With the rapid development of the genomic sequencing technology,the cost of obtaining personal genomic data and effectively analyzing it has been gradually reduced.The analysis and utilization of genomic dam gradually...With the rapid development of the genomic sequencing technology,the cost of obtaining personal genomic data and effectively analyzing it has been gradually reduced.The analysis and utilization of genomic dam gradually entered the public view,and the leakage of genomic dam privacy has attracted the attention of researchers.The security of genomic data is not only related to the protection of personal privacy,but also related to the biological information security of the country.However,there is still no.effective genomic dam privacy protection scheme using Shangyong Mima(SM)algorithms.In this paper,we analyze the widely used genomic dam file formats and design a large genomic dam files encryption scheme based on the SM algorithms.Firstly,we design a key agreement protocol based on the SM2 asymmetric cryptography and use the SM3 hash function to guarantee the correctness of the key.Secondly,we used the SM4 symmetric cryptography to encrypt the genomic data by optimizing the packet processing of files,and improve the usability by assisting the computing platform with key management.Software implementation demonstrates that the scheme can be applied to securely transmit the genomic data in the network environment and provide an encryption method based on SM algorithms for protecting the privacy of genomic data.展开更多
With the continuous expansion of the Industrial Internet of Things(IIoT),more andmore organisations are placing large amounts of data in the cloud to reduce overheads.However,the channel between cloud servers and smar...With the continuous expansion of the Industrial Internet of Things(IIoT),more andmore organisations are placing large amounts of data in the cloud to reduce overheads.However,the channel between cloud servers and smart equipment is not trustworthy,so the issue of data authenticity needs to be addressed.The SM2 digital signature algorithm can provide an authentication mechanism for data to solve such problems.Unfortunately,it still suffers from the problem of key exposure.In order to address this concern,this study first introduces a key-insulated scheme,SM2-KI-SIGN,based on the SM2 algorithm.This scheme boasts strong key insulation and secure keyupdates.Our scheme uses the elliptic curve algorithm,which is not only more efficient but also more suitable for IIoT-cloud environments.Finally,the security proof of SM2-KI-SIGN is given under the Elliptic Curve Discrete Logarithm(ECDL)assumption in the random oracle.展开更多
Most of the public key algorithms used in the exchange of information for power data transmission protocols are RSA. The core of the key part of this kind of algorithm system has not been announced. For the domestic s...Most of the public key algorithms used in the exchange of information for power data transmission protocols are RSA. The core of the key part of this kind of algorithm system has not been announced. For the domestic sensitive information data field, there are threats such as preset backdoors and security vulnerabilities. In response to the above problems, the article introduces a secure communication protocol based on the optimized Secret SM2 algorithm, which uses socket programming to achieve two-way encrypted communication between clients and services, and is able to complete the security protection of data encryption transmission, authentication, data tampering, etc., and proves through experiments that the security protocol is more secure than traditional methods, can effectively identify each other, carry out stable and controllable data encryption transmission, and has good applicability.展开更多
The Chinese hash algorithm SM3 is verified to be secure enough,but improper hardware implementation may lead to leakage.A masking scheme for SM3 algorithm is proposed to ensure the security of SM3 based Message Authen...The Chinese hash algorithm SM3 is verified to be secure enough,but improper hardware implementation may lead to leakage.A masking scheme for SM3 algorithm is proposed to ensure the security of SM3 based Message Authentication Code(MAC).Our scheme was implemented in hardware,which utilizes hardware oriented secure conversion techniques between boolean and arithmetic masking.Security evaluation based on SAKURA-G FPGA board has been done with 2000 power traces from 2000 random plaintexts with random plaintext masks and random key masks.It has been verified that the masked SM3 hardware implementation shows no intermediate value leakage as expected.Our masked SM3 hardware can resist first-order correlation power attack(CPA) and collision correlation attack.展开更多
The IEC60870-5-104 protocol lacks an integrated authentication mechanism during plaintext transmission, and is vulnerable to security threats, monitoring, tampering, or cutting off communication connections. In order ...The IEC60870-5-104 protocol lacks an integrated authentication mechanism during plaintext transmission, and is vulnerable to security threats, monitoring, tampering, or cutting off communication connections. In order to verify the security problems of 104 protocol, the 104 master-slave communication implemented DoS attacks, ARP spoofing and Ettercap packet filtering and other man-in-the-middle attacks. DoS attacks may damage the network functions of the 104 communication host, resulting in communication interruption. ARP spoofing damaged the data privacy of the 104 protocol, and Ettercap packet filtering cut off the communication connection between the master and the slave. In order to resist the man-in-the-middle attack, the AES and RSA hybrid encryption signature algorithm and the national secret SM2 elliptic curve algorithm are proposed. AES and RSA hybrid encryption increases the security strength of communication data and realizes identity authentication. The digital signature implemented by the SM2 algorithm can realize identity verification, ensure that the data has not been tampered with, and can ensure the integrity of the data. Both of them improve the communication security of the 104 protocol.展开更多
