多源网络编码签名

网络编码可以提高系统的吞吐量,增强系统的健壮性,节省无线网络资源。然而,基于网络编码的系统非常容易遭受污染攻击。已存在的应对污染攻击的方案主要是使用同态签名,并且这些方案几乎都是针对单源网络编码系统的。在本文中,我们提出了一个新的适用于多源网络编码的应对污染攻击的签名方案。该方案使用了环签名和同态哈希函数,每个源节点为它发送的每条消息都生成一个环签名。来自不同源的消息可以在中间结点进行组合。转发者不需要知道源结点的私钥就可以为输出的编码消息生成环签名。验证者无需解码就可以检测出污染消息。该方案是为多源网络编码特别设计的,与文件和分组大小无关。     

An efficient privacy-preserving scheme for secure network coding based on compressed sensing

Network coding (NC) provides an elegant solution for improving capacity and robustness in computer networks. Different to traditional “store-and-forward” transmission paradigm, each intermediate node linearly combines received data packets, and the original files can be decoded at the sink nodes in NC settings. This brand-new paradigm is vulnerable to pollution attack, which means that some malicious nodes inject fake data packets into the network and this will lead to incorrect decoding. There are some information-theoretical solutions and cryptographic solutions for solving this security issue, and most existing schemes can thwart data pollution attacks. However, the privacy of the original files are vital to some application environments (e.g. military network). To the best of our knowledge, there is not a secure scheme which can thwart pollution attack and can protect the privacy of transmitted data simultaneously. In this paper, we present an efficient privacy-preserving scheme for secure network coding based on compressed sensing (CS), which has attracted considerable research interest in the signal processing community. Specifically, we embed CS into the general NC framework, i.e., the source node needs to compress each original data packet using the sensing matrix before creating the augmented vector and the sink nodes require to perform an additional CS reconstruction algorithm for reconstructing the original file. In addition, we construct a simple key distribution protocol and each intermediate node just needs two secret keys for verifying the integrity of received data packets. Such novel hybrid construction enables the privacy-preserving guarantee, and the performance comparison shows the high-efficiency of our scheme in terms of the computational complexity and communication overhead.     

A Chaotic System Based Image Encryption Scheme with Identical Encryption and Decryption Algorithm

A new symmetric key image encryption scheme based on hyper-chaotic Lorenz system is proposed.The encryption process and the decryption process are identical in the proposed scheme.They both include two diffusion operations,one plaintext-related scrambling operation and three matrix rotating 180 degrees operations.The hyper-chaotic Lorenz system is employed to generate the secret code streams to encrypt the plain image,and to implement the diffusion process with XOR operation.The plaintext-related scrambling is used in this scheme to make different plain images correspond to different secret code streams even when the secret keys are the same,so that the scheme can fight against the chosen/known plaintext attacks.Simulation results show that the proposed scheme has the merits of high encryption speed,large key space,strong key sensitivity,strong plaintext sensitivity,good statistical properties of cipher-text,and etc.,and can be used in practical communications.     

融合时间戳和同态签名的安全网络编码方法

针对无线多跳网络编码的安全性问题,提出了一种融合时间戳和同态签名的安全网络编码方法。在利用基于RSA的同态签名方案抵御污染攻击的基础上,引入时间戳设计新型同态签名方案来抵御网络中的重放攻击,以时间戳为源生成网络编码的随机系数来保证签名的同态性。重点分析了本方案产生随机系数的方式对网络编码解码概率的影响,并建立了攻击模型证明方案可同时抵御网络中的污染攻击和重放攻击。性能分析表明本方案与基于RSA的同态签名方案开销比值接近于1。     

体域网中一种基于无线信道特征的密钥生成方法研究

无线体域网是以人体为中心的无线网络,受其有限的资源和计算能力的约束,如何保证无线体域网通信节点间共享密钥是当前面临的一大挑战。提出了一种基于超宽带无线体域网信道特征的密钥生成机制,利用超宽带信道多径相对时延与平均时延的差值量化生成密钥,降低了密钥不匹配率,同时引入辅助节点,提高了密钥生成速率。仿真结果表明,该机制能够在兼顾密钥一致性的前提下,获得较高的密钥生成速率并保证密钥的安全性。     

