Proposal for identity-based key distribution systems

Key distribution systems based on identification information are presented. The systems are analogous to the Diffie-Hellman public key distribution systems in which the former use each user's identification information instead of public files used in the latter. The systems do not require centres to distribute work keys or users to keep directories of key-encrypting keys. Therefore, key management in cryptosystems can be simplified by the identity-based key distribution systems.     

点到多点量子密钥分配扩展研究

对两种点到多点量子密钥分配系统的密钥生成效率和传输距离进行了分析,讨论了系统的参数选取对它们的影响.分析了诱惑态技术对这两种多用户系统的传输距离及密钥生成效率的影响,数据表明,结合诱惑态技术,可以将密钥传输距离扩展为原来的2倍,以及将量子密钥分发效率提高1个数量级.对点到多点系统进行了功能扩展研究,提出了可实现任意两用户间密钥共享的协议.该协议无需其它的硬件要求,易于实现.     

Reliability improvement of satellite-based quantum key distribution systems using retransmission scheme

This paper theoretically studies the design and performance analysis of the reliable satellite-based quantum key distribution (QKD) over free-space optics channel. The proposed QKD system is based on the optical quadrature phase-shift keying (QPSK) modulation and the dual-threshold/heterodyne detection (DT/HD) receiver that helps to reduce quantum bit error rate (QBER) and improve the receiver sensitivity. In addition, a key retransmission scheme is also designed to enhance the reliability of the proposed QKD system. Performance of the key transmission is analyzed in terms of QBER and the probability of sifted key, taking into account the impacts of free-space path loss, atmospheric attenuation, beam spreading loss, atmospheric turbulence, and receiver noise. In addition, we newly develop an analytical framework by using the 3-D Markov chain model that allows us to investigate the key loss rate (KLR) performance at the link layer. Numerical results quantitatively show that our proposed satellite-based QKD system can offer significant performance improvement over the conventional ones.

     

Construction of a secure and efficient content key distribution framework for DRM systems

Recent advances in networks and digital technology have provided many user-friendly environments such as telemedicine, e-banking, e-content, and e-commerce. It has revolutionized the multimedia industry and made it accessible anytime and anywhere. However, its limitation also appeared in digital content piracy, which is more prevalent nowadays. Digital rights management (DRM) systems were developed to control the illegal spreading of digital content. Protocols are being developed to enable effective and secure communication in DRM systems. As security and efficiency are essential parameters, the approach should be two birds with one stone; i.e., the protocol should achieve efficiency and security together. Our investigation identified that secure mechanisms either have increased computation/communication overhead or fail to meet specified security criteria when discussing efficient content key delivery mechanisms. So, an efficient protocol design with the right security attributes is required. We have worked on designing a content delivery mechanism keeping in mind the desirable attribute of security and without decreasing overhead. The suggested solution targets “two birds with one stone.” We proved the security of the scheme in the random oracle model. We verify the security against active attacks using the formal simulation tool AVISPA. Detailed analysis is performed for the evaluation of computational and communication overhead. The comparative study is also presented to understand the gains in efficiency and security.     

ID-based cryptographic schemes for user identification, digitalsignature, and key distribution

In 1984, A. Shamir introduced the concept of an identity-based cryptosystem. In this system, each user needs to visit a key authentication center (KAC) and identify himself before joining a communication network. Once a user is accepted, the KAC will provide him with a secret key. In this way, if a user wants to communicate with others, he or she only needs to know the identity of his communication partner and the public key of the KAC. There is no public file required in this system. However, Shamir did not succeed in constructing an identity-based cryptosystem, but only in constructing an identity-based signature scheme. The authors here propose three identity-based cryptographic schemes based on the discrete logarithm problem: the user identification scheme, the digital signature scheme, and the key distribution scheme. The schemes are based on the digital signature scheme of G.B. Agnew et al. (1990), which is reviewed     

无人机辅助MEC系统：架构、关键技术与未来挑战

摘 要：随着5G加速部署和6G研究工作持续推进,无人机（unmanned aerial vehicle,UAV）辅助移动边缘计算（mobile edge computing,MEC）技术在克服复杂地域限制、解决终端设备计算需求和提高系统任务卸载速率等方面具有显著优势,得到了学术界和工业界的广泛关注。首先阐明了无人机辅助MEC系统的概念和技术优势,提出了一种无人机辅助MEC通用架构,并给出了各个功能模块定义;接着总结了典型应用场景,梳理了现有的关键性技术,获得了无人机MEC系统的设计方法;最后对未来的研究方向和存在的挑战进行了展望和阐述。     

The solution of the general equation for public key distribution systems (Corresp.)

