The theory of quadratic residues plays an important role in cryptography.In 2001,Cocks developed an identity-based encryption(IBE)scheme based on quadratic residues,resolving Shamir’s 17-year-old open problem.However...The theory of quadratic residues plays an important role in cryptography.In 2001,Cocks developed an identity-based encryption(IBE)scheme based on quadratic residues,resolving Shamir’s 17-year-old open problem.However,a notable drawback of Cocks’scheme is the significant expansion of the ciphertext,and some of its limitations have been addressed in subsequent research.Recently,Cotan and Teşeleanu highlighted that previous studies on Cocks’scheme relied on a trial-and-error method based on Jacobi symbols to generate the necessary parameters for the encryption process.They enhanced the encryption speed of Cocks’scheme by eliminating this trialand-error method.Based on security analysis,this study concludes that the security of Cotan-Teşeleanu’s proposal cannot be directly derived from the security of the original Cocks’scheme.Furthermore,by adopting the Cotan-Teşeleanu method and introducing an additional variable as a public element,this study develops a similar enhancement scheme that not only accelerates the encryption speed but also provides security equivalent to the original Cocks’scheme.展开更多
To address the scalability and identity federation problems of the traditional single sign-on system, the proposed scheme divides the security systems into different security domains. Each security domain has its own ...To address the scalability and identity federation problems of the traditional single sign-on system, the proposed scheme divides the security systems into different security domains. Each security domain has its own security servers and service providers, and there are trust relationships between different security domains for identity federation. The security server is responsible for authentication and authorization inside the domain, and offers identity federation capability for different domains. The security assertion markup language (SAML) assertion is used as security token in the system for authentication, authorization, and identity federation. The design of the proposed single sign-on process is based on web service security framework and multiple security domains, and the authorization is always deployed in the local area inside the service provider' s security domain, which enables web service clients, both inside and outside their security domains, to access the services in a simple, scalable, standard and secure way.展开更多
A safe and reliable application system frame based on Internet and Intranet for Stock Supervision and Administration Council of China is built up. An all sided, multi tier and multi technical security method has be...A safe and reliable application system frame based on Internet and Intranet for Stock Supervision and Administration Council of China is built up. An all sided, multi tier and multi technical security method has been adopted, which includes identity recognition, data encryption, digital signature, Domino and WWW servers, access control list, directory service, certificate authorization server, IC card and so on. The recognition system based on CA server is a high efficient, convenient and reliable system. The encryption technology and security method are proved to be reliable. The recognition system is of high security and is worthy of being popularized in some places where some special security requirements need meeting. Multi tier technology can improve the security of database. Double keys method is a useful data encryption method.展开更多
To realize delegation between different users in a mixed cryptosystem,a proxy signature scheme for ID-based original signers and certificated-based proxy signers(PSS-ID-CER)is defined.Using the bilinear properties o...To realize delegation between different users in a mixed cryptosystem,a proxy signature scheme for ID-based original signers and certificated-based proxy signers(PSS-ID-CER)is defined.Using the bilinear properties of the pairings and the characters of key generations of certificate-based cryptosystems and ID-based cryptosystems,a construction for such a scheme is also presented.To prove the security of the proposed scheme,a general security model for this scheme under adaptive chosen-PKG,chosen-ID,chosen-delegation,chosen-ProxySigner-public-key,chosen-proxy-key and chosen-message attack is defined.The proposed scheme is provably secure under the random oracle model and the hardness assumption of computational Diffie-Hellman problem.展开更多
This paper presents a power supply solution for fully integrated passive radio-frequency identification (RFID) transponder IC, which has been implemented in 0.35μm CMOS technology with embedded EEPROM from Chartere...This paper presents a power supply solution for fully integrated passive radio-frequency identification (RFID) transponder IC, which has been implemented in 0.35μm CMOS technology with embedded EEPROM from Chartered Semiconductor. The proposed AC/DC and DC/DC charge pumps can generate stable output for RFID applications with quite low power dissipation and extremely high pumping efficiency. An analytical model of the voltage multiplier, comparison with other charge pumps, simulation results, and chip testing results are presented.展开更多