Efficient Key Management Protocol for Secure RTMP Video Streaming toward Trusted Quantum Network

This paper presents an achievable secure videoconferencing system based on quantum key encryption in which key management can be directly applied and embedded in a server/client videoconferencing model using, for example, OpenMeeting. A secure key management methodology is proposed to ensure both a trusted quantum network and a secure videoconferencing system. The proposed methodology presents architecture on how to share secret keys between key management servers and distant parties in a secure domain without transmitting any secrets over insecure channels. The advantages of the proposed secure key management methodology overcome the limitations of quantum point‐to‐point key sharing by simultaneously distributing keys to multiple users; thus, it makes quantum cryptography a more practical and secure solution. The time required for the encryption and decryption may cause a few seconds delay in video transmission, but this proposed method protects against adversary attacks.     

一种含有安全可信任中心的量子秘密共享方案

量子秘密共享（Quantum secret sharing , QSS）可以在不完全信任的通信双方间传递密钥,是量子密码的一个重要分支。本文提出一种含有安全可信任中心的QSS方案。其中,中心能够产生并提供量子态,也能够测量并提取量子态信息。通信用户（Alice、Bob和Charlie）不拥有量子比特产生器和测量器,只需通过幺正操作和交换操作实现密钥传输和窃听防范;同时,Bob和Charlie必须合作才能获得正确的密钥。理论分析表明该方案可有效地抵御截取重发攻击、纠缠测量攻击和关联提取攻击等常见攻击策略;由于方案减少了量子比特产生器和测量器的数量,降低了量子通信的费用。这将为量子秘密共享实用化提供一种可参考的方法。     

双向中继稀疏多径信道密钥生成与分发

本文利用时分系统无线多径信道的互易性,提取信道相位信息作为密钥,实现双向中继信道的密钥生成与分发。由于信道的稀疏多径特性,采用基于压缩感知的重构算法对信道状态信息进行估计。端节点采用正交导频设计,将双向中继信道分解为两个点对点的信道;而中继采用物理层网络编码的思想,广播导频和密钥比特的异或。这样,仅用2个时隙就实现了密钥生成与分发,还保证了密钥的安全,且无需预先进行密钥的分配。仿真结果表明,本文所提方案可以有效的实现双向中继信道的密钥生成与分发,保证了物理层的安全通信。      

HIKES: Hierarchical key establishment scheme for wireless sensor networks

This paper presents a hierarchical key establishment scheme called HIKES. The base station in this scheme, acting as the central trust authority, empowers randomly selected sensors to act as local trust authorities authenticating, on its behalf, the cluster members and issuing private keys. HIKES uses a partial key escrow scheme that enables any sensor node selected as a cluster head to generate all the cryptographic keys needed to authenticate other sensors within its cluster. This scheme localizes secret key issuance and reduces the communication cost with the base station. HIKES provides an efficient broadcast authentication in which source authentication is achieved in a single transmission and a good defense for the routing mechanism. HIKES defends the routing mechanism against most known attacks and is robust against node compromise. HIKES also provides high addressing flexibility and network connectivity to all sensors in the network, allowing sensor addition and deletion. Simulation results have shown that HIKES provides an energy‐efficient and scalable solution to the key management problem. Copyright © 2012 John Wiley & Sons, Ltd.     

Homomorphic signature schemes for single-source and multi-source network coding

To solve the problems of pollution attacks of single-source and multi-source network coding,two homomorphic signature schemes for network coding were proposed.In homomorphic signature for single-source network,the message hash value was signed on the elliptic curve,then the message,hash value and the signature of hash value were output,and the receiving node could verify the signature,the elliptic curve signature based on homomorphism could resist intra/inter-generation pollution attacks.Homomorphic signature from pairings for multi-source network coding could resist pollution attacks,and the introduction of timestamp made it be capable to resist replay attacks.In the random oracle model,it proves that two schemes are all secure under the selective attacks.Analysis shows that two schemes can effectively improve the verification efficiency.     

