The static and predictable characteristics of cyber systems give attackers an asymmetric advantage in gathering useful information and launching attacks.To reverse this asymmetric advantage,a new defense idea,called M...The static and predictable characteristics of cyber systems give attackers an asymmetric advantage in gathering useful information and launching attacks.To reverse this asymmetric advantage,a new defense idea,called Moving Target Defense(MTD),has been proposed to provide additional selectable measures to complement traditional defense.However,MTD is unable to defeat the sophisticated attacker with fingerprint tracking ability.To overcome this limitation,we go one step beyond and show that the combination of MTD and Deception-based Cyber Defense(DCD)can achieve higher performance than either of them.In particular,we first introduce and formalize a novel attacker model named Scan and Foothold Attack(SFA)based on cyber kill chain.Afterwards,we develop probabilistic models for SFA defenses to provide a deeper analysis of the theoretical effect under different defense strategies.These models quantify attack success probability and the probability that the attacker will be deceived under various conditions,such as the size of address space,and the number of hosts,attack analysis time.Finally,the experimental results show that the actual defense effect of each strategy almost perfectly follows its probabilistic model.Also,the defense strategy of combining address mutation and fingerprint camouflage can achieve a better defense effect than the single address mutation.展开更多
Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approac...Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approach by distributing authentication services to edge authentication gateways and servers,facilitated by blockchain technology,thus aligning with the decentralized ethos of Web3 infrastructure.Additionally,we enhance device security against physical and cloning attacks by integrating physical unclonable functions with certificateless cryptography,bolstering the integrity of Internet of Thins(IoT)devices within the evolving landscape of the metaverse.To achieve dynamic anonymity and ensure privacy within Web3 environments,we employ fuzzy extractor technology,allowing for updates to pseudonymous identity identifiers while maintaining key consistency.The proposed protocol ensures continuous and secure identity authentication for IoT devices in practical applications,effectively addressing the pressing security concerns inherent in IoT network environments and contributing to the development of robust security infrastructure essential for the proliferation of IoT devices across diverse settings.展开更多
Wireless sensor networks are open architectures, so any potential threat can easily intercept, wiretap and counterfeit the information. Therefore, the safety of WSN is very important. Since any single key system canno...Wireless sensor networks are open architectures, so any potential threat can easily intercept, wiretap and counterfeit the information. Therefore, the safety of WSN is very important. Since any single key system cannot guarantee the security of the wireless sensor network for communications, this paper introduces a hierarchical key management scheme based on the different abilities of different sensor nodes in the clustered wireless sensor network. In this scheme, the nodes are distributed into several clusters, and a cluster head must be elected for each cluster. Private communication between cluster heads is realized through the encryption system based on the identity of each head while private communication between cluster nodes in a same cluster head is achieved through the random key preliminary distribution system. Considering the characteristics of WSN, we adopt dynamic means called dynamic cluster key management scheme to deal with master key, so master key will be updated according to the changed dynamic network topology. For cluster head node plays a pivotal role in this scheme, a trust manage-ment system should be introduced into the election of the cluster head which will exclude the malicious node from outside the cluster, thus improve the whole network security.展开更多
In Wireless Sensor Networks(WSNs),polling can obviously improve the throughput and decrease average access delay by allocating bandwidth efficiently and reasonably.In this paper,a Dynamic Polling Media Access Control ...In Wireless Sensor Networks(WSNs),polling can obviously improve the throughput and decrease average access delay by allocating bandwidth efficiently and reasonably.In this paper,a Dynamic Polling Media Access Control (DPMAC) scheme designed according to WSNs' features is proposed.DPMAC is a priority based access control protocol with the characteristics that its polling table is dynamically refreshed depending on whether the sensor node is active and that the bandwidth is dynamically allocated according to the traffic types.The access priorities are determined by the emergency levels of events and the scheduler proposed in our MAC is preemptive based on the deadline of the events.Simulation results show that DPMAC can efficiently utilize bandwidth and decrease average access delay and response time for emergency events with different access priorities in WSNs.展开更多
Resilience against node capture is one of the main indicators of the key pre-distribution security in sensor networks.On providing the attack model and the definition of the resilience against node capture of sensor n...Resilience against node capture is one of the main indicators of the key pre-distribution security in sensor networks.On providing the attack model and the definition of the resilience against node capture of sensor networks,the resilience of basic random key pre-distribution,Q-composite random key pre-distribution and their reinforced schemes are analyzed and compared in depth.Research results show that the size of key pool,the numbers of the keys stored in nodes and the value of Q determine the resilience of random key pre-distribution.The tradeoff between the resilience,security connectivity and costs in sensor networks is presented.These researches lay a foundation on the design of the secure protocol and the algorithm in the specific application environment of sensor networks.展开更多
