Remote access is a means of accessing resources outside one’s immediate physical location. This has made employee mobility more effective and productive for most organizations. Remote access can be achieved via vario...Remote access is a means of accessing resources outside one’s immediate physical location. This has made employee mobility more effective and productive for most organizations. Remote access can be achieved via various channels of remote communication, the most common being Virtual Private Networks (VPNs). The demand for remote access is on the rise, especially during the Covid-19 pandemic, and will continue to increase as most organizations are re-structuring to make telecommuting a permanent part of their mode of operation. Employee mobility, while presenting organizations with some advantages, comes with the associated risk of exposing corporate cyber assets to attackers. The remote user and the remote connectivity technology present some vulnerabilities which can be exploited by any threat agent to violate the confidentiality, integrity and availability (CIA) dimensions of these cyber assets. So, how are users and remote devices authenticated? To what extent is the established connection secured? With employee mobility on the rise, it is necessary to analyze the user authentication role since the mobile employee is not under the monitoring radar of the organization, and the environment from which the mobile employee connects may be vulnerable. In this study, an experiment was setup to ascertain the user authentication roles. The experiment showed the process of 2FA in user authentication and it proved to be an effective means of improving user authentication during remote access. This was depicted via the use of what the user has (mobile phone/soft-token) as a second factor in addition to what the user knows, i.e. password. This authentication method overcomes the security weaknesses inherent in single-factor user authentication via the use of password only. However, the results also showed that though 2FA user authentication ensures security, the remote devices could exhibit further vulnerabilities and pose serious risks to the organization. Thus, a varied implementation was recommended to further enhance the security of remote access communication with regards to the remote user authentication.展开更多
A new protocol for quantum secure communication with authentication is proposed. The proposed protocol has a higher capacity as each EPR pair can carry four classical bits by the XOR operation and an auxiliary photon....A new protocol for quantum secure communication with authentication is proposed. The proposed protocol has a higher capacity as each EPR pair can carry four classical bits by the XOR operation and an auxiliary photon. Tile security and efficiency are analyzed in detail and the major advantage of this protocol is that it is more efficient without losing security.展开更多
Identity management is based on the creation and management of useridentities for granting access to the cloud resources based on the user attributes.The cloud identity and access management (IAM) grants the authoriza...Identity management is based on the creation and management of useridentities for granting access to the cloud resources based on the user attributes.The cloud identity and access management (IAM) grants the authorization tothe end-users to perform different actions on the specified cloud resources. Theauthorizations in the IAM are grouped into roles instead of granting them directlyto the end-users. Due to the multiplicity of cloud locations where data resides anddue to the lack of a centralized user authority for granting or denying cloud userrequests, there must be several security strategies and models to overcome theseissues. Another major concern in IAM services is the excessive or the lack ofaccess level to different users with previously granted authorizations. This paperproposes a comprehensive review of security services and threats. Based on thepresented services and threats, advanced frameworks for IAM that provideauthentication mechanisms in public and private cloud platforms. A threat modelhas been applied to validate the proposed authentication frameworks with different security threats. The proposed models proved high efficiency in protectingcloud platforms from insider attacks, single sign-on failure, brute force attacks,denial of service, user privacy threats, and data privacy threats.展开更多
Mobile technologies make their headway by offering more flexibility to end-users and improve the productivities. Within the application of ubiquitous access and pervasive communication, security (or privacy) and QoS (...Mobile technologies make their headway by offering more flexibility to end-users and improve the productivities. Within the application of ubiquitous access and pervasive communication, security (or privacy) and QoS (Quality of Service) are two critical factors during global mobility, so how to get a smooth and fast handover based on a user privacy protected infrastructure is our focus. Based on a user-centric vir-tual identity defined by EU IST project Daidalos, this paper firstly proposes an effective infrastructure which protects the context-driven access policies for online services in order to avoid attacks by malicious eaves-droppers. In the proposed infrastructure, SMAL and Diameter are used to securely protect and deliver au-thenticated and authorized entities and XACML is used to authorize the user-level privacy policy. On the basis of it, a dynamic fast authentication and authorization handover mechanism is proposed which can save one trip communication time consummation between administrative domains.展开更多
