共查询到20条相似文献,搜索用时 31 毫秒
1.
网络编码可以提高系统的吞吐量,增强系统的健壮性,节省无线网络资源。然而,基于网络编码的系统非常容易遭受污染攻击。已存在的应对污染攻击的方案主要是使用同态签名,并且这些方案几乎都是针对单源网络编码系统的。在本文中,我们提出了一个新的适用于多源网络编码的应对污染攻击的签名方案。该方案使用了环签名和同态哈希函数,每个源节点为它发送的每条消息都生成一个环签名。来自不同源的消息可以在中间结点进行组合。转发者不需要知道源结点的私钥就可以为输出的编码消息生成环签名。验证者无需解码就可以检测出污染消息。该方案是为多源网络编码特别设计的,与文件和分组大小无关。 相似文献
2.
Network coding (NC) provides an elegant solution for improving capacity and robustness in computer networks. Different to traditional “store-and-forward” transmission paradigm, each intermediate node linearly combines received data packets, and the original files can be decoded at the sink nodes in NC settings. This brand-new paradigm is vulnerable to pollution attack, which means that some malicious nodes inject fake data packets into the network and this will lead to incorrect decoding. There are some information-theoretical solutions and cryptographic solutions for solving this security issue, and most existing schemes can thwart data pollution attacks. However, the privacy of the original files are vital to some application environments (e.g. military network). To the best of our knowledge, there is not a secure scheme which can thwart pollution attack and can protect the privacy of transmitted data simultaneously. In this paper, we present an efficient privacy-preserving scheme for secure network coding based on compressed sensing (CS), which has attracted considerable research interest in the signal processing community. Specifically, we embed CS into the general NC framework, i.e., the source node needs to compress each original data packet using the sensing matrix before creating the augmented vector and the sink nodes require to perform an additional CS reconstruction algorithm for reconstructing the original file. In addition, we construct a simple key distribution protocol and each intermediate node just needs two secret keys for verifying the integrity of received data packets. Such novel hybrid construction enables the privacy-preserving guarantee, and the performance comparison shows the high-efficiency of our scheme in terms of the computational complexity and communication overhead. 相似文献
3.
《电子学报:英文版》2017,(5):1022-1031
A new symmetric key image encryption scheme based on hyper-chaotic Lorenz system is proposed.The encryption process and the decryption process are identical in the proposed scheme.They both include two diffusion operations,one plaintext-related scrambling operation and three matrix rotating 180 degrees operations.The hyper-chaotic Lorenz system is employed to generate the secret code streams to encrypt the plain image,and to implement the diffusion process with XOR operation.The plaintext-related scrambling is used in this scheme to make different plain images correspond to different secret code streams even when the secret keys are the same,so that the scheme can fight against the chosen/known plaintext attacks.Simulation results show that the proposed scheme has the merits of high encryption speed,large key space,strong key sensitivity,strong plaintext sensitivity,good statistical properties of cipher-text,and etc.,and can be used in practical communications. 相似文献
4.
5.
无线体域网是以人体为中心的无线网络,受其有限的资源和计算能力的约束,如何保证无线体域网通信节点间共享密钥是当前面临的一大挑战。提出了一种基于超宽带无线体域网信道特征的密钥生成机制,利用超宽带信道多径相对时延与平均时延的差值量化生成密钥,降低了密钥不匹配率,同时引入辅助节点,提高了密钥生成速率。仿真结果表明,该机制能够在兼顾密钥一致性的前提下,获得较高的密钥生成速率并保证密钥的安全性。 相似文献
6.
Efficient Key Management Protocol for Secure RTMP Video Streaming toward Trusted Quantum Network
下载免费PDF全文
![点击此处可从《ETRI Journal》网站下载免费的PDF全文](/ch/ext_images/free.gif)
Montida Pattaranantakul Kittichai Sanguannam Paramin Sangwongngam Chalee Vorakulpipat 《ETRI Journal》2015,37(4):696-706
This paper presents an achievable secure videoconferencing system based on quantum key encryption in which key management can be directly applied and embedded in a server/client videoconferencing model using, for example, OpenMeeting. A secure key management methodology is proposed to ensure both a trusted quantum network and a secure videoconferencing system. The proposed methodology presents architecture on how to share secret keys between key management servers and distant parties in a secure domain without transmitting any secrets over insecure channels. The advantages of the proposed secure key management methodology overcome the limitations of quantum point‐to‐point key sharing by simultaneously distributing keys to multiple users; thus, it makes quantum cryptography a more practical and secure solution. The time required for the encryption and decryption may cause a few seconds delay in video transmission, but this proposed method protects against adversary attacks. 相似文献
7.
量子秘密共享(Quantum secret sharing , QSS)可以在不完全信任的通信双方间传递密钥,是量子密码的一个重要分支。本文提出一种含有安全可信任中心的QSS方案。其中,中心能够产生并提供量子态,也能够测量并提取量子态信息。通信用户(Alice、Bob和Charlie)不拥有量子比特产生器和测量器,只需通过幺正操作和交换操作实现密钥传输和窃听防范;同时,Bob和Charlie必须合作才能获得正确的密钥。理论分析表明该方案可有效地抵御截取重发攻击、纠缠测量攻击和关联提取攻击等常见攻击策略;由于方案减少了量子比特产生器和测量器的数量,降低了量子通信的费用。这将为量子秘密共享实用化提供一种可参考的方法。 相似文献
8.