In the wireless sensor networks, high efficient data routing for the limited energy resource networks is an important issue. By introducing Antcolony algorithm, this paper proposes the wireless sensor network routing ...In the wireless sensor networks, high efficient data routing for the limited energy resource networks is an important issue. By introducing Antcolony algorithm, this paper proposes the wireless sensor network routing algorithm based on LEACH. During the construction of sensor network clusters, to avoid the node premature death because of the energy consumption, only the nodes whose residual energy is higher than the average energy can be chosen as the cluster heads. The method of repeated division is used to divide the clusters in sensor networks so that the numbers of the nodes in each cluster are balanced. The basic thought of ant-colony algorithm is adopted to realize the data routing between the cluster heads and sink nodes, and the maintenance of routing. The analysis and simulation showed that the proposed routing protocol not only can reduce the energy consumption, balance the energy consumption between nodes, but also prolong the network lifetime.展开更多
This paper gives a comprehensive method to do Elliptic Curve Scalar Multiplication with only x-coordinate. Explicit point operation formulae for all types of defining equations of the curves are derived. For each type...This paper gives a comprehensive method to do Elliptic Curve Scalar Multiplication with only x-coordinate. Explicit point operation formulae for all types of defining equations of the curves are derived. For each type of curve, the performance is analyzed. The formulae are applied in Montgomery Ladder to get scalar multiplication algorithm operated with only x-coordinate. The new scalar multiplication has the same security level and computation amount with protected binary scalar multiplication (PBSM) against side channel attack, and has the advantages of higher security and little memory needed.展开更多
This paper presents a digital rights management model, which considers the integrated factors including legality, communication security, integrity of the content, and trading fairness. The architecture of the model, ...This paper presents a digital rights management model, which considers the integrated factors including legality, communication security, integrity of the content, and trading fairness. The architecture of the model, the necessary protocol for the copyright control and content distribution, the authentication mechanism which offer consumption registration for content fair distribution, of the model are all provided. The scheme also provides distribution and evidence for using the copyright of digital content fairly and effectively. Finally, analysis shows the proposed model has both high security and good performance.展开更多
基金supported by the National Key Research and Development Program of China(No.2016YFB0800601)the Key Program of NSFC-Tongyong Union Foundation(No.U1636209)+1 种基金the National Natural Science Foundation of China(61602358)the Key Research and Development Programs of Shaanxi(No.2019ZDLGY13-04,No.2019ZDLGY13-07)。
文摘The static and predictable characteristics of cyber systems give attackers an asymmetric advantage in gathering useful information and launching attacks.To reverse this asymmetric advantage,a new defense idea,called Moving Target Defense(MTD),has been proposed to provide additional selectable measures to complement traditional defense.However,MTD is unable to defeat the sophisticated attacker with fingerprint tracking ability.To overcome this limitation,we go one step beyond and show that the combination of MTD and Deception-based Cyber Defense(DCD)can achieve higher performance than either of them.In particular,we first introduce and formalize a novel attacker model named Scan and Foothold Attack(SFA)based on cyber kill chain.Afterwards,we develop probabilistic models for SFA defenses to provide a deeper analysis of the theoretical effect under different defense strategies.These models quantify attack success probability and the probability that the attacker will be deceived under various conditions,such as the size of address space,and the number of hosts,attack analysis time.Finally,the experimental results show that the actual defense effect of each strategy almost perfectly follows its probabilistic model.Also,the defense strategy of combining address mutation and fingerprint camouflage can achieve a better defense effect than the single address mutation.
基金supported by the National Key Research and Development Program of China under Grant No.2021YFB2700600the National Natural Science Foundation of China under Grant No.62132013+5 种基金the Key Research and Development Programs of Shaanxi under Grant Nos.S2024-YF-YBGY-1540 and 2021ZDLGY06-03the Basic Strengthening Plan Program under Grant No.2023-JCJQ-JJ-0772the Key-Area Research and Development Program of Guangdong Province under Grant No.2021B0101400003Hong Kong RGC Research Impact Fund under Grant Nos.R5060-19 and R5034-18Areas of Excellence Scheme under Grant No.Ao E/E-601/22-RGeneral Research Fund under Grant Nos.152203/20E,152244/21E,152169/22E and152228/23E。
文摘Traditional methods of identity authentication often rely on centralized architectures,which poses risks of computational overload and single points of failure.We propose a protocol that offers a decentralized approach by distributing authentication services to edge authentication gateways and servers,facilitated by blockchain technology,thus aligning with the decentralized ethos of Web3 infrastructure.Additionally,we enhance device security against physical and cloning attacks by integrating physical unclonable functions with certificateless cryptography,bolstering the integrity of Internet of Thins(IoT)devices within the evolving landscape of the metaverse.To achieve dynamic anonymity and ensure privacy within Web3 environments,we employ fuzzy extractor technology,allowing for updates to pseudonymous identity identifiers while maintaining key consistency.The proposed protocol ensures continuous and secure identity authentication for IoT devices in practical applications,effectively addressing the pressing security concerns inherent in IoT network environments and contributing to the development of robust security infrastructure essential for the proliferation of IoT devices across diverse settings.