Efficient identity-based security schemes for ad hoc network routing protocols

Wireless ad hoc networks consist of nodes with no central administration and rely on the participating nodes to share network responsibilities. Such networks are more vulnerable to security attacks than conventional wireless networks. We propose two efficient security schemes for these networks that use pairwise symmetric keys computed non-interactively by the nodes which reduces communication overhead. We allow nodes to generate their broadcast keys for different groups and propose a collision-free method for computing such keys. We use identity-based keys that do not require certificates which simplifies key management. Our key escrow free scheme also uses identity-based keys but eliminates inherent key escrow in identity-based keys. Our system requires a minimum number of keys to be generated by the third party as compared to conventional pairwise schemes. We also propose an authenticated broadcast scheme based on symmetric keys and a corresponding signature scheme.     

现代密码算法研究

密码技术是信息安全的核心技术。密码技术主要包括对称密码算法和非对称密码算法及协议。对称加密算法加密密钥和解密密钥相互推导容易,加/解密速度非常快,适用于大批量数据加密的场合。非对称密钥密码体制从私有密钥推导公开密钥是计算不可行的,虽然公钥加密算法在运行速度方面无法和对称加密算法媲美,但很好地解决了对称密码学面临的密钥的分发与管理问题,同时对于数字签名问题也给出了完美的解答。     

Compromise‐Resistant Pairwise Key Establishments for Mobile Ad hoc Networks

This letter presents a pairwise key establishment scheme that is robust against the compromise of nodes in mobile ad hoc networks. Each node establishes local keys with its neighbor nodes that are at most three hops away at network boot‐up time. When any two nodes establish a pairwise key, they receive the secret information from the nodes on the route between them, and construct the pairwise key using the secret information. Here, the local keys are utilized by the nodes on the route to send the secret information securely. The simulation results have proven that the proposed scheme provides better security than the key pre‐distribution‐based scheme.     

A Hybrid Key Predistribution Scheme for Sensor Networks Employing Spatial Retreats to Cope with Jamming Attacks

In order to provide security services in wireless sensor networks, a well-known task is to provide cryptographic keys to sensor nodes prior to deployment. It is difficult to assign secret keys for all pairs of sensor node when the number of nodes is large due to the large numbers of keys required and limited memory resources of sensor nodes. One possible solution is to randomly assign a few keys to sensor nodes and have nodes be able to connect to each other with some probability. This scheme has limitations in terms of the tradeoffs between connectivity and memory requirements. Recently, sensor deployment knowledge has been used to improve the level of connectivity while using lesser amounts of memory space. However, deployment based key predistribution schemes may cause a large number of nodes to be cryptographically isolated if nodes move after key pre-distribution. Mobility may be necessitated for reasons depending on applications or scenarios. In this paper, we consider mobility due to spatial retreat of nodes under jamming attacks as an example. Jamming attacks are easy and efficient means for disruption of the connectivity of sensors and thus the operation of a sensor network. One solution for mobile sensor nodes to overcome the impact of jamming is to perform spatial retreats by moving nodes away from jammed regions. Moved nodes may not be able to reconnect to the network because they do not have any shared secret with new neighbors at new locations if strict deployment knowledge based key predistribution is employed. In this paper, we propose a hybrid key predistribution scheme that supports spatial retreat strategies to cope with jamming attacks. Our scheme combines the properties of random and deployment knowledge based key predistribution schemes. In the presence of jamming attacks, our scheme provides high key connectivity (similar to deployment knowledge based schemes) while reducing the number of isolated nodes. We evaluate the performance of our scheme through simulations and analysis.     

Authentication scheme for multi-cloud environment based on smart card

To solve the problem of the access keys stored in a smart card increasing linearly with the number of registered clouds without third party participated in authentication,an authentication scheme was proposed for multi-cloud environment based on smart card.In the proposed scheme,the authentication was realized between user and multiple clouds without third party participation when the smart card only stored two access key.Thus the storage cost of smart card was reduced effectively.Because there was no public key cryptography,the authentication messages was generated by using XOR homomorphic function and Hash function,thus the computational cost of the smart card and the cloud servers was reduced effectively.Moreover,the proposed scheme also didn’t need to store any user’s information on the cloud servers,thereby reducing the storage and management costs of the cloud servers.The security analysis and the performance analysis show that the proposed scheme is able to resist multiple attacks,which is secure and efficient.     

