To ensure the security during the communication,we often adopt different ways to encrypt the messages to resist various attacks.However,with the computing power improving,the existing encryption and authentication sch...To ensure the security during the communication,we often adopt different ways to encrypt the messages to resist various attacks.However,with the computing power improving,the existing encryption and authentication schemes are being faced with big challenges.We take the message authentication as an example into a careful consideration.Then,we proposed a new message authentication scheme with the Advanced Encryption Standard as the encryption function and the new quantum Hash function as the authentication function.Firstly,the Advanced Encryption Standard algorithm is used to encrypt the result of the initial message cascading the corresponding Hash values,which ensures that the initial message can resist eavesdropping attack.Secondly,utilizing the new quantum Hash function with quantum walks can be much more secure than traditional classical Hash functions with keeping the common properties,such as one-wayness,resisting different collisions and easy implementation.Based on these two points,the message authentication scheme can be much more secure than previous ones.Finally,it is a new way to design the message authentication scheme,which provides a new thought for other researchers in the future.Our works will contribute to the study on the new encryption and authentication functions and the combination of quantum computing with traditional cryptology in the future.展开更多
Due to the lack of authentication mechanism in BeiDou navigation satellite system(BDS),BD-Ⅱ civil navigation message(BDⅡ-CNAV) are vulnerable to spoofing attack and replay attack.To solve this problem,we present a s...Due to the lack of authentication mechanism in BeiDou navigation satellite system(BDS),BD-Ⅱ civil navigation message(BDⅡ-CNAV) are vulnerable to spoofing attack and replay attack.To solve this problem,we present a security authentication protocol,called as BDSec,which is designed by using China’s cryptography Shangyong Mima(SM) series algorithms,such as SM2/4/9 and Zu Chongzhi(ZUC)algorithm.In BDSec protocol,both of BDⅡ-CNAV and signature information are encrypted using the SM4 algorithm(Symmetric encryption mechanism).The encrypted result is used as the subject authentication information.BDSec protocol applies SM9 algorithm(Identity-based cryptography mechanism) to protect the integrity of the BDⅡ-CNAV,adopts the SM2 algorithm(Public key cryptosystem) to guarantee the confidentiality of the important session information,and uses the ZUC algorithm(Encryption and integrity algorithm) to verify the integrity of the message authentication serial number and initial information and the information in authentication initialization sub-protocol respectively.The results of the SVO logic reasoning and performance analysis show that BDSec protocol meets security requirements for the dual user identity authentication in BDS and can realize the security authentication of BDⅡ-CNAV.展开更多
Due to the civil BeiDou navigation system is open,unauthenticated,and non-encrypted,civilian BeiDou navigation signals may have great security loopholes during transmission or reception.The main security loophole here...Due to the civil BeiDou navigation system is open,unauthenticated,and non-encrypted,civilian BeiDou navigation signals may have great security loopholes during transmission or reception.The main security loophole here is spoofing attacks.Spoofing attacks make the positioning or timing results of BeiDou civilian receivers wrong.Such errors may cause a series of security problems,which lays a serious hidden danger for Bei-Dou satellite information security.This article proposes an anti-spoofing method for BeiDou navigation system based on the combination of SM commercial cryptographic algorithm and Timed Efficient Stream Loss-tolerant Authentication(TESLA)for spoofing attacks.In this solution,we use the SM3 algorithm to generate a TESLA key chain with time information,and then use the key in the key chain to generate the message authentication code for the BeiDou D2 navigation message.The message authentication code is inserted into a reserved bit of the D2 navigation message.In addition,this solution uses the SM2 algorithm to protect and encrypt time information in the TESLA key chain to prevent key replay attacks in TESLA.The experimental results tested on the experimental platform built in this paper show that this scheme reduces the possibility of the BeiDou navigation system being deceived and enhances the safety of the BeiDou navigation system.展开更多
