New protocols for non-orthogonal quantum key distribution

Combining the passive decoy-state idea with the active decoy-state idea, a non-orthogonal （SARG04） decoy-state protocol with one vacuum and two weak decoy states is introduced based on a heralded pair coherent state photon source for quantum key distribution. Two special cases of this protocol are deduced, i.e., a one-vacuum-and-one-weak-decoy-state protocol and a one-weak-decoy-state protocol. In these protocols, the sender prepares decoy states actively, which avoids the crude estimation of parameters in the SARG04 passive decoy-state method. With the passive decoy-state idea, the detection events on Bob＇s side that are non-triggered on Alice＇s side are not discarded, but used to estimate the fractions of single-photon and two-photon pulses, which offsets the limitation of the detector＇s low efficiency and overcomes the shortcoming that the performance of the active decoy-state protocol critically depends on the efficiency of detector. The simulation results show that the combination of the active and passive decoy-state ideas increases the key generation rate. With a one-vacuum-and-two-weak-decoy-state protocol, one can achieve a key generation rate that is close to the theoretical limit of an infinite decoy-state protocol. The performance of the other two protocols is a little less than with the former, but the implementation is easier. Under the same condition of implementation, higher key rates can be obtained with our protocols than with existing methods.

Practical non-orthogonal decoy state quantum key distribution with heralded single photon source

Recently the performance of the quantum key distribution （QKD） is substantially improved by the decoy state method and the non-orthogonal encoding protocol, separately. In this paper, a practical non-orthogonal decoy state protocol with a heralded single photon source （HSPS） for QKD is presented. The protocol is based on 4 states with different intensities. i.e. one signal state and three decoy states. The signal state is for generating keys; the decoy states are for detecting the eavesdropping and estimating the fraction of single-photon and two-photon pulses. We have discussed three cases of this protocol, i.e. the general case, the optimal case and the special case. Moreover, the final key rate over transmission distance is simulated. For the low dark count of the HSPS and the utilization of the two-photon pulses, our protocol has a higher key rate and a longer transmission distance than any other decoy state protocol.

Performance for Device-to-Device Communication with Three-Time-Slot Two-Way Amplify-and-Forward Relay Protocol

Multi-hop device-to-device(D2D) communication can significantly improve the system performance. This paper studied the outage performance of D2 D communication assisted by another D2 D user using three-timeslot two-way amplify-and-forward relaying protocol over Rayleigh fading channels. Considering the co-channel interference from cellular user at the D2 D node,the approximate expression for the overall outage probability was derived. Furthermore,a power allocation optimum method to minimize the outage probability was developed,and the closed form expression for the optimal power allocation coefficient at the relay was derived. Simulation results demonstrate accuracy of the derived outage probability expressions. Simulation results also demonstrate that the outage performance can be improved using the proposed optimal power allocation method.

A Cooperative Forwarding Scheme for VANET Routing Protocols

Providing efficient packet delivery in vehicular ad hoc networks （VANETs） is particularly challenging due to the vehicle move- ment and lossy wireless channels. A data packet can be lost at a forwarding node even when a proper node is selected as the for- warding node. In this paper, we propose a loss-tolerant scheme for unicast routing protocols in VANETs. The proposed scheme employs multiple forwarding nodes to improve the packet reception ratio at the forwarding nodes. The scheme uses network coding to reduce the number of required transmissions, resulting in a significant improvement in end-to-end packet delivery ratio with low message overhead. The effectiveness of the proposed scheme is evaluated by using both theoretical analysis and computer sim-

CLORKE-SFS:Certificateless One-Round Key Exchange Protocol with Strong Forward Security in Limited Communication Scenarios

Certificateless one-round key exchange(CL-ORKE)protocols enable each participant to share a common key with only one round of communication which greatly saves communication cost.CLORKE protocols can be applied to scenarios with limited communication,such as space communication.Although CL-ORKE protocols have been researched for years,lots of them only consider what secrets can be compromised but ignore the time when the secrets have been corrupted.In CL-ORKE protocols,the reveal of the long-term key attacks can be divided into two different attacks according to the time of the long-term key revealed:the attack to weak Forward Security(wFS)and the attack to strong Forward Security(sFS).Many CLKE protocols did not take into account the sFS property or considered sFS as wFS.In this paper,we first propose a new security model for CL-ORKE protocols which considers the sFS property as well as the Ephemeral Key Reveal attack.Then,we give a CL-ORKE protocol which is called CLORKE-SFS.CLORKE-SFS is provably secure under the proposed model provided the Elliptic Curve Computational Diffie-Hellman(ECCDH)and the Bilinear Computational Diffie-Hellman problem(BCDH)assumption hold.The security model and the protocol may give inspiration for constructing oneround key exchange protocols with perfect forward security in certificateless scenarios.

