Industrial IoT(IIoT)aims to enhance services provided by various industries,such as manufacturing and product processing.IIoT suffers from various challenges,and security is one of the key challenge among those challe...Industrial IoT(IIoT)aims to enhance services provided by various industries,such as manufacturing and product processing.IIoT suffers from various challenges,and security is one of the key challenge among those challenges.Authentication and access control are two notable challenges for any IIoT based industrial deployment.Any IoT based Industry 4.0 enterprise designs networks between hundreds of tiny devices such as sensors,actuators,fog devices and gateways.Thus,articulating a secure authentication protocol between sensing devices or a sensing device and user devices is an essential step in IoT security.In this paper,first,we present cryptanalysis for the certificate-based scheme proposed for a similar environment by Das et al.and prove that their scheme is vulnerable to various traditional attacks such as device anonymity,MITM,and DoS.We then put forward an interdevice authentication scheme using an ECC(Elliptic Curve Cryptography)that is highly secure and lightweight compared to other existing schemes for a similar environment.Furthermore,we set forth a formal security analysis using the random oracle-based ROR model and informal security analysis over the Doleve-Yao channel.In this paper,we present comparison of the proposed scheme with existing schemes based on communication cost,computation cost and security index to prove that the proposed EBAKE-SE is highly efficient,reliable,and trustworthy compared to other existing schemes for an inter-device authentication.At long last,we present an implementation for the proposed EBAKE-SE using MQTT protocol.展开更多
The expanding and ubiquitous availability of the Internet of Things(IoT)have changed everyone’s life easier and more convenient.Same time it also offers a number of issues,such as effectiveness,security,and excessive...The expanding and ubiquitous availability of the Internet of Things(IoT)have changed everyone’s life easier and more convenient.Same time it also offers a number of issues,such as effectiveness,security,and excessive power consumption,which constitute a danger to intelligent IoT-based apps.Group managing is primarily used for transmitting and multi-pathing communications that are secured with a general group key and it can only be decrypted by an authorized group member.A centralized trustworthy system,which is in charge of key distribution and upgrades,is used to maintain group keys.To provide longitudinal access controls,Software Defined Network(SDN)based security controllers are employed for group administration services.Cloud service providers provide a variety of security features.There are just a few software security answers available.In the proposed system,a hybrid protocols were used in SDN and it embeds edge system to improve the security in the group communication.Tree-based algorithms compared with Group Key Establishment(GKE)and Multivariate public key cryptosystem with Broadcast Encryption in the proposed system.When all factors are considered,Broadcast Encryption(BE)appears to become the most logical solution to the issue.BE enables an initiator to send encrypted messages to a large set of recipients in a efficient and productive way,meanwhile assuring that the data can only be decrypted by defining characteristic.The proposed method improves the security,efficiency of the system and reduces the power consumption and minimizes the cost.展开更多
With the exponential growth of intelligent Internet of Things(IoT)applications,Cloud-Edge(CE)paradigm is emerging as a solution that facilitates resource-efficient and timely services.However,it remains an underlying ...With the exponential growth of intelligent Internet of Things(IoT)applications,Cloud-Edge(CE)paradigm is emerging as a solution that facilitates resource-efficient and timely services.However,it remains an underlying issue that frequent end-edgecloud communication is over a public or adversarycontrolled channel.Additionally,with the presence of resource-constrained devices,it’s imperative to conduct the secure communication mechanism,while still guaranteeing efficiency.Physical unclonable functions(PUF)emerge as promising lightweight security primitives.Thus,we first construct a PUF-based security mechanism for vulnerable IoT devices.Further,a provably secure and PUF-based authentication key agreement scheme is proposed for establishing the secure channel in end-edge-cloud empowered IoT,without requiring pre-loaded master keys.The security of our scheme is rigorously proven through formal security analysis under the random oracle model,and security verification using AVISPA tool.The comprehensive security features are also elaborated.Moreover,the numerical results demonstrate that the proposed scheme outperforms existing related schemes in terms of computational and communication efficiency.展开更多
Group communication is widely used by most of the emerging network applications like telecommunication,video conferencing,simulation applications,distributed and other interactive systems.Secured group communication p...Group communication is widely used by most of the emerging network applications like telecommunication,video conferencing,simulation applications,distributed and other interactive systems.Secured group communication plays a vital role in case of providing the integrity,authenticity,confidentiality,and availability of the message delivered among the group members with respect to communicate securely between the inter group or else within the group.In secure group communications,the time cost associated with the key updating in the proceedings of the member join and departure is an important aspect of the quality of service,particularly in the large groups with highly active membership.Hence,the paper is aimed to achieve better cost and time efficiency through an improved DC multicast routing protocol which is used to expose the path between the nodes participating in the group communication.During this process,each node constructs an adaptive Ptolemy decision tree for the purpose of generating the contributory key.Each of the node is comprised of three keys which will be exchanged between the nodes for considering the group key for the purpose of secure and cost-efficient group communication.The rekeying process is performed when a member leaves or adds into the group.The performance metrics of novel approach is measured depending on the important factors such as computational and communicational cost,rekeying process and formation of the group.It is concluded from the study that the technique has reduced the computational and communicational cost of the secure group communication when compared to the other existing methods.展开更多
