Remote access is a means of accessing resources outside one’s immediate physical location. This has made employee mobility more effective and productive for most organizations. Remote access can be achieved via vario...Remote access is a means of accessing resources outside one’s immediate physical location. This has made employee mobility more effective and productive for most organizations. Remote access can be achieved via various channels of remote communication, the most common being Virtual Private Networks (VPNs). The demand for remote access is on the rise, especially during the Covid-19 pandemic, and will continue to increase as most organizations are re-structuring to make telecommuting a permanent part of their mode of operation. Employee mobility, while presenting organizations with some advantages, comes with the associated risk of exposing corporate cyber assets to attackers. The remote user and the remote connectivity technology present some vulnerabilities which can be exploited by any threat agent to violate the confidentiality, integrity and availability (CIA) dimensions of these cyber assets. So, how are users and remote devices authenticated? To what extent is the established connection secured? With employee mobility on the rise, it is necessary to analyze the user authentication role since the mobile employee is not under the monitoring radar of the organization, and the environment from which the mobile employee connects may be vulnerable. In this study, an experiment was setup to ascertain the user authentication roles. The experiment showed the process of 2FA in user authentication and it proved to be an effective means of improving user authentication during remote access. This was depicted via the use of what the user has (mobile phone/soft-token) as a second factor in addition to what the user knows, i.e. password. This authentication method overcomes the security weaknesses inherent in single-factor user authentication via the use of password only. However, the results also showed that though 2FA user authentication ensures security, the remote devices could exhibit further vulnerabilities and pose serious risks to the organization. Thus, a varied implementation was recommended to further enhance the security of remote access communication with regards to the remote user authentication.展开更多
In this paper, two improved digital signature schemes are presented based on the design of directed signature scheme. The peculiarity of the system is that only if the scheme is specific recipient, the signature is au...In this paper, two improved digital signature schemes are presented based on the design of directed signature scheme. The peculiarity of the system is that only if the scheme is specific recipient, the signature is authenticated. Since the scheme adds the screen of some information parameters, the difficulty of deciphered keys and the security of digital signature system are increased.展开更多
The universality of the application of wireless sensor networks( WSN) makes more attention be paid on the security problem. Node authentication is not only the basis of network security,but also the premise of key man...The universality of the application of wireless sensor networks( WSN) makes more attention be paid on the security problem. Node authentication is not only the basis of network security,but also the premise of key management and secure routing protocol. Although the signature mechanism based on symmetric encryption is high in energy efficiency,it is vulnerable to be attacked and there is a time delay during authentication. Traditional public key encryption mechanism with improvement in security brings in complex algorithm and costs much time,which is not suitable for WSN. In this paper,a signature authentication mechanism,an optimized variant Bellare Namprempre Neven( OvBNN) is presented to quickly complete the authentication by mutual cooperation between nodes so as to make the nodes use the intermediate calculation results of their neighbor nodes directly.Simulation results show that the proposed mechanism is superior to traditional authentication mechanisms both in energy consumption and authentication time.展开更多
Mobile Ad hoc Network (MANET) is a collection of mobile hosts with wireless interfaces that form a temporary network without the aid of any fixed infrastructure or centralized administration. A MANET is a type of ad h...Mobile Ad hoc Network (MANET) is a collection of mobile hosts with wireless interfaces that form a temporary network without the aid of any fixed infrastructure or centralized administration. A MANET is a type of ad hoc network that can change locations and configure itself on the fly. The dynamic and cooperative behaviour of ad hoc networking without any centralized or unified controlling authority for authentication and monitoring is sensitive to attacks that damage or exploit the cooperative behaviour of ad hoc routing. Routing attacks lead to the most disastrous damage in MANET. The main objective of this paper is to enhance the security against routing attacks in MANETs. Intrusion detection based on DAHT (Dual Authentication Hash Technique) entirely depends on the end to end communication between the source and destination is employed here. The proposed technique identifies the misbehaving nature of current node and the previous node where it receives the information. DAHT is simulated with various parameters in NS2. The results obtained are compared with existing mechanism. The results show that malicious detection, overhead reduction and delay are better when compared to the existing system that is employed in protecting the routing information.展开更多