Spring Security作为Web开发中十分重要的安全框架之一,常被用于Web应用的认证和授权。为了进一步了解SpringSecurity框架的设计和实现,加深对常见设计模式的理解,文章详细介绍了SpringSecurity框架中策略模式、代理模式、适配器模式、...Spring Security作为Web开发中十分重要的安全框架之一,常被用于Web应用的认证和授权。为了进一步了解SpringSecurity框架的设计和实现,加深对常见设计模式的理解,文章详细介绍了SpringSecurity框架中策略模式、代理模式、适配器模式、责任链模式、模板方法模式的运用,对上述设计模式的概念、基本原理、作用等进行描述,分析SpringSecurity中关键类库在设计模式中承担的作用及执行流程,为开发人员提供一定的学习参考。展开更多
Ubiquitous computing systems typically have lots of security problems in the area of identity authentication by means of classical PKI methods. The limited computing resources, the disconnection network, the classific...Ubiquitous computing systems typically have lots of security problems in the area of identity authentication by means of classical PKI methods. The limited computing resources, the disconnection network, the classification requirements of identity authentication, the requirement of trust transfer and cross identity authentication, the bi-directional identity authentication, the security delegation and the simple privacy protection etc are all these unsolved problems. In this paper, a new novel ubiquitous computing identity authentication mechanism, named UCIAMdess, is presented. It is based on D-S Evidence Theory and extended SPKI/SDSI. D-S Evidence Theory is used in UCIAMdess to compute the trust value from the ubiquitous computing environment to the principal or between the different ubiquitous computing environments. SPKI-based authorization is expanded by adding the trust certificate in UCIAMdess to solve above problems in the ubiquitous computing environments. The identity authentication mechanism and the algorithm of certificate reduction are given in the paper to solve the multi-levels trust-correlative identity authentication problems. The performance analyses show that UCIAMdess is a suitable security mechanism in solving the complex ubiquitous computing problems.展开更多
Machine-to-machine (M2M) communication plays a fundamental role in autonomous IoT (Internet of Things)-based infrastructure, a vital part of the fourth industrial revolution. Machine-type communication devices(MTCDs) ...Machine-to-machine (M2M) communication plays a fundamental role in autonomous IoT (Internet of Things)-based infrastructure, a vital part of the fourth industrial revolution. Machine-type communication devices(MTCDs) regularly share extensive data without human intervention while making all types of decisions. Thesedecisions may involve controlling sensitive ventilation systems maintaining uniform temperature, live heartbeatmonitoring, and several different alert systems. Many of these devices simultaneously share data to form anautomated system. The data shared between machine-type communication devices (MTCDs) is prone to risk dueto limited computational power, internal memory, and energy capacity. Therefore, securing the data and devicesbecomes challenging due to factors such as dynamic operational environments, remoteness, harsh conditions,and areas where human physical access is difficult. One of the crucial parts of securing MTCDs and data isauthentication, where each devicemust be verified before data transmission. SeveralM2Mauthentication schemeshave been proposed in the literature, however, the literature lacks a comprehensive overview of current M2Mauthentication techniques and the challenges associated with them. To utilize a suitable authentication schemefor specific scenarios, it is important to understand the challenges associated with it. Therefore, this article fillsthis gap by reviewing the state-of-the-art research on authentication schemes in MTCDs specifically concerningapplication categories, security provisions, and performance efficiency.展开更多
Pervasive IoT applications enable us to perceive,analyze,control,and optimize the traditional physical systems.Recently,security breaches in many IoT applications have indicated that IoT applications may put the physi...Pervasive IoT applications enable us to perceive,analyze,control,and optimize the traditional physical systems.Recently,security breaches in many IoT applications have indicated that IoT applications may put the physical systems at risk.Severe resource constraints and insufficient security design are two major causes of many security problems in IoT applications.As an extension of the cloud,the emerging edge computing with rich resources provides us a new venue to design and deploy novel security solutions for IoT applications.Although there are some research efforts in this area,edge-based security designs for IoT applications are still in its infancy.This paper aims to present a comprehensive survey of existing IoT security solutions at the edge layer as well as to inspire more edge-based IoT security designs.We first present an edge-centric IoT architecture.Then,we extensively review the edge-based IoT security research efforts in the context of security architecture designs,firewalls,intrusion detection systems,authentication and authorization protocols,and privacy-preserving mechanisms.Finally,we propose our insight into future research directions and open research issues.展开更多
In the manufacturing grid environment, the span of the consideration of security issues is more extensive, and the solutions for them are more complex, therefore these problems in manufacturing grid can't longer be a...In the manufacturing grid environment, the span of the consideration of security issues is more extensive, and the solutions for them are more complex, therefore these problems in manufacturing grid can't longer be addressed by existing security technologies. In order to solve this problem, the paper first puts forward the security architecture of manufacturing grid on the basis of the proposal of the security strategies for manufacturing grid; then the paper introduces key technologies based on public key infrastructure-certificate authority (PKI/CA) to ensure the security of manufacturing grid, such as single sign-on, security proxy, independent authentication and so on. Schemes discussed in the paper have some values to settle security problems in the manufacturing grid environment.展开更多