This paper proposes an adaptively secure solution to certificateless distributed key encapsulation mechanism from pairings by using Canetti's adaptive secure key generation scheme based on discrete logarithm. The pro...This paper proposes an adaptively secure solution to certificateless distributed key encapsulation mechanism from pairings by using Canetti's adaptive secure key generation scheme based on discrete logarithm. The proposed scheme can withstand adaptive attackers that can choose players for corruption at any time during the run of the protocol, and this kind of attack is powerful and realistic. In contrast, all previously presented threshold certificateless public key cryptosystems are proven secure against the more idealized static adversaries only. They choose and fix the subset of target players before running the protocol. We also prove security of this scheme in the random oracle model.展开更多
The key exchange is a fundamental building block in the cryptography. Several provable security models for the key exchange protocol are proposed. To determine the exact properties required by the protocols, a single ...The key exchange is a fundamental building block in the cryptography. Several provable security models for the key exchange protocol are proposed. To determine the exact properties required by the protocols, a single unified security model is essential, The eCK , eCK and CK models are examined and the result is proved that the eCK' model is the strongest provable security model for the key exchange. The relative security strength among these models is analyzed. To support the implication or non-implication relations among these models, the formal proofs and the counter-examples are given.展开更多
We present a quantum secure imaging(QSI) scheme based on the phase encoding and weak+vacuum decoy-state BB84 protocol of quantum key distribution(QKD). It allows us to implement a computational ghost imaging(CGI) syst...We present a quantum secure imaging(QSI) scheme based on the phase encoding and weak+vacuum decoy-state BB84 protocol of quantum key distribution(QKD). It allows us to implement a computational ghost imaging(CGI) system with more simplified equipment and reconstructed algorithm by using a digital micro-mirror device(DMD) to preset the specific spatial distribution of the light intensity. What is more, the quantum bit error rate(QBER) and the secure key rate analytical functions of QKD are used to see through the intercept-resend jamming attacks and ensure the authenticity of the imaging information. In the experiment, we obtained the image of the object quickly and efficiently by measuring the signal photon counts with a single-photon detector(SPD), and achieved a secure key rate of 571.0 bps and a secure QBER of 3.99%, which is well below the lower bound of QBER of 14.51%. Besides, our imaging system uses a laser with invisible wavelength of 1550 nm, whose intensity is as low as single-photon, that can realize weak-light imaging and is immune to the stray light or air turbulence, thus it will become a better choice for quantum security radar against intercept-resend jamming attacks.展开更多
This paper considers a decomposition framework as a mechanism for information hiding for secure communication via open network channels. Two varieties of this framework are provided: one is based on Gaussian arithmeti...This paper considers a decomposition framework as a mechanism for information hiding for secure communication via open network channels. Two varieties of this framework are provided: one is based on Gaussian arithmetic with complex modulus and another on an elliptic curve modular equation. The proposed algorithm is illustrated in a numerical example.展开更多
To guarantee the security of communication in the public channel, many key agreement protocols have been proposed. Recently, Gong et al. proposed a key agreement protocol based on chaotic maps with password sharing. I...To guarantee the security of communication in the public channel, many key agreement protocols have been proposed. Recently, Gong et al. proposed a key agreement protocol based on chaotic maps with password sharing. In this paper, Gong et al.'s protocol is analyzed, and we find that this protocol exhibits key management issues and potential security problems. Furthermore, the paper presents a new key agreement protocol based on enhanced Chebyshev polynomials to overcome these problems. Through our analysis, our key agreement protocol not only provides mutual authentication and the ability to resist a variety of conarnon attacks, but also solve the problems of key management and security issues existing in Gong et al.' s protocol.展开更多
Quantum key distribution(QKD)is recognized as an unconditionally secure method of communication encryption,relying solely on the principles of quantum mechanics.A key performance metric for QKD systems is secure key r...Quantum key distribution(QKD)is recognized as an unconditionally secure method of communication encryption,relying solely on the principles of quantum mechanics.A key performance metric for QKD systems is secure key rate(SKR),which is a critical factor for real-world applications.Herein,we report a practical QKD system,equipped with compact gated InGaAs/InP single-photon detectors(SPDs),that can generate a high SKR of 15.2 Mb/s with a channel loss of 2 dB.This exceptional performance stems from the ultra-low afterpulsing probability of the SPDs,which significantly reduces the bit error rate in the QKD system.The typical quantum bit error rate is 1.3%.The results validate the feasibility of an integrated,practical QKD system and offer a reliable solution for the future development of real-world QKD networks.展开更多
Group key management is one of the basic building blocks in securing group communication.A number of solutions to group key exchange have been proposed,but most of them are not scalable and,in particular,require at le...Group key management is one of the basic building blocks in securing group communication.A number of solutions to group key exchange have been proposed,but most of them are not scalable and,in particular,require at least 0(log n) communication rounds.We formally present a constant -round Identity-based protocol with forward secrecy for group key exchange,which is provably secure in the security model introduced by Bresson et al.Our protocol focuses on round efficiency and the number of communication round is only one greater than the lower bound presented by Becker and Wille.And,the protocol provides a batch verification technique,which simultaneously verifies the validity of messages from other group participants and greatly improves computational efficiency.Moreover,in our protocol,it is no necessary of always-online key generation center during the execution of the protocol compared to other Identity-based protocols.展开更多