随着网络技术的发展,无线网络接入认证技术的应用越来越广泛。通过远程认证拨入用户服务(Remote Authentication Dial In User Service,RADIUS)和数字证书配合使用,可以实现较为安全完善的无线网络接入认证。介绍RADIUS和数字证书的相...随着网络技术的发展,无线网络接入认证技术的应用越来越广泛。通过远程认证拨入用户服务(Remote Authentication Dial In User Service,RADIUS)和数字证书配合使用,可以实现较为安全完善的无线网络接入认证。介绍RADIUS和数字证书的相关概念,概述使用RADIUS和数字证书进行无线网络接入时的网络拓扑与接入认证过程,给出RADIUS代理服务器、认证服务器以及数字证书的配置方法同时,给出验证该无线网络接入认证技术的方法,也是Linux客户端进行网络接入认证的方法。通过搭建RADIUS网络接入环境,使用数字证书作为认证凭证,实现客户端对无线网络的接入认证。展开更多
Amidst the rapid development of the Internet of Things (loT), Vehicular Ad-Hoc NETwork (VANET), a typical loT application, are bringing an ever-larger number of intelligent and convenient services to the daily lives o...Amidst the rapid development of the Internet of Things (loT), Vehicular Ad-Hoc NETwork (VANET), a typical loT application, are bringing an ever-larger number of intelligent and convenient services to the daily lives of individuals. However, there remain challenges for VANETs in preserving privacy and security. In this paper, we propose the first lattice-based Double-Authentication-Preventing Ring Signature (DAPRS) and adopt it to propose a novel privacy-preserving authentication scheme for VANETs, offering the potential for security against quantum computers. The new construction is proven secure against chosen message attacks. Our scheme is more efficient than other ring signature in terms of the time cost of the message signing phase and verification phase, and also in terms of signature length. Analyses of security and efficiency demonstrate that our proposed scheme is provably secure and efficient in the application.展开更多
Ad-hoc networking has mainly been associated with military battlefield networks. Security has received considerably less attention and the issue needs to be addressed before any successful applications will appear. Du...Ad-hoc networking has mainly been associated with military battlefield networks. Security has received considerably less attention and the issue needs to be addressed before any successful applications will appear. Due to the insecure nature of the wireless link and their dynamically changing topology, wireless ad-hoc networks require a careful and security-oriented approach for designing routing protocols. In this paper, an AODV-based secure routing protocol- ENAODV is presented. A speed-optimized digital signature algorithm is integrated into the routing protocol. The protocol algorithm is implemented with NS-2. The security of the protocol is analyzed. The simulating results show that the performances of ENAODV protocol, such as average node energy consumption, packet delay and packet delivery is nearly the same as standard AODV protocol.展开更多
Vehicular Ad hoc Networks(VANETs)become a very crucial addition in the Intelligent Transportation System(ITS).It is challenging for a VANET system to provide security services and parallelly maintain high throughput b...Vehicular Ad hoc Networks(VANETs)become a very crucial addition in the Intelligent Transportation System(ITS).It is challenging for a VANET system to provide security services and parallelly maintain high throughput by utilizing limited resources.To overcome these challenges,we propose a blockchain-based Secured Cluster-based MAC(SCB-MAC)protocol.The nearby vehicles heading towards the same direction will form a cluster and each of the clusters has its blockchain to store and distribute the safety messages.The message which contains emergency information and requires Strict Delay Requirement(SDR)for transmission are called safety messages(SM).Cluster Members(CMs)sign SMs with their private keys while sending them to the blockchain to confirm authentication,integrity,and confidentiality of the message.A Certificate Authority(CA)is responsible for physical verification,key generation,and privacy preservation of the vehicles.We implemented a test scenario as proof of concept and tested the safety message transmission(SMT)protocol in a real-world platform.Computational and storage overhead analysis shows that the proposed protocol for SMT implements security,authentication,integrity,robustness,non-repudiation,etc.while maintaining the SDR.Messages that are less important compared to the SMs are called non-safety messages(NSM)and vehicles use RTS/CTS mechanism for NSM transmission.Numerical studies show that the proposed NSM transmission method maintains 6 times more throughput,2 times less delay and 125%less Packet Dropping Rate(PDR)than traditional MAC protocols.These results prove that the proposed protocol outperforms the traditional MAC protocols.展开更多
