theoretical stability bounds.We provide rigorous convergence analysis including a closed-form expression for convergence time,and validate the protocol through both simulations and realworld experiments on a controlled 16-node testbed.Under Sybil attacks with five malicious nodes within this testbed,iSTSP maintains synchronization error increases under 12%and achieves a rapid convergence.Compared to state-ofthe-art protocols like TPSN,SE-FTSP,and MMAR-CTS,iSTSP offers 60%faster detection,broader threat coverage,and more than 7 times lower synchronization error,with a modest 9.3%energy overhead over 8 h.We argue this is an acceptable trade-off for mission-critical deployments requiring guaranteed security.These findings demonstrate iSTSP’s potential as a reliable solution for secure WSN synchronization and motivate future work on large-scale IoT deployments and integration with energy-efficient communication protocols.展开更多
With the rapid advancement of ICT and IoT technologies,the integration of Edge and Fog Computing has become essential to meet the increasing demands for real-time data processing and network efficiency.However,these t...With the rapid advancement of ICT and IoT technologies,the integration of Edge and Fog Computing has become essential to meet the increasing demands for real-time data processing and network efficiency.However,these technologies face critical security challenges,exacerbated by the emergence of quantum computing,which threatens traditional encryption methods.The rise in cyber-attacks targeting IoT and Edge/Fog networks underscores the need for robust,quantum-resistant security solutions.To address these challenges,researchers are focusing on Quantum Key Distribution and Post-Quantum Cryptography,which utilize quantum-resistant algorithms and the principles of quantum mechanics to ensure data confidentiality and integrity.This paper reviews the current security practices in IoT and Edge/Fog environments,explores the latest advancements in QKD and PQC technologies,and discusses their integration into distributed computing systems.Additionally,this paper proposes an enhanced QKD protocol combining the Cascade protocol and Kyber algorithm to address existing limitations.Finally,we highlight future research directions aimed at improving the scalability,efficiency,and practicality of QKD and PQC for securing IoT and Edge/Fog networks against evolving quantum threats.展开更多
The differences among the extended Canetti & Krawezyk 2007 model (ECK2007) and other four models, i.e., the Bellare & Rogaway (1993, 1995)models (BR93,BR95), the Bellare, Pointcheval & Rogaway (2000) model ...The differences among the extended Canetti & Krawezyk 2007 model (ECK2007) and other four models, i.e., the Bellare & Rogaway (1993, 1995)models (BR93,BR95), the Bellare, Pointcheval & Rogaway (2000) model (BPR2000) and the Canetti & Krawczyk (2001) model (CK2001) are given. The relative strength of security among these models is analyzed. To support the implication or non-implication relation among these models, the formal proof or the counter-example is provided.展开更多
In order to transmit the secure messages,a deterministic secure quantum direct communication protocol,called the "Ping-pong"protocol was proposed by Bostrm and Felbinger [Phys.Rev.Lett.89,187902(2002) ].But ...In order to transmit the secure messages,a deterministic secure quantum direct communication protocol,called the "Ping-pong"protocol was proposed by Bostrm and Felbinger [Phys.Rev.Lett.89,187902(2002) ].But the protocol was proved to have many vulnerabilities,and can be attacked by eavesdroppers.To overcome the problem,an improved security detection strategy which inserts the | 0〉,| 1〉,|+〉and |-〉particles into the messages as the decoy particles randomly in the"Ping-pong"protocol is presented.During the security analysis,the method of the entropy theory is introduced,and three detection strategies are compared quantitatively by using the constraint between the information which eavesdroppers can obtain and the interference introduced.Because of the presence of the trap particles |+〉and |-〉,the detection rate will be no less than 25% when Eve attacks the communication.The security analysis result shows that the efficiency of eavesdropping detection in the presented protocol is higher than the other two,so the detection strategy in the protocol can ensure that the "Ping-pong"protocol is more secure.展开更多
Combined public key (CPK) cryptography does not need certificates to guarantee the authenticity of public keys and avoids the inherent key escrow problem of identity-based cryptography. Based on the efficient CPK sc...Combined public key (CPK) cryptography does not need certificates to guarantee the authenticity of public keys and avoids the inherent key escrow problem of identity-based cryptography. Based on the efficient CPK scheme, we present an efficient three-round two-party authenticated key exchange protocol with strong security, which is provably secure in the standard model under the decisional Diffie-Hellman (DDH) assumption. The protocol can keep the session key secret from the adversary except that one party's ephemeral private key and static private key are all revealed to the adversary. Compared to the existing protocols, this protocol not only assures strong security but also is more efficient.展开更多
