Security of ping-pong protocol based on pairs of completely entangled qudits

Quantum secure direct communication protocols offer confidential transmission of classic information over quantum channel without prior key agreement. The ping-pong based protocols provide asymptotic security and detailed analysis of security level provided by each variant of the protocol is required. The paper presents a general method of calculation of the eavesdropped information as a function of the attack detection probability. The method is applied to the ping-pong protocol based on completely entangled pairs of qudits. The upper and lower bounds on the amount of the leaked information and eavesdropping detection probability are provided.     

Quantum key agreement with EPR pairs and single-particle measurements

In this paper, we present a QKA protocol with the block transmission of EPR pairs. There are several advantages in this protocol. First, this protocol can guarantee both the fairness and security of the shared key. Second, this protocol has a high qubit efficiency since there is no need to consume any quantum state except the ones used for establishing the shared key and detecting eavesdropping. In addition, this protocol uses EPR pairs as the quantum information carriers and further utilizes single-particle measurements as the main operations. Therefore, it is more feasible than the protocols that need to perform Bell measurements. Especially, we also introduce a method for sharing EPR pairs between two participants over collective-dephasing channel and collective-rotation channel, respectively. This method is meaningful since sharing EPR pairs between two participants is an important work in many quantum cryptographic protocols, especially in the protocols over non-ideal channels. By utilizing this method, the QKA protocols, which are based on EPR pairs, can be immune to these kinds of collective noise.     

多跳分布式无线网络环境下自适应获取冲突避免的多址接入协议

该文为多跳移动的分布式无线网络提出了一种新型的媒质接入控制（MAC）协议，即公共－发送信道式自适应获取冲突避免（AACA－CT）协议，在该协议中，每个节点预先监测记录周邻节点的信道使用情况，从而自适应地为自己选择发送信道，并且利用在公共信道上发送的RTS分组唤起收方使用各自的发送信道而实现无冲突的通信，它的主要思想在于资源预约可以简便地利用半双工无线电台以异步方式灵活，有效地在多个频段，多个跳频（FH）码或多个直接序列扩频（DSSS）码上实现，而且不依赖于功能强大的基站或中心控制器以及有线骨干网的帮助，性能分析和仿真结果表明，它能有效地克服隐藏终端和暴露终端问题，并且可以完全解决侵入终端问题。     

MANET中一种基于多信道的按需路由及其仿真

在移动自组织（Ad hoe）网络多信道环境下，现有路由协议不能充分利用多信道的特点。针对多信道Ad hoe网提出一种新路由协议，使节点对间能互不影响的并发传送数据。以提高网络容量。简单介绍了现有的按需距离矢量路由协议（AODV）及信道分配原理，对此路由协议进行微小修改，通过增加信道索引表项，动态交互信道信息等机制，提出一种多信道按需路由协议AODV—MC，并与现有的按需路由协议进行了相关的对比仿真实验。仿真结果说明。AODV—MC相对其他按需路由协议能更好的适应多信道环境，在网络开销增加极小的情况下。明显地减少了丢包率，提高了网络吞吐量。     

A New Token-Based Channel Access Protocol for Wavelength Division Multiplexed Multiprocessor Interconnects

This paper presents a new token-based channel access protocol for wavelength division multiplexed optically interconnected multiprocessors. Our empirical study of access protocols based on slotted time division multiplexed data and control channels reveals that such protocols typically suffer from excessive slot synchronization latency due to static slot preallocation. The proposed token-based time division multiple access protocol minimizes latency by allowing dynamic allocation of slots to use channels efficiently. Simulation results indicate that the proposed scheme can significantly increase the performance for protocols based on preallocation and also those based on preallocation-controlled reservation of multiple channels.     