A wireless sensor network (WSN) commonly whilst a body sensor network (BSN) must be secured with requires lower level security for public information gathering, strong authenticity to protect personal health infor...A wireless sensor network (WSN) commonly whilst a body sensor network (BSN) must be secured with requires lower level security for public information gathering, strong authenticity to protect personal health information. In this paper, some practical problems with the message authentication codes (MACs), which were proposed in the popular security architectures for WSNs, are reconsidered. The analysis shows that the recommended MACs for WSNs, e.g., CBC- MAC (TinySec), OCB-MAC (MiniSec), and XCBC-MAC (SenSee), might not be exactly suitable for BSNs. Particularly an existential forgery attack is elaborated on XCBC-MAC. Considering the hardware limitations of BSNs, we propose a new family of tunable lightweight MAC based on the PRESENT block cipher. The first scheme, which is named TukP, is a new lightweight MAC with 64-bit output range. The second scheme, which is named TuLP-128, is a 128-bit variant which provides a higher resistance against internal collisions. Compared with the existing schemes, our lightweight MACs are both time and resource efficient on hardware-constrained devices.展开更多
This paper proposes a scheme for secure authentication of classical messages with single photons and a hashed function. The security analysis of this scheme is also given, which shows that anyone cannot forge valid me...This paper proposes a scheme for secure authentication of classical messages with single photons and a hashed function. The security analysis of this scheme is also given, which shows that anyone cannot forge valid message authentication codes (MACs). In addition, the lengths of the authentication key and the MACs are invariable and shorter, in comparison with those presented authentication schemes. Moreover, quantum data storage and entanglement are not required in this scheme. Therefore, this scheme is more efficient and economical.展开更多
Wireless Network security management is difficult because of the ever-increasing number of wireless network malfunctions,vulnerabilities,and assaults.Complex security systems,such as Intrusion Detection Systems(IDS),a...Wireless Network security management is difficult because of the ever-increasing number of wireless network malfunctions,vulnerabilities,and assaults.Complex security systems,such as Intrusion Detection Systems(IDS),are essential due to the limitations of simpler security measures,such as cryptography and firewalls.Due to their compact nature and low energy reserves,wireless networks present a significant challenge for security procedures.The features of small cells can cause threats to the network.Network Coding(NC)enabled small cells are vulnerable to various types of attacks.Avoiding attacks and performing secure“peer”to“peer”data transmission is a challenging task in small cells.Due to the low power and memory requirements of the proposed model,it is well suited to use with constrained small cells.An attacker cannot change the contents of data and generate a new Hashed Homomorphic Message Authentication Code(HHMAC)hash between transmissions since the HMAC function is generated using the shared secret.In this research,a chaotic sequence mapping based low overhead 1D Improved Logistic Map is used to secure“peer”to“peer”data transmission model using lightweight H-MAC(1D-LM-P2P-LHHMAC)is proposed with accurate intrusion detection.The proposed model is evaluated with the traditional models by considering various evaluation metrics like Vector Set Generation Accuracy Levels,Key Pair Generation Time Levels,Chaotic Map Accuracy Levels,Intrusion Detection Accuracy Levels,and the results represent that the proposed model performance in chaotic map accuracy level is 98%and intrusion detection is 98.2%.The proposed model is compared with the traditional models and the results represent that the proposed model secure data transmission levels are high.展开更多
The Internet of Vehicles(IoV)has evolved as an advancement over the conventional Vehicular Ad-hoc Networks(VANETs)in pursuing a more optimal intelligent transportation system that can provide various intelligent solut...The Internet of Vehicles(IoV)has evolved as an advancement over the conventional Vehicular Ad-hoc Networks(VANETs)in pursuing a more optimal intelligent transportation system that can provide various intelligent solutions and enable a variety of applications for vehicular traffic.Massive volumes of data are produced and communicated wirelessly among the different relayed entities in these vehicular networks,which might entice adversaries and endanger the system with a wide range of security attacks.To ensure the security of such a sensitive network,we proposed a distributed authentication mechanism for IoV based on