Provable security has become a popular approach for analyzing the security of cryptographic protocols.However,writing and verifying proofs by hand are prone to errors.This paper advocates the automatic security proof ...Provable security has become a popular approach for analyzing the security of cryptographic protocols.However,writing and verifying proofs by hand are prone to errors.This paper advocates the automatic security proof framework with sequences of games.We make slight modifications to Blanchet's calculus to make it easy for parsing the initial game.The main contribution of this work is that it introduces algebraic properties with observational equivalences to automatic security proofs,and thus can deal with some practical cryptographic schemes with hard problems.We illustrate the use of algebraic properties in the framework by proving the semantic security of the ElGamal encryption scheme.展开更多
This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in d...This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in data networks has been increasing owing to the high cyber attacks and potential risks associated with networks spread over distant geographical locations. The MPLS networks ride on the public network backbone that is porous and highly susceptible to attacks and so the need for reliable security mechanisms to be part of the deployment plan. The evaluation criteria concentrated on Voice over Internet Protocol (VoIP) and Video conferencing with keen interest in jitter, end to end delivery and general data flow. This study used both structured questionnaire and observation methods. The structured questionnaire was administered to a group of 70 VPN users in a company. This provided the study with precise responses. The observation method was used in data simulations using OPNET Version 14.5 Simulation software. The results show that the IPSec features increase the size of data packets by approximately 9.98% translating into approximately 90.02% effectiveness. The tests showed that the performance metrics are all well within the recommended standards. The IPSec Based MPLS Virtual private network is more stable and secure than one without IPSec.展开更多
This work aims to examine the vulnerabilities and threats in the applications of intelligent transport systems,especially collision avoidance protocols.It focuses on achieving the availability of network communication...This work aims to examine the vulnerabilities and threats in the applications of intelligent transport systems,especially collision avoidance protocols.It focuses on achieving the availability of network communication among traveling vehicles.Finally,it aims to find a secure solution to prevent blackhole attacks on vehicular network communications.The proposed solution relies on authenticating vehicles by joining a blockchain network.This technology provides identification information and receives cryptography keys.Moreover,the ad hoc on-demand distance vector(AODV)protocol is used for route discovery and ensuring reliable node communication.The system activates an adaptive mode for monitoring communications and continually adjusts trust scores based on packet delivery performance.From the experimental study,we can infer that the proposed protocol has successfully detected and prevented blackhole attacks for different numbers of simulated vehicles and at different traveling speeds.This reduces accident rates by 60%and increases the packet delivery ratio and the throughput of the connecting network by 40%and 20%,respectively.However,extra overheads in delay and memory are required to create and initialize the blockchain network.展开更多
Ad-hoc networking has mainly been associated with military battlefield networks. Security has received considerably less attention and the issue needs to be addressed before any successful applications will appear. Du...Ad-hoc networking has mainly been associated with military battlefield networks. Security has received considerably less attention and the issue needs to be addressed before any successful applications will appear. Due to the insecure nature of the wireless link and their dynamically changing topology, wireless ad-hoc networks require a careful and security-oriented approach for designing routing protocols. In this paper, an AODV-based secure routing protocol- ENAODV is presented. A speed-optimized digital signature algorithm is integrated into the routing protocol. The protocol algorithm is implemented with NS-2. The security of the protocol is analyzed. The simulating results show that the performances of ENAODV protocol, such as average node energy consumption, packet delay and packet delivery is nearly the same as standard AODV protocol.展开更多
The area of formal verification of protocols has gained substantial importance in the recent years. The research results and subsequent applications have amply demonstrated that the formal verification tools have inde...The area of formal verification of protocols has gained substantial importance in the recent years. The research results and subsequent applications have amply demonstrated that the formal verification tools have indeed helped correct the protocols even after being standardized. However, the standard protocol verification tools and techniques do not verify the security properties of a cryptographic protocol. This has resulted in the emergence of the security protocol verifiers to fill the need. In this paper, taking the two popular security verification tools namely Scyther and ProVerif as the basis, we identify a few security protocols and implement them in both Scyther and ProVerif, to aptly evaluate the tools, in terms of the security properties of the selected protocols. In the process, we not only characteristically present a comparative evaluation of the two tools, but also reveal interesting security properties of the protocols selected, showing their strengths and weaknesses. To the best of our knowledge, this is a unique attempt to juxtapose and evaluate the two verification tools using the selected security protocols.展开更多
Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the...Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the security controls. However, defining enterprise-level security metrics has already been listed as one of the hard problems in the Info Sec Research Council's hard problems list. Almost all the efforts in defining absolute security metrics for the enterprise security have not been proved fruitful. At the same time, with the maturity of the security industry, there has been a continuous emphasis from the regulatory bodies on establishing measurable security metrics. This paper addresses this need and proposes a relative security metric model that derives three quantitative security metrics named Attack Resiliency Measure(ARM), Performance Improvement Factor(PIF), and Cost/Benefit Measure(CBM) for measuring the performance of the security controls. For the effectiveness evaluation of the proposed security metrics, we took the secure virtual machine(VM) migration protocol as the target of assessment. The virtual-ization technologies are rapidly changing the landscape of the computing world. Devising security metrics for virtualized environment is even more challenging. As secure virtual machine migration is an evolving area and no standard protocol is available specifically for secure VM migration. This paper took the secure virtual machine migration protocol as the target of assessment and applied the proposed relative security metric model for measuring the Attack Resiliency Measure, Performance Improvement Factor, and Cost/Benefit Measure of the secure VM migration protocol.展开更多
To analyze the security of two-step quantum direct communication protocol (QDCP) by using Einstein-Podolsky Rosen pair proposed by Deng et al. [Phys. Rev. A 68 (2003)042317] in collective-rotation noise channel, a...To analyze the security of two-step quantum direct communication protocol (QDCP) by using Einstein-Podolsky Rosen pair proposed by Deng et al. [Phys. Rev. A 68 (2003)042317] in collective-rotation noise channel, an excellent model of noise analysis is proposed. In the security analysis, the method of the entropy theory is introduced, and is compared with QDCP, an error rate point Qo(M : (Q0, 1.0)) is given. In different noise levels, if Eve wants to obtain the same amount of information, the error rate Q is distinguishable. The larger the noise level ~ is, the larger the error rate Q is. When the noise level ~ is lower than 11%, the high error rate is 0.153 without eavesdropping. Lastly, the security of the proposed protocol is discussed. It turns out that the quantum channel will be safe when Q 〈 0.153. Similarly, if error rate Q〉 0.153 = Q0, eavesdropping information I 〉 1, which means that there exist eavesdroppers in the quantum channel, and the quantum channel will not be safe anymore.展开更多
We present a model based on Computational Temporal Logic(CTL)methods forverifying security requirements of electronic commerce,protocols.The model describes formally theauthentication,confidentiality integrity,non-rep...We present a model based on Computational Temporal Logic(CTL)methods forverifying security requirements of electronic commerce,protocols.The model describes formally theauthentication,confidentiality integrity,non-repudiation denial of serviee and access control ofthe e-lectronic commerce protocols.We illustrate as case study a variant of the Lu-Smolka protocolproposed by Lu-Smolka Moreover,we have discovered two attacks that allow a dishonest user topurchase a good debiting the amountto another user.And also,we compared our work with relativeresearch works and found lhat the formal way of this paper is more general to specify securityprotocols for E-Commerce.展开更多
With the development of cloud computing technology,more and more data owners upload their local data to the public cloud server for storage and calculation.While this can save customers’operating costs,it also poses ...With the development of cloud computing technology,more and more data owners upload their local data to the public cloud server for storage and calculation.While this can save customers’operating costs,it also poses privacy and security challenges.Such challenges can be solved using secure multi-party computation(SMPC),but this still exposes more security issues.In cloud computing using SMPC,clients need to process their data and submit the processed data to the cloud server,which then performs the calculation and returns the results to each client.Each client and server must be honest.If there is cooperation or dishonest behavior between clients,some clients may profit from it or even disclose the private data of other clients.This paper proposes the SMPC based on a Partially-Homomorphic Encryption(PHE)scheme in which an addition homomorphic encryption algorithm with a lower computational cost is used to ensure data comparability and Zero-Knowledge Proof(ZKP)is used to limit the client’s malicious behavior.In addition,the introduction of Oblivious Transfer(OT)technology also ensures that the semi-honest cloud server knows nothing about private data,so that the cloud server of this scheme can calculate the correct data in the case of malicious participant models and safely return the calculation results to each client.Finally,the security analysis shows that the scheme not only ensures the privacy of participants,but also ensures the fairness of the comparison protocol data.展开更多