Secure group communication using robust contributory key agreement

Contributory group key agreement protocols generate group keys based on contributions of all group members. Particularly appropriate for relatively small collaborative peer groups, these protocols are resilient to many types of attacks. Unlike most group key distribution protocols, contributory group key agreement protocols offer strong security properties such as key independence and perfect forward secrecy. We present the first robust contributory key agreement protocol resilient to any sequence of group changes. The protocol, based on the Group Diffie-Hellman contributory key agreement, uses the services of a group communication system supporting virtual synchrony semantics. We prove that it provides both virtual synchrony and the security properties of Group Diffie-Hellman, in the presence of any sequence of (potentially cascading) node failures, recoveries, network partitions, and heals. We implemented a secure group communication service, Secure Spread, based on our robust key agreement protocol and Spread group communication system. To illustrate its practicality, we compare the costs of establishing a secure group with the proposed protocol and a protocol based on centralized group key management, adapted to offer equivalent security properties.     

An efficient client–client password-based authentication scheme with provable security

Recently, Tso proposed a three-party password-based authenticated key exchange (3PAKE) protocol. This protocol allows two clients to authenticate each other and establish a secure session key through a server over an insecure channel. The main security goals of such protocols are authentication and privacy. However, we show that Tso’s protocol achieves neither authentication goal nor privacy goal. In this paper, we indicate that the privacy and authentication goals of Tso’s protocol will be broken by off-line password guessing attack and impersonation attack, respectively. To overcome the weaknesses, we propose an improved 3PAKE protocol to achieve more security and performance than related protocols. The security of the proposed improved protocol is proved in random oracle model.     

Full-duplex routing with low-complexity sequential-decision for throughput enhancement in dynamic access networks

Integrating the Full-Duplex (FD) communication technology in multi-hop Cognitive Radio Networks (CRNs) can significantly enhance routing decisions such that overall network performance is improved. Unfortunately, when employing the FD technology in multi-hop routing, the channel assignment becomes very challenging due to the possible simultaneous transmissions/reception. Hence, careful low-complexity channel assignment over the various hops along a path is needed to avoid hop-to-hop interference and enhance network performance. In this paper, we propose a low-complexity sequential-decision routing protocol, referred to as Sequential FD (SFD)-aware protocol. The SFD protocol identifies a set of possible routes between any source–destination communicating pair. For each discovered route, SFD successively assigns channels for each hop along the router such that the maximum route capacity is achieved. Then, SFD selects the routes with the highest capacity. Unlike most of existing FD-CRN channel assignment/routing protocols, which require optimization procedures with NP-hard time complexity with the number of channels and hops, the time-complexity of the proposed SFD protocol is polynomial. Compared to the optimal FD-aware routing (obtained using the brute-force search method) and maximum per-hop rate FD-unaware routing protocols, the simulation results confirm the effectiveness of our proposed protocol and its superiority over the existing FD-unaware baseline routing protocol in terms of the end-to-end network throughput. The results also confirm that the SFD protocol provides solutions within 5% of the optimal ones.     

Analysis of Practical Backoff Protocols for Contention Resolution with Multiple Servers

Backoff protocols are probably the most widely used protocols for contention resolution in multiple access channels. In this paper, we analyze the stochastic behavior of backoff protocols for contention resolution among a set of clients and servers. each server being a multiple access channel that deals with contention like an ethernet channel. We use the standard model in which each client generates requests for a given server according to a Bernoulli distribution with a specified mean. Theclient–server request rateof a system is the maximum over all client–server pairs (i, j) of the sum of all request rates associated with either clientior serverj. (Having a subunit client–server request rate is a necessary condition for stability for single-server systems.) Our main result is that any superlinear polynomial backoff protocol is stable for any multiple-server system with a subunit client–server request rate. Our result is the first proof of stability for any backoff protocol for contention resolution with multiple servers. (The multiple-server problem does not reduce to the single-server problem, because each client can only send a single message at any step.) Our result is also the first proof thatanyweakly acknowledgment based protocol is stable for contention resolution with multiple servers and such high request rates. Two special cases of our result are of interest. Hastad, Leighton, and Rogoff have shown that for a single-server system with a subunit client–server request rate anymodifiedsuperlinear polynomial backoff protocol is stable. These modified backoff protocols are similar to standard backoff protocols but require more random bits to implement. The special case of our result in which there is only one server extends the result of Hastad, Leighton, and Rogoff to standard (practical) backoff protocols. Finally, our result applies to dynamic routing in optical networks. Specifically, a special case of our result demonstrates that superlinear polynomial backoff protocols are stable for dynamic routing in optical networks.     