Several muhicast key management schemes such as those proposed by Wallner et al and Wong et al are based on a multilevel, logical hierarchy (or tree) of key-encrypting keys. When used in conjunction with a reliahle ...Several muhicast key management schemes such as those proposed by Wallner et al and Wong et al are based on a multilevel, logical hierarchy (or tree) of key-encrypting keys. When used in conjunction with a reliahle muhicast infrastructure, this approach results in a highly efficient key update mechanism in which the number of muhicast messages transmitted upon a membership update is proportional to the depth of the tree, which is logarithmic to the size of the secure muhicast group. But this is based on the hypothesis that the tree is maintained in a balanced manner. This paper proposes a scalable rekeying scheme---link-tree structure for implementing secure group communication. Theoretical calculation and experimentation show that this scheme has better performance than the tree structure and the star structure, and at the same time still keep the link-tree structure balanced.展开更多
Cryptography is the study that provides security service. It concerns with confidentiality, integrity, and authentication. Public key cryptography provides an enormous revolution in the field of the cryptosystem. It u...Cryptography is the study that provides security service. It concerns with confidentiality, integrity, and authentication. Public key cryptography provides an enormous revolution in the field of the cryptosystem. It uses two different keys where keys are related in such a way that, the public key can use to encrypt the message and private key can be used to decrypt the message. This paper proposed an enhanced and modified approach of RSA cryptosystem based on “n” distinct prime number. This existence of “n” prime number increases the difficulty of the factoring of the variable “N” which increases the complexity of the algorithm. In this approach, two different public key and private key generated from the large factor of the variable “N” and perform a double encryption-decryption operation which affords more security. Experiment on a set of a random number provided that the key generation time, analysis of variable “N”, encryption and decryption will take a long time compared to traditional RSA. Thus, this approach is more efficient, highly secured and not easily breakable.展开更多
The advent of quantum computing poses a significant challenge to traditional cryptographic protocols,particularly those used in SecureMultiparty Computation(MPC),a fundamental cryptographic primitive for privacypreser...The advent of quantum computing poses a significant challenge to traditional cryptographic protocols,particularly those used in SecureMultiparty Computation(MPC),a fundamental cryptographic primitive for privacypreserving computation.Classical MPC relies on cryptographic techniques such as homomorphic encryption,secret sharing,and oblivious transfer,which may become vulnerable in the post-quantum era due to the computational power of quantum adversaries.This study presents a review of 140 peer-reviewed articles published between 2000 and 2025 that used different databases like MDPI,IEEE Explore,Springer,and Elsevier,examining the applications,types,and security issues with the solution of Quantum computing in different fields.This review explores the impact of quantum computing on MPC security,assesses emerging quantum-resistant MPC protocols,and examines hybrid classicalquantum approaches aimed at mitigating quantum threats.We analyze the role of Quantum Key Distribution(QKD),post-quantum cryptography(PQC),and quantum homomorphic encryption in securing multiparty computations.Additionally,we discuss the challenges of scalability,computational efficiency,and practical deployment of quantumsecure MPC frameworks in real-world applications such as privacy-preserving AI,secure blockchain transactions,and confidential data analysis.This review provides insights into the future research directions and open challenges in ensuring secure,scalable,and quantum-resistant multiparty computation.展开更多
The ubiquitous adoption of mobile devices as essential platforms for sensitive data transmission has heightened the demand for secure client-server communication.Although various authentication and key agreement proto...The ubiquitous adoption of mobile devices as essential platforms for sensitive data transmission has heightened the demand for secure client-server communication.Although various authentication and key agreement protocols have been developed,current approaches are constrained by homogeneous cryptosystem frameworks,namely public key infrastructure(PKI),identity-based cryptography(IBC),or certificateless cryptography(CLC),each presenting limitations in client-server architectures.Specifically,PKI incurs certificate management overhead,IBC introduces key escrow risks,and CLC encounters cross-system interoperability challenges.To overcome these shortcomings,this study introduces a heterogeneous signcryption-based authentication and key agreement protocol that synergistically integrates IBC for client operations(eliminating PKI’s certificate dependency)with CLC for server implementation(mitigating IBC’s key escrow issue while preserving efficiency).Rigorous security analysis under the mBR(modified Bellare-Rogaway)model confirms the protocol’s resistance to adaptive chosen-ciphertext attacks.Quantitative comparisons demonstrate that the proposed protocol achieves 10.08%–71.34%lower communication overhead than existing schemes across multiple security levels(80-,112-,and 128-bit)compared to existing protocols.展开更多
Unmanned Aerial Vehicles(UAVs)in Flying Ad-Hoc Networks(FANETs)are widely used in both civilian and military fields,but they face severe security,trust,and privacy vulnerabilities due to their high mobility,dynamic to...Unmanned Aerial Vehicles(UAVs)in Flying Ad-Hoc Networks(FANETs)are widely used in both civilian and military fields,but they face severe security,trust,and privacy vulnerabilities due to their high mobility,dynamic topology,and open wireless channels.Existing security protocols for Mobile Ad-Hoc Networks(MANETs)cannot be directly applied to FANETs,as FANETs require lightweight,high real-time performance,and strong anonymity.The current FANETs security protocol cannot simultaneously meet the requirements of strong anonymity,high security,and low overhead in high dynamic and resource-constrained scenarios.To address these challenges,this paper proposes an Anonymous Authentication and Key Exchange Protocol(AAKE-OWA)for UAVs in FANETs based on OneWay Accumulators(OWA).During the UAV registration phase,the Key Management Center(KMC)generates an identity ticket for each UAV using OWA and transmits it securely to the UAV’s