本文利用时分系统无线多径信道的互易性,提取信道相位信息作为密钥,实现双向中继信道的密钥生成与分发。由于信道的稀疏多径特性,采用基于压缩感知的重构算法对信道状态信息进行估计。端节点采用正交导频设计,将双向中继信道分解为两个点对点的信道;而中继采用物理层网络编码的思想,广播导频和密钥比特的异或。这样,仅用2个时隙就实现了密钥生成与分发,还保证了密钥的安全,且无需预先进行密钥的分配。仿真结果表明,本文所提方案可以有效的实现双向中继信道的密钥生成与分发,保证了物理层的安全通信。 相似文献
9.
This paper presents a hierarchical key establishment scheme called HIKES. The base station in this scheme, acting as the central trust authority, empowers randomly selected sensors to act as local trust authorities authenticating, on its behalf, the cluster members and issuing private keys. HIKES uses a partial key escrow scheme that enables any sensor node selected as a cluster head to generate all the cryptographic keys needed to authenticate other sensors within its cluster. This scheme localizes secret key issuance and reduces the communication cost with the base station. HIKES provides an efficient broadcast authentication in which source authentication is achieved in a single transmission and a good defense for the routing mechanism. HIKES defends the routing mechanism against most known attacks and is robust against node compromise. HIKES also provides high addressing flexibility and network connectivity to all sensors in the network, allowing sensor addition and deletion. Simulation results have shown that HIKES provides an energy‐efficient and scalable solution to the key management problem. Copyright © 2012 John Wiley & Sons, Ltd. 相似文献
10.
To solve the problems of pollution attacks of single-source and multi-source network coding,two homomorphic signature schemes for network coding were proposed.In homomorphic signature for single-source network,the message hash value was signed on the elliptic curve,then the message,hash value and the signature of hash value were output,and the receiving node could verify the signature,the elliptic curve signature based on homomorphism could resist intra/inter-generation pollution attacks.Homomorphic signature from pairings for multi-source network coding could resist pollution attacks,and the introduction of timestamp made it be capable to resist replay attacks.In the random oracle model,it proves that two schemes are all secure under the selective attacks.Analysis shows that two schemes can effectively improve the verification efficiency. 相似文献
11.
Wireless ad hoc networks consist of nodes with no central administration and rely on the participating nodes to share network responsibilities. Such networks are more vulnerable to security attacks than conventional wireless networks. We propose two efficient security schemes for these networks that use pairwise symmetric keys computed non-interactively by the nodes which reduces communication overhead. We allow nodes to generate their broadcast keys for different groups and propose a collision-free method for computing such keys. We use identity-based keys that do not require certificates which simplifies key management. Our key escrow free scheme also uses identity-based keys but eliminates inherent key escrow in identity-based keys. Our system requires a minimum number of keys to be generated by the third party as compared to conventional pairwise schemes. We also propose an authenticated broadcast scheme based on symmetric keys and a corresponding signature scheme. 相似文献
12.
13.
This letter presents a pairwise key establishment scheme that is robust against the compromise of nodes in mobile ad hoc networks. Each node establishes local keys with its neighbor nodes that are at most three hops away at network boot‐up time. When any two nodes establish a pairwise key, they receive the secret information from the nodes on the route between them, and construct the pairwise key using the secret information. Here, the local keys are utilized by the nodes on the route to send the secret information securely. The simulation results have proven that the proposed scheme provides better security than the key pre‐distribution‐based scheme. 相似文献
14.
In order to provide security services in wireless sensor networks, a well-known task is to provide cryptographic keys to sensor nodes prior to deployment. It is difficult to assign secret keys for all pairs of sensor node when the number of nodes is large due to the large numbers of keys required and limited memory resources of sensor nodes. One possible solution is to randomly assign a few keys to sensor nodes and have nodes be able to connect to each other with some probability. This scheme has limitations in terms of the tradeoffs between connectivity and memory requirements. Recently, sensor deployment knowledge has been used to improve the level of connectivity while using lesser amounts of memory space. However, deployment based key predistribution schemes may cause a large number of nodes to be cryptographically isolated if nodes move after key pre-distribution. Mobility may be necessitated for reasons depending on applications or scenarios. In this paper, we consider mobility due to spatial retreat of nodes under jamming attacks as an example. Jamming attacks are easy and efficient means for disruption of the connectivity of sensors and thus the operation of a sensor network. One solution for mobile sensor nodes to overcome the impact of jamming is to perform spatial retreats by moving nodes away from jammed regions. Moved nodes may not be able to reconnect to the network because they do not have any shared secret with new neighbors at new locations if strict deployment knowledge based key predistribution is employed. In this paper, we propose a hybrid key predistribution scheme that supports spatial retreat strategies to cope with jamming attacks. Our scheme combines the properties of random and deployment knowledge based key predistribution schemes. In the presence of jamming attacks, our scheme provides high key connectivity (similar to deployment knowledge based schemes) while reducing the number of isolated nodes. We evaluate the performance of our scheme through simulations and analysis. 相似文献
15.