Iron deficiency (ID), with or without anemia, is often caused by digestive diseases and should always be investigated, except in very specific situations, as its causes could be serious diseases, such as cancer. Dia...Iron deficiency (ID), with or without anemia, is often caused by digestive diseases and should always be investigated, except in very specific situations, as its causes could be serious diseases, such as cancer. Diagnosis of ID is not always easy. Low serum levels of ferritin or transferrin saturation, imply a situation of absolute or functional ID. It is sometimes difficult to differentiate ID anemia from anemia of chronic diseases, which can coexist. In this case, other parameters, such as soluble transferrin receptor activity can be very useful. After an initial evaluation by clinical history, urine analysis, and serological tests for celiac disease, gastroscopy and colonoscopy are the key diagnostic tools for investigating the origin of ID, and will detect the most important and prevalent diseases. If both tests are normal and anemia is not severe, treatment with oral iron can be indicated, along with stopping any treatment with non-steroidal anti-inflammatory drugs. In the absence of response to oral iron, or if the anemia is severe or clinical suspicion of important disease persists, we must insist on diagnostic evaluation. Repeat endoscopic studies should be considered in many cases and if both still show normal results, investigating the small bowel must be considered. The main techniques in this case are capsule endoscopy, followed by展开更多
Signcryption, which was introduced by ZHEN~ is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more effi...Signcryption, which was introduced by ZHEN~ is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more effi- cient way. Certificateless signcryption and pro- xy signcryption in identity-based cryptography were proposed for different applications. Most of these schemes are constructed by bilinear pairings from elliptic curves. However, some schemes were recently presented without pai- rings. In this paper, we present a certificateless proxy identity-based signcryption scheme with- out bilinear pairings, which is efficient and secure.展开更多
In proxy signature schemes,the proxy signer B is permitted to produce a signature on behalf of the original signer A. However,exposure of proxy signing keys can be the most devastating attack on a proxy signature sche...In proxy signature schemes,the proxy signer B is permitted to produce a signature on behalf of the original signer A. However,exposure of proxy signing keys can be the most devastating attack on a proxy signature scheme since any adversary can sign messages on behalf of the proxy signer. In this paper,we applied Dodis,et al.’s key-insulation mechanism and proposed an Identity-Based (ID-based) Key-Insulated Proxy Signature (IBKIPS) scheme with secure key-updates. The proposed scheme is strong key-insulated and perfectly key-insulated. Our scheme also supports unbounded period numbers and random-access key-updates.展开更多
In order to relvedy the security weaknesses of a robust user authentication framework for wireless sensor networks, an enhanced user authentication framework is presented. The enhanced scheme requires proof of the pos...In order to relvedy the security weaknesses of a robust user authentication framework for wireless sensor networks, an enhanced user authentication framework is presented. The enhanced scheme requires proof of the possession of both a password and a snort card, and provides more security guarantees in two aspects: 1) it addresses the untmceability property so that any third party accessing the communication channel cannot link two authentication sessions originated from the same user, and 2) the use of a smart card prevents offiine attacks to guess passwords. The security and efficiency analyses indicate that our enhanced scheme provides the highest level of security at reasonable computational costs. Therefore, it is a practical authentication scheme with attractive security features for wireless sensor networks.展开更多
It is established that a single quantum cryptography protocol usually cooperates with other cryptographicsystems,such as an authentication system,in the real world.However,few protocols have been proposed on how tocom...It is established that a single quantum cryptography protocol usually cooperates with other cryptographicsystems,such as an authentication system,in the real world.However,few protocols have been proposed on how tocombine two or more quantum protocols.To fill this gap,we propose a composed quantum protocol,containing bothquantum identity authentication and quantum key distribution,using squeezed states.Hence,not only the identity canbe verified,but also a new private key can be generated by our new protocol.We also analyze the security under anoptimal attack,and the efficiency,which is defined by the threshold of the tolerant error rate,using Gaussian errorfunction.展开更多
Secure and private authentication protocol is important in Radio Frequency Identification (RFID) technology.To date,researchers have proposed many RFID authentication protocols.However,these protocols have many flaws ...Secure and private authentication protocol is important in Radio Frequency Identification (RFID) technology.To date,researchers have proposed many RFID authentication protocols.However,these protocols have many flaws due to lack of theoretical support in designing these protocols.In this work,first we present the security and privacy requirements in RFID authentication protocols.Then we examine related works and point out problems in designing RFID authentication protocols.To solve these problems,we propose and briefly prove three theorems.We also give necessary examples for better understanding these theorems with concrete protocols.At last,we give our suggestions on designing secure and private authentication protocols.The security and privacy requirements,theorems,and suggestions will facilitate better understanding and designing of RFID authentication protocols in the future.展开更多