Formal analysis of robust email protocol based on authentication tests

Based on the authentication tests and the strand space model, the robust email protocol with perfect forward secrecy is formally analyzed, and the security shortcomings of the protocol is pointed out. Meanwhile, the man-in-the-middle attack to the protocol is given, where the attacker forges the messages in the receiving phase to cheat the two communication parties and makes them share the wrong session keys with him. Therefore, the protocol is not ensured to provide perfect forward secrecy. In order to overcome the above security shortcomings, an advanced email protocol is proposed, where the corresponding signatures in the receiving phase of the protocol are added to overcome the man-in-the-middle attack and ensure to provide perfect forward secrecy. Finally, the proposed advanced email protocol is formally analyzed with the authentication tests and the strand space model, and it is proved to be secure in authentication of the email sender, the recipient and the server. Therefore, the proposed advanced email protocol can really provide perfect forward secrecy.

Detection of Insider Selective Forwarding Attack Based on Monitor Node and Trust Mechanism in WSN

The security problems of wireless sensor networks (WSN) have attracted people’s wide attention. In this paper, after we have summarized the existing security problems and solutions in WSN, we find that the insider attack to WSN is hard to solve. Insider attack is different from outsider attack, because it can’t be solved by the traditional encryption and message authentication. Therefore, a reliable secure routing protocol should be proposed in order to defense the insider attack. In this paper, we focus on insider selective forwarding attack. The existing detection mechanisms, such as watchdog, multipath retreat, neighbor-based monitoring and so on, have both advantages and disadvantages. According to their characteristics, we proposed a secure routing protocol based on monitor node and trust mechanism. The reputation value is made up with packet forwarding rate and node’s residual energy. So this detection and routing mechanism is universal because it can take account of both the safety and lifetime of network. Finally, we use OPNET simulation to verify the performance of our algorithm.

REDUCING BURST PACKET LOSS THROUGH ROUTE-FREE FORWARDING

It is well known that today's inter-domain routing protocol, Border Gateway Protocol (BGP), converges slowly during network failures. Due to the distribution nature of Internet routing decisions and the rate-limiting timer Minimum Route Advertisement Interval (MRAI) of BGP, unavoidable convergence latency is introduced in reaction to network changes. During the period of convergence temporarily routing table inconsistencies cause short-term routing blackholes and loops which result in widespread temporary burst packet loss. In this paper, we present ROute-Free Forwarding (ROFF) - a novel technique for packet delivering continuously during periods of convergence. With slightly modifications on IP packet header and BGP, route loops and blackholes can be avoided. Our preliminary evaluation demonstrates that ROFF succeeds in reducing the number of Autonomous Systems (ASes) which experience burst packet loss and the duration of packet loss.

An Efficient Lightweight Authentication and Key Agreement Protocol for Patient Privacy

Tele-medical information system provides an efficient and convenient way to connect patients at home with medical personnel in clinical centers.In this system,service providers consider user authentication as a critical requirement.To address this crucial requirement,various types of validation and key agreement protocols have been employed.The main problem with the two-way authentication of patients and medical servers is not built with thorough and comprehensive analysis that makes the protocol design yet has flaws.This paper analyzes carefully all aspects of security requirements including the perfect forward secrecy in order to develop an efficient and robust lightweight authentication and key agreement protocol.The secureness of the proposed protocol undergoes an informal analysis,whose findings show that different security features are provided,including perfect forward secrecy and a resistance to DoS attacks.Furthermore,it is simulated and formally analyzed using Scyther tool.Simulation results indicate the protocol’s robustness,both in perfect forward security and against various attacks.In addition,the proposed protocol was compared with those of other related protocols in term of time complexity and communication cost.The time complexity of the proposed protocol only involves time of performing a hash function Th,i.e.,:O(12Th).Average time required for executing the authentication is 0.006 seconds;with number of bit exchange is 704,both values are the lowest among the other protocols.The results of the comparison point to a superior performance by the proposed protocol.