With the rapid development of information technology, demand of network & information security has increased. People enjoy many benefits by virtue of information technology. At the same time network security has b...With the rapid development of information technology, demand of network & information security has increased. People enjoy many benefits by virtue of information technology. At the same time network security has become the important challenge, but network information security has become a top priority. In the field of authentication, dynamic password technology has gained users’ trust and favor because of its safety and ease of operation. Dynamic password, SHA (Secure Hash Algorithm) is widely used globally and acts as information security mechanism against potential threat. The cryptographic algorithm is an open research area, and development of these state-owned technology products helps secure encryption product and provides safeguard against threats. Dynamic password authentication technology is based on time synchronization, using the state-owned password algorithm. SM3 hash algorithm can meet the security needs of a variety of cryptographic applications for commercial cryptographic applications and verification of digital signatures, generation and verification of message authentication code. Dynamic password basically generates an unpredictable random numbers based on a combination of specialized algorithms. Each password can only be used once, and help provide high safety. Therefore, the dynamic password technology for network information security issues is of great significance. In our proposed algorithm, dynamic password is generated by SM3 Hash Algorithm using current time and the identity ID and it varies with time and changes randomly. Coupled with the SM3 hash algorithm security, dynamic password security properties can be further improved, thus it effectively improves network authentication security.展开更多
Due to the civil BeiDou navigation system is open,unauthenticated,and non-encrypted,civilian BeiDou navigation signals may have great security loopholes during transmission or reception.The main security loophole here...Due to the civil BeiDou navigation system is open,unauthenticated,and non-encrypted,civilian BeiDou navigation signals may have great security loopholes during transmission or reception.The main security loophole here is spoofing attacks.Spoofing attacks make the positioning or timing results of BeiDou civilian receivers wrong.Such errors may cause a series of security problems,which lays a serious hidden danger for Bei-Dou satellite information security.This article proposes an anti-spoofing method for BeiDou navigation system based on the combination of SM commercial cryptographic algorithm and Timed Efficient Stream Loss-tolerant Authentication(TESLA)for spoofing attacks.In this solution,we use the SM3 algorithm to generate a TESLA key chain with time information,and then use the key in the key chain to generate the message authentication code for the BeiDou D2 navigation message.The message authentication code is inserted into a reserved bit of the D2 navigation message.In addition,this solution uses the SM2 algorithm to protect and encrypt time information in the TESLA key chain to prevent key replay attacks in TESLA.The experimental results tested on the experimental platform built in this paper show that this scheme reduces the possibility of the BeiDou navigation system being deceived and enhances the safety of the BeiDou navigation system.展开更多
SM4 is a block cipher algorithm among Chinese commer-cial cryptographic algorithms,which is advanced in terms of efficiency and theoretical security and has become national and international stan-dards successively.Howe...SM4 is a block cipher algorithm among Chinese commer-cial cryptographic algorithms,which is advanced in terms of efficiency and theoretical security and has become national and international stan-dards successively.However,existing literature shows that SM4 was not designed with an emphasis on key storage,which means that in today’s world where a single trusted hardware device with the built-in key faces challenges such as vulnerability,high cost,and unreliability,the usabil-ity of SM4 may be limited.Therefore,this paper proposes an imple-mentation scheme for SM4 based on secure multi-party computation(MPC)technology.The scheme involves dispensing the key among mul-tiple users’devices in a distributed manner,and when using the SM4 algorithm for encryption,multiple users perform joint computation with-out opening the full key.Specifically,this paper employs the MP-SPDZ framework,which satisfies security requirements in the presence of a dishonest majority of active adversaries.In view of the fact that this framework can only perform basic linear operations such as addition and multiplication,this paper focuses on the algebraic analysis of Sbox,which is the only non-linear component in SM4,and reconstructs it using the bit decomposition method.Furthermore,this paper demonstrates the conversion between the SM4-Sboxfield GF(28)and the SPDZ parame-terfield GF(240)through the isomorphic mapping,making it possible to perform joint calculations throughout the entire SM4 algorithm.Com-plexity analysis shows that this scheme has advantages in terms of data storage and communication volume,reaching a level of usability.展开更多
基金supported by the National Key Research and Development Program of China(No.2016YFC1000307)the National Natural Science Foundation of China(No.61571024,No.61971021).