Securing large corporate communication networks has become an increasingly difficult task. Sensitive information routinely leaves the company network boundaries and falls into the hands of unauthorized users. New tech...Securing large corporate communication networks has become an increasingly difficult task. Sensitive information routinely leaves the company network boundaries and falls into the hands of unauthorized users. New techniques are required in order to classify packets based on user identity in addition to the traditional source and destination host addresses. This paper introduces Gaussian cryptographic techniques and protocols to assist network administrators in the complex task of identifying the originators of data packets on a network and more easily policing their behavior. The paper provides numerical examples that illustrate certain basic ideas.展开更多
The Internet of Things(IoT)is a smart networking infrastructure of physical devices,i.e.,things,that are embedded with sensors,actuators,software,and other technologies,to connect and share data with the respective se...The Internet of Things(IoT)is a smart networking infrastructure of physical devices,i.e.,things,that are embedded with sensors,actuators,software,and other technologies,to connect and share data with the respective server module.Although IoTs are cornerstones in different application domains,the device’s authenticity,i.e.,of server(s)and ordinary devices,is the most crucial issue and must be resolved on a priority basis.Therefore,various field-proven methodologies were presented to streamline the verification process of the communicating devices;however,location-aware authentication has not been reported as per our knowledge,which is a crucial metric,especially in scenarios where devices are mobile.This paper presents a lightweight and location-aware device-to-server authentication technique where the device’s membership with the nearest server is subjected to its location information along with other measures.Initially,Media Access Control(MAC)address and Advance Encryption Scheme(AES)along with a secret shared key,i.e.,λ_(i) of 128 bits,have been utilized by Trusted Authority(TA)to generate MaskIDs,which are used instead of the original ID,for every device,i.e.,server and member,and are shared in the offline phase.Secondly,TA shares a list of authentic devices,i.e.,server S_(j) and members C_(i),with every device in the IoT for the onward verification process,which is required to be executed before the initialization of the actual communication process.Additionally,every device should be located such that it lies within the coverage area of a server,and this location information is used in the authentication process.A thorough analytical analysis was carried out to check the susceptibility of the proposed and existing authentication approaches against well-known intruder attacks,i.e.,man-in-the-middle,masquerading,device,and server impersonations,etc.,especially in the IoT domain.Moreover,proposed authentication and existing state-of-the-art approaches have been simulated in the real environment of IoT to verify their performance,particularly in terms of various evaluation metrics,i.e.,processing,communication,and storage overheads.These results have verified the superiority of the proposed scheme against existing state-of-the-art approaches,preferably in terms of communication,storage,and processing costs.展开更多
A novel efficient deterministic secure quantum communication scheme based on four-qubit cluster states and single-photon identity authentication is proposed. In this scheme, the two authenticated users can transmit tw...A novel efficient deterministic secure quantum communication scheme based on four-qubit cluster states and single-photon identity authentication is proposed. In this scheme, the two authenticated users can transmit two bits of classical information per cluster state, and its efficiency of the quantum communication is 1/3, which is approximately 1.67 times that of the previous protocol presented by Wang et al [Chin. Phys. Lett. 23 (2006) 2658]. Security analysis shows the present scheme is secure against intercept-resend attack and the impersonator's attack. Furthermore, it is more economic with present-day techniques and easily processed by a one-way quantum computer.展开更多
In this paper an efficient quantum secure direct communication (QSDC) scheme with authentication is presented, which is based on quantum entanglement and polarized single photons. The present protocol uses Einstein-...In this paper an efficient quantum secure direct communication (QSDC) scheme with authentication is presented, which is based on quantum entanglement and polarized single photons. The present protocol uses Einstein-Podolsky-Rosen (EPR) pairs and polarized single photons in batches. A particle of the EPR pairs is retained in the sender's station, and the other is transmitted forth and back between the sender and the receiver, similar to the‘ping-pong' QSDC protocol. According to the shared information beforehand, these two kinds of quantum states are mixed and then transmitted via a quantum channel. The EPR pairs are used to transmit secret messages and the polarized single photons used for authentication and eavesdropping check. Consequently, because of the dual contributions of the polarized single photons, no classical information is needed. The intrinsic efficiency and total efficiency are both 1 in this scheme as almost all of the instances are useful and each EPR pair can be used to carry two bits of information.展开更多
