An automatic dependent surveillance- broadcast (ADS-B) system has serious security problems, and the data can be spoofed during broadcasting precise position information of aircraft. A solution of the ADS-B system d...An automatic dependent surveillance- broadcast (ADS-B) system has serious security problems, and the data can be spoofed during broadcasting precise position information of aircraft. A solution of the ADS-B system data authentication based on the elliptic curve cipher (ECC) and X.509 certificate is proposed. It can avoid the key distribution problem by using the symmetric key algorithm and prevent the ADS-B data from being spoofed thoroughly. Experimental test results show that the solution is valid and appropriate in ADS-B universal access transceiver (UAT) mode.展开更多
Big data has a strong demand for a network infrastructure with the capability to support data sharing and retrieval efficiently. Information-centric networking (ICN) is an emerging approach to satisfy this demand, w...Big data has a strong demand for a network infrastructure with the capability to support data sharing and retrieval efficiently. Information-centric networking (ICN) is an emerging approach to satisfy this demand, where big data is cached ubiquitously in the network and retrieved using data names. However, existing authentication and authorization schemes rely mostly on centralized servers to provide certification and mediation services for data retrieval. This causes considerable traffic overhead for the secure distributed sharing of data. To solve this problem, we employ identity-based cryptography (IBC) to propose a Distributed Authentication and Authorization Scheme (DAAS), where an identity-based signature (IBS) is used to achieve distributed verifications of the identities of publishers and users. Moreover, Ciphertext-Policy Attribnte-based encryption (CP-ABE) is used to enable the distributed and fine-grained authorization. DAAS consists of three phases: initialization, secure data publication, and secure data retrieval, which seamlessly integrate authentication and authorization with the in- terest/data communication paradigm in ICN. In particular, we propose trustworthy registration and Network Operator and Authority Manifest (NOAM) dissemination to provide initial secure registration and enable efficient authentication for global data retrieval. Meanwhile, Attribute Manifest (AM) distribution coupled with automatic attribute update is proposed to reduce the cost of attribute retrieval. We examine the performance of the proposed DAAS, which shows that it can achieve a lower bandwidth cost than existing schemes.展开更多
A novel video data authentication model based on digital video watermarking and MAC (message authentication code) in multicast protocol is proposed in this paper, The digital watermarking which composes of the MAC o...A novel video data authentication model based on digital video watermarking and MAC (message authentication code) in multicast protocol is proposed in this paper, The digital watermarking which composes of the MAC of the significant vid eo content, the key and instant authentication data is embedded into the insignificant video component by the MLUT (modified look-up table) video watermarking technology. We explain a method that does not require storage of each data packet for a time, thus making receiver not vulnerable to DOS (denial of service) attack. So the video packets can be authenticated instantly without large volume buffer in the receivers. TESLA (timed efficient stream loss tolerant authentication) does not explain how to select the suitable value for d, which is an important parameter in multicast source authentication. So we give a method to calculate the key disclosure delay (number of intervals). Simulation results show that the proposed algorithms improve the performance of data source authentication in multicast.展开更多
With the growing trend toward using cloud storage,the problem of efficiently checking and proving data integrity needs more consideration.Many cryptography and security schemes,such as PDP(Provable Data Possession) an...With the growing trend toward using cloud storage,the problem of efficiently checking and proving data integrity needs more consideration.Many cryptography and security schemes,such as PDP(Provable Data Possession) and POR(Proofs of Retrievability) were proposed for this problem.Although many efficient schemes for static data have been constructed,only a few dynamic schemes exist,such as DPDP(Dynamic Provable Data Possession).But the DPDP scheme falls short when updates are not proportional to a fixed block size.The FlexList-based Dynamic Provable Data Possession(FlexDPDP) was an optimized scheme for DPDP.However,the update operations(insertion,remove,modification)in Flex DPDP scheme only apply to single node at a time,while multiple consecutive nodes operation is more common in practice.To solve this problem,we propose optimized algorithms for multiple consecutive nodes,which including MultiNodes Insert and Verification,MultiNodes Remove and Verification,MultiNodes Modify and Verification.The cost of our optimized algorithms is also analyzed.For m consecutive nodes,an insertion takes O(m) + O(log N) + O(log m),where N is the number of leaf nodes of FlexList,a remove takes O(log/V),and a modification is the same as the original algorithm.Finally,we compare the optimized algorithms with original FlexList through experiences,and the results show that our scheme has the higher efficiency of time and space.展开更多