Vehicular ad hoc network(VANET)is a self-organizing wireless sensor network model,which is extensively used in the existing traffic.Due to the openness of wireless channel and the sensitivity of traffic information,da...Vehicular ad hoc network(VANET)is a self-organizing wireless sensor network model,which is extensively used in the existing traffic.Due to the openness of wireless channel and the sensitivity of traffic information,data transmission process in VANET is vulnerable to leakage and attack.Authentication of vehicle identitywhile protecting vehicle privacy information is an advantageous way to improve the security of VANET.We propose a scheme based on fair blind signature and secret sharing algorithm.In this paper,we prove that the scheme is feasible through security analysis.展开更多
文摘Remote access is a means of accessing resources outside one’s immediate physical location. This has made employee mobility more effective and productive for most organizations. Remote access can be achieved via various channels of remote communication, the most common being Virtual Private Networks (VPNs). The demand for remote access is on the rise, especially during the Covid-19 pandemic, and will continue to increase as most organizations are re-structuring to make telecommuting a permanent part of their mode of operation. Employee mobility, while presenting organizations with some advantages, comes with the associated risk of exposing corporate cyber assets to attackers. The remote user and the remote connectivity technology present some vulnerabilities which can be exploited by any threat agent to violate the confidentiality, integrity and availability (CIA) dimensions of these cyber assets. So, how are users and remote devices authenticated? To what extent is the established connection secured? With employee mobility on the rise, it is necessary to analyze the user authentication role since the mobile employee is not under the monitoring radar of the organization, and the environment from which the mobile employee connects may be vulnerable. In this study, an experiment was setup to ascertain the user authentication roles. The experiment showed the process of 2FA in user authentication and it proved to be an effective means of improving user authentication during remote access. This was depicted via the use of what the user has (mobile phone/soft-token) as a second factor in addition to what the user knows, i.e. password. This authentication method overcomes the security weaknesses inherent in single-factor user authentication via the use of password only. However, the results also showed that though 2FA user authentication ensures security, the remote devices could exhibit further vulnerabilities and pose serious risks to the organization. Thus, a varied implementation was recommended to further enhance the security of remote access communication with regards to the remote user authentication.
基金the Natural Science Foundation of Fujian Province (No. A0010011).
文摘In this paper, two improved digital signature schemes are presented based on the design of directed signature scheme. The peculiarity of the system is that only if the scheme is specific recipient, the signature is authenticated. Since the scheme adds the screen of some information parameters, the difficulty of deciphered keys and the security of digital signature system are increased.
基金Support by the National High Technology Research and Development Program of China(2012AA120802)the National Natural Science Foundation of China(61771186)+1 种基金the Postdoctoral Research Project of Heilongjiang Province(LBH-Q15121) the Undergraduate University Project of Young Scientist Creative Talent of Heilongjiang Province(UNPYSCT-2017125)
文摘The universality of the application of wireless sensor networks( WSN) makes more attention be paid on the security problem. Node authentication is not only the basis of network security,but also the premise of key management and secure routing protocol. Although the signature mechanism based on symmetric encryption is high in energy efficiency,it is vulnerable to be attacked and there is a time delay during authentication. Traditional public key encryption mechanism with improvement in security brings in complex algorithm and costs much time,which is not suitable for WSN. In this paper,a signature authentication mechanism,an optimized variant Bellare Namprempre Neven( OvBNN) is presented to quickly complete the authentication by mutual cooperation between nodes so as to make the nodes use the intermediate calculation results of their neighbor nodes directly.Simulation results show that the proposed mechanism is superior to traditional authentication mechanisms both in energy consumption and authentication time.