With the exponential growth of intelligent Internet of Things(IoT)applications,Cloud-Edge(CE)paradigm is emerging as a solution that facilitates resource-efficient and timely services.However,it remains an underlying ...With the exponential growth of intelligent Internet of Things(IoT)applications,Cloud-Edge(CE)paradigm is emerging as a solution that facilitates resource-efficient and timely services.However,it remains an underlying issue that frequent end-edgecloud communication is over a public or adversarycontrolled channel.Additionally,with the presence of resource-constrained devices,it’s imperative to conduct the secure communication mechanism,while still guaranteeing efficiency.Physical unclonable functions(PUF)emerge as promising lightweight security primitives.Thus,we first construct a PUF-based security mechanism for vulnerable IoT devices.Further,a provably secure and PUF-based authentication key agreement scheme is proposed for establishing the secure channel in end-edge-cloud empowered IoT,without requiring pre-loaded master keys.The security of our scheme is rigorously proven through formal security analysis under the random oracle model,and security verification using AVISPA tool.The comprehensive security features are also elaborated.Moreover,the numerical results demonstrate that the proposed scheme outperforms existing related schemes in terms of computational and communication efficiency.展开更多
By using six-qubit decoherence-free (DF) states as quantum carriers and decoy states, a robust quantum secure direct communication and authentication (QSDCA) protocol against decoherence noise is proposed. Four si...By using six-qubit decoherence-free (DF) states as quantum carriers and decoy states, a robust quantum secure direct communication and authentication (QSDCA) protocol against decoherence noise is proposed. Four six-qubit DF states are used in the process of secret transmission, however only the |0'〉 state is prepared. The other three six-qubit DF states can be obtained by permuting the outputs of the setup for |0'〉. By using the |0'〉 state as the decoy state, the detection rate and the qubit error rate reach 81.3%, and they will not change with the noise level. The stability and security are much higher than those of the ping-pong protocol both in an ideal scenario and a decoherence noise scenario. Even if the eavesdropper measures several qubits, exploiting the coherent relationship between these qubits, she can gain one bit of secret information with probability 0.042.展开更多
With the rapid advancement in exploring perceptual interactions and digital twins,metaverse technology has emerged to transcend the constraints of space-time and reality,facilitating remote AI-based collaboration.In t...With the rapid advancement in exploring perceptual interactions and digital twins,metaverse technology has emerged to transcend the constraints of space-time and reality,facilitating remote AI-based collaboration.In this dynamic metasystem environment,frequent information exchanges necessitate robust security measures,with Authentication and Key Agreement(AKA)serving as the primary line of defense to ensure communication security.However,traditional AKA protocols fall short in meeting the low-latency requirements essential for synchronous interactions within the metaverse.To address this challenge and enable nearly latency-free interactions,a novel low-latency AKA protocol based on chaotic maps is proposed.This protocol not only ensures mutual authentication of entities within the metasystem but also generates secure session keys.The security of these session keys is rigorously validated through formal proofs,formal verification,and informal proofs.When confronted with the Dolev-Yao(DY)threat model,the session keys are formally demonstrated to be secure under the Real-or-Random(ROR)model.The proposed protocol is further validated through simulations conducted using VMware workstation compiled in HLPSL language and C language.The simulation results affirm the protocol’s effectiveness in resisting well-known attacks while achieving the desired low latency for optimal metaverse interactions.展开更多
Quantum secure direct communication(QSDC)can transmit secret messages directly from one user to another without first establishing a shared secret key,which is different from quantum key distribution.In this paper,we ...Quantum secure direct communication(QSDC)can transmit secret messages directly from one user to another without first establishing a shared secret key,which is different from quantum key distribution.In this paper,we propose a novel quantum secure direct communication protocol based on signal photons and Bell states.Before the execution of the proposed protocol,two participants Alice and Bob exchange their corresponding identity IDA and IDB through quantum key distribution and keep them secret,respectively.Then the message sender,Alice,encodes each secret message bit into two single photons(|01>or|10>)or a Bell state(1|φ^(+)>=1/√2(|0>|-|1>1>)),and composes an ordered secret message sequence.To insure the security of communication,Alice also prepares the decoy photons and inserts them into secret message sequence on the basis of the values of IDA and IDB.By the secret identity IDA and IDB,both sides of the communication can check eavesdropping and identify each other.The proposed protocol not only completes secure direct communication,but also realizes the mutual authentication.The security analysis of the proposed protocol is presented in the paper.The analysis results show that this protocol is secure against some common attacks,and no secret message leaks even if the messages are broken.Compared with the two-way QSDC protocols,the presented protocol is a one-way quantum communication protocol which has the immunity to Trojan horse attack.Furthermore,our proposed protocol can be realized without quantum memory.展开更多