基金supported by National Natural Science Foundation of China Grant No. 60803150, No.60803151the National High Technology Research and Development Program of China under grant Nos.2008AA01Z411+1 种基金the Key Program of NSFC-Guangdong Union Foundation under Grant No.U0835004China Postdoctoral Science Foundation No. 20090451495
文摘Wireless sensor networks are open architectures, so any potential threat can easily intercept, wiretap and counterfeit the information. Therefore, the safety of WSN is very important. Since any single key system cannot guarantee the security of the wireless sensor network for communications, this paper introduces a hierarchical key management scheme based on the different abilities of different sensor nodes in the clustered wireless sensor network. In this scheme, the nodes are distributed into several clusters, and a cluster head must be elected for each cluster. Private communication between cluster heads is realized through the encryption system based on the identity of each head while private communication between cluster nodes in a same cluster head is achieved through the random key preliminary distribution system. Considering the characteristics of WSN, we adopt dynamic means called dynamic cluster key management scheme to deal with master key, so master key will be updated according to the changed dynamic network topology. For cluster head node plays a pivotal role in this scheme, a trust manage-ment system should be introduced into the election of the cluster head which will exclude the malicious node from outside the cluster, thus improve the whole network security.
基金supported by the National Natural Science Foundation of China under Grants No.61172068,61003300the Key Program of NSFC Guangdong Union Foundation under Grant No.U0835004+2 种基金the National Grand Fundamental Research 973 Program of China under Grant No.A001200907the Fundamental Research Funds for the Central Universities under Grant No.K50511010003Program for New Century Excellent Talents in University under Grant No.NCET-11-0691
文摘In Wireless Sensor Networks(WSNs),polling can obviously improve the throughput and decrease average access delay by allocating bandwidth efficiently and reasonably.In this paper,a Dynamic Polling Media Access Control (DPMAC) scheme designed according to WSNs' features is proposed.DPMAC is a priority based access control protocol with the characteristics that its polling table is dynamically refreshed depending on whether the sensor node is active and that the bandwidth is dynamically allocated according to the traffic types.The access priorities are determined by the emergency levels of events and the scheduler proposed in our MAC is preemptive based on the deadline of the events.Simulation results show that DPMAC can efficiently utilize bandwidth and decrease average access delay and response time for emergency events with different access priorities in WSNs.
基金Supported by Educational Innovation Fund for Graduates of Xidian University (Program No05006)Natural Science Basic Research Plan in Shaanxi Province of China(Program No2005F28)Xi'an Key Technologies R&D Program(GG06017)
文摘Resilience against node capture is one of the main indicators of the key pre-distribution security in sensor networks.On providing the attack model and the definition of the resilience against node capture of sensor networks,the resilience of basic random key pre-distribution,Q-composite random key pre-distribution and their reinforced schemes are analyzed and compared in depth.Research results show that the size of key pool,the numbers of the keys stored in nodes and the value of Q determine the resilience of random key pre-distribution.The tradeoff between the resilience,security connectivity and costs in sensor networks is presented.These researches lay a foundation on the design of the secure protocol and the algorithm in the specific application environment of sensor networks.
基金Acknowledgements Supported by the Fundamental Research Funds for the Central Universities(72104988), The National High Technology Research and Development Program of China ( 2009AA01 Z204, 2007AA01Z429, 2007AA01Z405), The post doctor science foundation of China (20090451495, 20090461415) The National Natural science foundation of China (60874085, 60633020, 60803151 ), The Natural Science Basic Research Plan in Shaanxi Province of China (Program No. SJ08F13), The Aviation Sci- ence Foundation of China (2007ZD31003, 2008ZD31001 )
文摘In the wireless sensor networks, high efficient data routing for the limited energy resource networks is an important issue. By introducing Antcolony algorithm, this paper proposes the wireless sensor network routing algorithm based on LEACH. During the construction of sensor network clusters, to avoid the node premature death because of the energy consumption, only the nodes whose residual energy is higher than the average energy can be chosen as the cluster heads. The method of repeated division is used to divide the clusters in sensor networks so that the numbers of the nodes in each cluster are balanced. The basic thought of ant-colony algorithm is adopted to realize the data routing between the cluster heads and sink nodes, and the maintenance of routing. The analysis and simulation showed that the proposed routing protocol not only can reduce the energy consumption, balance the energy consumption between nodes, but also prolong the network lifetime.
基金Supported by Natural Science Basic Research Plan in Shaanxi Province of China(2005F28)
文摘This paper gives a comprehensive method to do Elliptic Curve Scalar Multiplication with only x-coordinate. Explicit point operation formulae for all types of defining equations of the curves are derived. For each type of curve, the performance is analyzed. The formulae are applied in Montgomery Ladder to get scalar multiplication algorithm operated with only x-coordinate. The new scalar multiplication has the same security level and computation amount with protected binary scalar multiplication (PBSM) against side channel attack, and has the advantages of higher security and little memory needed.
基金Supported by Scientific Research Common Programof Beijing Municipal Commission of Education( KM200610772008)the Graduate Innovation Fund of Xidian University(05001)
文摘This paper presents a digital rights management model, which considers the integrated factors including legality, communication security, integrity of the content, and trading fairness. The architecture of the model, the necessary protocol for the copyright control and content distribution, the authentication mechanism which offer consumption registration for content fair distribution, of the model are all provided. The scheme also provides distribution and evidence for using the copyright of digital content fairly and effectively. Finally, analysis shows the proposed model has both high security and good performance.
