Efficient and Secure Authenticated Quantum Dialogue Protocols over Collective-Noise Channels

Based on the deterministic secure quantum communication, we present a novel quantum dialogue protocol with- out information leakage over the collective noise channel. The logical qubits and four-qubit decoherence-free states are introduced for resisting against collective-dephasing noise, collective-rotation noise and all kinds of unitary collective noise, respectively. Compared with the existing similar protocols, the analyses on security and information-theoretical emciency show that the proposed protocol is more secure and emeient.

A Secure Short Message Communication Protocol

According to the security requirement of the short message service （SMS） industry application, a secure short message communication protocol is proposed. This is an application level protocol constructed on the standard SMS communication protocol using public key authentication and key agreement without the need of wireless public key infrastructure （WPKI）. Secure short message transmission and dynamic key agreement between mobile terminals and the accessing gateway axe realized. The security of the proposed protocol is validated through the BAN logic. Compared with the standard SMS protocol, the effective payload rate of our protocol can reach 91.4%, and subscriber identity module （SIM） tool kit （STK） applications based on our protocol suit well for all kinds of mobile terminals in practical application.

Model Checking Electronic CommerceSecurity Protocols Based on CTL

We present a model based on Computational Temporal Logic (CTL) methods forverifying security requirements of electronic commerce, protocols. The model describes formally theauthentication, confidentiality integrity, non-repudiation) denial of serviee and access control ofthe e-lectronic commerce protocols. We illustrate as case study a variant of the Lu-Smolka protocolproposed by Lu-Smolka Moreover, we have discovered two attacks that allow a dishonest user topurchase a good debiting the amountto another user. And also, we compared our work with relativeresearch works and found lhat the formal way of this paper is more general to specify securityprotocols for E-Commerce.

Comprehensive Analysis of Secure Data Aggregation Scheme for Industrial Wireless Sensor Network

As an Industrial Wireless Sensor Network(IWSN)is usually deployed in a harsh or unattended environment,the privacy security of data aggregation is facing more and more challenges.Currently,the data aggregation protocols mainly focus on improving the efficiency of data transmitting and aggregating,alternately,the aim at enhancing the security of data.The performances of the secure data aggregation protocols are the trade-off of several metrics,which involves the transmission/fusion,the energy efficiency and the security in Wireless Sensor Network(WSN).Unfortunately,there is no paper in systematic analysis about the performance of the secure data aggregation protocols whether in IWSN or in WSN.In consideration of IWSN,we firstly review the security requirements and techniques in WSN data aggregation in this paper.Then,we give a holistic overview of the classical secure data aggregation protocols,which are divided into three categories:hop-by-hop encrypted data aggregation,end-to-end encrypted data aggregation and unencrypted secure data aggregation.Along this way,combining with the characteristics of industrial applications,we analyze the pros and cons of the existing security schemes in each category qualitatively,and realize that the security and the energy efficiency are suitable for IWSN.Finally,we make the conclusion about the techniques and approach in these categories,and highlight the future research directions of privacy preserving data aggregation in IWSN.

Security Analysis of Broadcaster Group Key Exchange Protocols

Group key exchange protocols are basic protocols to provide privacy and integrity in secure group communication. This paper discusses the security of one type of group key exchange protocols and defines the kind of protocols as broadcaster group protocols. It points out two attacks on this kind of protocols. The first attack can be avoided by using fresh values in each action during one session of the group protocol. The second attack should be related with concrete application. It also proposes a dynamic key agreement protocol as an example of solutions at the last part of the paper.

Secure planar convex hull protocol for large-scaled point sets in semi-honest model

Efficiency and scalability are still the bottleneck for secure multi-party computation geometry （SMCG）. In this work a secure planar convex hull （SPCH） protocol for large-scaled point sets in semi-honest model has been proposed efficiently to solve the above problems. Firstly, a novel priva- cy-preserving point-inclusion （PPPI） protocol is designed based on the classic homomorphic encryp- tion and secure cross product protocol, and it is demonstrated that the complexity of PPPI protocol is independent of the vertex size of the input convex hull. And then on the basis of the novel PPPI pro- tocol, an effective SPCH protocol is presented. Analysis shows that this SPCH protocol has a good performance for large-scaled point sets compared with previous solutions. Moreover, analysis finds that the complexity of our SPCH protocol relies on the size of the points on the outermost layer of the input point sets only.