文摘Remote access is a means of accessing resources outside one’s immediate physical location. This has made employee mobility more effective and productive for most organizations. Remote access can be achieved via various channels of remote communication, the most common being Virtual Private Networks (VPNs). The demand for remote access is on the rise, especially during the Covid-19 pandemic, and will continue to increase as most organizations are re-structuring to make telecommuting a permanent part of their mode of operation. Employee mobility, while presenting organizations with some advantages, comes with the associated risk of exposing corporate cyber assets to attackers. The remote user and the remote connectivity technology present some vulnerabilities which can be exploited by any threat agent to violate the confidentiality, integrity and availability (CIA) dimensions of these cyber assets. So, how are users and remote devices authenticated? To what extent is the established connection secured? With employee mobility on the rise, it is necessary to analyze the user authentication role since the mobile employee is not under the monitoring radar of the organization, and the environment from which the mobile employee connects may be vulnerable. In this study, an experiment was setup to ascertain the user authentication roles. The experiment showed the process of 2FA in user authentication and it proved to be an effective means of improving user authentication during remote access. This was depicted via the use of what the user has (mobile phone/soft-token) as a second factor in addition to what the user knows, i.e. password. This authentication method overcomes the security weaknesses inherent in single-factor user authentication via the use of password only. However, the results also showed that though 2FA user authentication ensures security, the remote devices could exhibit further vulnerabilities and pose serious risks to the organization. Thus, a varied implementation was recommended to further enhance the security of remote access communication with regards to the remote user authentication.
基金Supported by the Chongqing Research Program of Application Foundation and Advanced Technology under Grant No cstc2014jcyjA40028
文摘A new protocol for quantum secure communication with authentication is proposed. The proposed protocol has a higher capacity as each EPR pair can carry four classical bits by the XOR operation and an auxiliary photon. Tile security and efficiency are analyzed in detail and the major advantage of this protocol is that it is more efficient without losing security.
基金funded by the Deanship of Scientific Research at Jouf University under Grant No.(DSR-2021-02-0303).
文摘Identity management is based on the creation and management of useridentities for granting access to the cloud resources based on the user attributes.The cloud identity and access management (IAM) grants the authorization tothe end-users to perform different actions on the specified cloud resources. Theauthorizations in the IAM are grouped into roles instead of granting them directlyto the end-users. Due to the multiplicity of cloud locations where data resides anddue to the lack of a centralized user authority for granting or denying cloud userrequests, there must be several security strategies and models to overcome theseissues. Another major concern in IAM services is the excessive or the lack ofaccess level to different users with previously granted authorizations. This paperproposes a comprehensive review of security services and threats. Based on thepresented services and threats, advanced frameworks for IAM that provideauthentication mechanisms in public and private cloud platforms. A threat modelhas been applied to validate the proposed authentication frameworks with different security threats. The proposed models proved high efficiency in protectingcloud platforms from insider attacks, single sign-on failure, brute force attacks,denial of service, user privacy threats, and data privacy threats.
文摘Mobile technologies make their headway by offering more flexibility to end-users and improve the productivities. Within the application of ubiquitous access and pervasive communication, security (or privacy) and QoS (Quality of Service) are two critical factors during global mobility, so how to get a smooth and fast handover based on a user privacy protected infrastructure is our focus. Based on a user-centric vir-tual identity defined by EU IST project Daidalos, this paper firstly proposes an effective infrastructure which protects the context-driven access policies for online services in order to avoid attacks by malicious eaves-droppers. In the proposed infrastructure, SMAL and Diameter are used to securely protect and deliver au-thenticated and authorized entities and XACML is used to authorize the user-level privacy policy. On the basis of it, a dynamic fast authentication and authorization handover mechanism is proposed which can save one trip communication time consummation between administrative domains.