Based on a generalized chaos synchronization system and a discrete Sinai map, a non-symmetric true color (RGB) digital image secure communication scheme is proposed. The scheme first changes an ordinary RGB digital ...Based on a generalized chaos synchronization system and a discrete Sinai map, a non-symmetric true color (RGB) digital image secure communication scheme is proposed. The scheme first changes an ordinary RGB digital image with 8 bits into unrecognizable disorder codes and then transforms the disorder codes into an RGB digital image with 16 bits for transmitting. A receiver uses a non-symmetric key to verify the authentication of the received data origin, and decrypts the ciphertext. The scheme can encrypt and decz:Fpt most formatted digital RGB images recognized by computers, and recover the plaintext almost without any errors. The scheme is suitable to be applied in network image communications. The analysis of the key space, sensitivity of key parameters, and correlation of encrypted images imply that this scheme has sound security.展开更多
Redistricting is the process of grouping all census blocks within a region to form larger subdivisions, or districts. The process is typically subject to some hard rules and some (soft) preferences to improve fairness...Redistricting is the process of grouping all census blocks within a region to form larger subdivisions, or districts. The process is typically subject to some hard rules and some (soft) preferences to improve fairness of the solution. Achieving public consensus on the fairness of proposed redistricting plans is highly desirable. Unfortunately, fair redistricting is an NP hard optimization problem. The complexity of the process makes it even more challenging to convince the public of the fairness of the proposed solution. This paper proposes a completely transparent blockchain based strategy to promote public participation in the redistricting process, to increase public confidence in the outcome of the process. The proposed approach is based on the fact that one does not have to worry about how the NP hard problem was solved, as long as it is possible for anyone to compute a “goodness” metric for the proposed plan. In the proposed approach, anyone can submit a plan along with the expected metric. Only the plan with the best claimed metric needs to be evaluated in a blockchain network.展开更多
A protocol for processing geographic data is proposed to guarantee authoritative and unbiased responses to geographic queries, without the need to rely on trusted third parties. The integrity of the proposed authorita...A protocol for processing geographic data is proposed to guarantee authoritative and unbiased responses to geographic queries, without the need to rely on trusted third parties. The integrity of the proposed authoritative and unbiased geographic services (AUGS) protocol is guaranteed by employing novel hash tree based authenticated data structures (ADS) in conjunction with a blockchain ledger. Hash tree based ADSes are used to incrementally compute a succinct dynamic commitments to AUGS data. A blockchain ledger is used to record 1) transactions that trigger updates to AUGS data, and 2) the updated cryptographic commitments to AUGS data. Untrusted service providers are required to provide verification objects (VOs) as proof-of-correctness of their responses to AUGS queries. Anyone with access to commitments in ledger entries can verify the proof.展开更多
In Trust Zone architecture, the Trusted Application(TA) in the secure world does not certify the identity of Client Applications(CA) in the normal world that request data access, which represents a user data leaka...In Trust Zone architecture, the Trusted Application(TA) in the secure world does not certify the identity of Client Applications(CA) in the normal world that request data access, which represents a user data leakage risk. This paper proposes a private user data protection mechanism in Trust Zone to avoid such risks. We add corresponding modules to both the secure world and the normal world and authenticate the identity of CA to prevent illegal access to private user data. Then we analyze the system security, and perform validity and performance tests.The results show that this method can perform effective identity recognition and control of CA to protect the security of private user data. After adding authentication modules, the data operation time of system increases by about0.16 s, an acceptable price to pay for the improved security.展开更多
基金supported by the National Natural Science Foundation of China under Grant No. 61179072the Civil Aviation Science Foundation of China
文摘An automatic dependent surveillance- broadcast (ADS-B) system has serious security problems, and the data can be spoofed during broadcasting precise position information of aircraft. A solution of the ADS-B system data authentication based on the elliptic curve cipher (ECC) and X.509 certificate is proposed. It can avoid the key distribution problem by using the symmetric key algorithm and prevent the ADS-B data from being spoofed thoroughly. Experimental test results show that the solution is valid and appropriate in ADS-B universal access transceiver (UAT) mode.