on-board tamper-proof module.In the key exchange phase,UAVs generate temporary authentication tickets with random numbers and compute the same session key leveraging the quasi-commutativity of OWA.For mutual anonymous authentication,UAVs encrypt random numbers with the session key and verify identities by comparing computed values with authentication values.Formal analysis using the Scyther tool confirms that the protocol resists identity spoofing,man-in-the-middle,and replay attacks.Through Burrows Abadi Needham(BAN)logic proof,it achieves mutual anonymity,prevents simulation and physical capture attacks,and ensures secure connectivity of 1.Experimental comparisons with existing protocols prove that the AAKE-OWA protocol has lower computational overhead,communication overhead,and storage overhead,making it more suitable for resource-constrained FANET scenarios.Performance comparison experiments show that,compared with other schemes,this scheme only requires 8 one-way accumulator operations and 4 symmetric encryption/decryption operations,with a total computational overhead as low as 2.3504 ms,a communication overhead of merely 1216 bits,and a storage overhead of 768 bits.We have achieved a reduction in computational costs from 6.3%to 90.3%,communication costs from 5.0%to 69.1%,and overall storage costs from 33%to 68%compared to existing solutions.It can meet the performance requirements of lightweight,real-time,and anonymity for unmanned aerial vehicles(UAVs)networks.展开更多
Quantum key distribution(QKD)is a method for secure communication that utilizes quantum mechanics principles to distribute cryptographic keys between parties.Integrated photonics offer benefits such as compactness,sca...Quantum key distribution(QKD)is a method for secure communication that utilizes quantum mechanics principles to distribute cryptographic keys between parties.Integrated photonics offer benefits such as compactness,scalability,energy efficiency and the potential for extensive integration.We have achieved BB84 phase encoding and decoding,time-bin phase QKD,and the coherent one-way(COW)protocol on a planar lightwave circuit(PLC)platform.At the optimal temperature,our chip successfully prepared quantum states,performed decoding and calculated the secure key rate of the time-bin phasedecoding QKD to be 80.46 kbps over a 20 km transmission with a quantum bit error rate(QBER)of 4.23%.The secure key rate of the COW protocol was 18.18 kbps,with a phase error rate of 3.627%and a time error rate of 0.377%.The uniqueness of this technology lies in its combination of high integration and protocol flexibility,providing an innovative solution for the development of future quantum communication networks.展开更多
In the process of quantum key distribution(QKD), the communicating parties need to randomly determine quantum states and measurement bases. To ensure the security of key distribution, we aim to use true random sequenc...In the process of quantum key distribution(QKD), the communicating parties need to randomly determine quantum states and measurement bases. To ensure the security of key distribution, we aim to use true random sequences generated by true random number generators as the source of randomness. In practical systems, due to the difficulty of obtaining true random numbers, pseudo-random number generators are used instead. Although the random numbers generated by pseudorandom number generators are statistically random, meeting the requirements of uniform distribution and independence,they rely on an initial seed to generate corresponding pseudo-random sequences. Attackers may predict future elements from the initial elements of the random sequence, posing a security risk to quantum key distribution. This paper analyzes the problems existing in current pseudo-random number generators and proposes corresponding attack methods and applicable scenarios based on the vulnerabilities in the pseudo-random sequence generation process. Under certain conditions, it is possible to obtain the keys of the communicating parties with very low error rates, thus effectively attacking the quantum key system. This paper presents new requirements for the use of random numbers in quantum key systems, which can effectively guide the security evaluation of quantum key distribution protocols.展开更多
The Optical Transport Network(OTN)is a protocol for sending network messaging over optical fiber networks.Intelligent optical networks provide an ideal solution for high-bandwidth services.Currently,data encryption sc...The Optical Transport Network(OTN)is a protocol for sending network messaging over optical fiber networks.Intelligent optical networks provide an ideal solution for high-bandwidth services.Currently,data encryption schemes for OTN typically rely on mathematical problems such as elliptic curve cryptography or discrete logarithms,which are vulnerable to attacks by quantum computers.This paper investigates a quantum-secure OTN Framework that integrates Quantum Key Distribution(QKD)and Post-Quantum Cryptography(PQC)technologies,enabling OTN leased lines to resist quantum attacks.This framework can provide users with highly secure quantum-encrypted OTN leased lines services.展开更多
Quantum key distribution(QKD)optical networks can provide more secure communications.However,with the increase of the QKD path requests and key updates,network blocking problems will become severe.The blocking problem...Quantum key distribution(QKD)optical networks can provide more secure communications.However,with the increase of the QKD path requests and key updates,network blocking problems will become severe.The blocking problems in the network can become more severe because each fiber link has limited resources(such as wavelengths and time slots).In addition,QKD optical networks are also affected by external disturbances such as data interception and eavesdropping,resulting in inefficient network communication.In this paper,we exploit the idea of protection path to enhance the anti-interference ability of QKD optical network.By introducing the concept of security metric,we propose a routing wavelength and time slot allocation algorithm(RWTA)based on protection path,which can lessen the blocking problem of QKD optical network.According to simulation analysis,the security-metric-based RWTA algorithm(SM-RWTA)proposed in this paper can substantially improve the success rate of security key(SK)update and significantly reduce the blocking rate of the network.It can also improve the utilization rate of resources such as wavelengths and time slots.Compared with the non-security-metric-based RWTA algorithm(NSM-RWTA),our algorithm is robust and can enhance the anti-interference ability and security of QKD optical networks.展开更多
基金supported by the Researchers Supporting Project(No.RSP-2021/395)King Saud University,Riyadh,Saudi Arabia.