基金Supported by the Ministry of Educationin China (No.104086)
文摘Ubiquitous computing systems typically have lots of security problems in the area of identity authentication by means of classical PKI methods. The limited computing resources, the disconnection network, the classification requirements of identity authentication, the requirement of trust transfer and cross identity authentication, the bi-directional identity authentication, the security delegation and the simple privacy protection etc are all these unsolved problems. In this paper, a new novel ubiquitous computing identity authentication mechanism, named UCIAMdess, is presented. It is based on D-S Evidence Theory and extended SPKI/SDSI. D-S Evidence Theory is used in UCIAMdess to compute the trust value from the ubiquitous computing environment to the principal or between the different ubiquitous computing environments. SPKI-based authorization is expanded by adding the trust certificate in UCIAMdess to solve above problems in the ubiquitous computing environments. The identity authentication mechanism and the algorithm of certificate reduction are given in the paper to solve the multi-levels trust-correlative identity authentication problems. The performance analyses show that UCIAMdess is a suitable security mechanism in solving the complex ubiquitous computing problems.
基金the Deanship of Scientific Research,Vice Presidency for Graduate Studies and Scientific Research,King Faisal University,Saudi Arabia(Grant No.GRANT5,208).
文摘Machine-to-machine (M2M) communication plays a fundamental role in autonomous IoT (Internet of Things)-based infrastructure, a vital part of the fourth industrial revolution. Machine-type communication devices(MTCDs) regularly share extensive data without human intervention while making all types of decisions. Thesedecisions may involve controlling sensitive ventilation systems maintaining uniform temperature, live heartbeatmonitoring, and several different alert systems. Many of these devices simultaneously share data to form anautomated system. The data shared between machine-type communication devices (MTCDs) is prone to risk dueto limited computational power, internal memory, and energy capacity. Therefore, securing the data and devicesbecomes challenging due to factors such as dynamic operational environments, remoteness, harsh conditions,and areas where human physical access is difficult. One of the crucial parts of securing MTCDs and data isauthentication, where each devicemust be verified before data transmission. SeveralM2Mauthentication schemeshave been proposed in the literature, however, the literature lacks a comprehensive overview of current M2Mauthentication techniques and the challenges associated with them. To utilize a suitable authentication schemefor specific scenarios, it is important to understand the challenges associated with it. Therefore, this article fillsthis gap by reviewing the state-of-the-art research on authentication schemes in MTCDs specifically concerningapplication categories, security provisions, and performance efficiency.
基金This research has been supported by the National Science Foundation(under grant#1723596)the National Security Agency(under grant#H98230-17-1-0355).
文摘Pervasive IoT applications enable us to perceive,analyze,control,and optimize the traditional physical systems.Recently,security breaches in many IoT applications have indicated that IoT applications may put the physical systems at risk.Severe resource constraints and insufficient security design are two major causes of many security problems in IoT applications.As an extension of the cloud,the emerging edge computing with rich resources provides us a new venue to design and deploy novel security solutions for IoT applications.Although there are some research efforts in this area,edge-based security designs for IoT applications are still in its infancy.This paper aims to present a comprehensive survey of existing IoT security solutions at the edge layer as well as to inspire more edge-based IoT security designs.We first present an edge-centric IoT architecture.Then,we extensively review the edge-based IoT security research efforts in the context of security architecture designs,firewalls,intrusion detection systems,authentication and authorization protocols,and privacy-preserving mechanisms.Finally,we propose our insight into future research directions and open research issues.
基金Supported by the National Natural Science Foun-dation of China (50335020)
文摘In the manufacturing grid environment, the span of the consideration of security issues is more extensive, and the solutions for them are more complex, therefore these problems in manufacturing grid can't longer be addressed by existing security technologies. In order to solve this problem, the paper first puts forward the security architecture of manufacturing grid on the basis of the proposal of the security strategies for manufacturing grid; then the paper introduces key technologies based on public key infrastructure-certificate authority (PKI/CA) to ensure the security of manufacturing grid, such as single sign-on, security proxy, independent authentication and so on. Schemes discussed in the paper have some values to settle security problems in the manufacturing grid environment.
文摘Securing large corporate communication networks has become an increasingly difficult task. Sensitive information routinely leaves the company network boundaries and falls into the hands of unauthorized users. New techniques are required in order to classify packets based on user identity in addition to the traditional source and destination host addresses. This paper introduces Gaussian cryptographic techniques and protocols to assist network administrators in the complex task of identifying the originators of data packets on a network and more easily policing their behavior. The paper provides numerical examples that illustrate certain basic ideas.
