A wireless sensor network (WSN) commonly whilst a body sensor network (BSN) must be secured with requires lower level security for public information gathering, strong authenticity to protect personal health infor...A wireless sensor network (WSN) commonly whilst a body sensor network (BSN) must be secured with requires lower level security for public information gathering, strong authenticity to protect personal health information. In this paper, some practical problems with the message authentication codes (MACs), which were proposed in the popular security architectures for WSNs, are reconsidered. The analysis shows that the recommended MACs for WSNs, e.g., CBC- MAC (TinySec), OCB-MAC (MiniSec), and XCBC-MAC (SenSee), might not be exactly suitable for BSNs. Particularly an existential forgery attack is elaborated on XCBC-MAC. Considering the hardware limitations of BSNs, we propose a new family of tunable lightweight MAC based on the PRESENT block cipher. The first scheme, which is named TukP, is a new lightweight MAC with 64-bit output range. The second scheme, which is named TuLP-128, is a 128-bit variant which provides a higher resistance against internal collisions. Compared with the existing schemes, our lightweight MACs are both time and resource efficient on hardware-constrained devices.展开更多
Due to the civil BeiDou navigation system is open,unauthenticated,and non-encrypted,civilian BeiDou navigation signals may have great security loopholes during transmission or reception.The main security loophole here...Due to the civil BeiDou navigation system is open,unauthenticated,and non-encrypted,civilian BeiDou navigation signals may have great security loopholes during transmission or reception.The main security loophole here is spoofing attacks.Spoofing attacks make the positioning or timing results of BeiDou civilian receivers wrong.Such errors may cause a series of security problems,which lays a serious hidden danger for Bei-Dou satellite information security.This article proposes an anti-spoofing method for BeiDou navigation system based on the combination of SM commercial cryptographic algorithm and Timed Efficient Stream Loss-tolerant Authentication(TESLA)for spoofing attacks.In this solution,we use the SM3 algorithm to generate a TESLA key chain with time information,and then use the key in the key chain to generate the message authentication code for the BeiDou D2 navigation message.The message authentication code is inserted into a reserved bit of the D2 navigation message.In addition,this solution uses the SM2 algorithm to protect and encrypt time information in the TESLA key chain to prevent key replay attacks in TESLA.The experimental results tested on the experimental platform built in this paper show that this scheme reduces the possibility of the BeiDou navigation system being deceived and enhances the safety of the BeiDou navigation system.展开更多
This paper proposes a scheme for secure authentication of classical messages with single photons and a hashed function. The security analysis of this scheme is also given, which shows that anyone cannot forge valid me...This paper proposes a scheme for secure authentication of classical messages with single photons and a hashed function. The security analysis of this scheme is also given, which shows that anyone cannot forge valid message authentication codes (MACs). In addition, the lengths of the authentication key and the MACs are invariable and shorter, in comparison with those presented authentication schemes. Moreover, quantum data storage and entanglement are not required in this scheme. Therefore, this scheme is more efficient and economical.展开更多
Wireless Network security management is difficult because of the ever-increasing number of wireless network malfunctions,vulnerabilities,and assaults.Complex security systems,such as Intrusion Detection Systems(IDS),a...Wireless Network security management is difficult because of the ever-increasing number of wireless network malfunctions,vulnerabilities,and assaults.Complex security systems,such as Intrusion Detection Systems(IDS),are essential due to the limitations of simpler security measures,such as cryptography and firewalls.Due to their compact nature and low energy reserves,wireless networks present a significant challenge for security procedures.The features of small cells can cause threats to the network.Network Coding(NC)enabled small cells are vulnerable to various types of attacks.Avoiding attacks and performing secure“peer”to“peer”data transmission is a challenging task in small cells.Due to the low power and memory requirements of the proposed model,it is well suited to use with constrained small cells.An attacker cannot change the contents of data and generate a new Hashed Homomorphic Message Authentication Code(HHMAC)hash between transmissions since the HMAC function is generated using the shared secret.In this research,a chaotic sequence mapping based low overhead 1D Improved Logistic Map is used to secure“peer”to“peer”data transmission model using lightweight H-MAC(1D-LM-P2P-LHHMAC)is proposed with accurate intrusion detection.The proposed model is evaluated with the traditional models by considering various evaluation metrics like Vector Set Generation Accuracy Levels,Key Pair Generation Time Levels,Chaotic Map Accuracy Levels,Intrusion Detection Accuracy Levels,and the results represent that the proposed model performance in chaotic map accuracy level is 98%and intrusion detection is 98.2%.The proposed model is compared with the traditional models and the results represent that the proposed model secure data transmission levels are high.展开更多
