智能电表系统中的物理层辅助认证技术

本文将物理层认证技术应用于智能电表系统中,物理层消息身份认证方案利用物理层信道响应的时空唯一性,进行发送信息的认证,其可利用物理层的同步头作为消息认证的信道响应提前源,避免了额外的开销和上层的复杂计算,同时物理层消息身份认证方案同传统的消息身份认证机制结合,在实现快速认证的同时最小化包传输开销,通过在IEEE802.15.4g标准下的分析和仿真,验证我们提出的方案可以满足智能电表实时控制的要求.     

基于物理层密钥的消息加密和认证机制

针对传统高层消息认证存在密钥泄露隐患、物理层消息认证无法防止被动窃听的问题,提出一种基于无线物理层特征的消息加密和认证机制。通过提取无线信道特征生成物理层密钥,并与身份密钥结合生成种子密钥;随后根据提取的种子通过密钥流生成器产生密钥流对消息进行加解密,对传输数据的私密性进行保护;最后接收方通过 CRC 校验结果对接收消息的真实性、完整性进行认证。仿真结果表明,该方法在防止被动窃听和主动攻击上具有更好的性能,密钥流随机性显著提高,认证漏检率降低约12。     

认知无线网络中的轻量级物理层辅助认证

由于无线信道的开放性和无线传输的广播特性,认知无线网络很容易遭受消息篡改、伪造、窃听以及拒绝服务等攻击.为了抵抗这些攻击,研究人员提出了许多物理层认证技术.相比于传统的密码学认证机制,物理层认证技术更快速、更高效.因此非常适用于对认知无线网络中资源受限的终端进行连续、实时的认证.但现有的物理层认证技术无法实现初始认证,而且在认证过程中丢包事件时常发生,导致认证时延较长,认证效率较低.本文将传统密码学认证技术与物理层认证技术相结合,提出一种轻量级的跨层认证方案.该方案只在初次认证采用密码学技术,其余认证采用快速高效的物理层认证技术,提高了认证效率.本文方案采用改进的归一化统计量,使得门限的计算变得更为简单,有效地降低了计算复杂度,减少了用户的认证等待时延.此外,本文采用了基于哈希链的认证方法,保证了在丢包情况下仍能实现连续的认证.性能分析表明,与现有的方案相比,本文的方案在提高认证效率方面具有较大的优势.     

时变OFDM系统中基于基扩展模型的物理层认证

基于信道信息的物理层认证是一种对传统认证技术的有效补充和增强,实质上是利用了丰富的无线信道资源。提出一种适合解决时变情况下的物理层认证方法。在时变信道中,可分径的各个抽样值在块传输时间内存在相关性,基于基扩展模型的信道探测方法采用变化的相互正交的基函数结合不变的基系数来逼近该可分径的状态。因此,基于基扩展模型的信道探测方法的物理层认证算法能有效提高时变环境下认证准确率。通过在OFDM系统中进行的仿真实验,证明该认证方法的有效性,且相对于传统的LS信道探测的物理层认证,获得2~4 d B性能提升。     

无线信道中的密钥进化与加密

无线网络可以利用物理层的信道噪声来增强系统的安全性能。通常物理层安全协议针对特定无线信道的噪声特性进行设计,并假设窃听者的信道特性已知,但在实际中该假设是不可行的。针对无线信道的安全通信问题,提出了密钥进化协议,设计了基于动态秘密的加密机制,使合法用户的密钥随传输数据流不断进化,而不用假设敌手的信道特征已知。如果合法用户之间存在认证信道,即使敌手的信道相比合法用户的信道具有优势,合法用户之间也能建立安全的会话密钥。最后,提出了k容忍加密机制(k-resistance encryption scheme,k-RES),该机制能够容忍加密密钥和解密密钥之间最多k比特的差异。     

基于设备与信道特征的物理层安全方法

接入安全与数据保密是无线网络安全性和保密性的两个最重要的因素.然而,基于计算安全的身份认证及保密通信方法在未来信息化系统中面临巨大挑战.与此同时,基于信息论安全的物理层安全为身份认证和保密通信开辟了新的思路.本文综述了近年来基于设备与信道特征的物理层安全方法的研究进展.利用无线通信设备、信道的特性可以从物理层实现设备身份的识别与认证以及密钥的分发与更新,同时具备高度安全性与使用便捷性.其中,设备指纹方法从发射信号中提取发送设备的特征,作为设备身份的唯一标识,从而准确识别不同发射源个体.指纹的唯一性、鲁棒性、长时不变性、独立性、统一性和可移植性是设备指纹身份认证的依据.而基于信道特征的密钥生成方法则从接收射频信号中提取互易的上下行信道的参数,转化为对称密钥,实现一次一密的安全传输.同样地,密钥的一致性、随机性、防窃听性则是反映无线信道密钥生成方法性能的关键要素.本文对设备指纹与信道密钥的关键要素归纳分析,并指出目前存在的几类难点问题.最后,本文讨论了在未来移动通信中该技术新的应用场景.     

