适用于无线体域网的动态口令认证协议

无线体域网中传输的是与生命高度相关的敏感数据，身份认证是信息安全保护的第一道防线。现有的基于人体生物信息的身份认证方案存在信息难提取、偶然性大和误差性大的问题，基于传统密码学的认证方案需较大计算资源和能量消耗，并不适用于无线体域网环境。为此，在动态口令和非对称加密机制基础上，提出一种适用于无线体域网的动态口令双向认证轻量协议，并对其进行形式化分析。通过理论证明、SVO逻辑推理及SPIN模型检测得出：该协议满足双向认证，且能够抵御重放攻击、伪装攻击、拒绝服务器攻击和口令离线攻击，具有较高安全性。     

Secure lightweight password authenticated key exchange for heterogeneous wireless sensor networks

Several three-party password authenticated key exchange (3-PAKE) protocols have recently been proposed for heterogeneous wireless sensor networks (HWSN). These are efficient and designed to address security concerns in ad-hoc sensor network applications for a global Internet of Things framework, where a user may request access to sensitive information collected by resource-constrained sensors in clusters managed by gateway nodes. In this paper we first analyze three recently proposed 3-PAKE protocols and discuss their vulnerabilities. Then, based on Radio Frequency Identification technologies we propose a novel 3-PAKE protocol for HWSN applications, with two extensions for additional security features, that is provably secure, efficient and flexible.     

基于口令的三方密钥交换协议的分析与研究

针对计算机中较短易记的口令容易受到"口令猜测"攻击的问题,提出一种基于口令的三方密钥交换协议。在分析了已有的三方密钥交换协议不足的基础上,进一步完善DML-3PAKE协议,并从协议效率和安全性2方面进行分析。分析结果表明:新协议虽然在执行效率方面增加了计算开销,但在防御在线字典攻击、离线字典攻击、中间人攻击等方面与之前协议相比更为安全。     

Lightweight authenticated encryption for embedded on-chip systems

ABSTRACT

Embedded systems are routinely deployed in critical infrastructures nowadays, therefore their security is increasingly important. This, combined with the pressing requirement of deploying massive numbers of low-cost and low-energy embedded devices, stimulates the evolution of lightweight cryptography and other green-computing security mechanisms. New crypto-primitives are being proposed that offer moderate security and produce compact implementations. In this article, we present a lightweight authenticated encryption scheme based on the integrated hardware implementation of the lightweight block cipher PRESENT and the lightweight hash function SPONGENT. The presented combination of a cipher and a hash function is appropriate for implementing authenticated encryption schemes that are commonly utilized in one-way and mutual authentication protocols. We exploit their inner structure to discover hardware elements usable by both primitives, thus reducing the circuit’s size. The integrated versions demonstrate a 27% reduction in hardware area compared to the simple combination of the two primitives. The resulting solution is ported on a field-programmable gate array (FPGA) and a complete security application with input/output from a universal asynchronous receiver/transmitter (UART) gate is created. In comparison with similar implementations in hardware and software, the proposed scheme represents a better overall status.     

The offset codebook (OCB) block cipher mode of operation for authenticated encryption

This article presents an overview of the concepts of and motivation for the OCB block cipher mode of operation. OCB is well suited for IoT, wireless, and other constrained devices where processing time and energy consumption are design issues. The article describes two versions of the OCB algorithm (OCB1 and OCB3) that have been widely accepted.     

PG-RNN:一种基于递归神经网络的密码猜测模型

用户名—密码（口令）是目前最流行的用户身份认证方式，鉴于获取真实的大规模密码明文非常困难，利用密码猜测技术来生成大规模密码集，可以评估密码猜测算法效率、检测现有用户密码保护机制的缺陷等，是研究密码安全性的主要方法。本文提出了一种基于递归神经网络的密码猜测概率模型（password guessing RNN， PG-RNN），区别于传统的基于人为设计规则的密码生成方法，递归神经网络能够自动地学习到密码集本身的分布特征和字符规律。因此，在泄露的真实用户密码集上训练后的递归神经网络，能够生成非常接近训练集真实数据的密码，避免了人为设定规则来破译密码的局限性。实验结果表明，PG-RNN生成的密码在结构字符类型、密码长度分布上比Markov模型更好地接近原始训练数据的分布特征，同时在真实密码匹配度上，本文提出的PG-RNN模型比目前较好的基于生成对抗网络的PassGAN模型提高了1.2%。     

PUF‐based solutions for secure communications in Advanced Metering Infrastructure (AMI)

Advanced metering infrastructure (AMI) provides 2‐way communications between the utility and the smart meters. Developing authenticated key exchange (AKE) and broadcast authentication (BA) protocols is essential to provide secure communications in AMI. The security of all existing cryptographic protocols is based on the assumption that secret information is stored in the nonvolatile memories. In the AMI, the attackers can obtain some or all of the stored secret information from memories by a great variety of inexpensive and fast side‐channel attacks. Thus, all existing AKE and BA protocols are no longer secure. In this paper, we investigate how to develop secure AKE and BA protocols in the presence of memory attacks. As a solution, we propose to embed a physical unclonable function (PUF) in each party, which generates the secret values as required without the need to store them. By combining PUFs and 2 well‐known and secure protocols, we propose PUF‐based AKE and BA protocols. We show that our proposed protocols are memory leakage resilient. In addition, we prove their security in the standard model. Performance analysis of both protocols shows their efficiency for AMI applications. The proposed protocols can be easily implemented.     

基于五维混沌系统的信号加密研究

随着计算机技术、信息技术和通讯技术等高科技技术在近年来的迅猛发展,信息加密越来越受到人们的重视。提出了基于五维混沌系统用来实现通信加密的方法,该方法利用五维混沌源信号,对原始方波信号实现掩盖加密,利用迭代次数和混沌信号的加减手段设置密码,为信息加密提供了一种新方法。     

双油路汽车防盗控制器的研究

设计了一种双出油口汽车发动机油路控制阀:出油口1实现对油路的开关控制,阀芯锁定机构可以避免防盗器控制系统掉电造成发动机熄火后重新启动时再次输入密码的麻烦;出油口2实现对发动机进油量的伺服控制,以便于实现对车辆的定速巡航控制。利用单片机设计了基于密码控制的油路控制阀驱动系统,只有在输入正确的密码后,才能打开汽车发动机进油油路上的控制阀,确保油泵与汽车发动机之间的油路畅通,从而实现汽车的防盗。油路控制阀及其驱动系统构成了汽车防盗控制器控制器该还设计有报警模块,当连续输入错误密码超过一定次数后,系统将自动启动报警系统。在分析经出油口2流入发动机的燃油流量-电机转角模型后,开发了智能控制程序,利用系统检测的速度传感器信号实现对发动机进油量的伺服控制。最后对油路控制阀的控制系统进行仿真试验研究,结果表明该密码控制系统能很好地实现设计的功能,具有很好的防盗作用。     

Efficient three‐party password‐based key exchange scheme

In three‐party password‐based key exchange protocol, a client is allowed to share a human‐memorable password with a trusted server such that two clients can negotiate a session key to communicate with each other secretly. Recently, many three‐party password‐based key exchange protocols have been developed. However, these proposed schemes cannot simultaneously achieve security and efficiency. Based on elliptic curve cryptography (ECC), this paper will propose a new simple three‐party password‐based authenticated key exchange scheme. The proposed method not only reduces computation cost for remote users and a trusted server but also is more efficient than previously proposed schemes. It is better suited for resource constrained devices, such as smart cards or mobile units. Copyright © 2010 John Wiley & Sons, Ltd.