The core of network security is the risk assessment. In this letter,a risk assessment method is introduced to estimate the wireless network security. The method,which combines Analytic Hier-archy Process (AHP) method ...The core of network security is the risk assessment. In this letter,a risk assessment method is introduced to estimate the wireless network security. The method,which combines Analytic Hier-archy Process (AHP) method and fuzzy logical method,is applied to the risk assessment. Fuzzy logical method is applied to judge the important degree of each factor in the aspects of the probability,the influence and the uncontrollability,not to directly judge the important degree itself. The risk as-sessment is carved up 3 layers applying AHP method,the sort weight of the third layer is calculated by fuzzy logical method. Finally,the important degree is calculated by AHP method. By comparing the important degree of each factor,the risk which can be controlled by taking measures is known. The study of the case shows that the method can be easily used to the risk assessment of the wireless network security and its results conform to the actual situation.展开更多
In this paper, the current known attack methods against WAI and the improvements of WAI called WAI' were analyzed. Through analyzing the unicast key agreement protocol in the WAI' by CPN model, the vulnerabilities o...In this paper, the current known attack methods against WAI and the improvements of WAI called WAI' were analyzed. Through analyzing the unicast key agreement protocol in the WAI' by CPN model, the vulnerabilities of WAI' were found out. The improvement of WAI' was made and a new protocol called WAI' - E was proposed. The WAI' -E was combined with the key exchange mechanism of Diffie-HeUman based on el- liptic curve cryptography. Moreover, by using CK mode, it is the fact that WAI'-E was SK-secure with PFS and was nrovided with inde^nendant sacuritv ,f cartifient~ mlthentientinn wn~ nravgd展开更多
This paper focuses on investigating immunological principles in designing a multi-agent security architecture for intrusion detection and response in mobile ad hoc networks. In this approach, the immunity-based agents...This paper focuses on investigating immunological principles in designing a multi-agent security architecture for intrusion detection and response in mobile ad hoc networks. In this approach, the immunity-based agents monitor the situation in the network. These agents can take appropriate actions according to the underlying security policies. Specifically, their activities are coordinated in a hierarchical fashion while sensing, communicating, decision and generating responses. Such an agent can learn and adapt to its environment dynamically and can detect both known and unknown intrusions. The proposed intrusion detection architecture is designed to be flexible, extendible, and adaptable that can perform real-time monitoring. This paper provides the conceptual view and a general framework of the proposed system. In the end, the architecture is illustrated by an example to show it can prevent the attack efficiently.展开更多
Ubiquitous computing systems typically have lots of security problems in the area of identity authentication by means of classical PKI methods. The limited computing resources, the disconnection network, the classific...Ubiquitous computing systems typically have lots of security problems in the area of identity authentication by means of classical PKI methods. The limited computing resources, the disconnection network, the classification requirements of identity authentication, the requirement of trust transfer and cross identity authentication, the bi-directional identity authentication, the security delegation and the simple privacy protection etc are all these unsolved problems. In this paper, a new novel ubiquitous computing identity authentication mechanism, named UCIAMdess, is presented. It is based on D-S Evidence Theory and extended SPKI/SDSI. D-S Evidence Theory is used in UCIAMdess to compute the trust value from the ubiquitous computing environment to the principal or between the different ubiquitous computing environments. SPKI-based authorization is expanded by adding the trust certificate in UCIAMdess to solve above problems in the ubiquitous computing environments. The identity authentication mechanism and the algorithm of certificate reduction are given in the paper to solve the multi-levels trust-correlative identity authentication problems. The performance analyses show that UCIAMdess is a suitable security mechanism in solving the complex ubiquitous computing problems.展开更多