The architecture and protocols of Internet can't work well in space environments. To form a reliable and safe space network, characteristics of space communication network one discusse, brief synthesis is performe...The architecture and protocols of Internet can't work well in space environments. To form a reliable and safe space network, characteristics of space communication network one discusse, brief synthesis is performed for consultative committee for space data system (CCSDS) space communications protocol standards (SCPS), and a model accounting for data security problem of space-earth integrated network is provided.展开更多
Lightweight and safety are two essential features for large-scale application of radio frequency identification (RFID) tags. Based on the analysis of potential safety problem of RFID and the characteristics of exist...Lightweight and safety are two essential features for large-scale application of radio frequency identification (RFID) tags. Based on the analysis of potential safety problem of RFID and the characteristics of existing typical authentication protocol, a new low-cost RFID tags authentication protocol was proposed. The performance of the new protocol was analyzed. The results show that the protocol can resist replay attacks and concurrent attacks and has nontracking, authenticity, and service availability. In addition, the protocol can also reduce the storage of tags and computation burden to meet the application requirements of low-cost tags.展开更多
Two common kinds of security mechanisms used in session initial protocol (S1P) are analyzed. An improved HTTP digest authentication scheme is put forward based on the existing SIP authentication theories. This mecha...Two common kinds of security mechanisms used in session initial protocol (S1P) are analyzed. An improved HTTP digest authentication scheme is put forward based on the existing SIP authentication theories. This mechanism is combined with the merits of the HTTP digest authentication and the public key encryption, so the communicating parties complete two-way authentication and public key exchange in pre-calling, and the session key can be randomly generated in post-calling. The mixture of security encryption mechanism with public key encryption and symmetric-key encryption algorithm can ensure the security for network communication data. The emulation of the scheme is verified, and the security analysis is conducted in the end. The researches show that the simulations efficiency of this method is about 78% of HTTP's, and it can prevent four kinds of attacks including impersonating a server, offline password guessing attacks, relay-attack, and session monitoring.展开更多
In this paper, we propose a partially non-cryptographic security routing protocol (PNCSR) that protects both routing and data forwarding operations through the same reactive approach. PNCSR only apply public-key cry...In this paper, we propose a partially non-cryptographic security routing protocol (PNCSR) that protects both routing and data forwarding operations through the same reactive approach. PNCSR only apply public-key cryptographic system in managing token, but it doesn't utilize any cryptographic primitives on the routing messages. In PNCSR, each node is fair. Local neighboring nodes collaboratively monitor each other and sustain each other. It also uses a novel credit strategy which additively increases the token lifetime each time a node renews its token. We also analyze the storage, computation, and communication overhead of PNCSR, and provide a simple yet meaningful overhead comparison. Finally, the simulation results show the effectiveness of PNCSR in various situations.展开更多
The wireless application protocol (WAP) protocol is now the leading standard for information services on wireless terminals like digital mobile phones. By the use of WAP, wireless devices, like mobile phones, are po...The wireless application protocol (WAP) protocol is now the leading standard for information services on wireless terminals like digital mobile phones. By the use of WAP, wireless devices, like mobile phones, are possibly infected with virus and worms. Though up to now there is no such attack, as the usage of script languages increases, there is a chance of malicious code injection. This paper discusses the threats with current WAP protocol, and how changes in the protocol and the increase in its usage will enable entry of real viruses. Future threat scenarios are presented along with suggestions to avoid these problems.展开更多
Group key exchange protocols are basic protocols to provide privacy and integrity in secure group communication. This paper discusses the security of one type of group key exchange protocols and defines the kind of pr...Group key exchange protocols are basic protocols to provide privacy and integrity in secure group communication. This paper discusses the security of one type of group key exchange protocols and defines the kind of protocols as broadcaster group protocols. It points out two attacks on this kind of protocols. The first attack can be avoided by using fresh values in each action during one session of the group protocol. The second attack should be related with concrete application. It also proposes a dynamic key agreement protocol as an example of solutions at the last part of the paper.展开更多