To solve the problem of the access keys stored in a smart card increasing linearly with the number of registered clouds without third party participated in authentication,an authentication scheme was proposed for multi-cloud environment based on smart card.In the proposed scheme,the authentication was realized between user and multiple clouds without third party participation when the smart card only stored two access key.Thus the storage cost of smart card was reduced effectively.Because there was no public key cryptography,the authentication messages was generated by using XOR homomorphic function and Hash function,thus the computational cost of the smart card and the cloud servers was reduced effectively.Moreover,the proposed scheme also didn’t need to store any user’s information on the cloud servers,thereby reducing the storage and management costs of the cloud servers.The security analysis and the performance analysis show that the proposed scheme is able to resist multiple attacks,which is secure and efficient. 相似文献
16.
This paper investigates the problem of constructing a secret error-correcting multisource network coding scheme against an adversary that can re-select the μ tapping links in different time slice and inject z erroneous packets into network, and the network suffers from ρ packet erasures. In our network scenario, multiple sources transmit information to one or more receivers and these receivers request the information from all the sources. Firstly, a necessary condition is derived for keeping the transmitted information from multisource nodes are secret from the eavesdropper, while the network is only subject to the eavesdropping attack. Subsequently, we provide two multisource network coding schemes for error and erasure correction which can decode the transmitted information correctly. After that, a secret and reliable multisource network coding is proposed. This scheme can retrieve the original information secretly and accurately from the corrupt and deficient information. Meanwhile, it can obtain an asymptotic achievable rate of k ? 2z ? ρ ? 3μ. Moreover, the intermediate nodes are oblivious to the concrete encoding and decoding algorithms implement in source and destination nodes. Finally, security and performance analyses illustrate the advantages of our proposed scheme. 相似文献
17.
Cryptographic computations are often carried out on insecure devices for which the threat of key exposure represents a serious
concern. Forward security allows one to mitigate the damage caused by exposure of secret keys. In a forward-secure scheme,
secret keys are updated at regular periods of time; exposure of the secret key corresponding to a given time period does not
enable an adversary to "break" the scheme (in the appropriate sense) for any prior time period. We present the first constructions
of (non-interactive) forward-secure public-key encryption schemes. Our main construction achieves security against chosen-plaintext
attacks in the standard model, and all parameters of the scheme are poly-logarithmic in the total number of time periods.
Some variants and extensions of this scheme are also given. We also introduce the notion of binary tree
encryption and construct a binary tree encryption scheme in the standard model. Our construction implies the first hierarchical
identity-based encryption scheme in the standard model. (The notion of security we achieve, however, is slightly weaker than
that achieved by some previous constructions in the random oracle model.) 相似文献
18.
In order to provide a practicable solution to data confidentiality in cloud storage service,a data assured deletion scheme,which achieves the fine grained access control,hopping and sniffing attacks resistance,data dynamics and deduplication,is proposed.In our scheme,data blocks are encrypted by a two-level encryption approach,in which the control keys are generated from a key derivation tree,encrypted by an All-OrNothing algorithm and then distributed into DHT network after being partitioned by secret sharing.This guarantees that only authorized users can recover the control keys and then decrypt the outsourced data in an ownerspecified data lifetime.Besides confidentiality,data dynamics and deduplication are also achieved separately by adjustment of key derivation tree and convergent encryption.The analysis and experimental results show that our scheme can satisfy its security goal and perform the assured deletion with low cost. 相似文献
19.
In this paper, a novel hardware attack based on principal component analysis (PCA) is proposed to break a leakage power analysis (LPA)-resistant cryptographic circuit (CC) efficiently. Although the added false keys which are used for masking the secret key of the LPA-resistant CC are secure and effective against regular LPA attacks, they may be precisely modeled by eigenvalues and eigenvectors under PCA. After performing the proposed PCA on the LPA-resistant CC, all the added false keys can be removed to expose the corresponding secret key. As shown in the result, only 2000 number of plaintexts are sufficient to crack an LPA-resistant CC by utilizing the proposed PCA-assisted LPA attacks. 相似文献
20.
Mingping Qi Jianhua Chen Yitao Chen 《International Journal of Satellite Communications and Networking》2019,37(3):234-244
Recently, Liu et al came up with an authentication with key agreement scheme for securing communication over the low‐earth‐orbit satellite communication systems. However, this paper demonstrates that this scheme cannot provide perfect forward secrecy or defend against the smart card stolen attack, and has some very bad design defects, making it unpractical. Thus, to design a truly secure authentication scheme for satellite communication systems, this paper presents a new scheme, making use of the advantages of elliptic curve cryptography and symmetric cryptography. The security analyses by the widely used BAN logic and heuristic discussions demonstrate that our new scheme possesses perfect security properties and can defend against various well‐known malicious attacks. Moreover, our new scheme allows users to update passwords locally in accordance with their wishes, achieving a good user experience. 相似文献