In network-connected UAV(NCUAV) communication systems, user authentication is replaced by platform identity authentication and integrity check because many NC-UAVs are operated without human intervention. Direct anony...In network-connected UAV(NCUAV) communication systems, user authentication is replaced by platform identity authentication and integrity check because many NC-UAVs are operated without human intervention. Direct anonymous attestation(DAA) is an attractive cryptographic scheme that provides an elegant balance between platform authentication and anonymity. However, because of the low-level computing capability and limited transmission bandwidth in UAV, the existing DAA schemes are not suitable for NC-UAV communication systems. In this paper, we propose an enhanced DAA scheme with mutual authentication(MA-DAA scheme), which meets the security requirements of NC-UAV communication systems. The proposed MA-DAA scheme, which is based on asymmetric pairings, bundles the identities of trusted platform module(TPM) and Host to solve the malicious module changing attacks. Credential randomization, batch proof and verification, and mutual authentication are realized in the MA-DAA scheme. The computational workload in TPM and Host is reduced in order to meet the low computation and resource requirements in TPM and Host.The entire scheme and protocols are presented,and the security and efficiency of the proposed MA-DAA scheme are proved and analyzed.Our experiment results also confirm the high efficiency of the proposed scheme.展开更多
In the harsh environment where n ode density is sparse, the slow-moving nodes cannot effectively utilize the encountering opportunities to realize the self-organized identity authentications, and do not have the chanc...In the harsh environment where n ode density is sparse, the slow-moving nodes cannot effectively utilize the encountering opportunities to realize the self-organized identity authentications, and do not have the chance to join the network routing. However, considering m ost of the communications in opportunistic networks are caused by forwarding operations, there is no need to establish the complete mutual authentications for each conversation. Accordingly, a novel trust management scheme is presented based on the information of behavior feedback, in order to complement the insufficiency of identity authentications. By utilizing the certificate chains based on social attributes, the mobile nodes build the local certificate graphs gradually to realize the web of "Identity Trust" relationship. Meanwhile, the successors generate Verified Feedback Packets for each positive behavior, and consequently the "Behavior Trust" relationship is formed for slow-moving nodes. Simulation result shows that, by implementing our trust scheme, the d elivery probability and trust reconstruction ratio can be effectively improved when there are large numbers of compromised nodes, and it means that our trust management scheme can efficiently explore and filter the trust nodes for secure forwarding in opportunistic networks.展开更多
Most of the Radio Frequency IDentification (RFID) authentication protocols, proposed to preserve security and privacy, are analysed to show that they can not provide security against some passive or active attacks. In...Most of the Radio Frequency IDentification (RFID) authentication protocols, proposed to preserve security and privacy, are analysed to show that they can not provide security against some passive or active attacks. In this paper, the security of two matrix-based protocols, proposed by Karthikeyan and Nesterenko (KN protocol) and Ramachandra et al. (RRS protocol) that conform to Electronic Product Code Class-1 Generation-2 (EPC Class-1 Gen-2) standard, are investigated. Using the linear relationship of multiplication of matrix and vector, we point out that both protocols can not provide scalability, and they are vulnerable to passive impersonation attack. In addition, both protocols are totally insecure if the adversary can compromise one tag to extract the secrets. A modified lightweight matrix-based authentication protocol is presented, which can resist mainly common attacks on an RFID authentication system including eavesdropping, relay attack, desynchronization attack, impersonation attack and tag tracking attack. The new protocol also has the desirable scalability property and can keep secure under compromising attack.展开更多
Security vulnerability of denial of service (DoS) in time out-medium access control (T-MAC) protocol was discussed and analysis of power consumption at each stage of T-MAC protocol was carried out. For power efficient...Security vulnerability of denial of service (DoS) in time out-medium access control (T-MAC) protocol was discussed and analysis of power consumption at each stage of T-MAC protocol was carried out. For power efficient authentication scheme which can provide reliability, efficiency, and security for a general T-MAC communication, a novel synchronization and authentication scheme using authentication masking code was proposed. Authentication data were repeated and masked by PN sequence. The simulation results show that the proposed approach can provide synchronization and authentication simultaneously for nodes in wireless sensor network (WSN). 63 bits AMC code gives above 99.97% synchronization detection and 93.98% authentication data detection probability in BER 0.031 7.展开更多