blockchain technology as a distributed ledger with an ouroboros algorithm.Using timestamp and challenge-responsemechanisms,the proposed authentication model can withstand several security attacks such asMan-in-Middle(MiM)attacks,Distributed Denial of Service(DDoS)attacks,server spoofing attacks and more.The proposed method also provides a solution for single-point failure,forward secrecy,revocability,etc.We exhibit the security of our proposed model by using formal(mathematical)analysis and informal analysis.We used Random Oracle Model to perform themathematical analysis.In addition,we compared the communication cost,computation cost,and security of the proposed model with the related existing studies.We have verified the security of the model by using AVISPA tool simulation.The security analysis and computation analysis show that the proposed protocol is viable.展开更多
A novel video data authentication model based on digital video watermarking and MAC (message authentication code) in multicast protocol is proposed in this paper, The digital watermarking which composes of the MAC o...A novel video data authentication model based on digital video watermarking and MAC (message authentication code) in multicast protocol is proposed in this paper, The digital watermarking which composes of the MAC of the significant vid eo content, the key and instant authentication data is embedded into the insignificant video component by the MLUT (modified look-up table) video watermarking technology. We explain a method that does not require storage of each data packet for a time, thus making receiver not vulnerable to DOS (denial of service) attack. So the video packets can be authenticated instantly without large volume buffer in the receivers. TESLA (timed efficient stream loss tolerant authentication) does not explain how to select the suitable value for d, which is an important parameter in multicast source authentication. So we give a method to calculate the key disclosure delay (number of intervals). Simulation results show that the proposed algorithms improve the performance of data source authentication in multicast.展开更多
Chang et al.[Chin.Phys.623 010305(2014)]have proposed a quantum broadcast communication and authentication protocol.However,we find that an intercept-resend attack can be preformed successfully by a potential eavesd...Chang et al.[Chin.Phys.623 010305(2014)]have proposed a quantum broadcast communication and authentication protocol.However,we find that an intercept-resend attack can be preformed successfully by a potential eavesdropper,who will be able to destroy the authentication function.Afterwards,he or she can acquire the secret transmitted message or even modify it while escaping detection,by implementing an efficient man-in-the-middle attack.Furthermore,we show a simple scheme to defend this attack,that is,applying non-reusable identity strings.展开更多
With development of networked storage and its applications, united storage network (USN) combined with network attached storage (NAS) and storage area network (SAN) has emerged. It has such advantages as high performa...With development of networked storage and its applications, united storage network (USN) combined with network attached storage (NAS) and storage area network (SAN) has emerged. It has such advantages as high performance, low cost, good connectivity, etc. However the security issue has been complicated because USN responds to block I/O and file I/O requests simultaneously. In this paper, a security system module is developed to prevent many types of attacks against USN based on NAS head. The module not only uses effective authentication to prevent unauthorized access to the system data, but also checks the data integrity. Experimental results show that the security module can not only resist remote attacks and attacks from those who has physical access to the USN, but can also be seamlessly integrated into underlying file systems, with little influence on their performance.展开更多
In this paper, two improved digital signature schemes are presented based on the design of directed signature scheme. The peculiarity of the system is that only if the scheme is specific recipient, the signature is au...In this paper, two improved digital signature schemes are presented based on the design of directed signature scheme. The peculiarity of the system is that only if the scheme is specific recipient, the signature is authenticated. Since the scheme adds the screen of some information parameters, the difficulty of deciphered keys and the security of digital signature system are increased.展开更多
CAN(Controller Area Network)总线技术的发展令人惊叹,基于CAN的车载总线实现ECU(Electronic Control Unit)分布式实时数据通讯,自由通信,总线仲裁。本文提出了在CAN协议基础上增加ECU间(Key)密钥分配与信息认证,简称MAC(Message Authe...CAN(Controller Area Network)总线技术的发展令人惊叹,基于CAN的车载总线实现ECU(Electronic Control Unit)分布式实时数据通讯,自由通信,总线仲裁。本文提出了在CAN协议基础上增加ECU间(Key)密钥分配与信息认证,简称MAC(Message Authentication Code,信息认证码)。本文会由浅入深阐述当前CAN总线协议基础上的MAC的工作原理与实现方式。展开更多