基金this project under Geran Putra Inisiatif(GPI)with reference of GP-GPI/2023/976210。
文摘Accurate time synchronization is fundamental to the correct and efficient operation of Wireless Sensor Networks(WSNs),especially in security-critical,time-sensitive applications.However,most existing protocols degrade substantially under malicious interference.We introduce iSTSP,an Intelligent and Secure Time Synchronization Protocol that implements a four-stage defense pipeline to ensure robust,precise synchronization even in hostile environments:(1)trust preprocessing that filters node participation using behavioral trust scoring;(2)anomaly isolation employing a lightweight autoencoder to detect and excise malicious nodes in real time;(3)reliability-weighted consensus that prioritizes high-trust nodes during time aggregation;and(4)convergence-optimized synchronization that dynamically adjusts parameters using theoretical stability bounds.We provide rigorous convergence analysis including a closed-form expression for convergence time,and validate the protocol through both simulations and realworld experiments on a controlled 16-node testbed.Under Sybil attacks with five malicious nodes within this testbed,iSTSP maintains synchronization error increases under 12%and achieves a rapid convergence.Compared to state-ofthe-art protocols like TPSN,SE-FTSP,and MMAR-CTS,iSTSP offers 60%faster detection,broader threat coverage,and more than 7 times lower synchronization error,with a modest 9.3%energy overhead over 8 h.We argue this is an acceptable trade-off for mission-critical deployments requiring guaranteed security.These findings demonstrate iSTSP’s potential as a reliable solution for secure WSN synchronization and motivate future work on large-scale IoT deployments and integration with energy-efficient communication protocols.
基金supported by the National Research Foundation of Korea(NRF)funded by theMinistry of Science and ICT(2022K1A3A1A61014825)。
文摘With the rapid advancement of ICT and IoT technologies,the integration of Edge and Fog Computing has become essential to meet the increasing demands for real-time data processing and network efficiency.However,these technologies face critical security challenges,exacerbated by the emergence of quantum computing,which threatens traditional encryption methods.The rise in cyber-attacks targeting IoT and Edge/Fog networks underscores the need for robust,quantum-resistant security solutions.To address these challenges,researchers are focusing on Quantum Key Distribution and Post-Quantum Cryptography,which utilize quantum-resistant algorithms and the principles of quantum mechanics to ensure data confidentiality and integrity.This paper reviews the current security practices in IoT and Edge/Fog environments,explores the latest advancements in QKD and PQC technologies,and discusses their integration into distributed computing systems.Additionally,this paper proposes an enhanced QKD protocol combining the Cascade protocol and Kyber algorithm to address existing limitations.Finally,we highlight future research directions aimed at improving the scalability,efficiency,and practicality of QKD and PQC for securing IoT and Edge/Fog networks against evolving quantum threats.
文摘The differences among the extended Canetti & Krawezyk 2007 model (ECK2007) and other four models, i.e., the Bellare & Rogaway (1993, 1995)models (BR93,BR95), the Bellare, Pointcheval & Rogaway (2000) model (BPR2000) and the Canetti & Krawczyk (2001) model (CK2001) are given. The relative strength of security among these models is analyzed. To support the implication or non-implication relation among these models, the formal proof or the counter-example is provided.
基金supported by Specialized Research Fund for the Doctoral Program of Higher Education of China under Grant No.20060013007National Natural Science Foundation of Beijing under Grant No.4092029National Natural Science Foundation of China under Grant No.60873001
文摘In order to transmit the secure messages,a deterministic secure quantum direct communication protocol,called the "Ping-pong"protocol was proposed by Bostrm and Felbinger [Phys.Rev.Lett.89,187902(2002) ].But the protocol was proved to have many vulnerabilities,and can be attacked by eavesdroppers.To overcome the problem,an improved security detection strategy which inserts the | 0〉,| 1〉,|+〉and |-〉particles into the messages as the decoy particles randomly in the"Ping-pong"protocol is presented.During the security analysis,the method of the entropy theory is introduced,and three detection strategies are compared quantitatively by using the constraint between the information which eavesdroppers can obtain and the interference introduced.Because of the presence of the trap particles |+〉and |-〉,the detection rate will be no less than 25% when Eve attacks the communication.The security analysis result shows that the efficiency of eavesdropping detection in the presented protocol is higher than the other two,so the detection strategy in the protocol can ensure that the "Ping-pong"protocol is more secure.