How to keep cloud data intact and available to users is a problem to be solved. Authenticated skip list is an important data structure used in cloud data integrity verification. How to get the membership proof of the ...How to keep cloud data intact and available to users is a problem to be solved. Authenticated skip list is an important data structure used in cloud data integrity verification. How to get the membership proof of the element in authenticated skip list efficiently is an important part of authentication. Kaouthar Blibech and Alban Gabillon proposed a head proof and a tail proof algorithms for the membership proof of elements in the authenticated skip list. However, the proposed algorithms are uncorrelated each other and need plateau function. We propose a new algorithm for computing the membership proof for elements in the authenticated skip list by using two stacks, one is for storing traversal chain of leaf node, the other is for storing authentication path for the leaf. The proposed algorithm is simple and effective without needing plateau function. It can also be applicable for other similar binary hash trees.展开更多
Fingerprint authentication system is used to verify users' identification according to the characteristics of their fingerprints.However,this system has some security and privacy problems.For example,some artifici...Fingerprint authentication system is used to verify users' identification according to the characteristics of their fingerprints.However,this system has some security and privacy problems.For example,some artificial fingerprints can trick the fingerprint authentication system and access information using real users' identification.Therefore,a fingerprint liveness detection algorithm needs to be designed to prevent illegal users from accessing privacy information.In this paper,a new software-based liveness detection approach using multi-scale local phase quantity(LPQ) and principal component analysis(PCA) is proposed.The feature vectors of a fingerprint are constructed through multi-scale LPQ.PCA technology is also introduced to reduce the dimensionality of the feature vectors and gain more effective features.Finally,a training model is gained using support vector machine classifier,and the liveness of a fingerprint is detected on the basis of the training model.Experimental results demonstrate that our proposed method can detect the liveness of users' fingerprints and achieve high recognition accuracy.This study also confirms that multi-resolution analysis is a useful method for texture feature extraction during fingerprint liveness detection.展开更多
Security video communication is a challenging task,especially for wireless video applications.An efficient security multimedia system on embedded platform is designed.By analyzing the hardware architecture and resourc...Security video communication is a challenging task,especially for wireless video applications.An efficient security multimedia system on embedded platform is designed.By analyzing the hardware architecture and resource,the efficient DSP-based H.264/AVC coding is studied by efficient video coding techniques and system optimizing implementation.To protect the confidentiality and integrity of media information,a novel security mechanism is presented,which includes user identify authentication and a perceptual video encryption algorithm based on exploiting the special feature of entropy coding in H.264.Experimental results show that the proposed hardware framework has high performance and achieves a better balance between security and efficiency.The proposed security mechanism can achieve high security and low complexity cost,and has a little effect on the compression ratio and transmission bandwidth.What’s more,encoding and encryption at the same time,the performance of data process can meet real-time application.展开更多
基金Rising-Star Program of Shanghai 2023 Science and Technology Innovation Action Plan(Yangfan Special Project),China(No.23YF1401000)Fundamental Research Funds for the Central Universities,China(No.2232022D-25)。
文摘The theory of quadratic residues plays an important role in cryptography.In 2001,Cocks developed an identity-based encryption(IBE)scheme based on quadratic residues,resolving Shamir’s 17-year-old open problem.However,a notable drawback of Cocks’scheme is the significant expansion of the ciphertext,and some of its limitations have been addressed in subsequent research.Recently,Cotan and Teşeleanu highlighted that previous studies on Cocks’scheme relied on a trial-and-error method based on Jacobi symbols to generate the necessary parameters for the encryption process.They enhanced the encryption speed of Cocks’scheme by eliminating this trialand-error method.Based on security analysis,this study concludes that the security of Cotan-Teşeleanu’s proposal cannot be directly derived from the security of the original Cocks’scheme.Furthermore,by adopting the Cotan-Teşeleanu method and introducing an additional variable as a public element,this study develops a similar enhancement scheme that not only accelerates the encryption speed but also provides security equivalent to the original Cocks’scheme.