At present,the traditional blockchain for data storage and retrieval reflects the characteristics of slow data uploading speed,high cost,and transparency,and there are a lot of corresponding problems,such as not suppo...At present,the traditional blockchain for data storage and retrieval reflects the characteristics of slow data uploading speed,high cost,and transparency,and there are a lot of corresponding problems,such as not supporting private data storage,large data operation costs,and not supporting Data field query.This paper proposes a method of data encryption storage and retrieval based on the IOTA distributed ledger,combined with the fast transaction processing speed and zero-value transactions of the IOTA blockchain,through the Masked Authenticated Messaging technology,so that the data is encrypted in the data stream.The form is stored in the distributed ledger,quickly retrieved through the field index mechanism established by the data form,and the data operation is carried out on the chain.Experimental results show that this system has high storage,encryption and retrieval performance,and good practicability.展开更多
Vehicle Ad hoc NETworks(VANET) can enhance traffic safety and improve traffic efficiency through cooperative communication among vehicles, roadside infrastructure, and traffic management centers. To guarantee secure...Vehicle Ad hoc NETworks(VANET) can enhance traffic safety and improve traffic efficiency through cooperative communication among vehicles, roadside infrastructure, and traffic management centers. To guarantee secure service provision in VANET, message authentication is important. Moreover, a vehicle user's private information can also be leaked during service provision. A protection mechanism is needed to prevent such leakage. Therefore, we propose a conditional privacy-preserving and authentication scheme for secure service provision in VANETs. The proposed scheme not only satisfies the security requirements of VANETs, but also optimizes the calculation process of signature generation and verification. We carry out a detailed comparative analysis. The result shows that the proposed scheme is more efficient than existing schemes in terms of communication overhead and computational cost. Therefore, our scheme is suitable for secure service provision in VANETs.展开更多
Network coding can improve network throughput in large, but it is vulnerable to the data pollution attacks. In this paper, we propose an efficient homomorphic message authentication code (MAC) scheme with discrete l...Network coding can improve network throughput in large, but it is vulnerable to the data pollution attacks. In this paper, we propose an efficient homomorphic message authentication code (MAC) scheme with discrete logarithm to detect and locate the malicious nodes. We also prove the security property of the scheme theoretically. Its effectiveness is demonstrated, and overhead is analyzed through extensive experiments.展开更多
Network coding is vulnerable to pollution at- tacks, which prevent receivers from recovering the source message correctly. Most existing schemes against pollution attacks either bring significant redundancy to the ori...Network coding is vulnerable to pollution at- tacks, which prevent receivers from recovering the source message correctly. Most existing schemes against pollution attacks either bring significant redundancy to the original message or require a high computational complexity to ver- ify received blocks. In this paper, we propose an efficient scheme against pollution attacks based on probabilistic key pre-distribution and homomorphic message authentication codes (MACs). In our scheme, each block is attached with a small number of MACs and each node can use these MACs to verify the integrity of the corresponding block with a high probability. Compared to previous schemes, our scheme still leverages a small number of keys to generate MACs for each block, but more than doubles the detection probability. Mean- while, our scheme is able to efficiently restrict pollution prop- agation within a small number of hops. Experimental results show that our scheme is more efficient in verification than existing ones based on public-key cryptography.展开更多
基金Project supported by NSFC(Grant Nos.U1836205,61702040)the Major Scientific and Technological Special Project of Guizhou Province(Grant No.20183001)+2 种基金the Foundation of Guizhou Provincial Key Laboratory of Public Big Data(Grant No.2018BDKFJJ016)the Foundation of State Key Laboratory of Public Big Data(Grant No.2018BDKFJJ018)Beijing Natural Science Foundation(Grant No.4174089).