基金Supported by the Key Laboratory Foundation of Communication Technology of China (9140C1103040902)
文摘Combined public key (CPK) cryptography does not need certificates to guarantee the authenticity of public keys and avoids the inherent key escrow problem of identity-based cryptography. Based on the efficient CPK scheme, we present an efficient three-round two-party authenticated key exchange protocol with strong security, which is provably secure in the standard model under the decisional Diffie-Hellman (DDH) assumption. The protocol can keep the session key secret from the adversary except that one party's ephemeral private key and static private key are all revealed to the adversary. Compared to the existing protocols, this protocol not only assures strong security but also is more efficient.
基金National High Technical Research and Development Program of China(863 program)under Grant No. 2007AA01Z471
文摘Provable security has become a popular approach for analyzing the security of cryptographic protocols.However,writing and verifying proofs by hand are prone to errors.This paper advocates the automatic security proof framework with sequences of games.We make slight modifications to Blanchet's calculus to make it easy for parsing the initial game.The main contribution of this work is that it introduces algebraic properties with observational equivalences to automatic security proofs,and thus can deal with some practical cryptographic schemes with hard problems.We illustrate the use of algebraic properties in the framework by proving the semantic security of the ElGamal encryption scheme.
文摘This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in data networks has been increasing owing to the high cyber attacks and potential risks associated with networks spread over distant geographical locations. The MPLS networks ride on the public network backbone that is porous and highly susceptible to attacks and so the need for reliable security mechanisms to be part of the deployment plan. The evaluation criteria concentrated on Voice over Internet Protocol (VoIP) and Video conferencing with keen interest in jitter, end to end delivery and general data flow. This study used both structured questionnaire and observation methods. The structured questionnaire was administered to a group of 70 VPN users in a company. This provided the study with precise responses. The observation method was used in data simulations using OPNET Version 14.5 Simulation software. The results show that the IPSec features increase the size of data packets by approximately 9.98% translating into approximately 90.02% effectiveness. The tests showed that the performance metrics are all well within the recommended standards. The IPSec Based MPLS Virtual private network is more stable and secure than one without IPSec.
文摘This work aims to examine the vulnerabilities and threats in the applications of intelligent transport systems,especially collision avoidance protocols.It focuses on achieving the availability of network communication among traveling vehicles.Finally,it aims to find a secure solution to prevent blackhole attacks on vehicular network communications.The proposed solution relies on authenticating vehicles by joining a blockchain network.This technology provides identification information and receives cryptography keys.Moreover,the ad hoc on-demand distance vector(AODV)protocol is used for route discovery and ensuring reliable node communication.The system activates an adaptive mode for monitoring communications and continually adjusts trust scores based on packet delivery performance.From the experimental study,we can infer that the proposed protocol has successfully detected and prevented blackhole attacks for different numbers of simulated vehicles and at different traveling speeds.This reduces accident rates by 60%and increases the packet delivery ratio and the throughput of the connecting network by 40%and 20%,respectively.However,extra overheads in delay and memory are required to create and initialize the blockchain network.
基金This work was supported by China Nature Science Fund .Serial No.60073059and60273078
文摘Ad-hoc networking has mainly been associated with military battlefield networks. Security has received considerably less attention and the issue needs to be addressed before any successful applications will appear. Due to the insecure nature of the wireless link and their dynamically changing topology, wireless ad-hoc networks require a careful and security-oriented approach for designing routing protocols. In this paper, an AODV-based secure routing protocol- ENAODV is presented. A speed-optimized digital signature algorithm is integrated into the routing protocol. The protocol algorithm is implemented with NS-2. The security of the protocol is analyzed. The simulating results show that the performances of ENAODV protocol, such as average node energy consumption, packet delay and packet delivery is nearly the same as standard AODV protocol.