基金The National Natural Science Foundation of China(No60673054)
文摘To address the scalability and identity federation problems of the traditional single sign-on system, the proposed scheme divides the security systems into different security domains. Each security domain has its own security servers and service providers, and there are trust relationships between different security domains for identity federation. The security server is responsible for authentication and authorization inside the domain, and offers identity federation capability for different domains. The security assertion markup language (SAML) assertion is used as security token in the system for authentication, authorization, and identity federation. The design of the proposed single sign-on process is based on web service security framework and multiple security domains, and the authorization is always deployed in the local area inside the service provider' s security domain, which enables web service clients, both inside and outside their security domains, to access the services in a simple, scalable, standard and secure way.
文摘A safe and reliable application system frame based on Internet and Intranet for Stock Supervision and Administration Council of China is built up. An all sided, multi tier and multi technical security method has been adopted, which includes identity recognition, data encryption, digital signature, Domino and WWW servers, access control list, directory service, certificate authorization server, IC card and so on. The recognition system based on CA server is a high efficient, convenient and reliable system. The encryption technology and security method are proved to be reliable. The recognition system is of high security and is worthy of being popularized in some places where some special security requirements need meeting. Multi tier technology can improve the security of database. Double keys method is a useful data encryption method.
基金The National Natural Science Foundation of China(No.60473028)the Natural Science Foundation of Zhengzhou University of Light Industry(No.2006XXJ18)the Doctor Foundation of Zhengzhou University of Light Industry(No.20080014)
文摘To realize delegation between different users in a mixed cryptosystem,a proxy signature scheme for ID-based original signers and certificated-based proxy signers(PSS-ID-CER)is defined.Using the bilinear properties of the pairings and the characters of key generations of certificate-based cryptosystems and ID-based cryptosystems,a construction for such a scheme is also presented.To prove the security of the proposed scheme,a general security model for this scheme under adaptive chosen-PKG,chosen-ID,chosen-delegation,chosen-ProxySigner-public-key,chosen-proxy-key and chosen-message attack is defined.The proposed scheme is provably secure under the random oracle model and the hardness assumption of computational Diffie-Hellman problem.
文摘This paper presents a power supply solution for fully integrated passive radio-frequency identification (RFID) transponder IC, which has been implemented in 0.35μm CMOS technology with embedded EEPROM from Chartered Semiconductor. The proposed AC/DC and DC/DC charge pumps can generate stable output for RFID applications with quite low power dissipation and extremely high pumping efficiency. An analytical model of the voltage multiplier, comparison with other charge pumps, simulation results, and chip testing results are presented.