文摘Mobile Ad hoc Network (MANET) is a collection of mobile hosts with wireless interfaces that form a temporary network without the aid of any fixed infrastructure or centralized administration. A MANET is a type of ad hoc network that can change locations and configure itself on the fly. The dynamic and cooperative behaviour of ad hoc networking without any centralized or unified controlling authority for authentication and monitoring is sensitive to attacks that damage or exploit the cooperative behaviour of ad hoc routing. Routing attacks lead to the most disastrous damage in MANET. The main objective of this paper is to enhance the security against routing attacks in MANETs. Intrusion detection based on DAHT (Dual Authentication Hash Technique) entirely depends on the end to end communication between the source and destination is employed here. The proposed technique identifies the misbehaving nature of current node and the previous node where it receives the information. DAHT is simulated with various parameters in NS2. The results obtained are compared with existing mechanism. The results show that malicious detection, overhead reduction and delay are better when compared to the existing system that is employed in protecting the routing information.
文摘经典区块链中拜占庭容错共识机制使用的公钥数字签名在量子计算机的指数级加速下暴露出脆弱性,存在一定的安全风险。针对拜占庭容错共识机制不具有量子安全性的问题,提出了基于HotStuff的高效量子安全拜占庭容错共识机制EQSH(Efficient Quantum-Secured HotStuff)。首先,为解决现有无条件安全签名(Unconditionally Secure Signatures,USS)通信复杂度高的问题,提出了一种高效的多方环形量子数字签名(Efficient Multi-party Ring Quantum Digital Signatures,EMRQDSs)方案,该方案基于一种环形量子网络,在保证量子安全性、不可伪造性、不可抵赖性以及可转移性的同时,通信复杂度为O(n)。其次,为了消除量子敌手对门限签名的安全威胁,对HotStuff中使用的门限签名进行替换,提出了一种基于密钥分发中心的签名收集方案,该方案可以实现与门限签名同样的效果,通信复杂度为O(n),同时保证了量子安全性。最后,将上述两个方案相结合,应用于HotStuff中,提供了量子安全性;设计了一个起搏器保证了活性;简化了共识信息格式,使用流水线共识流程提高了共识效率。EQSH中没有使用量子纠缠等成本较高的技术,可在现有技术条件下实现,实用价值较高。相较于HotStuff,EQSH具有量子安全性。相较于其他非纠缠型量子安全拜占庭容错共识机制,EQSH首次将通信复杂度降为O(n),具有更佳的性能表现,且对于客户端量子线路数量的需求更低,有利于降低量子网络的架设成本。
文摘随着网络技术的发展,无线网络接入认证技术的应用越来越广泛。通过远程认证拨入用户服务(Remote Authentication Dial In User Service,RADIUS)和数字证书配合使用,可以实现较为安全完善的无线网络接入认证。介绍RADIUS和数字证书的相关概念,概述使用RADIUS和数字证书进行无线网络接入时的网络拓扑与接入认证过程,给出RADIUS代理服务器、认证服务器以及数字证书的配置方法同时,给出验证该无线网络接入认证技术的方法,也是Linux客户端进行网络接入认证的方法。通过搭建RADIUS网络接入环境,使用数字证书作为认证凭证,实现客户端对无线网络的接入认证。
基金supported by the National Key R&D(973)Program of China(No.2017YFB0802000)the National Natural Science Foundation of China(Nos.61772326,61572303,61872229,and 61802239)+4 种基金the NSFC Research Fund for International Young Scientists(No.61750110528)the National Cryptography Development Fund during the 13th Five-Year Plan Period(Nos.MMJJ20170216 and MMJJ201701304)the Foundation of State Key Laboratory of Information Security(No.2017-MS-03)the Fundamental Research Funds for the Central Universities(No.GK201702004,GK201803061,and 2018CBLY006)the China Postdoctoral Science Foundation(No.2018M631121)
文摘Amidst the rapid development of the Internet of Things (loT), Vehicular Ad-Hoc NETwork (VANET), a typical loT application, are bringing an ever-larger number of intelligent and convenient services to the daily lives of individuals. However, there remain challenges for VANETs in preserving privacy and security. In this paper, we propose the first lattice-based Double-Authentication-Preventing Ring Signature (DAPRS) and adopt it to propose a novel privacy-preserving authentication scheme for VANETs, offering the potential for security against quantum computers. The new construction is proven secure against chosen message attacks. Our scheme is more efficient than other ring signature in terms of the time cost of the message signing phase and verification phase, and also in terms of signature length. Analyses of security and efficiency demonstrate that our proposed scheme is provably secure and efficient in the application.