文摘The area of formal verification of protocols has gained substantial importance in the recent years. The research results and subsequent applications have amply demonstrated that the formal verification tools have indeed helped correct the protocols even after being standardized. However, the standard protocol verification tools and techniques do not verify the security properties of a cryptographic protocol. This has resulted in the emergence of the security protocol verifiers to fill the need. In this paper, taking the two popular security verification tools namely Scyther and ProVerif as the basis, we identify a few security protocols and implement them in both Scyther and ProVerif, to aptly evaluate the tools, in terms of the security properties of the selected protocols. In the process, we not only characteristically present a comparative evaluation of the two tools, but also reveal interesting security properties of the protocols selected, showing their strengths and weaknesses. To the best of our knowledge, this is a unique attempt to juxtapose and evaluate the two verification tools using the selected security protocols.
文摘Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the security controls. However, defining enterprise-level security metrics has already been listed as one of the hard problems in the Info Sec Research Council's hard problems list. Almost all the efforts in defining absolute security metrics for the enterprise security have not been proved fruitful. At the same time, with the maturity of the security industry, there has been a continuous emphasis from the regulatory bodies on establishing measurable security metrics. This paper addresses this need and proposes a relative security metric model that derives three quantitative security metrics named Attack Resiliency Measure(ARM), Performance Improvement Factor(PIF), and Cost/Benefit Measure(CBM) for measuring the performance of the security controls. For the effectiveness evaluation of the proposed security metrics, we took the secure virtual machine(VM) migration protocol as the target of assessment. The virtual-ization technologies are rapidly changing the landscape of the computing world. Devising security metrics for virtualized environment is even more challenging. As secure virtual machine migration is an evolving area and no standard protocol is available specifically for secure VM migration. This paper took the secure virtual machine migration protocol as the target of assessment and applied the proposed relative security metric model for measuring the Attack Resiliency Measure, Performance Improvement Factor, and Cost/Benefit Measure of the secure VM migration protocol.
基金Supported by the National Natural Science Foundation of China under Grant Nos 61472048,61402058,61272511,61472046,61202082 and 61370194the Beijing Natural Science Foundation under Grant No 4152038the China Postdoctoral Science Foundation Funded Project under Grant No 2014M561826
文摘To analyze the security of two-step quantum direct communication protocol (QDCP) by using Einstein-Podolsky Rosen pair proposed by Deng et al. [Phys. Rev. A 68 (2003)042317] in collective-rotation noise channel, an excellent model of noise analysis is proposed. In the security analysis, the method of the entropy theory is introduced, and is compared with QDCP, an error rate point Qo(M : (Q0, 1.0)) is given. In different noise levels, if Eve wants to obtain the same amount of information, the error rate Q is distinguishable. The larger the noise level ~ is, the larger the error rate Q is. When the noise level ~ is lower than 11%, the high error rate is 0.153 without eavesdropping. Lastly, the security of the proposed protocol is discussed. It turns out that the quantum channel will be safe when Q 〈 0.153. Similarly, if error rate Q〉 0.153 = Q0, eavesdropping information I 〉 1, which means that there exist eavesdroppers in the quantum channel, and the quantum channel will not be safe anymore.
基金Supported by the Natural Science Foundation ofthe Department of Education of Guangdong Province(Z03001)
文摘We present a model based on Computational Temporal Logic(CTL)methods forverifying security requirements of electronic commerce,protocols.The model describes formally theauthentication,confidentiality integrity,non-repudiation denial of serviee and access control ofthe e-lectronic commerce protocols.We illustrate as case study a variant of the Lu-Smolka protocolproposed by Lu-Smolka Moreover,we have discovered two attacks that allow a dishonest user topurchase a good debiting the amountto another user.And also,we compared our work with relativeresearch works and found lhat the formal way of this paper is more general to specify securityprotocols for E-Commerce.
基金supported by the National Natural Science Foundation of China under Grant No.(62202118.61962009)And in part by Natural Science Foundation of Shandong Province(ZR2021MF086)+1 种基金And in part by Top Technology Talent Project from Guizhou Education Department(Qian jiao ji[2022]073)And in part by Foundation of Guangxi Key Laboratory of Cryptography and Information Security(GCIS202118).