A survey of edge computing-based designs for IoT security

Pervasive IoT applications enable us to perceive,analyze,control,and optimize the traditional physical systems.Recently,security breaches in many IoT applications have indicated that IoT applications may put the physical systems at risk.Severe resource constraints and insufficient security design are two major causes of many security problems in IoT applications.As an extension of the cloud,the emerging edge computing with rich resources provides us a new venue to design and deploy novel security solutions for IoT applications.Although there are some research efforts in this area,edge-based security designs for IoT applications are still in its infancy.This paper aims to present a comprehensive survey of existing IoT security solutions at the edge layer as well as to inspire more edge-based IoT security designs.We first present an edge-centric IoT architecture.Then,we extensively review the edge-based IoT security research efforts in the context of security architecture designs,firewalls,intrusion detection systems,authentication and authorization protocols,and privacy-preserving mechanisms.Finally,we propose our insight into future research directions and open research issues.

Improved Security Detection Strategy for Quantum "Ping-Pong" Protocol and Its Security Analysis

In order to transmit the secure messages,a deterministic secure quantum direct communication protocol,called the "Ping-pong"protocol was proposed by Bostrm and Felbinger [Phys.Rev.Lett.89,187902(2002) ].But the protocol was proved to have many vulnerabilities,and can be attacked by eavesdroppers.To overcome the problem,an improved security detection strategy which inserts the | 0〉,| 1〉,|+〉and |-〉particles into the messages as the decoy particles randomly in the"Ping-pong"protocol is presented.During the security analysis,the method of the entropy theory is introduced,and three detection strategies are compared quantitatively by using the constraint between the information which eavesdroppers can obtain and the interference introduced.Because of the presence of the trap particles |+〉and |-〉,the detection rate will be no less than 25% when Eve attacks the communication.The security analysis result shows that the efficiency of eavesdropping detection in the presented protocol is higher than the other two,so the detection strategy in the protocol can ensure that the "Ping-pong"protocol is more secure.

Lightweight authentication protocol for e-health clouds in IoT-based applications through 5G technology

Modem information technology has been utilized progressively to store and distribute a large amount of healthcare data to reduce costs and improve medical facilities.In this context,the emergence of e-Health clouds offers novel opportunities,like easy and remote accessibility of medical data.However,this achievement produces plenty of new risks and challenges like how to provide integrity,security,and confidentiality to the highly susceptible e-Health data.Among these challenges,authentication is a major issue that ensures that the susceptible medical data in clouds is not available to illegal participants.The smart card,password and biometrics are three factors of authentication which fulfill the requirement of giving high security.Numerous three-factor ECC-based authentication protocols on e-Health clouds have been presented so far.However,most of the protocols have serious security flaws and produce high computation and communication overheads.Therefore,we introduce a novel protocol for the e-Health cloud,which thwarts some major attacks,such as user anonymity,offline password guessing,impersonation,and stolen smart card attacks.Moreover,we evaluate our protocol through formal security analysis using the Random Oracle Model(ROM).The analysis shows that our proposed protocol is more efficient than many existing protocols in terms of computation and communication costs.Thus,our proposed protocol is proved to be more efficient,robust and secure.

Towards the Idealization Procedure of BAN-Like Logics

We demonstrate the flaws of Mao's method, which is an augmentation ofprotocol idealization in BAN-like logics, and then offer some new idealization rules based on Mao'smethod. Furthermore, we give some theoretical analysis of our rules using the strand spaceformalism, and show the soundness of our idealization rules under strand spaces Some examples onusing the new rules to analyze security protocols are also concerned. Our idealization method ismore effective than Mao's method towards many protocol instances, and is supported by a formalmodel.

Trust management-based and energy efficient hierarchical routing protocol in wireless sensor networks

The single planar routing protocol has a slow convergence rate in the large-scale Wireless Sensor Network(WSN).Although the hierarchical routing protocol can effectively cope with large-scale application scenarios,how to elect a secure cluster head and balance the network load becomes an enormous challenge.In this paper,a Trust Management-based and Low Energy Adaptive Clustering Hierarchy protocol(LEACH-TM)is proposed.In LEACH-TM,by using the number of dynamic decision cluster head nodes,residual energy and density of neighbor nodes,the size of the cluster can be better constrained to improve energy efficiency,and avoid excessive energy consumption of a node.Simultaneously,the trust management scheme is introduced into LEACH-TM to defend against internal attacks.The simulation results show that,compared with LEACH-SWDN protocol and LEACH protocol,LEACH-TM outperforms in prolonging the network lifetime and balancing the energy consumption,and can effectively mitigate the influence of malicious nodes on cluster head selection,which can greatiy guarantee the security of the overall network.