A novel video data authentication model based on digital video watermarking and MAC (message authentication code) in multicast protocol is proposed in this paper, The digital watermarking which composes of the MAC o...A novel video data authentication model based on digital video watermarking and MAC (message authentication code) in multicast protocol is proposed in this paper, The digital watermarking which composes of the MAC of the significant vid eo content, the key and instant authentication data is embedded into the insignificant video component by the MLUT (modified look-up table) video watermarking technology. We explain a method that does not require storage of each data packet for a time, thus making receiver not vulnerable to DOS (denial of service) attack. So the video packets can be authenticated instantly without large volume buffer in the receivers. TESLA (timed efficient stream loss tolerant authentication) does not explain how to select the suitable value for d, which is an important parameter in multicast source authentication. So we give a method to calculate the key disclosure delay (number of intervals). Simulation results show that the proposed algorithms improve the performance of data source authentication in multicast.展开更多
With development of networked storage and its applications, united storage network (USN) combined with network attached storage (NAS) and storage area network (SAN) has emerged. It has such advantages as high performa...With development of networked storage and its applications, united storage network (USN) combined with network attached storage (NAS) and storage area network (SAN) has emerged. It has such advantages as high performance, low cost, good connectivity, etc. However the security issue has been complicated because USN responds to block I/O and file I/O requests simultaneously. In this paper, a security system module is developed to prevent many types of attacks against USN based on NAS head. The module not only uses effective authentication to prevent unauthorized access to the system data, but also checks the data integrity. Experimental results show that the security module can not only resist remote attacks and attacks from those who has physical access to the USN, but can also be seamlessly integrated into underlying file systems, with little influence on their performance.展开更多
CAN(Controller Area Network)总线技术的发展令人惊叹,基于CAN的车载总线实现ECU(Electronic Control Unit)分布式实时数据通讯,自由通信,总线仲裁。本文提出了在CAN协议基础上增加ECU间(Key)密钥分配与信息认证,简称MAC(Message Authe...CAN(Controller Area Network)总线技术的发展令人惊叹,基于CAN的车载总线实现ECU(Electronic Control Unit)分布式实时数据通讯,自由通信,总线仲裁。本文提出了在CAN协议基础上增加ECU间(Key)密钥分配与信息认证,简称MAC(Message Authentication Code,信息认证码)。本文会由浅入深阐述当前CAN总线协议基础上的MAC的工作原理与实现方式。展开更多
Network coding can improve network throughput in large, but it is vulnerable to the data pollution attacks. In this paper, we propose an efficient homomorphic message authentication code (MAC) scheme with discrete l...Network coding can improve network throughput in large, but it is vulnerable to the data pollution attacks. In this paper, we propose an efficient homomorphic message authentication code (MAC) scheme with discrete logarithm to detect and locate the malicious nodes. We also prove the security property of the scheme theoretically. Its effectiveness is demonstrated, and overhead is analyzed through extensive experiments.展开更多
Network coding is vulnerable to pollution at- tacks, which prevent receivers from recovering the source message correctly. Most existing schemes against pollution attacks either bring significant redundancy to the ori...Network coding is vulnerable to pollution at- tacks, which prevent receivers from recovering the source message correctly. Most existing schemes against pollution attacks either bring significant redundancy to the original message or require a high computational complexity to ver- ify received blocks. In this paper, we propose an efficient scheme against pollution attacks based on probabilistic key pre-distribution and homomorphic message authentication codes (MACs). In our scheme, each block is attached with a small number of MACs and each node can use these MACs to verify the integrity of the corresponding block with a high probability. Compared to previous schemes, our scheme still leverages a small number of keys to generate MACs for each block, but more than doubles the detection probability. Mean- while, our scheme is able to efficiently restrict pollution prop- agation within a small number of hops. Experimental results show that our scheme is more efficient in verification than existing ones based on public-key cryptography.展开更多