文摘With the rapid development of the genomic sequencing technology,the cost of obtaining personal genomic data and effectively analyzing it has been gradually reduced.The analysis and utilization of genomic dam gradually entered the public view,and the leakage of genomic dam privacy has attracted the attention of researchers.The security of genomic data is not only related to the protection of personal privacy,but also related to the biological information security of the country.However,there is still no.effective genomic dam privacy protection scheme using Shangyong Mima(SM)algorithms.In this paper,we analyze the widely used genomic dam file formats and design a large genomic dam files encryption scheme based on the SM algorithms.Firstly,we design a key agreement protocol based on the SM2 asymmetric cryptography and use the SM3 hash function to guarantee the correctness of the key.Secondly,we used the SM4 symmetric cryptography to encrypt the genomic data by optimizing the packet processing of files,and improve the usability by assisting the computing platform with key management.Software implementation demonstrates that the scheme can be applied to securely transmit the genomic data in the network environment and provide an encryption method based on SM algorithms for protecting the privacy of genomic data.
基金This work was supported in part by the National Natural Science Foundation of China(Nos.62072074,62076054,62027827,62002047)the Sichuan Science and Technology Innovation Platform and Talent Plan(Nos.2020JDJQ0020,2022JDJQ0039)+2 种基金the Sichuan Science and Technology Support Plan(Nos.2020YFSY0010,2022YFQ0045,2022YFS0220,2023YFG0148,2021YFG0131)the YIBIN Science and Technology Support Plan(No.2021CG003)the Medico-Engineering Cooperation Funds from University of Electronic Science and Technology of China(Nos.ZYGX2021YGLH212,ZYGX2022YGRH012).
文摘With the continuous expansion of the Industrial Internet of Things(IIoT),more andmore organisations are placing large amounts of data in the cloud to reduce overheads.However,the channel between cloud servers and smart equipment is not trustworthy,so the issue of data authenticity needs to be addressed.The SM2 digital signature algorithm can provide an authentication mechanism for data to solve such problems.Unfortunately,it still suffers from the problem of key exposure.In order to address this concern,this study first introduces a key-insulated scheme,SM2-KI-SIGN,based on the SM2 algorithm.This scheme boasts strong key insulation and secure keyupdates.Our scheme uses the elliptic curve algorithm,which is not only more efficient but also more suitable for IIoT-cloud environments.Finally,the security proof of SM2-KI-SIGN is given under the Elliptic Curve Discrete Logarithm(ECDL)assumption in the random oracle.
文摘Most of the public key algorithms used in the exchange of information for power data transmission protocols are RSA. The core of the key part of this kind of algorithm system has not been announced. For the domestic sensitive information data field, there are threats such as preset backdoors and security vulnerabilities. In response to the above problems, the article introduces a secure communication protocol based on the optimized Secret SM2 algorithm, which uses socket programming to achieve two-way encrypted communication between clients and services, and is able to complete the security protection of data encryption transmission, authentication, data tampering, etc., and proves through experiments that the security protocol is more secure than traditional methods, can effectively identify each other, carry out stable and controllable data encryption transmission, and has good applicability.
基金supported by the National Major Program "Core of Electronic Devices,High-End General Chips,and Basis of Software Products" of the Ministry of Industry and Information Technology of China (Nos.2014ZX01032205,2014ZX01032401001-Z05)the National Natural Science Foundation of China(No.61402252) "12th Five-Year Plan" The National Development Foundation for Cryptological Research(No. MMJJ201401009)
文摘The Chinese hash algorithm SM3 is verified to be secure enough,but improper hardware implementation may lead to leakage.A masking scheme for SM3 algorithm is proposed to ensure the security of SM3 based Message Authentication Code(MAC).Our scheme was implemented in hardware,which utilizes hardware oriented secure conversion techniques between boolean and arithmetic masking.Security evaluation based on SAKURA-G FPGA board has been done with 2000 power traces from 2000 random plaintexts with random plaintext masks and random key masks.It has been verified that the masked SM3 hardware implementation shows no intermediate value leakage as expected.Our masked SM3 hardware can resist first-order correlation power attack(CPA) and collision correlation attack.