Enhancement in Ad hoc on Demand Distance Vector (AODV) Routing Protocol Security

Ad-hoc networking has mainly been associated with military battlefield networks. Security has received considerably less attention and the issue needs to be addressed before any successful applications will appear. Due to the insecure nature of the wireless link and their dynamically changing topology, wireless ad-hoc networks require a careful and security-oriented approach for designing routing protocols. In this paper, an AODV-based secure routing protocol- ENAODV is presented. A speed-optimized digital signature algorithm is integrated into the routing protocol. The protocol algorithm is implemented with NS-2. The security of the protocol is analyzed. The simulating results show that the performances of ENAODV protocol, such as average node energy consumption, packet delay and packet delivery is nearly the same as standard AODV protocol.

An enhanced scheme for mutual authentication for healthcare services

With the advent of state-of-art technologies,the Telecare Medicine Information System(TMIS)now offers fast and convenient healthcare services to patients at their doorsteps.However,this architecture engenders new risks and challenges to patients'and the server's confidentiality,integrity and security.In order to avoid any resource abuse and malicious attack,employing an authentication scheme is widely considered as the most effective approach for the TMIS to verify the legitimacy of patients and the server.Therefore,several authentication protocols have been proposed to this end.Very recently,Chaudhry et al.identified that there are vulnerabilities of impersonation attacks in Islam et al.'s scheme.Therefore,they introduced an improved protocol to mitigate those security flaws.Later,Qiu et al.proved that these schemes are vulnerable to the man-in-the-middle,impersonation and offline password guessing attacks.Thus,they introduced an improved scheme based on the fuzzy verifier techniques,which overcome all the security flaws of Chaudhry et al.'s scheme.However,there are still some security flaws in Qiu et al.'s protocol.In this article,we prove that Qiu et al.'s protocol has an incorrect notion of perfect user anonymity and is vulnerable to user impersonation attacks.Therefore,we introduce an improved protocol for authentication,which reduces all the security flaws of Qiu et al.'s protocol.We also make a comparison of our protocol with related protocols,which shows that our introduced protocol is more secure and efficient than previous protocols.

Security and privacy threats in RFID traceability network

To address security and privacy issues in radio frequency identification (RFID) traceability networks, a multi-layer privacy and security framework is proposed, which includes four facets: a security model, a communication protocol, access permission and privacy preservation. According to the security requirements that are needed in an RFID system, a security model that incorporates security requirements that include privacy of tag data, privacy of ownership, and availability of tag identity is introduced. Using this model, a secure communication protocol that can be used for anti-counterfeiting, automatic identification and privacy preservation is then developed. In order to manage the number of parties, data records of items, and complicated transitions of access permissions in an item-level traceability context, a well-designed access control protocol is proposed to parties that can prove the physical possession of an item;meanwhile, to address the privacy issues during data sharing in an RFID network, a vision of database systems that take responsibility for the privacy of the data they manage is also presented.

Security analysis and improvement on resilient storage outsourcing schemes in mobile cloud computing

The resilient storage outsourcing schemes in mobile cloud computing are analyzed. It is pointed out that the sharing-based scheme （ShS） has vulnerabilities regarding confidentiality and integrity; meanwhile, the coding-based scheme （COS） and the encryption-based scheme （EnS） have vulnerabilities on integrity. The corresponding attacks on these vulnerabilities are given. Then, the improved protocols such as the secure sharing-based protocol （SShP）, the secure coding-based protocol （SCoP） and the secure encryption- based protocol （SEnP）, are proposed to overcome these vulnerabilities. The core elements are protected through public key encryptions and digital signatures. Security analyses show that the confidentiality and the integrity of the improved protocols are guaranteed. Meanwhile, the improved protocols can keep the frame of the former schemes and have higher security. The simulation results illustrate that compared with the existing protocols, the communication overhead of the improved protocols is not significantly increased.