利用IND-CVA实现安全信道

在UC安全框架下,文中提出了一个通用的安全信道协议构造方法.按该方法得到的信道协议首先调用一个理想的密钥交换协议以取得会话密钥,然后再调用一个认证加密方案对要传送的消息进行认证加密处理.其结果是,该安全信道是UC安全的充分必要条件是,其中的认证加密方案同时是IND-CVA和INT-PTXT安全的.这一结论比IND-CCA安全和INT-CTXT安全要弱得多,显示出IND-CVA在刻画安全信道的保密安全性方面的准确性.另外,文中提出的安全信道的构造方法也实现了从安全信道的UC安全性到认证加密方案的保密性和完整性的转换,为安全信道的设计和分析提供了有力的工具.     

一种抗阻断攻击的认证组密钥协商协议

一个非认证的组密钥协商协议不能对通信参与者和消息进行认证,它必须依赖认证的网络信道或其它的认证方法.分析了Burmester等人在认证广播信道下提出的著名组密钥协商协议,指出它不能抵抗内部恶意节点发起的密钥协商阻断攻击,该攻击导致组内其它诚实节点不能正确计算出一致的组密钥.提出了一种改进的认证的组密钥协商协议,在原协议中加入了消息正确性的认证方法,能够对组内恶意节点进行检测,并在随机预言模型下证明了改进的协议能够抵抗密钥协商阻断攻击.     

基于支持向量机的4G室内物理层认证算法

针对传统的物理层安全算法没有充分利用信道特性这一问题,提出一种物理层信道检测方案。针对4G无线信道的本质特性,结合假设检验方法,利用支持向量机（SVM）对信道向量指标进行挖掘,从而判决是否存在仿冒攻击者。仿真实验中,所提算法在线性核函数下的判决准确率为98%以上,在径向基函数（RBF）下的判决准确率为99%以上。实验结果表明,所提算法能够充分利用空间不同位置的无线信道特性,实现逐条信息源的认证,增强系统的安全性。     

无条件安全密钥协商中认证问题的研究

无条件安全密钥协商一般包括初始化,通信和决策三个阶段,该文基于纠错码理论提出了一个认证方案。该方案利用通信双方在初始阶段所获得的相关信息对通信阶段的通信内容进行认证,如果初始阶段中通信双方及敌手所获得的初始信息是由一个二元对称信源通过二元对称信道广播所得到的,该研究结果认为在敌手的信道比通信双方的信道都差的条件下,总能够找到一种（Ｎ,Ｋ,ｄ）线性码来实现作者所提出的认证方案,并使得收方接受合法消息     

A game-theoretic approach for integrity assurance in resource-bounded systems

Assuring communication integrity is a central problem in security. However, overhead costs associated with cryptographic primitives used toward this end introduce significant practical implementation challenges for resource-bounded systems, such as cyber-physical systems. For example, many control systems are built on legacy components which are computationally limited, but have strict timing constraints. If integrity protection is a binary decision, it may simply be infeasible to introduce into such systems; without it, however, an adversary can forge malicious messages, which can cause significant physical or financial harm. To bridge the gap between such binary decisions, we propose a stochastic message authentication approach that can explicitly trade computational cost off for security. We introduce a formal game-theoretic framework for optimal stochastic message authentication, providing provable guarantees for resource-bounded systems based on an existing message authentication scheme. We use our framework to investigate attacker deterrence, as well as optimal stochastic message authentication when deterrence is impossible, in both short-term and long-term equilibria. Additionally, we propose two schemes for implementing stochastic message authentication in practice, one for saving computation only at the receiver and one for saving computation at both ends, and demonstrate the associated computational savings using an actual implementation.     

An efficient non-interactive deniable authentication scheme based on trapdoor commitment schemes

Deniable authentication scheme is one of useful tools for secure communications. The scheme allows a sender to prove the authenticity of a message to a specified receiver without permitting the receiver to prove that the message was authenticated by the sender. Non-interactive schemes are more attractive than interactive schemes in terms of communication overhead, and thus several non-interactive deniable authentication scheme have been proposed. In this paper, we propose an efficient non-interactive deniable authentication scheme based on trapdoor commitment scheme. We construct an efficient trapdoor commitment scheme which provides very efficient commitment evaluation operation. Then we design an efficient non-interactive deniable authentication scheme by using the trapdoor commitment scheme. We also prove the security of our scheme under firmly formalized security model.     