基金This work was supported by China Nature Science Fund .Serial No.60073059and60273078
文摘Ad-hoc networking has mainly been associated with military battlefield networks. Security has received considerably less attention and the issue needs to be addressed before any successful applications will appear. Due to the insecure nature of the wireless link and their dynamically changing topology, wireless ad-hoc networks require a careful and security-oriented approach for designing routing protocols. In this paper, an AODV-based secure routing protocol- ENAODV is presented. A speed-optimized digital signature algorithm is integrated into the routing protocol. The protocol algorithm is implemented with NS-2. The security of the protocol is analyzed. The simulating results show that the performances of ENAODV protocol, such as average node energy consumption, packet delay and packet delivery is nearly the same as standard AODV protocol.
文摘Vehicular Ad hoc Networks(VANETs)become a very crucial addition in the Intelligent Transportation System(ITS).It is challenging for a VANET system to provide security services and parallelly maintain high throughput by utilizing limited resources.To overcome these challenges,we propose a blockchain-based Secured Cluster-based MAC(SCB-MAC)protocol.The nearby vehicles heading towards the same direction will form a cluster and each of the clusters has its blockchain to store and distribute the safety messages.The message which contains emergency information and requires Strict Delay Requirement(SDR)for transmission are called safety messages(SM).Cluster Members(CMs)sign SMs with their private keys while sending them to the blockchain to confirm authentication,integrity,and confidentiality of the message.A Certificate Authority(CA)is responsible for physical verification,key generation,and privacy preservation of the vehicles.We implemented a test scenario as proof of concept and tested the safety message transmission(SMT)protocol in a real-world platform.Computational and storage overhead analysis shows that the proposed protocol for SMT implements security,authentication,integrity,robustness,non-repudiation,etc.while maintaining the SDR.Messages that are less important compared to the SMs are called non-safety messages(NSM)and vehicles use RTS/CTS mechanism for NSM transmission.Numerical studies show that the proposed NSM transmission method maintains 6 times more throughput,2 times less delay and 125%less Packet Dropping Rate(PDR)than traditional MAC protocols.These results prove that the proposed protocol outperforms the traditional MAC protocols.
基金supported by Key project of Hunan Provincial Education Department(20A191)Hunan teaching research and reformproject(2019-134)+2 种基金Cooperative Education Fund of ChinaMinistry of Education(201702113002,201801193119)Hunan Natural Science Foundation(2018JJ2138)Hunan teaching research and reform project(2019).
文摘Vehicular ad hoc network(VANET)is a self-organizing wireless sensor network model,which is extensively used in the existing traffic.Due to the openness of wireless channel and the sensitivity of traffic information,data transmission process in VANET is vulnerable to leakage and attack.Authentication of vehicle identitywhile protecting vehicle privacy information is an advantageous way to improve the security of VANET.We propose a scheme based on fair blind signature and secret sharing algorithm.In this paper,we prove that the scheme is feasible through security analysis.