文摘The IEC60870-5-104 protocol lacks an integrated authentication mechanism during plaintext transmission, and is vulnerable to security threats, monitoring, tampering, or cutting off communication connections. In order to verify the security problems of 104 protocol, the 104 master-slave communication implemented DoS attacks, ARP spoofing and Ettercap packet filtering and other man-in-the-middle attacks. DoS attacks may damage the network functions of the 104 communication host, resulting in communication interruption. ARP spoofing damaged the data privacy of the 104 protocol, and Ettercap packet filtering cut off the communication connection between the master and the slave. In order to resist the man-in-the-middle attack, the AES and RSA hybrid encryption signature algorithm and the national secret SM2 elliptic curve algorithm are proposed. AES and RSA hybrid encryption increases the security strength of communication data and realizes identity authentication. The digital signature implemented by the SM2 algorithm can realize identity verification, ensure that the data has not been tampered with, and can ensure the integrity of the data. Both of them improve the communication security of the 104 protocol.
文摘With the rapid development of information technology, demand of network & information security has increased. People enjoy many benefits by virtue of information technology. At the same time network security has become the important challenge, but network information security has become a top priority. In the field of authentication, dynamic password technology has gained users’ trust and favor because of its safety and ease of operation. Dynamic password, SHA (Secure Hash Algorithm) is widely used globally and acts as information security mechanism against potential threat. The cryptographic algorithm is an open research area, and development of these state-owned technology products helps secure encryption product and provides safeguard against threats. Dynamic password authentication technology is based on time synchronization, using the state-owned password algorithm. SM3 hash algorithm can meet the security needs of a variety of cryptographic applications for commercial cryptographic applications and verification of digital signatures, generation and verification of message authentication code. Dynamic password basically generates an unpredictable random numbers based on a combination of specialized algorithms. Each password can only be used once, and help provide high safety. Therefore, the dynamic password technology for network information security issues is of great significance. In our proposed algorithm, dynamic password is generated by SM3 Hash Algorithm using current time and the identity ID and it varies with time and changes randomly. Coupled with the SM3 hash algorithm security, dynamic password security properties can be further improved, thus it effectively improves network authentication security.
基金supported in part by the Joint Foundation of National Natural Science Committee of China and Civil Aviation Administration of China under Grant U1933108in part by the Scientific Research Project of Tianjin Municipal Education Commission under Grant 2019KJ117.
文摘Due to the civil BeiDou navigation system is open,unauthenticated,and non-encrypted,civilian BeiDou navigation signals may have great security loopholes during transmission or reception.The main security loophole here is spoofing attacks.Spoofing attacks make the positioning or timing results of BeiDou civilian receivers wrong.Such errors may cause a series of security problems,which lays a serious hidden danger for Bei-Dou satellite information security.This article proposes an anti-spoofing method for BeiDou navigation system based on the combination of SM commercial cryptographic algorithm and Timed Efficient Stream Loss-tolerant Authentication(TESLA)for spoofing attacks.In this solution,we use the SM3 algorithm to generate a TESLA key chain with time information,and then use the key in the key chain to generate the message authentication code for the BeiDou D2 navigation message.The message authentication code is inserted into a reserved bit of the D2 navigation message.In addition,this solution uses the SM2 algorithm to protect and encrypt time information in the TESLA key chain to prevent key replay attacks in TESLA.The experimental results tested on the experimental platform built in this paper show that this scheme reduces the possibility of the BeiDou navigation system being deceived and enhances the safety of the BeiDou navigation system.
基金Supported by the National Natural Science Foundation of China under Grant No.61907042Beijing Natural Science Foundation under Grant No.4194090.
文摘SM4 is a block cipher algorithm among Chinese commer-cial cryptographic algorithms,which is advanced in terms of efficiency and theoretical security and has become national and international stan-dards successively.However,existing literature shows that SM4 was not designed with an emphasis on key storage,which means that in today’s world where a single trusted hardware device with the built-in key faces challenges such as vulnerability,high cost,and unreliability,the usabil-ity of SM4 may be limited.Therefore,this paper proposes an imple-mentation scheme for SM4 based on secure multi-party computation(MPC)technology.The scheme involves dispensing the key among mul-tiple users’devices in a distributed manner,and when using the SM4 algorithm for encryption,multiple users perform joint computation with-out opening the full key.Specifically,this paper employs the MP-SPDZ framework,which satisfies security requirements in the presence of a dishonest majority of active adversaries.In view of the fact that this framework can only perform basic linear operations such as addition and multiplication,this paper focuses on the algebraic analysis of Sbox,which is the only non-linear component in SM4,and reconstructs it using the bit decomposition method.Furthermore,this paper demonstrates the conversion between the SM4-Sboxfield GF(28)and the SPDZ parame-terfield GF(240)through the isomorphic mapping,making it possible to perform joint calculations throughout the entire SM4 algorithm.Com-plexity analysis shows that this scheme has advantages in terms of data storage and communication volume,reaching a level of usability.