文摘Industrial IoT(IIoT)aims to enhance services provided by various industries,such as manufacturing and product processing.IIoT suffers from various challenges,and security is one of the key challenge among those challenges.Authentication and access control are two notable challenges for any IIoT based industrial deployment.Any IoT based Industry 4.0 enterprise designs networks between hundreds of tiny devices such as sensors,actuators,fog devices and gateways.Thus,articulating a secure authentication protocol between sensing devices or a sensing device and user devices is an essential step in IoT security.In this paper,first,we present cryptanalysis for the certificate-based scheme proposed for a similar environment by Das et al.and prove that their scheme is vulnerable to various traditional attacks such as device anonymity,MITM,and DoS.We then put forward an interdevice authentication scheme using an ECC(Elliptic Curve Cryptography)that is highly secure and lightweight compared to other existing schemes for a similar environment.Furthermore,we set forth a formal security analysis using the random oracle-based ROR model and informal security analysis over the Doleve-Yao channel.In this paper,we present comparison of the proposed scheme with existing schemes based on communication cost,computation cost and security index to prove that the proposed EBAKE-SE is highly efficient,reliable,and trustworthy compared to other existing schemes for an inter-device authentication.At long last,we present an implementation for the proposed EBAKE-SE using MQTT protocol.
文摘The expanding and ubiquitous availability of the Internet of Things(IoT)have changed everyone’s life easier and more convenient.Same time it also offers a number of issues,such as effectiveness,security,and excessive power consumption,which constitute a danger to intelligent IoT-based apps.Group managing is primarily used for transmitting and multi-pathing communications that are secured with a general group key and it can only be decrypted by an authorized group member.A centralized trustworthy system,which is in charge of key distribution and upgrades,is used to maintain group keys.To provide longitudinal access controls,Software Defined Network(SDN)based security controllers are employed for group administration services.Cloud service providers provide a variety of security features.There are just a few software security answers available.In the proposed system,a hybrid protocols were used in SDN and it embeds edge system to improve the security in the group communication.Tree-based algorithms compared with Group Key Establishment(GKE)and Multivariate public key cryptosystem with Broadcast Encryption in the proposed system.When all factors are considered,Broadcast Encryption(BE)appears to become the most logical solution to the issue.BE enables an initiator to send encrypted messages to a large set of recipients in a efficient and productive way,meanwhile assuring that the data can only be decrypted by defining characteristic.The proposed method improves the security,efficiency of the system and reduces the power consumption and minimizes the cost.
基金supported by the National Key Research and Development Program of China,“Joint Research of IoT Security System and Key Technologies Based on Quantum Key,”under project number 2020YFE0200600.
文摘With the exponential growth of intelligent Internet of Things(IoT)applications,Cloud-Edge(CE)paradigm is emerging as a solution that facilitates resource-efficient and timely services.However,it remains an underlying issue that frequent end-edgecloud communication is over a public or adversarycontrolled channel.Additionally,with the presence of resource-constrained devices,it’s imperative to conduct the secure communication mechanism,while still guaranteeing efficiency.Physical unclonable functions(PUF)emerge as promising lightweight security primitives.Thus,we first construct a PUF-based security mechanism for vulnerable IoT devices.Further,a provably secure and PUF-based authentication key agreement scheme is proposed for establishing the secure channel in end-edge-cloud empowered IoT,without requiring pre-loaded master keys.The security of our scheme is rigorously proven through formal security analysis under the random oracle model,and security verification using AVISPA tool.The comprehensive security features are also elaborated.Moreover,the numerical results demonstrate that the proposed scheme outperforms existing related schemes in terms of computational and communication efficiency.
文摘Group communication is widely used by most of the emerging network applications like telecommunication,video conferencing,simulation applications,distributed and other interactive systems.Secured group communication plays a vital role in case of providing the integrity,authenticity,confidentiality,and availability of the message delivered among the group members with respect to communicate securely between the inter group or else within the group.In secure group communications,the time cost associated with the key updating in the proceedings of the member join and departure is an important aspect of the quality of service,particularly in the large groups with highly active membership.Hence,the paper is aimed to achieve better cost and time efficiency through an improved DC multicast routing protocol which is used to expose the path between the nodes participating in the group communication.During this process,each node constructs an adaptive Ptolemy decision tree for the purpose of generating the contributory key.Each of the node is comprised of three keys which will be exchanged between the nodes for considering the group key for the purpose of secure and cost-efficient group communication.The rekeying process is performed when a member leaves or adds into the group.The performance metrics of novel approach is measured depending on the important factors such as computational and communicational cost,rekeying process and formation of the group.It is concluded from the study that the technique has reduced the computational and communicational cost of the secure group communication when compared to the other existing methods.