文摘The Internet of Things(IoT)is a smart networking infrastructure of physical devices,i.e.,things,that are embedded with sensors,actuators,software,and other technologies,to connect and share data with the respective server module.Although IoTs are cornerstones in different application domains,the device’s authenticity,i.e.,of server(s)and ordinary devices,is the most crucial issue and must be resolved on a priority basis.Therefore,various field-proven methodologies were presented to streamline the verification process of the communicating devices;however,location-aware authentication has not been reported as per our knowledge,which is a crucial metric,especially in scenarios where devices are mobile.This paper presents a lightweight and location-aware device-to-server authentication technique where the device’s membership with the nearest server is subjected to its location information along with other measures.Initially,Media Access Control(MAC)address and Advance Encryption Scheme(AES)along with a secret shared key,i.e.,λ_(i) of 128 bits,have been utilized by Trusted Authority(TA)to generate MaskIDs,which are used instead of the original ID,for every device,i.e.,server and member,and are shared in the offline phase.Secondly,TA shares a list of authentic devices,i.e.,server S_(j) and members C_(i),with every device in the IoT for the onward verification process,which is required to be executed before the initialization of the actual communication process.Additionally,every device should be located such that it lies within the coverage area of a server,and this location information is used in the authentication process.A thorough analytical analysis was carried out to check the susceptibility of the proposed and existing authentication approaches against well-known intruder attacks,i.e.,man-in-the-middle,masquerading,device,and server impersonations,etc.,especially in the IoT domain.Moreover,proposed authentication and existing state-of-the-art approaches have been simulated in the real environment of IoT to verify their performance,particularly in terms of various evaluation metrics,i.e.,processing,communication,and storage overheads.These results have verified the superiority of the proposed scheme against existing state-of-the-art approaches,preferably in terms of communication,storage,and processing costs.
基金Project supported by the National Natural Science Foundation of China (Grant Nos 60572071 and 60873101)Natural Science Foundation of Jiangsu Province (Grant Nos BM2006504, BK2007104 and BK2008209)College Natural Science Foundation of Jiangsu Province (Grant No 06KJB520137)
文摘A novel efficient deterministic secure quantum communication scheme based on four-qubit cluster states and single-photon identity authentication is proposed. In this scheme, the two authenticated users can transmit two bits of classical information per cluster state, and its efficiency of the quantum communication is 1/3, which is approximately 1.67 times that of the previous protocol presented by Wang et al [Chin. Phys. Lett. 23 (2006) 2658]. Security analysis shows the present scheme is secure against intercept-resend attack and the impersonator's attack. Furthermore, it is more economic with present-day techniques and easily processed by a one-way quantum computer.
基金Project supported by the National High Technology Research and Development Program of China (Grant No 2006AA01Z419), the Major Research plan of the National Natural Science Foundation of China (Grant No 90604023), National Laboratory for Moderm Communications Science Foundation of China (Grant No 9140C1101010601) and the 0pen Foundation of State Key Laboratory of Information Security (Graduate School of Chinese Academy of Sciences).
文摘In this paper an efficient quantum secure direct communication (QSDC) scheme with authentication is presented, which is based on quantum entanglement and polarized single photons. The present protocol uses Einstein-Podolsky-Rosen (EPR) pairs and polarized single photons in batches. A particle of the EPR pairs is retained in the sender's station, and the other is transmitted forth and back between the sender and the receiver, similar to the‘ping-pong' QSDC protocol. According to the shared information beforehand, these two kinds of quantum states are mixed and then transmitted via a quantum channel. The EPR pairs are used to transmit secret messages and the polarized single photons used for authentication and eavesdropping check. Consequently, because of the dual contributions of the polarized single photons, no classical information is needed. The intrinsic efficiency and total efficiency are both 1 in this scheme as almost all of the instances are useful and each EPR pair can be used to carry two bits of information.
基金supported by the National Key Research and Development Program of China,“Joint Research of IoT Security System and Key Technologies Based on Quantum Key,”under project number 2020YFE0200600.
文摘With the exponential growth of intelligent Internet of Things(IoT)applications,Cloud-Edge(CE)paradigm is emerging as a solution that facilitates resource-efficient and timely services.However,it remains an underlying issue that frequent end-edgecloud communication is over a public or adversarycontrolled channel.Additionally,with the presence of resource-constrained devices,it’s imperative to conduct the secure communication mechanism,while still guaranteeing efficiency.Physical unclonable functions(PUF)emerge as promising lightweight security primitives.Thus,we first construct a PUF-based security mechanism for vulnerable IoT devices.Further,a provably secure and PUF-based authentication key agreement scheme is proposed for establishing the secure channel in end-edge-cloud empowered IoT,without requiring pre-loaded master keys.The security of our scheme is rigorously proven through formal security analysis under the random oracle model,and security verification using AVISPA tool.The comprehensive security features are also elaborated.Moreover,the numerical results demonstrate that the proposed scheme outperforms existing related schemes in terms of computational and communication efficiency.