Secret Error Control Codes Against Malicious Attacks in Random Multisource Network Coding

This paper investigates the problem of constructing a secret error-correcting multisource network coding scheme against an adversary that can re-select the μ tapping links in different time slice and inject z erroneous packets into network, and the network suffers from ρ packet erasures. In our network scenario, multiple sources transmit information to one or more receivers and these receivers request the information from all the sources. Firstly, a necessary condition is derived for keeping the transmitted information from multisource nodes are secret from the eavesdropper, while the network is only subject to the eavesdropping attack. Subsequently, we provide two multisource network coding schemes for error and erasure correction which can decode the transmitted information correctly. After that, a secret and reliable multisource network coding is proposed. This scheme can retrieve the original information secretly and accurately from the corrupt and deficient information. Meanwhile, it can obtain an asymptotic achievable rate of k ? 2z ? ρ ? 3μ. Moreover, the intermediate nodes are oblivious to the concrete encoding and decoding algorithms implement in source and destination nodes. Finally, security and performance analyses illustrate the advantages of our proposed scheme.     

A Forward-Secure Public-Key Encryption Scheme

Cryptographic computations are often carried out on insecure devices for which the threat of key exposure represents a serious concern. Forward security allows one to mitigate the damage caused by exposure of secret keys. In a forward-secure scheme, secret keys are updated at regular periods of time; exposure of the secret key corresponding to a given time period does not enable an adversary to "break" the scheme (in the appropriate sense) for any prior time period. We present the first constructions of (non-interactive) forward-secure public-key encryption schemes. Our main construction achieves security against chosen-plaintext attacks in the standard model, and all parameters of the scheme are poly-logarithmic in the total number of time periods. Some variants and extensions of this scheme are also given. We also introduce the notion of binary tree encryption and construct a binary tree encryption scheme in the standard model. Our construction implies the first hierarchical identity-based encryption scheme in the standard model. (The notion of security we achieve, however, is slightly weaker than that achieved by some previous constructions in the random oracle model.)     

一种云存储数据确定性删除方案（英文）

In order to provide a practicable solution to data confidentiality in cloud storage service,a data assured deletion scheme,which achieves the fine grained access control,hopping and sniffing attacks resistance,data dynamics and deduplication,is proposed.In our scheme,data blocks are encrypted by a two-level encryption approach,in which the control keys are generated from a key derivation tree,encrypted by an All-OrNothing algorithm and then distributed into DHT network after being partitioned by secret sharing.This guarantees that only authorized users can recover the control keys and then decrypt the outsourced data in an ownerspecified data lifetime.Besides confidentiality,data dynamics and deduplication are also achieved separately by adjustment of key derivation tree and convergent encryption.The analysis and experimental results show that our scheme can satisfy its security goal and perform the assured deletion with low cost.     

Breaking LPA-resistant cryptographic circuits with principal component analysis

In this paper, a novel hardware attack based on principal component analysis (PCA) is proposed to break a leakage power analysis (LPA)-resistant cryptographic circuit (CC) efficiently. Although the added false keys which are used for masking the secret key of the LPA-resistant CC are secure and effective against regular LPA attacks, they may be precisely modeled by eigenvalues and eigenvectors under PCA. After performing the proposed PCA on the LPA-resistant CC, all the added false keys can be removed to expose the corresponding secret key. As shown in the result, only 2000 number of plaintexts are sufficient to crack an LPA-resistant CC by utilizing the proposed PCA-assisted LPA attacks.     

A secure authentication with key agreement scheme using ECC for satellite communication systems

Recently, Liu et al came up with an authentication with key agreement scheme for securing communication over the low‐earth‐orbit satellite communication systems. However, this paper demonstrates that this scheme cannot provide perfect forward secrecy or defend against the smart card stolen attack, and has some very bad design defects, making it unpractical. Thus, to design a truly secure authentication scheme for satellite communication systems, this paper presents a new scheme, making use of the advantages of elliptic curve cryptography and symmetric cryptography. The security analyses by the widely used BAN logic and heuristic discussions demonstrate that our new scheme possesses perfect security properties and can defend against various well‐known malicious attacks. Moreover, our new scheme allows users to update passwords locally in accordance with their wishes, achieving a good user experience.