基金the National Basic Research Program(973)of China(No.2007CB311201)the National High Technology Research and Development Program(863) of China(Nos.2006AA01Z422,2007AA01Z456)
文摘This paper proposes an adaptively secure solution to certificateless distributed key encapsulation mechanism from pairings by using Canetti's adaptive secure key generation scheme based on discrete logarithm. The proposed scheme can withstand adaptive attackers that can choose players for corruption at any time during the run of the protocol, and this kind of attack is powerful and realistic. In contrast, all previously presented threshold certificateless public key cryptosystems are proven secure against the more idealized static adversaries only. They choose and fix the subset of target players before running the protocol. We also prove security of this scheme in the random oracle model.
基金Supported by the National High Technology Research and Development Program of China("863"Program)(2006AA706103)~~
文摘The key exchange is a fundamental building block in the cryptography. Several provable security models for the key exchange protocol are proposed. To determine the exact properties required by the protocols, a single unified security model is essential, The eCK , eCK and CK models are examined and the result is proved that the eCK' model is the strongest provable security model for the key exchange. The relative security strength among these models is analyzed. To support the implication or non-implication relations among these models, the formal proofs and the counter-examples are given.
文摘We present a quantum secure imaging(QSI) scheme based on the phase encoding and weak+vacuum decoy-state BB84 protocol of quantum key distribution(QKD). It allows us to implement a computational ghost imaging(CGI) system with more simplified equipment and reconstructed algorithm by using a digital micro-mirror device(DMD) to preset the specific spatial distribution of the light intensity. What is more, the quantum bit error rate(QBER) and the secure key rate analytical functions of QKD are used to see through the intercept-resend jamming attacks and ensure the authenticity of the imaging information. In the experiment, we obtained the image of the object quickly and efficiently by measuring the signal photon counts with a single-photon detector(SPD), and achieved a secure key rate of 571.0 bps and a secure QBER of 3.99%, which is well below the lower bound of QBER of 14.51%. Besides, our imaging system uses a laser with invisible wavelength of 1550 nm, whose intensity is as low as single-photon, that can realize weak-light imaging and is immune to the stray light or air turbulence, thus it will become a better choice for quantum security radar against intercept-resend jamming attacks.
文摘This paper considers a decomposition framework as a mechanism for information hiding for secure communication via open network channels. Two varieties of this framework are provided: one is based on Gaussian arithmetic with complex modulus and another on an elliptic curve modular equation. The proposed algorithm is illustrated in a numerical example.
基金Project supported by the National Natural Science Foundation of China(Grant Nos.61370145,61173183,and 60973152)the Doctoral Program Foundation of Institution of Higher Education of China(Grant No.20070141014)+2 种基金the Program for Excellent Talents in Universities of Liaoning Province,China(Grant No.LR2012003)the Natural Science Foundation of Liaoning Province,China(Grant No.20082165)the Fundamental Research Funds for the Central Universities of China(Grant No.DUT12JB06)
文摘To guarantee the security of communication in the public channel, many key agreement protocols have been proposed. Recently, Gong et al. proposed a key agreement protocol based on chaotic maps with password sharing. In this paper, Gong et al.'s protocol is analyzed, and we find that this protocol exhibits key management issues and potential security problems. Furthermore, the paper presents a new key agreement protocol based on enhanced Chebyshev polynomials to overcome these problems. Through our analysis, our key agreement protocol not only provides mutual authentication and the ability to resist a variety of conarnon attacks, but also solve the problems of key management and security issues existing in Gong et al.' s protocol.
基金supported by the Innovation Program for Quantum Science and Technology(Grant No.2024ZD0302500)the National Natural Science Foundation of China(Grant No.62250710162)the Beijing Natural Science Foundation(Grant No.Z230005)。
文摘Quantum key distribution(QKD)is recognized as an unconditionally secure method of communication encryption,relying solely on the principles of quantum mechanics.A key performance metric for QKD systems is secure key rate(SKR),which is a critical factor for real-world applications.Herein,we report a practical QKD system,equipped with compact gated InGaAs/InP single-photon detectors(SPDs),that can generate a high SKR of 15.2 Mb/s with a channel loss of 2 dB.This exceptional performance stems from the ultra-low afterpulsing probability of the SPDs,which significantly reduces the bit error rate in the QKD system.The typical quantum bit error rate is 1.3%.The results validate the feasibility of an integrated,practical QKD system and offer a reliable solution for the future development of real-world QKD networks.
基金supported by the National Natural Science Foundation of China(Grant No.90204012)the National "863" High-tech Project of China(Grant No.2002AA143021)
文摘Group key management is one of the basic building blocks in securing group communication.A number of solutions to group key exchange have been proposed,but most of them are not scalable and,in particular,require at least 0(log n) communication rounds.We formally present a constant -round Identity-based protocol with forward secrecy for group key exchange,which is provably secure in the security model introduced by Bresson et al.Our protocol focuses on round efficiency and the number of communication round is only one greater than the lower bound presented by Becker and Wille.And,the protocol provides a batch verification technique,which simultaneously verifies the validity of messages from other group participants and greatly improves computational efficiency.Moreover,in our protocol,it is no necessary of always-online key generation center during the execution of the protocol compared to other Identity-based protocols.
基金Sponsored by the National Natural Science Foundation of China (Grant No.60203012) and Shanghai Rising-Star Program in Science and Technology (Grant No.02QD14027).
