Physical-layer secret key generation(PSKG)provides a lightweight way for group key(GK)sharing between wireless users in large-scale wireless networks.However,most of the existing works in this field consider only grou...Physical-layer secret key generation(PSKG)provides a lightweight way for group key(GK)sharing between wireless users in large-scale wireless networks.However,most of the existing works in this field consider only group communication.For a commonly dual-task scenario,where both GK and pairwise key(PK)are required,traditional methods are less suitable for direct extension.For the first time,we discover a security issue with traditional methods in dual-task scenarios,which has not previously been recognized.We propose an innovative segment-based key generation method to solve this security issue.We do not directly use PK exclusively to negotiate the GK as traditional methods.Instead,we generate GK and PK separately through segmentation which is the first solution to meet dual-task.We also perform security and rate analysis.It is demonstrated that our method is effective in solving this security issue from an information-theoretic perspective.The rate results of simulation are also consistent with the our rate derivation.展开更多
近年来,利用射频指纹(Radio Frequency Fingerprint,RFF)技术对设备进行识别认证,构建保密通信系统成为研究的热点。相比于传统的认证体制,射频指纹利用设备本身的硬件特性进行识别,具有更高的安全性。与其他射频技术相比,Wi-Fi信号频...近年来,利用射频指纹(Radio Frequency Fingerprint,RFF)技术对设备进行识别认证,构建保密通信系统成为研究的热点。相比于传统的认证体制,射频指纹利用设备本身的硬件特性进行识别,具有更高的安全性。与其他射频技术相比,Wi-Fi信号频谱更宽,应用更加广泛,但也更容易受室内多径干扰,造成对Wi-Fi射频指纹识别率下降的问题。针对这一问题,本文提出一种基于功率谱特征的Wi-Fi射频指纹提取方法,通过计算其信号帧中短导码符号和长导码符号的功率谱比值,并以此比值作为射频指纹特征。本文采用了27台Wi-Fi路由器进行实验,在室内场景中模拟的四个不受外界干扰的相对静止情形以及简单的移动环境中采集数据,运用随机森林模型进行训练和测试,识别率能达到93.3%。理论分析和实验结果表明,本文方法能够较好地抵抗多径效应和加性噪声对射频指纹的影响,即使设备在相对移动的情况下,提取的射频指纹信息也具有较好的稳健性。因此,本文所提的功率谱特征方法在物理层设备认证和身份识别领域具有一定的应用价值。展开更多
针对移动终端通信协议及通信数据的解析,其难点在于大部分移动终端应用程序并无相关公开的技术文档,难以获知其采取的通信协议类型。指令执行序列分析技术通过分析程序执行的指令序列逆向推断出消息格式和状态机。但有时序列信息采集不...针对移动终端通信协议及通信数据的解析,其难点在于大部分移动终端应用程序并无相关公开的技术文档,难以获知其采取的通信协议类型。指令执行序列分析技术通过分析程序执行的指令序列逆向推断出消息格式和状态机。但有时序列信息采集不全,导致状态机推断不完备,从而无法获取全部协议信息。针对上述问题,提出了一个新型的基于状态机对比推断分析的移动终端通信协议解析方案,可用于取证场景提高数据取证的准确性和完备性。该方案首先利用PIN动态二进制插桩,识别污点源并跟踪污点轨迹分析出协议消息格式;然后根据格式信息对提取的协议消息进行聚类分析推断出原始状态机;最后利用最长公共子序列(LCS, longest common subsequence)算法与已知的协议状态机进行对比,相似度最高者即为推断出的通信协议类型。在Android平台上基于两类应用程序设计实验对该方案进行测试和评估,实验结果表明可准确提取应用程序的通信内容,实用价值强。展开更多
A fast authentication mode based on Multi-Block Chaining (MBC) is put forward; and its security is proved. The MBC mode is for new generation block cipher algorithms. Its speed is about 13% faster than that of the aut...A fast authentication mode based on Multi-Block Chaining (MBC) is put forward; and its security is proved. The MBC mode is for new generation block cipher algorithms. Its speed is about 13% faster than that of the authentication modes in common use (for example, cipher block chaining-message authentication code mode). The dependence test results meet the requirement. The MBC mode is complete; its degree of ava-lanche effect is about 0.9993; its degree of strict avalanche criterion is 0.992 or so. The frequency test results indicate that the output generated by the MBC mode has uniformity. The binary matrix rank test results imply that it is linear independent among disjoint sub-matrices of the output. Maurer’s universal statistical test results show that the output could be significantly compressed without loss of information. Run test, spectral test, non-overlapping template matching test, overlapping template matching test, Lempel-Ziv compression test, linear complexity test, serial test, approximate entropy test, cumulative sums test, random excursions test and random excursions variant test results fulfill the requirements of all. Therefore the MBC mode has good pseudo-randomness. Thus the security of MBC mode is verified by the way of statistical evaluation.展开更多
基金supported in part by the National Key R&D Program of China(No.2022YFB2902202)in part by the Fundamental Research Funds for the Central Universities(No.2242023K30034)+2 种基金in part by the National Natural Science Foundation of China(No.62171121,U22A2001),in part by the National Natural Science Foundation of China(No.62301144)in part by the National Natural Science Foundation of Jiangsu Province,China(No.BK20211160)in part by the Southeast University Startup Fund(No.4009012301)。
文摘Physical-layer secret key generation(PSKG)provides a lightweight way for group key(GK)sharing between wireless users in large-scale wireless networks.However,most of the existing works in this field consider only group communication.For a commonly dual-task scenario,where both GK and pairwise key(PK)are required,traditional methods are less suitable for direct extension.For the first time,we discover a security issue with traditional methods in dual-task scenarios,which has not previously been recognized.We propose an innovative segment-based key generation method to solve this security issue.We do not directly use PK exclusively to negotiate the GK as traditional methods.Instead,we generate GK and PK separately through segmentation which is the first solution to meet dual-task.We also perform security and rate analysis.It is demonstrated that our method is effective in solving this security issue from an information-theoretic perspective.The rate results of simulation are also consistent with the our rate derivation.