Algorithm substitution attacks against receivers

This work describes a class of Algorithm Substitution Attack (ASA) generically targeting the receiver of a communication between two parties. Our work provides a unified framework that applies to any scheme where a secret key is held by the receiver; in particular, message authentication schemes (MACs), authenticated encryption (AEAD) and public key encryption (PKE). Our unified framework brings together prior work targeting MAC schemes (FSE’19) and AEAD schemes (IMACC’19); we extend prior work by showing that public key encryption may also be targeted. ASAs were initially introduced by Bellare, Paterson and Rogaway in light of revelations concerning mass surveillance, as a novel attack class against the confidentiality of encryption schemes. Such an attack replaces one or more of the regular scheme algorithms with a subverted version that aims to reveal information to an adversary (engaged in mass surveillance), while remaining undetected by users. Previous work looking at ASAs against encryption schemes can be divided into two groups. ASAs against PKE schemes target key generation by creating subverted public keys that allow an adversary to recover the secret key. ASAs against symmetric encryption target the encryption algorithm and leak information through a subliminal channel in the ciphertexts. We present a new class of attack that targets the decryption algorithm of an encryption scheme for symmetric encryption and public key encryption, or the verification algorithm for an authentication scheme. We present a generic framework for subverting a cryptographic scheme between a sender and receiver, and show how a decryption oracle allows a subverter to create a subliminal channel which can be used to leak secret keys. We then show that the generic framework can be applied to authenticated encryption with associated data, message authentication schemes, public key encryption and KEM/DEM constructions. We consider practical considerations and specific conditions that apply for particular schemes, strengthening the generic approach. Furthermore, we show how the hybrid subversion of key generation and decryption algorithms can be used to amplify the effectiveness of our decryption attack. We argue that this attack represents an attractive opportunity for a mass surveillance adversary. Our work serves to refine the ASA model and contributes to a series of papers that raises awareness and understanding about what is possible with ASAs.

     

基于切比雪夫混沌映射的车联网高效认证方案

车联网在智能交通系统构建中发挥重要作用,消息认证方案能够为车联网的实际应用提供可靠性和安全性保障,但现有认证方案多数存在计算效率低下的问题,为此,提出一种基于切比雪夫混沌映射的车联网认证方案。利用切比雪夫多项式的半群性质构建对称密钥,以实现车辆节点与路边设施单元（RSU）的密钥协商。车辆节点使用由RSU分发的时效性共享密钥完成车辆间的匿名消息认证,无须为每个消息签名验证一个较大的撤销列表,车辆的撤销也不会影响群组性能。分析结果表明,该方案可以满足车联网的安全需求并抵御多种安全攻击,同时提供条件隐私保护,其密钥协商与消息认证阶段的计算效率较高,通信开销较低。     

一种基于时戳的智能卡实现远程C-S口令识别方案的研究

为克服现有远程口令识别方案存在的漏洞,并找到一个比较安全的C-S远程口令识别实现方案,提出了一种引入签名信息以及随机数的新型智能卡实现机制.此方案能有效抵抗伪造攻击,同时防止冒充者对服务器进行重传攻击.     

RSU-based message authentication for vehicular ad-hoc networks

Message authentication that ensures a message is genuine and verifies the source of the sender is a key issue in vehicular ad hoc networks (VANETs). Because messages may provide life-critical traffic information or emergency messages transmitted by unfamiliar sources. Because the vehicle in a VANET transmits messages in real-time in a high-mobility environment, traditional PKI security schemes are not suitable for VANET. The use of roadside units (RSUs) makes message authentication in VANET easy, but it also causes two problems and needed to be solved: how to authenticate messages transmitted between two different RSU ranges, and how to hand off messages for the vehicles moving across different RSU communication ranges. This paper proposes a comprehensive message authentication scheme that enables the message authentication within intra and between inter RSU ranges and hand-off between different RSUs. The proposed scheme balances the overhead for computation and communication with security against attacks. Efficiency analysis and comparison with related works demonstrate that the proposed scheme is a superior message authentication method for VANET.     

基于Guillou—Quisquater数字签名的几种应用方案

随着计算机和网络通信技术的发展,数字签名技术得到了广泛的应用,本文以Guillou-Quisquater为基础设计了群体数字签名和零知识用户鉴别2种应用方案。群体数字签名允许多人分别签署同一份文件,然后所有的个体签名组成同一份群体签名,零知识用户鉴别可以让用户在不暴露自己的秘密信息的情况下进行身份验证。