文摘Several muhicast key management schemes such as those proposed by Wallner et al and Wong et al are based on a multilevel, logical hierarchy (or tree) of key-encrypting keys. When used in conjunction with a reliahle muhicast infrastructure, this approach results in a highly efficient key update mechanism in which the number of muhicast messages transmitted upon a membership update is proportional to the depth of the tree, which is logarithmic to the size of the secure muhicast group. But this is based on the hypothesis that the tree is maintained in a balanced manner. This paper proposes a scalable rekeying scheme---link-tree structure for implementing secure group communication. Theoretical calculation and experimentation show that this scheme has better performance than the tree structure and the star structure, and at the same time still keep the link-tree structure balanced.
文摘Cryptography is the study that provides security service. It concerns with confidentiality, integrity, and authentication. Public key cryptography provides an enormous revolution in the field of the cryptosystem. It uses two different keys where keys are related in such a way that, the public key can use to encrypt the message and private key can be used to decrypt the message. This paper proposed an enhanced and modified approach of RSA cryptosystem based on “n” distinct prime number. This existence of “n” prime number increases the difficulty of the factoring of the variable “N” which increases the complexity of the algorithm. In this approach, two different public key and private key generated from the large factor of the variable “N” and perform a double encryption-decryption operation which affords more security. Experiment on a set of a random number provided that the key generation time, analysis of variable “N”, encryption and decryption will take a long time compared to traditional RSA. Thus, this approach is more efficient, highly secured and not easily breakable.
文摘The advent of quantum computing poses a significant challenge to traditional cryptographic protocols,particularly those used in SecureMultiparty Computation(MPC),a fundamental cryptographic primitive for privacypreserving computation.Classical MPC relies on cryptographic techniques such as homomorphic encryption,secret sharing,and oblivious transfer,which may become vulnerable in the post-quantum era due to the computational power of quantum adversaries.This study presents a review of 140 peer-reviewed articles published between 2000 and 2025 that used different databases like MDPI,IEEE Explore,Springer,and Elsevier,examining the applications,types,and security issues with the solution of Quantum computing in different fields.This review explores the impact of quantum computing on MPC security,assesses emerging quantum-resistant MPC protocols,and examines hybrid classicalquantum approaches aimed at mitigating quantum threats.We analyze the role of Quantum Key Distribution(QKD),post-quantum cryptography(PQC),and quantum homomorphic encryption in securing multiparty computations.Additionally,we discuss the challenges of scalability,computational efficiency,and practical deployment of quantumsecure MPC frameworks in real-world applications such as privacy-preserving AI,secure blockchain transactions,and confidential data analysis.This review provides insights into the future research directions and open challenges in ensuring secure,scalable,and quantum-resistant multiparty computation.
基金supported by the Key Project of Science and Technology Research by Chongqing Education Commission under Grant KJZD-K202400610the Chongqing Natural Science Foundation General Project Grant CSTB2025NSCQ-GPX1263.
文摘The ubiquitous adoption of mobile devices as essential platforms for sensitive data transmission has heightened the demand for secure client-server communication.Although various authentication and key agreement protocols have been developed,current approaches are constrained by homogeneous cryptosystem frameworks,namely public key infrastructure(PKI),identity-based cryptography(IBC),or certificateless cryptography(CLC),each presenting limitations in client-server architectures.Specifically,PKI incurs certificate management overhead,IBC introduces key escrow risks,and CLC encounters cross-system interoperability challenges.To overcome these shortcomings,this study introduces a heterogeneous signcryption-based authentication and key agreement protocol that synergistically integrates IBC for client operations(eliminating PKI’s certificate dependency)with CLC for server implementation(mitigating IBC’s key escrow issue while preserving efficiency).Rigorous security analysis under the mBR(modified Bellare-Rogaway)model confirms the protocol’s resistance to adaptive chosen-ciphertext attacks.Quantitative comparisons demonstrate that the proposed protocol achieves 10.08%–71.34%lower communication overhead than existing schemes across multiple security levels(80-,112-,and 128-bit)compared to existing protocols.
基金supported in part by National Natural Science Foundation of China(under Grant 61902163)the Jiangsu“Qing Lan Project”,Natural Science Foundation of the Jiangsu Higher Education Institutions of China(Major Research Project:23KJA520007)Postgraduate Research&Practice Innovation Program of Jiangsu Province(No.SJCX25_1303).