With the increasing enlargement of network scale and the rapid development of network techniques, large numbers of the network applications begin to appear. Packet capture plays an important role as one basic techniqu...With the increasing enlargement of network scale and the rapid development of network techniques, large numbers of the network applications begin to appear. Packet capture plays an important role as one basic technique used in each field of the network applications. In a high-speed network, the heavy traffic of network transmission challenges the packet capture techniques. This paper does an in-depth analysis on the traditional packet capture mechanisms in Linux, and then measures the performance bottleneck in the process of packet capture. The methods for improving the packet capture performance are presented and an optimized packet capture scheme is also designed and implemented. The test demonstrates that the new packet capture mechanism (Libpacket) can greatly improve the packet capture performance of the network application systems in a high-speed network.展开更多
This paper proposed a distributed key management approach by using the recently developed concepts of certificate-based cryptosystem and threshold secret sharing schemes. Without any assumption of prefixed trust relat...This paper proposed a distributed key management approach by using the recently developed concepts of certificate-based cryptosystem and threshold secret sharing schemes. Without any assumption of prefixed trust relationship between nodes, the ad hoc network works in a self-organizing way to provide the key generation and key management services using threshold secret sharing schemes, which effectively solves the problem of single point of failure. The proposed approach combines the best aspects of identity-based key management approaches (implicit certification) and traditional public key infrastructure approaches (no key escrow).展开更多
A novel multicast communication model using a RingNet hierarchy is proposed. The RingNet hierarchy consists of 4 tiers: border router tier, access gateway tier, access proxy tier and mobile host tier. Within the hiera...A novel multicast communication model using a RingNet hierarchy is proposed. The RingNet hierarchy consists of 4 tiers: border router tier, access gateway tier, access proxy tier and mobile host tier. Within the hierarchy, the upper 2 tiers are dynamically organized into logical rings with network entities. A novel hierarchical secure access control scheme on key management is proposed based on the RingNet model. Network entities within the multicast hierarchy belong to different privileged local groups. Network entities of the higher-privileged local groups have the right to derive the keys held by network entities of the lower-privileged local groups, and the reverse operation is not allowed. With the key management approach, any insertion and changing of local group key will not affect other local groups. The analytical result shows that the scheme has higher security than Lin’s.展开更多
A new byte block cipher algorithm with discrete chaos and Feistel structure has been studied for confidential communication in wireless sensor network to improve security. After permutation,the byte block was encrypte...A new byte block cipher algorithm with discrete chaos and Feistel structure has been studied for confidential communication in wireless sensor network to improve security. After permutation,the byte block was encrypted through a Feistel structure in multiple turns and afterwards replaced again. The child keys are the composite sequence of discrete chaos and linear congruence sequences. Both the plain text and cipher text are of 8 bits. The number of keys is alterable. A nonlinear encryption function in the Feistel structure with chaos was constructed. The cipher algorithm was realized in the Micaz node,and the confidential communication experiment in wireless sensor network was completed success-fully. Additional ROM memory required for the cipher algorithm is 4144 bytes and an additional RAM memory 61 bytes. The cipher algorithm is nonlinear chaos and the Feistel structure holds the best of the RC6,DES and SKIPJACK cipher algorithms.The result shows that the algorithm needs a little memory and is safe at a high level.展开更多
The paper puts forward a variance-time plots method based on slide-window mechanism tocalculate the Hurst parameter to detect Distribute Denial of Service(DDoS)attack in real time.Basedon fuzzy logic technology that c...The paper puts forward a variance-time plots method based on slide-window mechanism tocalculate the Hurst parameter to detect Distribute Denial of Service(DDoS)attack in real time.Basedon fuzzy logic technology that can adjust itself dynamically under the fuzzy rules,an intelligent DDoSjudgment mechanism is designed.This new method calculates the Hurst parameter quickly and detectsDDoS attack in real time.Through comparing the detecting technologies based on statistics andfeature-packet respectively under different experiments,it is found that the new method can identifythe change of the Hurst parameter resulting from DDoS attack traffic with different intensities,andintelligently judge DDoS attack self-adaptively in real time.展开更多