一种用于多跳分布式无线网络的多址接入协议及其性能分析

为多跳分布式无线网络提出了一套灵活而有效的自适应获取冲突避免(AACA)的多址接入协议．它综合了多信道和随机附带预约的思想，有效地解决了多跳网络环境下出现的隐藏终端和暴露终端问题以及由于节点的移动而造成的侵入终端问题．在该协议中，各节点自适应预约所要使用的空闲业务信道，预约之后的通信过程不会受到其它节点的干扰．AACA协议有三种形式，即AACA-SDT／MDT／RDT协议，它们使用任意确定数目的信道，在总带宽相同的情况下表现出比单信道RTS／CTS协议更好的网络性能．     

Countering jamming attacks against an authentication and key agreement protocol for mobile satellite communications

The radio-based medium of satellite communication systems is vulnerable to interference on physical channels: unintentional interferences occur frequently and jamming attacks can be achieved using low-grade technology. While application layer security protocols cannot defend against denial of service (DoS) attacks where the attacker jams continuously, effective security protocols ensure that communication can continue after such interference has stopped.This paper analyses an authentication and key agreement protocol for satellite communications. The presented analysis reveals that the protocol is susceptible to a new DoS attack, where attackers jam a single message to achieve a permanent DoS condition. A new authentication and key agreement protocol is proposed that additionally addresses the scenario where messages send over the mobile satellite channel may not reach their intended recipient due to accidental or malicious interference. Analysis of the new protocol demonstrates that it is effective in countering the disruptive effects of jamming.     

Strongly secure identity-based authenticated key agreement protocols

In this paper, we present a strongly secure identity-based (ID-based) two-party authenticated key agreement (AKA) protocol, which captures all basic desirable security properties including master key forward secrecy, ephemeral secrets reveal resistance and so on, and is provably secure in the extended Canetti-Krawczyk (eCK) model. The security of the protocol can be reduced to the standard Computational Bilinear Diffie-Hellman assumption in the random oracle model. Our scheme is secure as long as each party has at least one uncompromised secret. Also, we give a strongly secure variant of the protocol. The variant has a much lower computational overhead than the original scheme, while its security relies on the Gap Bilinear Diffie-Hellman assumption. Currently, there are few ID-based AKA protocols that are provably secure in the strong eCK model. Compared with previous ID-based AKA schemes, our protocols have advantages over them in security or efficiency.     

An optimal cluster based security and resilience of smart home environments using hybrid soft computing techniques

Smart home is the main part of smart intelligent system here the remote users share the sensitive information through an insecure medium to access such smart devices, which becomes security issues. The recent user authentication protocols have used to solve those problems and provide secure communication. Consumer traffic increase the risk of illegal user as legal user and radio channels are extra vulnerable to listeners. For further security enhancement, we proposed an optimal cluster based remote user authentication (OCRUA) protocol for smart home environment using hybrid soft computing techniques. The first contribution of proposed protocol is to introduce squirrel induced butterfly optimization (SBO) algorithm for cluster formation, which groups the smart devices. Then, we compute the cluster head (CH) using the teacher learning based deep neural network (TL-DNN) based on multiple design constraints. The second contribution is to illustrate remote user authentication using optimal elliptic curve cryptography (OECC) which encrypts the sensitive information before forward to gateway. At long last, the concert of planned OCRUA protocol evaluates use different replication scenarios and shows the effectiveness over the existing state-of-art protocols.     

Modeling Electronic Payment Systems Based on Dynamic Game

A dynamic game-based model of electronic payment systems is proposed, which is used to analyze formally security property of electronic payment protocols. Compared with previous work, the main contributiono are as follows. Firstly, using strategic games to model channels in three kinds of qualities and participants of dishonest behaviors makes it able to analyze cooperative and adversarial behaviors. Secondly, modeling process and channel failures helps to analyze security properties of a protocol in failed environment.     