文摘With the development of cloud computing technology,more and more data owners upload their local data to the public cloud server for storage and calculation.While this can save customers’operating costs,it also poses privacy and security challenges.Such challenges can be solved using secure multi-party computation(SMPC),but this still exposes more security issues.In cloud computing using SMPC,clients need to process their data and submit the processed data to the cloud server,which then performs the calculation and returns the results to each client.Each client and server must be honest.If there is cooperation or dishonest behavior between clients,some clients may profit from it or even disclose the private data of other clients.This paper proposes the SMPC based on a Partially-Homomorphic Encryption(PHE)scheme in which an addition homomorphic encryption algorithm with a lower computational cost is used to ensure data comparability and Zero-Knowledge Proof(ZKP)is used to limit the client’s malicious behavior.In addition,the introduction of Oblivious Transfer(OT)technology also ensures that the semi-honest cloud server knows nothing about private data,so that the cloud server of this scheme can calculate the correct data in the case of malicious participant models and safely return the calculation results to each client.Finally,the security analysis shows that the scheme not only ensures the privacy of participants,but also ensures the fairness of the comparison protocol data.
文摘The architecture and protocols of Internet can't work well in space environments. To form a reliable and safe space network, characteristics of space communication network one discusse, brief synthesis is performed for consultative committee for space data system (CCSDS) space communications protocol standards (SCPS), and a model accounting for data security problem of space-earth integrated network is provided.
基金Supported by the Natural Science Foundation of China(6097011561003268)
文摘Lightweight and safety are two essential features for large-scale application of radio frequency identification (RFID) tags. Based on the analysis of potential safety problem of RFID and the characteristics of existing typical authentication protocol, a new low-cost RFID tags authentication protocol was proposed. The performance of the new protocol was analyzed. The results show that the protocol can resist replay attacks and concurrent attacks and has nontracking, authenticity, and service availability. In addition, the protocol can also reduce the storage of tags and computation burden to meet the application requirements of low-cost tags.
基金Supported by the Central University Basic Research Special Fund Operating Expenses(2011ZM0033)
文摘Two common kinds of security mechanisms used in session initial protocol (S1P) are analyzed. An improved HTTP digest authentication scheme is put forward based on the existing SIP authentication theories. This mechanism is combined with the merits of the HTTP digest authentication and the public key encryption, so the communicating parties complete two-way authentication and public key exchange in pre-calling, and the session key can be randomly generated in post-calling. The mixture of security encryption mechanism with public key encryption and symmetric-key encryption algorithm can ensure the security for network communication data. The emulation of the scheme is verified, and the security analysis is conducted in the end. The researches show that the simulations efficiency of this method is about 78% of HTTP's, and it can prevent four kinds of attacks including impersonating a server, offline password guessing attacks, relay-attack, and session monitoring.
基金Supported bythe National Natural Science Foundationof China (60403027)
文摘In this paper, we propose a partially non-cryptographic security routing protocol (PNCSR) that protects both routing and data forwarding operations through the same reactive approach. PNCSR only apply public-key cryptographic system in managing token, but it doesn't utilize any cryptographic primitives on the routing messages. In PNCSR, each node is fair. Local neighboring nodes collaboratively monitor each other and sustain each other. It also uses a novel credit strategy which additively increases the token lifetime each time a node renews its token. We also analyze the storage, computation, and communication overhead of PNCSR, and provide a simple yet meaningful overhead comparison. Finally, the simulation results show the effectiveness of PNCSR in various situations.
文摘The wireless application protocol (WAP) protocol is now the leading standard for information services on wireless terminals like digital mobile phones. By the use of WAP, wireless devices, like mobile phones, are possibly infected with virus and worms. Though up to now there is no such attack, as the usage of script languages increases, there is a chance of malicious code injection. This paper discusses the threats with current WAP protocol, and how changes in the protocol and the increase in its usage will enable entry of real viruses. Future threat scenarios are presented along with suggestions to avoid these problems.
基金Supported by the National Natural Science Foun-dation of China (90104005 ,60473023) the National High Tech-nology Research and Development Programof China (863 Program)(2002AA41051)
文摘Group key exchange protocols are basic protocols to provide privacy and integrity in secure group communication. This paper discusses the security of one type of group key exchange protocols and defines the kind of protocols as broadcaster group protocols. It points out two attacks on this kind of protocols. The first attack can be avoided by using fresh values in each action during one session of the group protocol. The second attack should be related with concrete application. It also proposes a dynamic key agreement protocol as an example of solutions at the last part of the paper.