文摘To ensure the security during the communication,we often adopt different ways to encrypt the messages to resist various attacks.However,with the computing power improving,the existing encryption and authentication schemes are being faced with big challenges.We take the message authentication as an example into a careful consideration.Then,we proposed a new message authentication scheme with the Advanced Encryption Standard as the encryption function and the new quantum Hash function as the authentication function.Firstly,the Advanced Encryption Standard algorithm is used to encrypt the result of the initial message cascading the corresponding Hash values,which ensures that the initial message can resist eavesdropping attack.Secondly,utilizing the new quantum Hash function with quantum walks can be much more secure than traditional classical Hash functions with keeping the common properties,such as one-wayness,resisting different collisions and easy implementation.Based on these two points,the message authentication scheme can be much more secure than previous ones.Finally,it is a new way to design the message authentication scheme,which provides a new thought for other researchers in the future.Our works will contribute to the study on the new encryption and authentication functions and the combination of quantum computing with traditional cryptology in the future.
基金supported in part by the National Key R&D Program of China(No.2022YFB3904503)National Natural Science Foundation of China(No.62172418)the joint funds of National Natural Science Foundation of China and Civil Aviation Administration of China(No.U2133203).
文摘Due to the lack of authentication mechanism in BeiDou navigation satellite system(BDS),BD-Ⅱ civil navigation message(BDⅡ-CNAV) are vulnerable to spoofing attack and replay attack.To solve this problem,we present a security authentication protocol,called as BDSec,which is designed by using China’s cryptography Shangyong Mima(SM) series algorithms,such as SM2/4/9 and Zu Chongzhi(ZUC)algorithm.In BDSec protocol,both of BDⅡ-CNAV and signature information are encrypted using the SM4 algorithm(Symmetric encryption mechanism).The encrypted result is used as the subject authentication information.BDSec protocol applies SM9 algorithm(Identity-based cryptography mechanism) to protect the integrity of the BDⅡ-CNAV,adopts the SM2 algorithm(Public key cryptosystem) to guarantee the confidentiality of the important session information,and uses the ZUC algorithm(Encryption and integrity algorithm) to verify the integrity of the message authentication serial number and initial information and the information in authentication initialization sub-protocol respectively.The results of the SVO logic reasoning and performance analysis show that BDSec protocol meets security requirements for the dual user identity authentication in BDS and can realize the security authentication of BDⅡ-CNAV.
基金supported in part by the Joint Foundation of National Natural Science Committee of China and Civil Aviation Administration of China under Grant U1933108in part by the Scientific Research Project of Tianjin Municipal Education Commission under Grant 2019KJ117.
文摘Due to the civil BeiDou navigation system is open,unauthenticated,and non-encrypted,civilian BeiDou navigation signals may have great security loopholes during transmission or reception.The main security loophole here is spoofing attacks.Spoofing attacks make the positioning or timing results of BeiDou civilian receivers wrong.Such errors may cause a series of security problems,which lays a serious hidden danger for Bei-Dou satellite information security.This article proposes an anti-spoofing method for BeiDou navigation system based on the combination of SM commercial cryptographic algorithm and Timed Efficient Stream Loss-tolerant Authentication(TESLA)for spoofing attacks.In this solution,we use the SM3 algorithm to generate a TESLA key chain with time information,and then use the key in the key chain to generate the message authentication code for the BeiDou D2 navigation message.The message authentication code is inserted into a reserved bit of the D2 navigation message.In addition,this solution uses the SM2 algorithm to protect and encrypt time information in the TESLA key chain to prevent key replay attacks in TESLA.The experimental results tested on the experimental platform built in this paper show that this scheme reduces the possibility of the BeiDou navigation system being deceived and enhances the safety of the BeiDou navigation system.