文摘Unmanned Aerial Vehicles(UAVs)in Flying Ad-Hoc Networks(FANETs)are widely used in both civilian and military fields,but they face severe security,trust,and privacy vulnerabilities due to their high mobility,dynamic topology,and open wireless channels.Existing security protocols for Mobile Ad-Hoc Networks(MANETs)cannot be directly applied to FANETs,as FANETs require lightweight,high real-time performance,and strong anonymity.The current FANETs security protocol cannot simultaneously meet the requirements of strong anonymity,high security,and low overhead in high dynamic and resource-constrained scenarios.To address these challenges,this paper proposes an Anonymous Authentication and Key Exchange Protocol(AAKE-OWA)for UAVs in FANETs based on OneWay Accumulators(OWA).During the UAV registration phase,the Key Management Center(KMC)generates an identity ticket for each UAV using OWA and transmits it securely to the UAV’s on-board tamper-proof module.In the key exchange phase,UAVs generate temporary authentication tickets with random numbers and compute the same session key leveraging the quasi-commutativity of OWA.For mutual anonymous authentication,UAVs encrypt random numbers with the session key and verify identities by comparing computed values with authentication values.Formal analysis using the Scyther tool confirms that the protocol resists identity spoofing,man-in-the-middle,and replay attacks.Through Burrows Abadi Needham(BAN)logic proof,it achieves mutual anonymity,prevents simulation and physical capture attacks,and ensures secure connectivity of 1.Experimental comparisons with existing protocols prove that the AAKE-OWA protocol has lower computational overhead,communication overhead,and storage overhead,making it more suitable for resource-constrained FANET scenarios.Performance comparison experiments show that,compared with other schemes,this scheme only requires 8 one-way accumulator operations and 4 symmetric encryption/decryption operations,with a total computational overhead as low as 2.3504 ms,a communication overhead of merely 1216 bits,and a storage overhead of 768 bits.We have achieved a reduction in computational costs from 6.3%to 90.3%,communication costs from 5.0%to 69.1%,and overall storage costs from 33%to 68%compared to existing solutions.It can meet the performance requirements of lightweight,real-time,and anonymity for unmanned aerial vehicles(UAVs)networks.
基金supported by the Innovation Program for Quantum Science and Technology(Grant No.2021ZD0300701)the National Key Research and Development Program of China(Grant No.2018YFA0306403)the Strategic Priority Research Program of Chinese Academy of Sciences(Grant No.XDB43000000).
文摘Quantum key distribution(QKD)is a method for secure communication that utilizes quantum mechanics principles to distribute cryptographic keys between parties.Integrated photonics offer benefits such as compactness,scalability,energy efficiency and the potential for extensive integration.We have achieved BB84 phase encoding and decoding,time-bin phase QKD,and the coherent one-way(COW)protocol on a planar lightwave circuit(PLC)platform.At the optimal temperature,our chip successfully prepared quantum states,performed decoding and calculated the secure key rate of the time-bin phasedecoding QKD to be 80.46 kbps over a 20 km transmission with a quantum bit error rate(QBER)of 4.23%.The secure key rate of the COW protocol was 18.18 kbps,with a phase error rate of 3.627%and a time error rate of 0.377%.The uniqueness of this technology lies in its combination of high integration and protocol flexibility,providing an innovative solution for the development of future quantum communication networks.
文摘In the process of quantum key distribution(QKD), the communicating parties need to randomly determine quantum states and measurement bases. To ensure the security of key distribution, we aim to use true random sequences generated by true random number generators as the source of randomness. In practical systems, due to the difficulty of obtaining true random numbers, pseudo-random number generators are used instead. Although the random numbers generated by pseudorandom number generators are statistically random, meeting the requirements of uniform distribution and independence,they rely on an initial seed to generate corresponding pseudo-random sequences. Attackers may predict future elements from the initial elements of the random sequence, posing a security risk to quantum key distribution. This paper analyzes the problems existing in current pseudo-random number generators and proposes corresponding attack methods and applicable scenarios based on the vulnerabilities in the pseudo-random sequence generation process. Under certain conditions, it is possible to obtain the keys of the communicating parties with very low error rates, thus effectively attacking the quantum key system. This paper presents new requirements for the use of random numbers in quantum key systems, which can effectively guide the security evaluation of quantum key distribution protocols.
基金National Development and Reform Commission(NDRC)New-Generation Information Infrastructure Construction Project:National Wide-Area Quantum Secure Communication Backbone Network Construction Project(0747-2260SCCSHV90(001))。
文摘The Optical Transport Network(OTN)is a protocol for sending network messaging over optical fiber networks.Intelligent optical networks provide an ideal solution for high-bandwidth services.Currently,data encryption schemes for OTN typically rely on mathematical problems such as elliptic curve cryptography or discrete logarithms,which are vulnerable to attacks by quantum computers.This paper investigates a quantum-secure OTN Framework that integrates Quantum Key Distribution(QKD)and Post-Quantum Cryptography(PQC)technologies,enabling OTN leased lines to resist quantum attacks.This framework can provide users with highly secure quantum-encrypted OTN leased lines services.
基金funded by Youth Program of Shaanxi Provincial Department of Science and Technology(Grant No.2024JC-YBQN-0630)。
文摘Quantum key distribution(QKD)optical networks can provide more secure communications.However,with the increase of the QKD path requests and key updates,network blocking problems will become severe.The blocking problems in the network can become more severe because each fiber link has limited resources(such as wavelengths and time slots).In addition,QKD optical networks are also affected by external disturbances such as data interception and eavesdropping,resulting in inefficient network communication.In this paper,we exploit the idea of protection path to enhance the anti-interference ability of QKD optical network.By introducing the concept of security metric,we propose a routing wavelength and time slot allocation algorithm(RWTA)based on protection path,which can lessen the blocking problem of QKD optical network.According to simulation analysis,the security-metric-based RWTA algorithm(SM-RWTA)proposed in this paper can substantially improve the success rate of security key(SK)update and significantly reduce the blocking rate of the network.It can also improve the utilization rate of resources such as wavelengths and time slots.Compared with the non-security-metric-based RWTA algorithm(NSM-RWTA),our algorithm is robust and can enhance the anti-interference ability and security of QKD optical networks.