Component based ant routing protocols analysis over mobile ad hoc networks

To deeply exploit the mechanisms of ant colony optimization （ACO） applied to develop routing in mobile ad hoe networks （MANETS）,some existing representative ant colony routing protocols were analyzed and compared.The analysis results show that every routing protocol has its own characteristics and competitive environment.No routing protocol is better than others in all aspects.Therefore,based on no free lunch theory,ant routing protocols were decomposed into three key components：route discovery,route maintenance （including route refreshing and route failure handling） and data forwarding.Moreover,component based ant routing protocol （CBAR） was proposed.For purpose of analysis,it only maintained basic ant routing process,and it was simple and efficient with a low overhead.Subsequently,different mechanisms used in every component and their effect on performance were analyzed and tested by simulations.Finally,future research strategies and trends were also summarized.

Formal Verification of Secrecy in Group Key Protocols Using Event-B

Group key security protocols play an important role in today’s communication systems. Their verification, however, remains a great challenge because of the dynamic characteristics of group key construction and distribution protocols. Security properties that are well defined in normal two-party protocols have different meanings and different interpretations in group key distribution protocols, specifically, secrecy properties, such as group secrecy, forward secrecy, backward secrecy, and key independence. In this paper, we present a method to verify forward secrecy properties for group-oriented protocols. The method is based on a correct semantical link between group key protocols and event-B models and also uses the refinement process in the B method to model and verify group and forward secrecy. We use an event-B first-order theorem proving system to provide invariant checking for these secrecy properties. We illustrate our approach on the Tree based Group Diffie-Hellman protocol as case study.

ARRANGING MULTICAST FORWARDING TABLE IN CLASS SEQUENCE IN TERNARY-CAM FOR LINE-SPEED LOOKUP

PIM-SM(Protocol Independent Multicast-Sparse Mode) is a main multicast routing pro-tocol in the IPv6(Internet Protocol version 6).It can use either a shared tree or a shortest path tree to deliver data packets,consequently the multicast IP lookup engine requires,in some cases,two searches to get a correct lookup result according to its multicast forwarding rule,and it may result in a new requirement of doubling the lookup speed of the lookup engine.The ordinary method to satisfy this requirement in TCAM(Ternary Content Addressable Memory) based lookup engines is to exploit parallelism among multiple TCAMs.However,traditional parallel methods always induce more re-sources and higher design difficulty.We propose in this paper a novel approach to solve this problem.By arranging multicast forwarding table in class sequence in TCAM and making full use of the intrinsic characteristic of the TCAM,our approach can get the right lookup result with just one search and a single TCAM,while keeping the hardware of lookup engine unchanged.Experimental results have shown that the approach make it possible to satisfy forwarding IPv6 multicast packets at the full link rate of 20 Gb/s with just one TCAM with the current TCAM chip.

一种基于空洞节点检测的可靠无人机自组网路由协议

针对高动态无人机自组网中节点之间链路生存时间(Link Live Time,LLT)短和节点遭遇路由空洞次数多的问题,提出了一种基于空洞节点检测的可靠无人机自组网路由协议——GPSR-HND(Greedy Perimeter Stateless Routing Based on Hollow Node Detection)。GPSR-HND协议中,转发节点通过空洞节点检测机制检测邻居节点状态,将有效邻居节点加入待选邻居节点集;然后基于层次分析法(Analytic Hierarchy Process,AHP)的多度量下一跳节点选择机制从待选邻居节点集中选择权重最大的邻居节点贪婪转发数据;如果待选邻居节点集为空,则从空洞邻居节点集中选择权重最大的空洞节点启动改进的周边转发机制,寻找可恢复贪婪转发模式的节点。与GPSR-NS协议和GPSR协议相比,GPSR-HND协议表现出了更好的性能,包括平均端到端时延和丢包率的改善,以及吞吐量的提高。

融合深度调整和自适应转发的水声网络机会路由

针对水声传感器网络路由过程中的空洞问题和数据传输中能效低下的问题,该文提出了融合深度调整和自适应转发的水声网络机会路由(OR-DAAF)。针对路由空洞,区别于传统绕路策略,OR-DAAF提出一种基于拓扑控制的空洞恢复模式算法—利用剩余能量对空洞节点分级,先后调整空洞节点到新的深度以克服路由空洞,恢复网络联通。针对数据传输中的能效低下问题,OR-DAAF提出了转发区域划分机制,通过转发区域的选择自适应转发面积以抑制冗余包,并提出基于加权推进距离,能量和链路质量的多跳多目标路由决策指标,综合考虑区域能量,链路质量和推进距离实现能效平衡。实验数据表明,相比DVOR协议,OR-DAAF的包投递率和生命周期分别提高10%和48.7%,端到端时延减少22%。