基金supported by the National Foundation of Netherlands with SenterNovem for the ALwEN project under Grant No.PNE07007the National Natural Science Foundation of China under Grant Nos.61100201,U1135004,and 61170080+3 种基金the Universities and Colleges Pearl River Scholar Funded Scheme of Guangdong Province of China(2011)the High-Level Talents Project of Guangdong Institutions of Higher Education of China(2012)the Project on the Integration of Industry,Education and Research of Guangdong Province of China under Grant No.2012B091000035the Project of Science and Technology New Star of Guangzhou Pearl River of China(2014)
文摘A wireless sensor network (WSN) commonly whilst a body sensor network (BSN) must be secured with requires lower level security for public information gathering, strong authenticity to protect personal health information. In this paper, some practical problems with the message authentication codes (MACs), which were proposed in the popular security architectures for WSNs, are reconsidered. The analysis shows that the recommended MACs for WSNs, e.g., CBC- MAC (TinySec), OCB-MAC (MiniSec), and XCBC-MAC (SenSee), might not be exactly suitable for BSNs. Particularly an existential forgery attack is elaborated on XCBC-MAC. Considering the hardware limitations of BSNs, we propose a new family of tunable lightweight MAC based on the PRESENT block cipher. The first scheme, which is named TukP, is a new lightweight MAC with 64-bit output range. The second scheme, which is named TuLP-128, is a 128-bit variant which provides a higher resistance against internal collisions. Compared with the existing schemes, our lightweight MACs are both time and resource efficient on hardware-constrained devices.
基金supported by the National Natural Science Foundation of China (Grant Nos 60873191 and 60821001)the Specialized Research Fund for the Doctoral Program of Higher Education (Grant No 200800131016)+5 种基金Beijing Nova Program (Grant No2008B51)Key Project of the Chinese Ministry of Education (Grant No 109014)the Natural Science Foundation of Beijing (Grant No 4072020)the National Laboratory for Modern Communications Science Foundation of China (Grant No 9140C1101010601)the Natural Science Foundation of Education Bureau of Henan Province (Grant No 2008B120005)the Youth Foundation of Luoyang Normal University
文摘This paper proposes a scheme for secure authentication of classical messages with single photons and a hashed function. The security analysis of this scheme is also given, which shows that anyone cannot forge valid message authentication codes (MACs). In addition, the lengths of the authentication key and the MACs are invariable and shorter, in comparison with those presented authentication schemes. Moreover, quantum data storage and entanglement are not required in this scheme. Therefore, this scheme is more efficient and economical.
文摘Wireless Network security management is difficult because of the ever-increasing number of wireless network malfunctions,vulnerabilities,and assaults.Complex security systems,such as Intrusion Detection Systems(IDS),are essential due to the limitations of simpler security measures,such as cryptography and firewalls.Due to their compact nature and low energy reserves,wireless networks present a significant challenge for security procedures.The features of small cells can cause threats to the network.Network Coding(NC)enabled small cells are vulnerable to various types of attacks.Avoiding attacks and performing secure“peer”to“peer”data transmission is a challenging task in small cells.Due to the low power and memory requirements of the proposed model,it is well suited to use with constrained small cells.An attacker cannot change the contents of data and generate a new Hashed Homomorphic Message Authentication Code(HHMAC)hash between transmissions since the HMAC function is generated using the shared secret.In this research,a chaotic sequence mapping based low overhead 1D Improved Logistic Map is used to secure“peer”to“peer”data transmission model using lightweight H-MAC(1D-LM-P2P-LHHMAC)is proposed with accurate intrusion detection.The proposed model is evaluated with the traditional models by considering various evaluation metrics like Vector Set Generation Accuracy Levels,Key Pair Generation Time Levels,Chaotic Map Accuracy Levels,Intrusion Detection Accuracy Levels,and the results represent that the proposed model performance in chaotic map accuracy level is 98%and intrusion detection is 98.2%.The proposed model is compared with the traditional models and the results represent that the proposed model secure data transmission levels are high.