The security of wireless local area network (WI.AN) becomes a bottleneck for its further applications. At present, many standard organizations and manufacturers of WLAN try to solve this problem. However, owing to t...The security of wireless local area network (WI.AN) becomes a bottleneck for its further applications. At present, many standard organizations and manufacturers of WLAN try to solve this problem. However, owing to the serious secure leak in IEEES02.11 standards, it is impossible to utterly solve the problem by simply adding some remedies. Based on the analysis on the security mechanism of WLAN and the latest techniques of WI.AN security, a solution to WLAN security was presented. The solution makes preparation for the further combination of WLAN and Internet.展开更多
Wormhole attack is a serious threat against MANET (mobile ad hoc network) and its routing protocols. A new approach—tunnel key node identification (TKNI) was proposed. Based on tunnel-key-node identification and prio...Wormhole attack is a serious threat against MANET (mobile ad hoc network) and its routing protocols. A new approach—tunnel key node identification (TKNI) was proposed. Based on tunnel-key-node identification and priority-based route discovery, TKNI can rapidly rebuild the communications that have been blocked by wormhole attack. Compared to previous approaches, the proposed approach aims at both static and dynamic topology environment, involves addressing visible and invisible wormhole attack modes, requires no extra hardware, has a low overhead, and can be easily applied to MANET.展开更多
To meet the authorization administration requirements in a distributedcomputer network environment, this paper extends the role-based access control model with multipleapplication dimensions and establishes a new acce...To meet the authorization administration requirements in a distributedcomputer network environment, this paper extends the role-based access control model with multipleapplication dimensions and establishes a new access control model ED-RBAC(Extended Role Based AccessControl Model) for the distributed environment. We propose an extendable hierarchical authorizationassignment framework and design effective role-registeringi role-applying and role-assigningprotocol with symmetric and asymmetric cryptographic systems. The model can be used to simplifyauthorization administration in a distributed environment with multiple applications.展开更多
Wireless sensor networks are being deployed for some practical applications and their se-curity has received considerable attention.It is an important challenge to find out suitable keyagreement and encryption scheme ...Wireless sensor networks are being deployed for some practical applications and their se-curity has received considerable attention.It is an important challenge to find out suitable keyagreement and encryption scheme for wireless sensor networks due to limitations of the power,com-putation capability and storage resources.In this paper,an efficient key agreement and encryptionscheme for wireless sensor networks is presented.Results of analysis and simulations among the pro-posed scheme and other schemes show that the proposed scheme has some advantages in terms ofenergy consumption,computation requirement,storage requirement and security.展开更多
基金the National Natural Science Foundation of China (No.60573036).
文摘The core of network security is the risk assessment. In this letter,a risk assessment method is introduced to estimate the wireless network security. The method,which combines Analytic Hier-archy Process (AHP) method and fuzzy logical method,is applied to the risk assessment. Fuzzy logical method is applied to judge the important degree of each factor in the aspects of the probability,the influence and the uncontrollability,not to directly judge the important degree itself. The risk as-sessment is carved up 3 layers applying AHP method,the sort weight of the third layer is calculated by fuzzy logical method. Finally,the important degree is calculated by AHP method. By comparing the important degree of each factor,the risk which can be controlled by taking measures is known. The study of the case shows that the method can be easily used to the risk assessment of the wireless network security and its results conform to the actual situation.
文摘In this paper, the current known attack methods against WAI and the improvements of WAI called WAI' were analyzed. Through analyzing the unicast key agreement protocol in the WAI' by CPN model, the vulnerabilities of WAI' were found out. The improvement of WAI' was made and a new protocol called WAI' - E was proposed. The WAI' -E was combined with the key exchange mechanism of Diffie-HeUman based on el- liptic curve cryptography. Moreover, by using CK mode, it is the fact that WAI'-E was SK-secure with PFS and was nrovided with inde^nendant sacuritv ,f cartifient~ mlthentientinn wn~ nravgd
基金Supported by the National High Technology Develop ment 863 Program of China (No.2003AA148010)Key Technologies R&D Program of China (No.2002DA103A03-07).