文摘Big data has a strong demand for a network infrastructure with the capability to support data sharing and retrieval efficiently. Information-centric networking (ICN) is an emerging approach to satisfy this demand, where big data is cached ubiquitously in the network and retrieved using data names. However, existing authentication and authorization schemes rely mostly on centralized servers to provide certification and mediation services for data retrieval. This causes considerable traffic overhead for the secure distributed sharing of data. To solve this problem, we employ identity-based cryptography (IBC) to propose a Distributed Authentication and Authorization Scheme (DAAS), where an identity-based signature (IBS) is used to achieve distributed verifications of the identities of publishers and users. Moreover, Ciphertext-Policy Attribnte-based encryption (CP-ABE) is used to enable the distributed and fine-grained authorization. DAAS consists of three phases: initialization, secure data publication, and secure data retrieval, which seamlessly integrate authentication and authorization with the in- terest/data communication paradigm in ICN. In particular, we propose trustworthy registration and Network Operator and Authority Manifest (NOAM) dissemination to provide initial secure registration and enable efficient authentication for global data retrieval. Meanwhile, Attribute Manifest (AM) distribution coupled with automatic attribute update is proposed to reduce the cost of attribute retrieval. We examine the performance of the proposed DAAS, which shows that it can achieve a lower bandwidth cost than existing schemes.
基金Supported bythe National Natural Science Foundationof China (60175001)
文摘A novel video data authentication model based on digital video watermarking and MAC (message authentication code) in multicast protocol is proposed in this paper, The digital watermarking which composes of the MAC of the significant vid eo content, the key and instant authentication data is embedded into the insignificant video component by the MLUT (modified look-up table) video watermarking technology. We explain a method that does not require storage of each data packet for a time, thus making receiver not vulnerable to DOS (denial of service) attack. So the video packets can be authenticated instantly without large volume buffer in the receivers. TESLA (timed efficient stream loss tolerant authentication) does not explain how to select the suitable value for d, which is an important parameter in multicast source authentication. So we give a method to calculate the key disclosure delay (number of intervals). Simulation results show that the proposed algorithms improve the performance of data source authentication in multicast.
基金supported in part by the National Natural Science Foundation of China under Grant No.61440014&&No.61300196the Liaoning Province Doctor Startup Fundunder Grant No.20141012+2 种基金the Liaoning Province Science and Technology Projects under Grant No.2013217004the Shenyang Province Science and Technology Projects under Grant Nothe Fundamental Research Funds for the Central Universities under Grant No.N130317002 and No.N130317003
文摘With the growing trend toward using cloud storage,the problem of efficiently checking and proving data integrity needs more consideration.Many cryptography and security schemes,such as PDP(Provable Data Possession) and POR(Proofs of Retrievability) were proposed for this problem.Although many efficient schemes for static data have been constructed,only a few dynamic schemes exist,such as DPDP(Dynamic Provable Data Possession).But the DPDP scheme falls short when updates are not proportional to a fixed block size.The FlexList-based Dynamic Provable Data Possession(FlexDPDP) was an optimized scheme for DPDP.However,the update operations(insertion,remove,modification)in Flex DPDP scheme only apply to single node at a time,while multiple consecutive nodes operation is more common in practice.To solve this problem,we propose optimized algorithms for multiple consecutive nodes,which including MultiNodes Insert and Verification,MultiNodes Remove and Verification,MultiNodes Modify and Verification.The cost of our optimized algorithms is also analyzed.For m consecutive nodes,an insertion takes O(m) + O(log N) + O(log m),where N is the number of leaf nodes of FlexList,a remove takes O(log/V),and a modification is the same as the original algorithm.Finally,we compare the optimized algorithms with original FlexList through experiences,and the results show that our scheme has the higher efficiency of time and space.