基金This work was supported by the Ministry of Science and Technology of Taiwan,R.O.C.,under Grant MOST 110-2622-E-468-002 and 110-2218-E-468-001-MBK.
文摘The Internet of Vehicles(IoV)has evolved as an advancement over the conventional Vehicular Ad-hoc Networks(VANETs)in pursuing a more optimal intelligent transportation system that can provide various intelligent solutions and enable a variety of applications for vehicular traffic.Massive volumes of data are produced and communicated wirelessly among the different relayed entities in these vehicular networks,which might entice adversaries and endanger the system with a wide range of security attacks.To ensure the security of such a sensitive network,we proposed a distributed authentication mechanism for IoV based on blockchain technology as a distributed ledger with an ouroboros algorithm.Using timestamp and challenge-responsemechanisms,the proposed authentication model can withstand several security attacks such asMan-in-Middle(MiM)attacks,Distributed Denial of Service(DDoS)attacks,server spoofing attacks and more.The proposed method also provides a solution for single-point failure,forward secrecy,revocability,etc.We exhibit the security of our proposed model by using formal(mathematical)analysis and informal analysis.We used Random Oracle Model to perform themathematical analysis.In addition,we compared the communication cost,computation cost,and security of the proposed model with the related existing studies.We have verified the security of the model by using AVISPA tool simulation.The security analysis and computation analysis show that the proposed protocol is viable.
基金Supported bythe National Natural Science Foundationof China (60175001)
文摘A novel video data authentication model based on digital video watermarking and MAC (message authentication code) in multicast protocol is proposed in this paper, The digital watermarking which composes of the MAC of the significant vid eo content, the key and instant authentication data is embedded into the insignificant video component by the MLUT (modified look-up table) video watermarking technology. We explain a method that does not require storage of each data packet for a time, thus making receiver not vulnerable to DOS (denial of service) attack. So the video packets can be authenticated instantly without large volume buffer in the receivers. TESLA (timed efficient stream loss tolerant authentication) does not explain how to select the suitable value for d, which is an important parameter in multicast source authentication. So we give a method to calculate the key disclosure delay (number of intervals). Simulation results show that the proposed algorithms improve the performance of data source authentication in multicast.
基金Project supported by the National Natural Science Foundation of China(Grant Nos.61272057 and 61170270)
文摘Chang et al.[Chin.Phys.623 010305(2014)]have proposed a quantum broadcast communication and authentication protocol.However,we find that an intercept-resend attack can be preformed successfully by a potential eavesdropper,who will be able to destroy the authentication function.Afterwards,he or she can acquire the secret transmitted message or even modify it while escaping detection,by implementing an efficient man-in-the-middle attack.Furthermore,we show a simple scheme to defend this attack,that is,applying non-reusable identity strings.
文摘With development of networked storage and its applications, united storage network (USN) combined with network attached storage (NAS) and storage area network (SAN) has emerged. It has such advantages as high performance, low cost, good connectivity, etc. However the security issue has been complicated because USN responds to block I/O and file I/O requests simultaneously. In this paper, a security system module is developed to prevent many types of attacks against USN based on NAS head. The module not only uses effective authentication to prevent unauthorized access to the system data, but also checks the data integrity. Experimental results show that the security module can not only resist remote attacks and attacks from those who has physical access to the USN, but can also be seamlessly integrated into underlying file systems, with little influence on their performance.
基金the Natural Science Foundation of Fujian Province (No. A0010011).