The Security Analysis of Two-Step Quantum Direct Communication Protocol in Collective-Rotation Noise Channel

To analyze the security of two-step quantum direct communication protocol （QDCP） by using Einstein-Podolsky Rosen pair proposed by Deng et al. [Phys. Rev. A 68 （2003）042317] in collective-rotation noise channel, an excellent model of noise analysis is proposed. In the security analysis, the method of the entropy theory is introduced, and is compared with QDCP, an error rate point Qo（M ： （Q0, 1.0）） is given. In different noise levels, if Eve wants to obtain the same amount of information, the error rate Q is distinguishable. The larger the noise level ~ is, the larger the error rate Q is. When the noise level ~ is lower than 11%, the high error rate is 0.153 without eavesdropping. Lastly, the security of the proposed protocol is discussed. It turns out that the quantum channel will be safe when Q 〈 0.153. Similarly, if error rate Q〉 0.153 = Q0, eavesdropping information I 〉 1, which means that there exist eavesdroppers in the quantum channel, and the quantum channel will not be safe anymore.

Performance Evaluation of an Internet Protocol Security (IPSec) Based Multiprotocol Label Switching (MPLS) Virtual Private Network

This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in data networks has been increasing owing to the high cyber attacks and potential risks associated with networks spread over distant geographical locations. The MPLS networks ride on the public network backbone that is porous and highly susceptible to attacks and so the need for reliable security mechanisms to be part of the deployment plan. The evaluation criteria concentrated on Voice over Internet Protocol (VoIP) and Video conferencing with keen interest in jitter, end to end delivery and general data flow. This study used both structured questionnaire and observation methods. The structured questionnaire was administered to a group of 70 VPN users in a company. This provided the study with precise responses. The observation method was used in data simulations using OPNET Version 14.5 Simulation software. The results show that the IPSec features increase the size of data packets by approximately 9.98% translating into approximately 90.02% effectiveness. The tests showed that the performance metrics are all well within the recommended standards. The IPSec Based MPLS Virtual private network is more stable and secure than one without IPSec.

On ASGS framework:general requirements and an example of implementation

In the paper we propose a general, abstract framework for Automatic Secret Generation and Sharing (ASGS) that should be independent of underlying Secret Sharing Scheme (SSS). ASGS allows to prevent the Dealer from knowing the secret. The Basic Property Conjecture (BPC) forms the base of the framework. Due to the level of abstraction, results are portable into the realm of quantum computing. Two situations are discussed. First concerns simultaneous generation and sharing of the random, prior nonexistent secret. Such a secret remains unknown until it is reconstructed. Next, we propose the framework for automatic sharing of a known secret. In this case the Dealer does not know the secret and the secret Owner does not know the shares. We present opportunities for joining ASGS with other extended capabilities, with special emphasis on PVSS and pre-positioned secret sharing. Finally, we illustrate framework with practical implementation.

Robust Authentication and Session Key Agreement Protocol for Satellite Communications

Satellite networks are recognized as the most essential communication infrastructures in the world today,which complement land networks and provide valuable services for their users.Extensive coverage and service stability of these networks have increased their popularity.Since eavesdropping and active intrusion in satellite communications are much easier than in terrestrial networks,securing satellite communications is vital.So far,several protocols have been proposed for authentication and key exchange of satellite communications,but none of them fullymeet the security requirements.In this paper,we examine one of these protocols and identify its security vulnerabilities.Moreover,we propose a robust and secure authentication and session key agreement protocol using the elliptic curve cryptography(ECC).We show that the proposed protocol meets common security requirements and is resistant to known security attacks.Moreover,we prove that the proposed scheme satisfies the security features using the Automated Validation of Internet Security Protocols and Applications(AVISPA)formal verification tool and On-the fly Model-Checker(OFMC)and ATtack SEarcher(ATSE)model checkers.We have also proved the security of the session key exchange of our protocol using theReal orRandom(RoR)model.Finally,the comparison of our scheme with similar methods shows its superiority.

A Novel Formal Theory for Security Protocol Analysis of Denial of Service Based on Extended Strand Space Model

Denial of Service Distributed Denial of Service （DOS） attack, especially （DDoS） attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in the behaviors of the network and can not deal with the problem exactly. In this paper, we start from the security of the protocol, then we propose a novel theory for security protocol analysis of Denial of Service in order to deal with the DoS attack. We first introduce the conception of weighted graph to extend the strand space model, then we extend the penetrator model and define the goal of anti-DoS attack through the conception of the DoS-stop protocol, finally we propose two kinds of DoS test model and erect the novel formal theory for security protocol analysis of Denial of Service. Our new formal theory is applied in two example protocols. It is proved that the Internet key exchange （IKE） easily suffers from the DoS attacks, and the efficient DoS- resistant secure key exchange protocol （JFK） is resistant against DoS attack for the server, respectively.