基金the National Natural Science Foundation of China under,the Foundation for University Key Teachers,高等学校博士学科点专项科研项目,教育部科学技术研究项目
文摘Based on a generalized chaos synchronization system and a discrete Sinai map, a non-symmetric true color (RGB) digital image secure communication scheme is proposed. The scheme first changes an ordinary RGB digital image with 8 bits into unrecognizable disorder codes and then transforms the disorder codes into an RGB digital image with 16 bits for transmitting. A receiver uses a non-symmetric key to verify the authentication of the received data origin, and decrypts the ciphertext. The scheme can encrypt and decz:Fpt most formatted digital RGB images recognized by computers, and recover the plaintext almost without any errors. The scheme is suitable to be applied in network image communications. The analysis of the key space, sensitivity of key parameters, and correlation of encrypted images imply that this scheme has sound security.
文摘Redistricting is the process of grouping all census blocks within a region to form larger subdivisions, or districts. The process is typically subject to some hard rules and some (soft) preferences to improve fairness of the solution. Achieving public consensus on the fairness of proposed redistricting plans is highly desirable. Unfortunately, fair redistricting is an NP hard optimization problem. The complexity of the process makes it even more challenging to convince the public of the fairness of the proposed solution. This paper proposes a completely transparent blockchain based strategy to promote public participation in the redistricting process, to increase public confidence in the outcome of the process. The proposed approach is based on the fact that one does not have to worry about how the NP hard problem was solved, as long as it is possible for anyone to compute a “goodness” metric for the proposed plan. In the proposed approach, anyone can submit a plan along with the expected metric. Only the plan with the best claimed metric needs to be evaluated in a blockchain network.
文摘A protocol for processing geographic data is proposed to guarantee authoritative and unbiased responses to geographic queries, without the need to rely on trusted third parties. The integrity of the proposed authoritative and unbiased geographic services (AUGS) protocol is guaranteed by employing novel hash tree based authenticated data structures (ADS) in conjunction with a blockchain ledger. Hash tree based ADSes are used to incrementally compute a succinct dynamic commitments to AUGS data. A blockchain ledger is used to record 1) transactions that trigger updates to AUGS data, and 2) the updated cryptographic commitments to AUGS data. Untrusted service providers are required to provide verification objects (VOs) as proof-of-correctness of their responses to AUGS queries. Anyone with access to commitments in ledger entries can verify the proof.
基金supported by the National HighTech Research and Development (863) Program (No. 2015AA016002)the National Key Basic Research Program of China (No. 2014CB340600)+1 种基金the National Natural Science Foundation of China (Nos. 61303024 and 61272452)the Natural Science Foundation of Jiangsu Province (Nos. BK20130372)
文摘In Trust Zone architecture, the Trusted Application(TA) in the secure world does not certify the identity of Client Applications(CA) in the normal world that request data access, which represents a user data leakage risk. This paper proposes a private user data protection mechanism in Trust Zone to avoid such risks. We add corresponding modules to both the secure world and the normal world and authenticate the identity of CA to prevent illegal access to private user data. Then we analyze the system security, and perform validity and performance tests.The results show that this method can perform effective identity recognition and control of CA to protect the security of private user data. After adding authentication modules, the data operation time of system increases by about0.16 s, an acceptable price to pay for the improved security.