文摘Iron deficiency (ID), with or without anemia, is often caused by digestive diseases and should always be investigated, except in very specific situations, as its causes could be serious diseases, such as cancer. Diagnosis of ID is not always easy. Low serum levels of ferritin or transferrin saturation, imply a situation of absolute or functional ID. It is sometimes difficult to differentiate ID anemia from anemia of chronic diseases, which can coexist. In this case, other parameters, such as soluble transferrin receptor activity can be very useful. After an initial evaluation by clinical history, urine analysis, and serological tests for celiac disease, gastroscopy and colonoscopy are the key diagnostic tools for investigating the origin of ID, and will detect the most important and prevalent diseases. If both tests are normal and anemia is not severe, treatment with oral iron can be indicated, along with stopping any treatment with non-steroidal anti-inflammatory drugs. In the absence of response to oral iron, or if the anemia is severe or clinical suspicion of important disease persists, we must insist on diagnostic evaluation. Repeat endoscopic studies should be considered in many cases and if both still show normal results, investigating the small bowel must be considered. The main techniques in this case are capsule endoscopy, followed by
基金supported by the National Natural Science Foundation of China under Grants No.61272499,No.10990011
文摘Signcryption, which was introduced by ZHEN~ is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more effi- cient way. Certificateless signcryption and pro- xy signcryption in identity-based cryptography were proposed for different applications. Most of these schemes are constructed by bilinear pairings from elliptic curves. However, some schemes were recently presented without pai- rings. In this paper, we present a certificateless proxy identity-based signcryption scheme with- out bilinear pairings, which is efficient and secure.
基金Supported by the National Natural Science Foundation of China (No. 60573032, 60773092, 90604036, 60873229, 60903178, 60672072, 60832003)Zhejiang Provincial Natural Science Foundation of China (No. Y106505)
文摘In proxy signature schemes,the proxy signer B is permitted to produce a signature on behalf of the original signer A. However,exposure of proxy signing keys can be the most devastating attack on a proxy signature scheme since any adversary can sign messages on behalf of the proxy signer. In this paper,we applied Dodis,et al.’s key-insulation mechanism and proposed an Identity-Based (ID-based) Key-Insulated Proxy Signature (IBKIPS) scheme with secure key-updates. The proposed scheme is strong key-insulated and perfectly key-insulated. Our scheme also supports unbounded period numbers and random-access key-updates.
基金This work was supported by the Program for Changjiang Scholars and Innovative Research Team in University under Grant No. IRT1078 the Key Program of NSFC-Guangdong Union Foundation under Grant No.U1135002+3 种基金 the Major National S&T Program under Grant No.2011ZX03005-002 the National Natural Science Foundation of China under Grants No. 61072066, No.61173135, No.61100230, No.61100233, No.61202389, No.61202390 the Natural Science Basic Research Plan in Shaanxi Province of China under Grants No.2012JQ8043, No. 2012JM8030, No. 2012JM8025, No2011JQ8003 the Fundamental Research Funds for the Central Universities under Cxants No. JY10000903001, No. K50511030004. The authors would like to thank the anonymous reviewers and the editor for their constructive comments that have helped us to improve this paper.
文摘In order to relvedy the security weaknesses of a robust user authentication framework for wireless sensor networks, an enhanced user authentication framework is presented. The enhanced scheme requires proof of the possession of both a password and a snort card, and provides more security guarantees in two aspects: 1) it addresses the untmceability property so that any third party accessing the communication channel cannot link two authentication sessions originated from the same user, and 2) the use of a smart card prevents offiine attacks to guess passwords. The security and efficiency analyses indicate that our enhanced scheme provides the highest level of security at reasonable computational costs. Therefore, it is a practical authentication scheme with attractive security features for wireless sensor networks.
基金Supported by the National Natural Science Foundation of China under Grant No. 60872052
文摘It is established that a single quantum cryptography protocol usually cooperates with other cryptographicsystems,such as an authentication system,in the real world.However,few protocols have been proposed on how tocombine two or more quantum protocols.To fill this gap,we propose a composed quantum protocol,containing bothquantum identity authentication and quantum key distribution,using squeezed states.Hence,not only the identity canbe verified,but also a new private key can be generated by our new protocol.We also analyze the security under anoptimal attack,and the efficiency,which is defined by the threshold of the tolerant error rate,using Gaussian errorfunction.