基金supported by the National Natural Science Foundation of China(Grant No.61402058)the Science and Technology Support Project of Sichuan Province of China(Grant No.2013GZX0137)+1 种基金the Fund for Young Persons Project of Sichuan Province of China(Grant No.12ZB017)the Foundation of Cyberspace Security Key Laboratory of Sichuan Higher Education Institutions,China(Grant No.szjj2014-074)
文摘By using six-qubit decoherence-free (DF) states as quantum carriers and decoy states, a robust quantum secure direct communication and authentication (QSDCA) protocol against decoherence noise is proposed. Four six-qubit DF states are used in the process of secret transmission, however only the |0'〉 state is prepared. The other three six-qubit DF states can be obtained by permuting the outputs of the setup for |0'〉. By using the |0'〉 state as the decoy state, the detection rate and the qubit error rate reach 81.3%, and they will not change with the noise level. The stability and security are much higher than those of the ping-pong protocol both in an ideal scenario and a decoherence noise scenario. Even if the eavesdropper measures several qubits, exploiting the coherent relationship between these qubits, she can gain one bit of secret information with probability 0.042.
基金This work has received funding from National Natural Science Foundation of China(No.42275157).
文摘With the rapid advancement in exploring perceptual interactions and digital twins,metaverse technology has emerged to transcend the constraints of space-time and reality,facilitating remote AI-based collaboration.In this dynamic metasystem environment,frequent information exchanges necessitate robust security measures,with Authentication and Key Agreement(AKA)serving as the primary line of defense to ensure communication security.However,traditional AKA protocols fall short in meeting the low-latency requirements essential for synchronous interactions within the metaverse.To address this challenge and enable nearly latency-free interactions,a novel low-latency AKA protocol based on chaotic maps is proposed.This protocol not only ensures mutual authentication of entities within the metasystem but also generates secure session keys.The security of these session keys is rigorously validated through formal proofs,formal verification,and informal proofs.When confronted with the Dolev-Yao(DY)threat model,the session keys are formally demonstrated to be secure under the Real-or-Random(ROR)model.The proposed protocol is further validated through simulations conducted using VMware workstation compiled in HLPSL language and C language.The simulation results affirm the protocol’s effectiveness in resisting well-known attacks while achieving the desired low latency for optimal metaverse interactions.
基金This work was supported by the National Natural Science Foundation of China(Grant Nos.61572086,61402058)Major Project of Education Department in Sichuan(Grant No.18ZA0109)+5 种基金Planning project of Sichuan Network Culture Research Center(Grant No.WLWH18-22)Key Research and Development Project of Sichuan Province(No.20ZDYF2324,No.2019ZYD027,No.2018TJPT0012)Innovation Team of Quantum Security Communication of Sichuan Province(No.17TD0009)Academic and Technical Leaders Training Funding Support Projects of Sichuan Province(No.2016120080102643)Application Foundation Project of Sichuan Province(No.2017JY0168)Science and Technology Support Project of Sichuan Province(No.2018GZ0204,No.2016FZ0112).
文摘Quantum secure direct communication(QSDC)can transmit secret messages directly from one user to another without first establishing a shared secret key,which is different from quantum key distribution.In this paper,we propose a novel quantum secure direct communication protocol based on signal photons and Bell states.Before the execution of the proposed protocol,two participants Alice and Bob exchange their corresponding identity IDA and IDB through quantum key distribution and keep them secret,respectively.Then the message sender,Alice,encodes each secret message bit into two single photons(|01>or|10>)or a Bell state(1|φ^(+)>=1/√2(|0>|-|1>1>)),and composes an ordered secret message sequence.To insure the security of communication,Alice also prepares the decoy photons and inserts them into secret message sequence on the basis of the values of IDA and IDB.By the secret identity IDA and IDB,both sides of the communication can check eavesdropping and identify each other.The proposed protocol not only completes secure direct communication,but also realizes the mutual authentication.The security analysis of the proposed protocol is presented in the paper.The analysis results show that this protocol is secure against some common attacks,and no secret message leaks even if the messages are broken.Compared with the two-way QSDC protocols,the presented protocol is a one-way quantum communication protocol which has the immunity to Trojan horse attack.Furthermore,our proposed protocol can be realized without quantum memory.