基金supported by the National Foundation of Netherlands with SenterNovem for the ALwEN project under Grant No.PNE07007the National Natural Science Foundation of China under Grant Nos.61100201,U1135004,and 61170080+3 种基金the Universities and Colleges Pearl River Scholar Funded Scheme of Guangdong Province of China(2011)the High-Level Talents Project of Guangdong Institutions of Higher Education of China(2012)the Project on the Integration of Industry,Education and Research of Guangdong Province of China under Grant No.2012B091000035the Project of Science and Technology New Star of Guangzhou Pearl River of China(2014)
文摘A wireless sensor network (WSN) commonly whilst a body sensor network (BSN) must be secured with requires lower level security for public information gathering, strong authenticity to protect personal health information. In this paper, some practical problems with the message authentication codes (MACs), which were proposed in the popular security architectures for WSNs, are reconsidered. The analysis shows that the recommended MACs for WSNs, e.g., CBC- MAC (TinySec), OCB-MAC (MiniSec), and XCBC-MAC (SenSee), might not be exactly suitable for BSNs. Particularly an existential forgery attack is elaborated on XCBC-MAC. Considering the hardware limitations of BSNs, we propose a new family of tunable lightweight MAC based on the PRESENT block cipher. The first scheme, which is named TukP, is a new lightweight MAC with 64-bit output range. The second scheme, which is named TuLP-128, is a 128-bit variant which provides a higher resistance against internal collisions. Compared with the existing schemes, our lightweight MACs are both time and resource efficient on hardware-constrained devices.
基金supported in part by the Joint Foundation of National Natural Science Committee of China and Civil Aviation Administration of China under Grant U1933108in part by the Scientific Research Project of Tianjin Municipal Education Commission under Grant 2019KJ117.
文摘Due to the civil BeiDou navigation system is open,unauthenticated,and non-encrypted,civilian BeiDou navigation signals may have great security loopholes during transmission or reception.The main security loophole here is spoofing attacks.Spoofing attacks make the positioning or timing results of BeiDou civilian receivers wrong.Such errors may cause a series of security problems,which lays a serious hidden danger for Bei-Dou satellite information security.This article proposes an anti-spoofing method for BeiDou navigation system based on the combination of SM commercial cryptographic algorithm and Timed Efficient Stream Loss-tolerant Authentication(TESLA)for spoofing attacks.In this solution,we use the SM3 algorithm to generate a TESLA key chain with time information,and then use the key in the key chain to generate the message authentication code for the BeiDou D2 navigation message.The message authentication code is inserted into a reserved bit of the D2 navigation message.In addition,this solution uses the SM2 algorithm to protect and encrypt time information in the TESLA key chain to prevent key replay attacks in TESLA.The experimental results tested on the experimental platform built in this paper show that this scheme reduces the possibility of the BeiDou navigation system being deceived and enhances the safety of the BeiDou navigation system.
基金supported by the National Natural Science Foundation of China (Grant Nos 60873191 and 60821001)the Specialized Research Fund for the Doctoral Program of Higher Education (Grant No 200800131016)+5 种基金Beijing Nova Program (Grant No2008B51)Key Project of the Chinese Ministry of Education (Grant No 109014)the Natural Science Foundation of Beijing (Grant No 4072020)the National Laboratory for Modern Communications Science Foundation of China (Grant No 9140C1101010601)the Natural Science Foundation of Education Bureau of Henan Province (Grant No 2008B120005)the Youth Foundation of Luoyang Normal University
文摘This paper proposes a scheme for secure authentication of classical messages with single photons and a hashed function. The security analysis of this scheme is also given, which shows that anyone cannot forge valid message authentication codes (MACs). In addition, the lengths of the authentication key and the MACs are invariable and shorter, in comparison with those presented authentication schemes. Moreover, quantum data storage and entanglement are not required in this scheme. Therefore, this scheme is more efficient and economical.