Invariant-based reasoning about parameterized security protocols

We explore the applicability of the programming method of Feijen and van Gasteren to the domain of security protocols. This method addresses the derivation of concurrent programs from a formal specification, and it is based on common notions like invariants and pre- and post-conditions. We show that fundamental security concepts like secrecy and authentication can nicely be specified in this way. Using some small extensions, the style of formal reasoning from this method can be applied to the security domain. To demonstrate our approach, we discuss an authentication protocol and a public-key distribution protocol, and we deal with their composition. By focussing on a general setting where agents run the protocols multiple times, the nonce concept turns out to pop-up naturally. Although this work does not contain any new protocols, it does offer a new view on reasoning about security protocols.     

How to Effectively Use Multiple Channels in Wireless Mesh Networks

Operating on a frequency band occupying several nonoverlapping channels, IEEE 802.11 is now widely used in wireless mesh networks (WMNs). Many multichannel MAC protocols are proposed to improve the spatial reuse in the network under the assumption that the transmissions on nonoverlapping channels do not interfere with each other. Some joint routing and channel assignment algorithms are also designed to increase the network throughput based on the premise that we can switch between different channels freely. Although simulations show that great improvements on network throughput can be observed in both cases, two fundamental questions remain: 1) Can we really use multiple nonoverlapping channels freely in WMNs? 2) If we can, what will be the cost when we switch channels dynamically and frequently? In this paper, by conducting extensive experiments on our testbed, we attempt to answer these questions. We find that in spite of interference between both overlapping and nonoverlapping channels, we can still use multiple channels in mesh networks under certain conditions but with care. We also show that the channel switching cost is actually very significant in WMNs. We recommend not to switch the channels too frequently when designing the channel assignment algorithms, and those channel assignment algorithms selecting one channel for each packet are not really beneficial.     

安全协议的规范化设计

提出运用组合方法进行安全协议设计。给出了协议中基件与组件的定义,根据组件的安全属性设计实现相应安全目标的单步协议;定义组合规则,确保不同的单步协议能够组合成为一个复合协议,同时各个单步协议还能实现各自的安全目标。根据具体的应用背景选择合适的单步协议,按照组合规则组合后可得到满足需求的安全协议。该组合方法可将一个复合协议分解为若干基于组件的简单单步协议,使得协议的设计与分析易于实现。     

A novel channel-adaptive uplink access control protocol for nomadic computing

We consider the uplink access control problem in a mobile nomadic computing system, which is based on a cellular phone network in that a user can use the mobile device to transmit voice or file data. This resource management problem is important because an efficient solution to uplink access control is critical for supporting a large user population with a reasonable level of quality of service (QoS). While there are a number of recently proposed protocols for uplink access control, these protocols possess a common drawback in that they do not adapt well to the burst error properties, which are inevitable in using wireless communication channels. We propose a novel TDMA-based uplink access protocol, which employs a channel state dependent allocation strategy. Our protocol is motivated by two observations: (1) when channel state is bad, the throughput is low due to the large amount of FEC (forward error correction) or excessive ARQ (automatic repeated request) that is needed and (2) because of item 1, much of the mobile device's energy is wasted. The proposed protocol works closely with the underlying physical layer in that, through observing the channel state information (CSI) of each mobile device, the MAC protocol first segregates a set of users with good CSI from requests gathered in the request contention phase of an uplink frame. The protocol then judiciously allocates channel bandwidth to contending users based on their channel conditions. Simulation results indicate that the proposed protocol considerably outperforms five state-of-the-art protocols in terms of packet loss, delay, and throughput.     

一种新的拓扑无关的按需分配多信道自组网MAC协议

本文针对节点具有多个可用信通的自组网,提出了一种与拓扑无关的多信道MAC接入协议,协议采用按需预约的方式进行动态的信道分配,通过携带在信道预约消息中的节点邻居状态信息实现节点信道状态的更新。该协议所需信道数与网络的拓扑和度无关,克服了拓朴相关的多信道MAC协议不适用于节点密集的应用场合的问题。在协议开销增加很小的情况下,每个节点只需要一部半双工收发信机就能够实现在多个信道上高效的数据收发,不需要节点间的时钟同步,极大地降低了对网络节点设备的硬件要求,具有良好的应用前景。仿真结果表明,协议在网络总吞吐量、端到端时延等方面具有优良的性能。