文摘This paper focuses on investigating immunological principles in designing a multi-agent security architecture for intrusion detection and response in mobile ad hoc networks. In this approach, the immunity-based agents monitor the situation in the network. These agents can take appropriate actions according to the underlying security policies. Specifically, their activities are coordinated in a hierarchical fashion while sensing, communicating, decision and generating responses. Such an agent can learn and adapt to its environment dynamically and can detect both known and unknown intrusions. The proposed intrusion detection architecture is designed to be flexible, extendible, and adaptable that can perform real-time monitoring. This paper provides the conceptual view and a general framework of the proposed system. In the end, the architecture is illustrated by an example to show it can prevent the attack efficiently.
基金Supported by the Ministry of Educationin China (No.104086)
文摘Ubiquitous computing systems typically have lots of security problems in the area of identity authentication by means of classical PKI methods. The limited computing resources, the disconnection network, the classification requirements of identity authentication, the requirement of trust transfer and cross identity authentication, the bi-directional identity authentication, the security delegation and the simple privacy protection etc are all these unsolved problems. In this paper, a new novel ubiquitous computing identity authentication mechanism, named UCIAMdess, is presented. It is based on D-S Evidence Theory and extended SPKI/SDSI. D-S Evidence Theory is used in UCIAMdess to compute the trust value from the ubiquitous computing environment to the principal or between the different ubiquitous computing environments. SPKI-based authorization is expanded by adding the trust certificate in UCIAMdess to solve above problems in the ubiquitous computing environments. The identity authentication mechanism and the algorithm of certificate reduction are given in the paper to solve the multi-levels trust-correlative identity authentication problems. The performance analyses show that UCIAMdess is a suitable security mechanism in solving the complex ubiquitous computing problems.
基金Sponsored by the National High Technology Development Program of China (Grant No. 2002AA142020).
文摘With the increasing enlargement of network scale and the rapid development of network techniques, large numbers of the network applications begin to appear. Packet capture plays an important role as one basic technique used in each field of the network applications. In a high-speed network, the heavy traffic of network transmission challenges the packet capture techniques. This paper does an in-depth analysis on the traditional packet capture mechanisms in Linux, and then measures the performance bottleneck in the process of packet capture. The methods for improving the packet capture performance are presented and an optimized packet capture scheme is also designed and implemented. The test demonstrates that the new packet capture mechanism (Libpacket) can greatly improve the packet capture performance of the network application systems in a high-speed network.
文摘This paper proposed a distributed key management approach by using the recently developed concepts of certificate-based cryptosystem and threshold secret sharing schemes. Without any assumption of prefixed trust relationship between nodes, the ad hoc network works in a self-organizing way to provide the key generation and key management services using threshold secret sharing schemes, which effectively solves the problem of single point of failure. The proposed approach combines the best aspects of identity-based key management approaches (implicit certification) and traditional public key infrastructure approaches (no key escrow).
文摘A novel multicast communication model using a RingNet hierarchy is proposed. The RingNet hierarchy consists of 4 tiers: border router tier, access gateway tier, access proxy tier and mobile host tier. Within the hierarchy, the upper 2 tiers are dynamically organized into logical rings with network entities. A novel hierarchical secure access control scheme on key management is proposed based on the RingNet model. Network entities within the multicast hierarchy belong to different privileged local groups. Network entities of the higher-privileged local groups have the right to derive the keys held by network entities of the lower-privileged local groups, and the reverse operation is not allowed. With the key management approach, any insertion and changing of local group key will not affect other local groups. The analytical result shows that the scheme has higher security than Lin’s.