文摘Wireless Network security management is difficult because of the ever-increasing number of wireless network malfunctions,vulnerabilities,and assaults.Complex security systems,such as Intrusion Detection Systems(IDS),are essential due to the limitations of simpler security measures,such as cryptography and firewalls.Due to their compact nature and low energy reserves,wireless networks present a significant challenge for security procedures.The features of small cells can cause threats to the network.Network Coding(NC)enabled small cells are vulnerable to various types of attacks.Avoiding attacks and performing secure“peer”to“peer”data transmission is a challenging task in small cells.Due to the low power and memory requirements of the proposed model,it is well suited to use with constrained small cells.An attacker cannot change the contents of data and generate a new Hashed Homomorphic Message Authentication Code(HHMAC)hash between transmissions since the HMAC function is generated using the shared secret.In this research,a chaotic sequence mapping based low overhead 1D Improved Logistic Map is used to secure“peer”to“peer”data transmission model using lightweight H-MAC(1D-LM-P2P-LHHMAC)is proposed with accurate intrusion detection.The proposed model is evaluated with the traditional models by considering various evaluation metrics like Vector Set Generation Accuracy Levels,Key Pair Generation Time Levels,Chaotic Map Accuracy Levels,Intrusion Detection Accuracy Levels,and the results represent that the proposed model performance in chaotic map accuracy level is 98%and intrusion detection is 98.2%.The proposed model is compared with the traditional models and the results represent that the proposed model secure data transmission levels are high.
基金Supported bythe National Natural Science Foundationof China (60175001)
文摘A novel video data authentication model based on digital video watermarking and MAC (message authentication code) in multicast protocol is proposed in this paper, The digital watermarking which composes of the MAC of the significant vid eo content, the key and instant authentication data is embedded into the insignificant video component by the MLUT (modified look-up table) video watermarking technology. We explain a method that does not require storage of each data packet for a time, thus making receiver not vulnerable to DOS (denial of service) attack. So the video packets can be authenticated instantly without large volume buffer in the receivers. TESLA (timed efficient stream loss tolerant authentication) does not explain how to select the suitable value for d, which is an important parameter in multicast source authentication. So we give a method to calculate the key disclosure delay (number of intervals). Simulation results show that the proposed algorithms improve the performance of data source authentication in multicast.
文摘With development of networked storage and its applications, united storage network (USN) combined with network attached storage (NAS) and storage area network (SAN) has emerged. It has such advantages as high performance, low cost, good connectivity, etc. However the security issue has been complicated because USN responds to block I/O and file I/O requests simultaneously. In this paper, a security system module is developed to prevent many types of attacks against USN based on NAS head. The module not only uses effective authentication to prevent unauthorized access to the system data, but also checks the data integrity. Experimental results show that the security module can not only resist remote attacks and attacks from those who has physical access to the USN, but can also be seamlessly integrated into underlying file systems, with little influence on their performance.
文摘CAN(Controller Area Network)总线技术的发展令人惊叹,基于CAN的车载总线实现ECU(Electronic Control Unit)分布式实时数据通讯,自由通信,总线仲裁。本文提出了在CAN协议基础上增加ECU间(Key)密钥分配与信息认证,简称MAC(Message Authentication Code,信息认证码)。本文会由浅入深阐述当前CAN总线协议基础上的MAC的工作原理与实现方式。
基金Supported by the General Program of Science and Technology Development Project of Beijing Municipal Education Commission(KM201311232014)the Opening Project of Beijing Key Laboratory of Internet Culture and Digital Dissemination Research (ICDD201206, ICDD201207)
文摘Network coding can improve network throughput in large, but it is vulnerable to the data pollution attacks. In this paper, we propose an efficient homomorphic message authentication code (MAC) scheme with discrete logarithm to detect and locate the malicious nodes. We also prove the security property of the scheme theoretically. Its effectiveness is demonstrated, and overhead is analyzed through extensive experiments.
文摘Network coding is vulnerable to pollution at- tacks, which prevent receivers from recovering the source message correctly. Most existing schemes against pollution attacks either bring significant redundancy to the original message or require a high computational complexity to ver- ify received blocks. In this paper, we propose an efficient scheme against pollution attacks based on probabilistic key pre-distribution and homomorphic message authentication codes (MACs). In our scheme, each block is attached with a small number of MACs and each node can use these MACs to verify the integrity of the corresponding block with a high probability. Compared to previous schemes, our scheme still leverages a small number of keys to generate MACs for each block, but more than doubles the detection probability. Mean- while, our scheme is able to efficiently restrict pollution prop- agation within a small number of hops. Experimental results show that our scheme is more efficient in verification than existing ones based on public-key cryptography.