基金supported in part by the Natioual Natural Science Foundation of China(Grant No.60933003)the High Technical Research and Development Program of China(Grant No.2006AA01Z101)+1 种基金Shaanxi ISTC(Grant No.2008KW-02)IBM Joint Project
文摘Secure and private authentication protocol is important in Radio Frequency Identification (RFID) technology.To date,researchers have proposed many RFID authentication protocols.However,these protocols have many flaws due to lack of theoretical support in designing these protocols.In this work,first we present the security and privacy requirements in RFID authentication protocols.Then we examine related works and point out problems in designing RFID authentication protocols.To solve these problems,we propose and briefly prove three theorems.We also give necessary examples for better understanding these theorems with concrete protocols.At last,we give our suggestions on designing secure and private authentication protocols.The security and privacy requirements,theorems,and suggestions will facilitate better understanding and designing of RFID authentication protocols in the future.
基金supported in part by the European Commission Marie Curie IRSES project "AdvIOT"the National Natural Science Foundation of China (NSFC) under grant No.61372103
文摘In network-connected UAV(NCUAV) communication systems, user authentication is replaced by platform identity authentication and integrity check because many NC-UAVs are operated without human intervention. Direct anonymous attestation(DAA) is an attractive cryptographic scheme that provides an elegant balance between platform authentication and anonymity. However, because of the low-level computing capability and limited transmission bandwidth in UAV, the existing DAA schemes are not suitable for NC-UAV communication systems. In this paper, we propose an enhanced DAA scheme with mutual authentication(MA-DAA scheme), which meets the security requirements of NC-UAV communication systems. The proposed MA-DAA scheme, which is based on asymmetric pairings, bundles the identities of trusted platform module(TPM) and Host to solve the malicious module changing attacks. Credential randomization, batch proof and verification, and mutual authentication are realized in the MA-DAA scheme. The computational workload in TPM and Host is reduced in order to meet the low computation and resource requirements in TPM and Host.The entire scheme and protocols are presented,and the security and efficiency of the proposed MA-DAA scheme are proved and analyzed.Our experiment results also confirm the high efficiency of the proposed scheme.
基金supported by the Program for Changjiang Scholars and Innovative Research Team in University (IRT1078)the Key Program of NSFC-Guangdong Union Foundation (U1135002)+3 种基金the Major national S&T program(2012ZX03002003)the Fundamental Research Funds for the Central Universities(JY10000903001)the National Natural Sci ence Foundation of China (Grant No. 61363068, 61100233)the Natural Science Foundation of Shaanxi Province (Grant No. 2012JM8030, 2011JQ8003)
文摘In the harsh environment where n ode density is sparse, the slow-moving nodes cannot effectively utilize the encountering opportunities to realize the self-organized identity authentications, and do not have the chance to join the network routing. However, considering m ost of the communications in opportunistic networks are caused by forwarding operations, there is no need to establish the complete mutual authentications for each conversation. Accordingly, a novel trust management scheme is presented based on the information of behavior feedback, in order to complement the insufficiency of identity authentications. By utilizing the certificate chains based on social attributes, the mobile nodes build the local certificate graphs gradually to realize the web of "Identity Trust" relationship. Meanwhile, the successors generate Verified Feedback Packets for each positive behavior, and consequently the "Behavior Trust" relationship is formed for slow-moving nodes. Simulation result shows that, by implementing our trust scheme, the d elivery probability and trust reconstruction ratio can be effectively improved when there are large numbers of compromised nodes, and it means that our trust management scheme can efficiently explore and filter the trust nodes for secure forwarding in opportunistic networks.