基金Projects G1999033105 supported by the National Basic Research Program of ChinaCSTC2005BB2198 by the Fund of Chongqing Science and Technol-ogy Committee+1 种基金2005KJ092 by the Fund of the Natural Science of Education Department of Anhui Province in China2004LKQ01 by the Fund ofNatural Science for Young Teachers of Huainan Normal University in China
文摘A new byte block cipher algorithm with discrete chaos and Feistel structure has been studied for confidential communication in wireless sensor network to improve security. After permutation,the byte block was encrypted through a Feistel structure in multiple turns and afterwards replaced again. The child keys are the composite sequence of discrete chaos and linear congruence sequences. Both the plain text and cipher text are of 8 bits. The number of keys is alterable. A nonlinear encryption function in the Feistel structure with chaos was constructed. The cipher algorithm was realized in the Micaz node,and the confidential communication experiment in wireless sensor network was completed success-fully. Additional ROM memory required for the cipher algorithm is 4144 bytes and an additional RAM memory 61 bytes. The cipher algorithm is nonlinear chaos and the Feistel structure holds the best of the RC6,DES and SKIPJACK cipher algorithms.The result shows that the algorithm needs a little memory and is safe at a high level.
基金the Six Heights of Talent in Jiangsu Prov-ince(No.06-E-044).
文摘The paper puts forward a variance-time plots method based on slide-window mechanism tocalculate the Hurst parameter to detect Distribute Denial of Service(DDoS)attack in real time.Basedon fuzzy logic technology that can adjust itself dynamically under the fuzzy rules,an intelligent DDoSjudgment mechanism is designed.This new method calculates the Hurst parameter quickly and detectsDDoS attack in real time.Through comparing the detecting technologies based on statistics andfeature-packet respectively under different experiments,it is found that the new method can identifythe change of the Hurst parameter resulting from DDoS attack traffic with different intensities,andintelligently judge DDoS attack self-adaptively in real time.
基金The National Natural Science Foundation ofChina(No60703031)The Natural Science Foundation of Shaanxi Province ( No2007F50)
文摘The security of wireless local area network (WI.AN) becomes a bottleneck for its further applications. At present, many standard organizations and manufacturers of WLAN try to solve this problem. However, owing to the serious secure leak in IEEES02.11 standards, it is impossible to utterly solve the problem by simply adding some remedies. Based on the analysis on the security mechanism of WLAN and the latest techniques of WI.AN security, a solution to WLAN security was presented. The solution makes preparation for the further combination of WLAN and Internet.
文摘Wormhole attack is a serious threat against MANET (mobile ad hoc network) and its routing protocols. A new approach—tunnel key node identification (TKNI) was proposed. Based on tunnel-key-node identification and priority-based route discovery, TKNI can rapidly rebuild the communications that have been blocked by wormhole attack. Compared to previous approaches, the proposed approach aims at both static and dynamic topology environment, involves addressing visible and invisible wormhole attack modes, requires no extra hardware, has a low overhead, and can be easily applied to MANET.
文摘To meet the authorization administration requirements in a distributedcomputer network environment, this paper extends the role-based access control model with multipleapplication dimensions and establishes a new access control model ED-RBAC(Extended Role Based AccessControl Model) for the distributed environment. We propose an extendable hierarchical authorizationassignment framework and design effective role-registeringi role-applying and role-assigningprotocol with symmetric and asymmetric cryptographic systems. The model can be used to simplifyauthorization administration in a distributed environment with multiple applications.
基金the Six Great Talent Peak Plan of JiangsuProvince(No 06-E-044)the"Qinlan Project"plan of Jiangsu province 2006 and the Natural Science Founda-tion of Jiangsu Province(No.BK2004218).
文摘Wireless sensor networks are being deployed for some practical applications and their se-curity has received considerable attention.It is an important challenge to find out suitable keyagreement and encryption scheme for wireless sensor networks due to limitations of the power,com-putation capability and storage resources.In this paper,an efficient key agreement and encryptionscheme for wireless sensor networks is presented.Results of analysis and simulations among the pro-posed scheme and other schemes show that the proposed scheme has some advantages in terms ofenergy consumption,computation requirement,storage requirement and security.