A generalization of the public key distribution is derived. It is shown that the public key of any two members must obey a functional equation, which can be solved in a closed mathematical form.     

Design of embedded systems: formal models, validation, andsynthesis

This paper addresses the design of reactive real-time embedded systems. Such systems are often heterogeneous in implementation technologies and design styles, for example by combining hardware application-specific integrated circuits (ASICs) with embedded software. The concurrent design process for such embedded systems involves solving the specification, validation, and synthesis problems. We review the variety of approaches to these problems that have been taken     

Communication in key distribution schemes

A (g, b) key distribution scheme allows conferences of g users to generate secret keys, such that disjoint coalitions of b users cannot gain any information on the generated key (in the information-theoretic sense). We study the relationships between communication and space efficiency of key distribution schemes. We prove that communication does not help in the context of unrestricted schemes. On the other hand, we show that for restricted schemes, which are secure only when used by a limited number of conferences, communication can substantially improve the space efficiency. We also present lower bounds on the space efficiency of restricted schemes     

Batch Diffie-Hellman key agreement systems

Batch Diffie-Hellman key agreement schemes are described, motivated, and analyzed for security and efficiency. Work done at Bellcore, Morristown, NJ, U.S.A.     

自由空间量子密钥分配的发展状况

简要介绍了基于单光子几种量子密钥分配协议,从基于单光子偏振和基于光子纠缠两个方面综述了国内外量子理论和实验现状,说明了自由空间量子密钥分配面临的挑战,最后提出了全球量子通信存在的问题及发展方向.     

光纤量子密钥分发系统中密钥传输率和误码率的研究

通过理论分析和计算,研究了光纤损耗、色散和单光子探测器暗计数等因素对量子密钥分发系统密钥传输率和误码率的影响.研究表明,光纤损耗是影响密钥传输率的主要因素.而量子比特误码率则与光纤损耗、色散、脉冲宽度、单光子探测器暗计数以及瑞利反向散射等因素有关.在实验中,应尽量降低光纤损耗、色散和单光子探测器的暗计数,同时选择适当的初始脉宽,从而提高密钥传输率并降低误码率,进而提高量子密钥分发系统的传输距离.     

量子密钥分配网络分析

量子密钥分配(QKD)网络是由网络节点按照一定的拓扑结构连接而成的.目前出现的QKD网络可根据其节点功能性分为3类:光学节点QKD网络、信任节点QKD网络以及量子节点QKD网络.文章论述了QKD网络的研究进展,对现有的3种网络的结构、性能进行了全面的对比分析.通过对比,提出了一种高效实用的新型QKD网络方案.     

High speed quantum key distribution system

Quantum key distribution (QKD) systems can generate unconditionally secure common key between remote users. Improvement of QKD performance, particularly on key generation rate, has been required to meet current network traffic. The present paper considers system requirement to improve key generation rate by increasing photon detection rate and reducing error rate. A high-speed QKD system should be equipped with low loss receivers with high visibility, highly efficient photon detectors with small dark count probability, and a stable clock synchronization system with low stray light to the quantum signals. A solution for these issues are given by employing planar lightwave circuit interferometers, single photon detection circuits and modules, and clock synchronization based on wavelength division multiplexing (WDM) technique. A QKD system has been developed by combining these techniques. The system working with 625 MHz clock generated sift key at the rate of 2.4 kbps through a 97-km single installed fiber core.     

Proactive key distribution using neighbor graphs

User mobility in wireless data networks is increasing because of technological advances, and the desire for voice and multimedia applications. These applications, however, require that handoffs between base stations (or access points) be fast to maintain the quality of the connections. In this article we introduce a novel data structure, the neighbor graph, that dynamically captures the mobility topology of a wireless network. We show how neighbor graphs can be utilized to obtain a 99 percent reduction in the authentication time of an IEEE 802.11 handoff (full EAP-TLS) by proactively distributing necessary key material one hop ahead of the mobile user. We also present a reactive method for fast authentication that requires only firmware changes to access points and hence can easily be deployed on existing wireless networks.     