基金Supported by the Priority Academic Program Development of Jiangsu Higher Education Institutions (PAPD)the National Natural Science Foundation of China (No.60903181)Nanjing University of Posts and Telecommunications Funds (No.NY208072)
文摘Most of the Radio Frequency IDentification (RFID) authentication protocols, proposed to preserve security and privacy, are analysed to show that they can not provide security against some passive or active attacks. In this paper, the security of two matrix-based protocols, proposed by Karthikeyan and Nesterenko (KN protocol) and Ramachandra et al. (RRS protocol) that conform to Electronic Product Code Class-1 Generation-2 (EPC Class-1 Gen-2) standard, are investigated. Using the linear relationship of multiplication of matrix and vector, we point out that both protocols can not provide scalability, and they are vulnerable to passive impersonation attack. In addition, both protocols are totally insecure if the adversary can compromise one tag to extract the secrets. A modified lightweight matrix-based authentication protocol is presented, which can resist mainly common attacks on an RFID authentication system including eavesdropping, relay attack, desynchronization attack, impersonation attack and tag tracking attack. The new protocol also has the desirable scalability property and can keep secure under compromising attack.
文摘Security vulnerability of denial of service (DoS) in time out-medium access control (T-MAC) protocol was discussed and analysis of power consumption at each stage of T-MAC protocol was carried out. For power efficient authentication scheme which can provide reliability, efficiency, and security for a general T-MAC communication, a novel synchronization and authentication scheme using authentication masking code was proposed. Authentication data were repeated and masked by PN sequence. The simulation results show that the proposed approach can provide synchronization and authentication simultaneously for nodes in wireless sensor network (WSN). 63 bits AMC code gives above 99.97% synchronization detection and 93.98% authentication data detection probability in BER 0.031 7.
基金partially supported by the Fundamental Research Funds for the Central Universities of China under Grant No.2015JBM034the China Scholarship Council Funds under File No.201407095023
文摘How to keep cloud data intact and available to users is a problem to be solved. Authenticated skip list is an important data structure used in cloud data integrity verification. How to get the membership proof of the element in authenticated skip list efficiently is an important part of authentication. Kaouthar Blibech and Alban Gabillon proposed a head proof and a tail proof algorithms for the membership proof of elements in the authenticated skip list. However, the proposed algorithms are uncorrelated each other and need plateau function. We propose a new algorithm for computing the membership proof for elements in the authenticated skip list by using two stacks, one is for storing traversal chain of leaf node, the other is for storing authentication path for the leaf. The proposed algorithm is simple and effective without needing plateau function. It can also be applicable for other similar binary hash trees.
基金supported by the NSFC (U1536206,61232016,U1405254,61373133, 61502242)BK20150925the PAPD fund
文摘Fingerprint authentication system is used to verify users' identification according to the characteristics of their fingerprints.However,this system has some security and privacy problems.For example,some artificial fingerprints can trick the fingerprint authentication system and access information using real users' identification.Therefore,a fingerprint liveness detection algorithm needs to be designed to prevent illegal users from accessing privacy information.In this paper,a new software-based liveness detection approach using multi-scale local phase quantity(LPQ) and principal component analysis(PCA) is proposed.The feature vectors of a fingerprint are constructed through multi-scale LPQ.PCA technology is also introduced to reduce the dimensionality of the feature vectors and gain more effective features.Finally,a training model is gained using support vector machine classifier,and the liveness of a fingerprint is detected on the basis of the training model.Experimental results demonstrate that our proposed method can detect the liveness of users' fingerprints and achieve high recognition accuracy.This study also confirms that multi-resolution analysis is a useful method for texture feature extraction during fingerprint liveness detection.
基金supported by the Project (No.2005CB321902) of Major State Basic Research Development (973)Project (No.yzdj0705) of Information Security Key Laboratory of the General Office of CPC Central Committee of China
文摘Security video communication is a challenging task,especially for wireless video applications.An efficient security multimedia system on embedded platform is designed.By analyzing the hardware architecture and resource,the efficient DSP-based H.264/AVC coding is studied by efficient video coding techniques and system optimizing implementation.To protect the confidentiality and integrity of media information,a novel security mechanism is presented,which includes user identify authentication and a perceptual video encryption algorithm based on exploiting the special feature of entropy coding in H.264.Experimental results show that the proposed hardware framework has high performance and achieves a better balance between security and efficiency.The proposed security mechanism can achieve high security and low complexity cost,and has a little effect on the compression ratio and transmission bandwidth.What’s more,encoding and encryption at the same time,the performance of data process can meet real-time application.