能耗均衡与节能的自适应水下路由协议

针对水下传感器网络中节点能耗不均衡和能量有限的问题,提出一种能耗均衡与节能的自适应水下路由协议ECBES(energy consumption balanced and energy saving adaptive underwater routing protocol)。构建双区非均匀分层拓扑。基于能耗均衡因子,利用拓扑和节点剩余能量计算节点转发优先级,实现自适应转发节点选择,均衡网络能耗。与此同时,通过候选转发区域各分区域中节点参与转发数据包的比例确定次优候选转发区域,将次优候选转发区域作为初始策略,利用策略迭代思想确定最优候选转发区域,保证投递率的同时减少不同网络规模中重复数据包的转发,降低网络的整体能耗。仿真结果表明,ECBES相比VBF、ES-VBF和ALRP,在不同节点数量下,节点死亡率均最低,在保证数据包投递率的同时,能耗最少。

智能矿山IoT边缘数据网关技术研究

随着工业4.0和工业互联网的发展,矿山行业也开始走向智能化,面对煤矿工业互联网接入终端复杂、通信协议多样、接入网络以及多源数据异构等现状,提出一种智能矿山IoT边缘数据网关技术。通过构建边缘网关管理架构,北向上行采用TCP、HTTP、WebSocket、MQTT等传输协议连接云平台,南向下行支持多种通信接口连接感知层设备,实现不同类型网络的协议转换以及各个系统多源异构数据的统一接入。该研究成果已应用于多个煤矿自动化相关设备数据采集与转发。

基于NTRIP绿植墒情测控站在山区生态绿化中的应用

针对某县城东西两山生态绿化区域进行的水利设施配套工程中,在种植的绿植区域进行作物的墒情监测中,具有分布地域广、环境制约性大等特点,这就对绿植种植的土壤特性、周围环境数据的监测以及日常打理造成很多的制约性,面对这样特殊环境下存在的问题,本文结合相关基础理论和实际经验,从实际出发,设计并开发了一款适用于山区生态绿化中的墒情测控站,墒情测控站是集新一代NTRIP通信协议、风光互补发电、智能编程和传感器技术于一体的信息采集器;由于山区可能存在动植物入侵的可能,针对这一问题系统还设计了远程监控数据转发的功能,山区的日常化管理依靠远程监控实现了无人值守。本产品在该项目中经过反复的技术验证,结果表明测控站完全可以胜任在山区生态绿化种植中的测控工作且其还可以在其他相关领域推广使用。

VBF水下传感器网络路由协议的路径优化与模拟

针对水下传感器网络节点的移动性,以基本VBF(Vector-Based Forwarding Protocol)路由协议为基础,提出了1种适用于水下移动传感器节点的路径优化算法。为了验证此路径优化算法的有效性,分别对基本VBF算法和改进的VBF算法进行了3个模拟实验;从数据包接收成功率和网络负载两方面分析比较了实验模拟结果。比较结果可以看出:文中提出的路径优化的VBF路由协议的数据包成功接收率要优于VBF路由协议,降低了网络负载,并且该优化算法实现简单,不需要增加额外的网络延迟时间。

一种适合水下无线传感器网络的能量有效路由协议

本文针对水下声信道高能耗和高延迟的特点,提出一种基于前向簇头与前向网关的无线路由协议(FFBR)。其思想是基于分簇结构,引入前向簇头和前向网关的概念,并在分簇初始化的过程中"捎带"选择前向簇头和前向网关,以形成朝向sink的方向性节能路由。它避免了路由建立的开销和时延,同时保证数据传输时网络能耗均衡,以减小水声高延迟、高能耗带来的不利影响。仿真结果表明,FFBR协议比DSR协议能更好地适应水声高延迟、高能耗通信环境,不但有较高的连通率,而且能节省网络能量,提高数据传输的及时性。

关于在交换局域网进行主动捕包的研究

对在交换型以太网络下的捕包方法进行研究 ,提出了利用底层协议伪装攻击结合IP转发技术来进行主动捕包的模型 。