Public key distribution in matrix rings

An extension of the Diffie-Hellman public key distribution system to matrix rings is described. Using rings of non-singular matrices over Z/pZ and upper triangular matrices with invertible elements along the diagonal over Z/pZ, it is shown that the number of possible secret keys is much greater for a given prime p compared to the original system. An outline of a method to construct the base matrix used in the system is given.     

Cryptanalysis of an authentication and key distribution protocol

We point out that a previously proposed authentication and key distribution protocol is not secure from both the viewpoints of authentication and key distribution requirements     

量子密钥分配及其无条件的安全证据

量子密码学因密钥分配而众所周知,然而早先提出的量子密钥分配的安全证据包含许多技术困难。该文提出了一个概念更为简明的量子密钥分配的安全证据。此外,研究中还发现,在隐形传输下,因为改变了非平凡误差的模型序列,所以隐形传输信道的误差率与正被传输的信号无关。为此,将这一事实与最近提出的量子到经典的约简定理相结合。在讨论中,假定通信双方Alice和Bob有容错的量子计算机,结果表明:在任意长的距离上,即使面临各种窃听攻击及各种噪声存在的情况下,量子密钥分配依然具有无条件的安全特征。     

A cross validation study of deep brain stimulation targeting: from experts to atlas-based, segmentation-based and automatic registration algorithms

Validation of image registration algorithms is a difficult task and open-ended problem, usually application-dependent. In this paper, we focus on deep brain stimulation (DBS) targeting for the treatment of movement disorders like Parkinson's disease and essential tremor. DBS involves implantation of an electrode deep inside the brain to electrically stimulate specific areas shutting down the disease's symptoms. The subthalamic nucleus (STN) has turned out to be the optimal target for this kind of surgery. Unfortunately, the STN is in general not clearly distinguishable in common medical imaging modalities. Usual techniques to infer its location are the use of anatomical atlases and visible surrounding landmarks. Surgeons have to adjust the electrode intraoperatively using electrophysiological recordings and macrostimulation tests. We constructed a ground truth derived from specific patients whose STNs are clearly visible on magnetic resonance (MR) T2-weighted images. A patient is chosen as atlas both for the right and left sides. Then, by registering each patient with the atlas using different methods, several estimations of the STN location are obtained. Two studies are driven using our proposed validation scheme. First, a comparison between different atlas-based and nonrigid registration algorithms with a evaluation of their performance and usability to locate the STN automatically. Second, a study of which visible surrounding structures influence the STN location. The two studies are cross validated between them and against expert's variability. Using this scheme, we evaluated the expert's ability against the estimation error provided by the tested algorithms and we demonstrated that automatic STN targeting is possible and as accurate as the expert-driven techniques currently used. We also show which structures have to be taken into account to accurately estimate the STN location.     

Cache satellite distribution systems: modeling, analysis, and efficient operation

Web caches have become an integral component contributing to the improvement of the performance observed by Web clients. Cache satellite distribution systems (CSDSs) have emerged as a technology for feeding the caches with the information clients are expected to request, ahead of time. In such a system, the participating proxies periodically report to a central station about requests received from their clients. The central station selects a collection of Web documents, which are "pushed" via a satellite broadcast to the participating proxies, so that upon a future local request for the documents, they will already reside in the local cache, and will not need to be fetched from the terrestrial network. In this paper, our aim is addressing the issues of how to operate the CSDS, how to design it, and how to estimate its effect. Questions of interest are: 1) what Web documents should be transmitted by the central station and 2) what is the benefit of adding a particular proxy into a CSDS? We offer a model for CSDS that accounts for the request streams addressed to the proxies and which captures the intricate interaction between the proxy caches. Unlike models that are based only on the access frequency of the various documents, this model captures both their frequency and their locality of reference. We provide an analysis that is based on the stochastic properties of the traffic streams that can be derived from HTTP logs, examine it on real traffic, and demonstrate its applicability in selecting a set of proxies into a CSDS.