文摘近年来,利用射频指纹(Radio Frequency Fingerprint,RFF)技术对设备进行识别认证,构建保密通信系统成为研究的热点。相比于传统的认证体制,射频指纹利用设备本身的硬件特性进行识别,具有更高的安全性。与其他射频技术相比,Wi-Fi信号频谱更宽,应用更加广泛,但也更容易受室内多径干扰,造成对Wi-Fi射频指纹识别率下降的问题。针对这一问题,本文提出一种基于功率谱特征的Wi-Fi射频指纹提取方法,通过计算其信号帧中短导码符号和长导码符号的功率谱比值,并以此比值作为射频指纹特征。本文采用了27台Wi-Fi路由器进行实验,在室内场景中模拟的四个不受外界干扰的相对静止情形以及简单的移动环境中采集数据,运用随机森林模型进行训练和测试,识别率能达到93.3%。理论分析和实验结果表明,本文方法能够较好地抵抗多径效应和加性噪声对射频指纹的影响,即使设备在相对移动的情况下,提取的射频指纹信息也具有较好的稳健性。因此,本文所提的功率谱特征方法在物理层设备认证和身份识别领域具有一定的应用价值。
文摘针对移动终端通信协议及通信数据的解析,其难点在于大部分移动终端应用程序并无相关公开的技术文档,难以获知其采取的通信协议类型。指令执行序列分析技术通过分析程序执行的指令序列逆向推断出消息格式和状态机。但有时序列信息采集不全,导致状态机推断不完备,从而无法获取全部协议信息。针对上述问题,提出了一个新型的基于状态机对比推断分析的移动终端通信协议解析方案,可用于取证场景提高数据取证的准确性和完备性。该方案首先利用PIN动态二进制插桩,识别污点源并跟踪污点轨迹分析出协议消息格式;然后根据格式信息对提取的协议消息进行聚类分析推断出原始状态机;最后利用最长公共子序列(LCS, longest common subsequence)算法与已知的协议状态机进行对比,相似度最高者即为推断出的通信协议类型。在Android平台上基于两类应用程序设计实验对该方案进行测试和评估,实验结果表明可准确提取应用程序的通信内容,实用价值强。
基金Supported by the National Hi-Tech Research & Devel-opment Plan of China (863 Project) (No.2003AA143040) and Jiangsu Provincial Key Laboratory of Network & Information Security (No.BM2003201).
文摘A fast authentication mode based on Multi-Block Chaining (MBC) is put forward; and its security is proved. The MBC mode is for new generation block cipher algorithms. Its speed is about 13% faster than that of the authentication modes in common use (for example, cipher block chaining-message authentication code mode). The dependence test results meet the requirement. The MBC mode is complete; its degree of ava-lanche effect is about 0.9993; its degree of strict avalanche criterion is 0.992 or so. The frequency test results indicate that the output generated by the MBC mode has uniformity. The binary matrix rank test results imply that it is linear independent among disjoint sub-matrices of the output. Maurer’s universal statistical test results show that the output could be significantly compressed without loss of information. Run test, spectral test, non-overlapping template matching test, overlapping template matching test, Lempel-Ziv compression test, linear complexity test, serial test, approximate entropy test, cumulative sums test, random excursions test and random excursions variant test results fulfill the requirements of all. Therefore the MBC mode has good pseudo-randomness. Thus the security of MBC mode is verified by the way of statistical evaluation.