Smart parks serve as integral components of smart cities,where they play a pivotal role in the process of urban modernization.The demand for cross-domain cooperation among smart devices from various parks has witnesse...Smart parks serve as integral components of smart cities,where they play a pivotal role in the process of urban modernization.The demand for cross-domain cooperation among smart devices from various parks has witnessed a significant increase.To ensure secure communication,device identities must undergo authentication.The existing cross-domain authentication schemes face issues such as complex authentication paths and high certificate management costs for devices,making it impractical for resource-constrained devices.This paper proposes a blockchain-based lightweight and efficient cross-domain authentication protocol for smart parks,which simplifies the authentication interaction and requires every device to maintain only one certificate.To enhance cross-domain cooperation flexibility,a comprehensive certificate revocation mechanism is presented,significantly reducing certificate management costs while ensuring efficient and secure identity authentication.When a park needs to revoke access permissions of several cooperative partners,the revocation of numerous cross-domain certificates can be accomplished with a single blockchain write operation.The security analysis and experimental results demonstrate the security and effectiveness of our scheme.展开更多
Considering the secure authentication problem for equipment support information network,a clustering method based on the business information flow is proposed. Based on the proposed method,a cluster-based distributed ...Considering the secure authentication problem for equipment support information network,a clustering method based on the business information flow is proposed. Based on the proposed method,a cluster-based distributed authentication mechanism and an optimal design method for distributed certificate authority( CA)are designed. Compared with some conventional clustering methods for network,the proposed clustering method considers the business information flow of the network and the task of the network nodes,which can decrease the communication spending between the clusters and improve the network efficiency effectively. The identity authentication protocols between the nodes in the same cluster and in different clusters are designed. From the perspective of the security of network and the availability of distributed authentication service,the definition of the secure service success rate of distributed CA is given and it is taken as the aim of the optimal design for distributed CA. The efficiency of providing the distributed certificate service successfully by the distributed CA is taken as the constraint condition of the optimal design for distributed CA. The determination method for the optimal value of the threshold is investigated. The proposed method can provide references for the optimal design for distributed CA.展开更多
门限密码学提供了建立入侵容忍应用的新方法。文中在介绍并分析了基于ECC的ElGamal数字签名方案和t out of n秘密共享方案的基础上,提出了一个基于ECC的零知识证明方法和一个基于ECC的门限数字签名方案;研究了该方法和方案在建立入侵容...门限密码学提供了建立入侵容忍应用的新方法。文中在介绍并分析了基于ECC的ElGamal数字签名方案和t out of n秘密共享方案的基础上,提出了一个基于ECC的零知识证明方法和一个基于ECC的门限数字签名方案;研究了该方法和方案在建立入侵容忍CA中的应用。最后,对比ITTC项目中关于入侵容忍CA设计的方案,分析显示该方案在安全性、效率和可用性方面具有良好的性能。展开更多
为解决移动自组网(Mobile Ad Hoc Network,MANET)网络信道开放、节点灵活多变且资源受限以及难以部署复杂认证机制的问题,结合轻量级CA思想,构造出一种适用于生存周期短、拓扑结构高度动态变化的MANET的认证体系结构即轻量级可移交认证...为解决移动自组网(Mobile Ad Hoc Network,MANET)网络信道开放、节点灵活多变且资源受限以及难以部署复杂认证机制的问题,结合轻量级CA思想,构造出一种适用于生存周期短、拓扑结构高度动态变化的MANET的认证体系结构即轻量级可移交认证中心(Lightweight and Shifted Certification Authority,LSCA)。LSCA结构简化了传统基于证书CA机制的公钥产生及验证的复杂性,无需证书管理;同时以移交CA角色的方式工作,不需预先配置节点及预知网络拓扑结构,使系统在不采用门限机制的情况下具备一定的容侵能力。性能分析及仿真实验表明:LSCA对DoS攻击表现出较强的健壮性,在通信、计算及存储代价方面均优于分布式CA及门限机制CA,适用于动态多变、生存周期较短的MANET网络应用。展开更多
基金supported in part by the National Natural Science Foundation Project of China under Grant No.62062009the Guangxi Innovation-Driven Development Project under Grant Nos.AA17204058-17 and AA18118047-7.
文摘Smart parks serve as integral components of smart cities,where they play a pivotal role in the process of urban modernization.The demand for cross-domain cooperation among smart devices from various parks has witnessed a significant increase.To ensure secure communication,device identities must undergo authentication.The existing cross-domain authentication schemes face issues such as complex authentication paths and high certificate management costs for devices,making it impractical for resource-constrained devices.This paper proposes a blockchain-based lightweight and efficient cross-domain authentication protocol for smart parks,which simplifies the authentication interaction and requires every device to maintain only one certificate.To enhance cross-domain cooperation flexibility,a comprehensive certificate revocation mechanism is presented,significantly reducing certificate management costs while ensuring efficient and secure identity authentication.When a park needs to revoke access permissions of several cooperative partners,the revocation of numerous cross-domain certificates can be accomplished with a single blockchain write operation.The security analysis and experimental results demonstrate the security and effectiveness of our scheme.
基金National Natural Science Foundation of China(No.61271152)Natural Science Foundation of Hebei Province,China(No.F2012506008)the Original Innovation Foundation of Ordnance Engineering College,China(No.YSCX0903)
文摘Considering the secure authentication problem for equipment support information network,a clustering method based on the business information flow is proposed. Based on the proposed method,a cluster-based distributed authentication mechanism and an optimal design method for distributed certificate authority( CA)are designed. Compared with some conventional clustering methods for network,the proposed clustering method considers the business information flow of the network and the task of the network nodes,which can decrease the communication spending between the clusters and improve the network efficiency effectively. The identity authentication protocols between the nodes in the same cluster and in different clusters are designed. From the perspective of the security of network and the availability of distributed authentication service,the definition of the secure service success rate of distributed CA is given and it is taken as the aim of the optimal design for distributed CA. The efficiency of providing the distributed certificate service successfully by the distributed CA is taken as the constraint condition of the optimal design for distributed CA. The determination method for the optimal value of the threshold is investigated. The proposed method can provide references for the optimal design for distributed CA.
文摘门限密码学提供了建立入侵容忍应用的新方法。文中在介绍并分析了基于ECC的ElGamal数字签名方案和t out of n秘密共享方案的基础上,提出了一个基于ECC的零知识证明方法和一个基于ECC的门限数字签名方案;研究了该方法和方案在建立入侵容忍CA中的应用。最后,对比ITTC项目中关于入侵容忍CA设计的方案,分析显示该方案在安全性、效率和可用性方面具有良好的性能。
文摘为解决移动自组网(Mobile Ad Hoc Network,MANET)网络信道开放、节点灵活多变且资源受限以及难以部署复杂认证机制的问题,结合轻量级CA思想,构造出一种适用于生存周期短、拓扑结构高度动态变化的MANET的认证体系结构即轻量级可移交认证中心(Lightweight and Shifted Certification Authority,LSCA)。LSCA结构简化了传统基于证书CA机制的公钥产生及验证的复杂性,无需证书管理;同时以移交CA角色的方式工作,不需预先配置节点及预知网络拓扑结构,使系统在不采用门限机制的情况下具备一定的容侵能力。性能分析及仿真实验表明:LSCA对DoS攻击表现出较强的健壮性,在通信、计算及存储代价方面均优于分布式CA及门限机制CA,适用于动态多变、生存周期较短的MANET网络应用。