文摘In this paper, two improved digital signature schemes are presented based on the design of directed signature scheme. The peculiarity of the system is that only if the scheme is specific recipient, the signature is authenticated. Since the scheme adds the screen of some information parameters, the difficulty of deciphered keys and the security of digital signature system are increased.
文摘CAN(Controller Area Network)总线技术的发展令人惊叹,基于CAN的车载总线实现ECU(Electronic Control Unit)分布式实时数据通讯,自由通信,总线仲裁。本文提出了在CAN协议基础上增加ECU间(Key)密钥分配与信息认证,简称MAC(Message Authentication Code,信息认证码)。本文会由浅入深阐述当前CAN总线协议基础上的MAC的工作原理与实现方式。
基金supported by the National Key Research and Development Program“Biological Information Security and Efficient Transmission”Project,Project Letter No.2017YFC1201204.
文摘At present,the traditional blockchain for data storage and retrieval reflects the characteristics of slow data uploading speed,high cost,and transparency,and there are a lot of corresponding problems,such as not supporting private data storage,large data operation costs,and not supporting Data field query.This paper proposes a method of data encryption storage and retrieval based on the IOTA distributed ledger,combined with the fast transaction processing speed and zero-value transactions of the IOTA blockchain,through the Masked Authenticated Messaging technology,so that the data is encrypted in the data stream.The form is stored in the distributed ledger,quickly retrieved through the field index mechanism established by the data form,and the data operation is carried out on the chain.Experimental results show that this system has high storage,encryption and retrieval performance,and good practicability.
基金supported by the National Natural Science Foundation of China (Nos. 61572001 and 61502008)the Research Fund for the Doctoral Program of Higher Education (No. 20133401110004)+1 种基金the Natural Science Foundation of Anhui Province (No. 1508085QF132)the Doctoral Research Start-up Funds Project of Anhui University
文摘Vehicle Ad hoc NETworks(VANET) can enhance traffic safety and improve traffic efficiency through cooperative communication among vehicles, roadside infrastructure, and traffic management centers. To guarantee secure service provision in VANET, message authentication is important. Moreover, a vehicle user's private information can also be leaked during service provision. A protection mechanism is needed to prevent such leakage. Therefore, we propose a conditional privacy-preserving and authentication scheme for secure service provision in VANETs. The proposed scheme not only satisfies the security requirements of VANETs, but also optimizes the calculation process of signature generation and verification. We carry out a detailed comparative analysis. The result shows that the proposed scheme is more efficient than existing schemes in terms of communication overhead and computational cost. Therefore, our scheme is suitable for secure service provision in VANETs.
基金Supported by the General Program of Science and Technology Development Project of Beijing Municipal Education Commission(KM201311232014)the Opening Project of Beijing Key Laboratory of Internet Culture and Digital Dissemination Research (ICDD201206, ICDD201207)
文摘Network coding can improve network throughput in large, but it is vulnerable to the data pollution attacks. In this paper, we propose an efficient homomorphic message authentication code (MAC) scheme with discrete logarithm to detect and locate the malicious nodes. We also prove the security property of the scheme theoretically. Its effectiveness is demonstrated, and overhead is analyzed through extensive experiments.
文摘Network coding is vulnerable to pollution at- tacks, which prevent receivers from recovering the source message correctly. Most existing schemes against pollution attacks either bring significant redundancy to the original message or require a high computational complexity to ver- ify received blocks. In this paper, we propose an efficient scheme against pollution attacks based on probabilistic key pre-distribution and homomorphic message authentication codes (MACs). In our scheme, each block is attached with a small number of MACs and each node can use these MACs to verify the integrity of the corresponding block with a high probability. Compared to previous schemes, our scheme still leverages a small number of keys to generate MACs for each block, but more than doubles the detection probability. Mean- while, our scheme is able to efficiently restrict pollution prop- agation within a small number of hops. Experimental results show that our scheme is more efficient in verification than existing ones based on public-key cryptography.
