基于信道加密的量子安全直接通信

基于量子信道加密原理,结合Ping-Pong协议控制模式和信息模式的概念,提出了一个量子安全直接通信协议。在此协议中,发送者和接收者用n对Bell态作为量子信道,发送者用controlled-Not操作将单粒子纠缠入量子信道,接收者用controlled-Not操作将单粒子与量子信道解纠缠。通信双方依次执行控制模式和信息模式,控制模式检测窃听,信息模式发送秘密信息。控制模式和信息模式均不会对已建立的量子信道造成破坏,因此建立量子信道的过程仅需一次,此后通信双方可以反复进行控制模式和信息模式进行窃听检测和秘密信息传输。     

A periodic state exchange protocol and its verification

We present an elegant protocol for reliably transmitting data messages from a sender to a receiver over a highspeed network that may reorder, lose, or corrupt messages. The protocol is based on a new principle that calls for the periodic exchange of state information between the sender and receiver. Our formal definition of the protocol is abstract and does not include explicit timing information such as the rate of sending state information. The abstract definition makes our formal verification of the protocol simple and based solely on well-established concepts: invariants, well-foundedness, and action fairness. We use the formal definition of the protocol and its proof of correctness to deduce the required timing information. In particular, we show that the rate of sending state information is at most (m-1)/2T where m is a measure of the memory size in the sender, and T is an upper bound on the required time for one message to be sent, propagated, and received between the sender and receiver     

Improvement of an ID-Based Deniable Authentication Protocol

The deniable authentication protocol is an important notion that allows a receiver to identify the source of a given message, but not to prove the identity of the sender to a third party. Such property is very useful for providing secure negotiation over the Internet. The ID-based deniable authentication protocol based on elliptic Diffie-Hellman key agreement protocol cannot defend the sender spoofing attack and message modification attack. In this paper, we present an improved protocol based on double elliptic Diffie-Hellman scheme. According to the comparison result, the proposed protocol performs better.     

Receiver-Initiated Collision Avoidance in Wireless Networks

Many medium-access control (MAC) protocols for wireless networks proposed or implemented to date are based on collision-avoidance handshakes between sender and receiver. In the vast majority of these protocols, including the IEEE 802.11 standard, the handshake is sender initiated, in that the sender asks the receiver for permission to transmit using a short control packet, and transmits only after the receiver sends a short clear-to-send notification. We analyze the effect of making the collision-avoidance handshake, receiver initiated and compare the performance of a number of receiver-initiated protocols with the performance of sender-initiated collision avoidance protocols. Analytical and simulation results show that the best-performing collision avoidance MAC protocol based on receiver-initiated or sender-initiated collision avoidance is one in which a node with data to send transmits a dual-purpose small control packet inviting a given neighbor to transmit and asking the same neighbor for permission to transmit. The receiver-initiated protocols we present make use of carrier sensing, and are applicable to either baseband or slow frequency-hopping radios in which an entire packet can be sent within the same frequency hop (which is the case of frequency hopping spread spectrum (FHSS) commercial radios).     

基于异构密码系统的混合群组签密方案

群组签密既能实现群组签名,又能实现群组加密,但是现有的群组签密方案的发送者和接收者基本上在同一个密码系统中,不能满足现实环境的需求,而且基本上采用的是公钥加密技术,公钥加密技术在加密长消息时效率较低。因此该文提出由基于身份的密码体制(IBC)到无证书密码体制(CLC)的异构密码系统的混合群组签密方案。在该方案中,私钥生成器(PKG)和密钥生成中心(KGC)能够分别在IBC密码体制和CLC密码体制中产生自己的系统主密钥;而且群组成员只有协作才能解签密,提高了方案的安全性;同时在无需更换群组公钥和其他成员私钥的情况下,用户可以动态地加入该群组。所提方案采用了混合签密,具有可加密任意长消息的能力。在随机预言模型下,证明了该文方案在计算Diffie-hellman困难问题下具有保密性和不可伪造性。通过理论和数值实验分析表明该方案具有更高的效率和可行性。

     

Tight Bounds for Unconditional Authentication Protocols in the Manual Channel and Shared Key Models

We address the message authentication problem in two seemingly different communication models. In the first model, the sender and receiver are connected by an insecure channel and by a low-bandwidth auxiliary channel, that enables the sender to ldquomanuallyrdquo authenticate one short message to the receiver (for example, by typing a short string or comparing two short strings). We consider this model in a setting where no computational assumptions are made, and prove that for any there exists a -round protocol for authenticating -bit messages, in which only bits are manually authenticated, and any adversary (even computationally unbounded) has probability of at most to cheat the receiver into accepting a fraudulent message. Moreover, we develop a proof technique showing that our protocol is essentially optimal by providing a lower bound of on the required length of the manually authenticated string. The second model we consider is the traditional message authentication model. In this model, the sender and the receiver share a short secret key; however, they are connected only by an insecure channel. We apply the proof technique above to obtain a lower bound of on the required Shannon entropy of the shared key. This settles an open question posed by Gemmell and Naor (Advances in Cryptology-CRYPTO '93, pp. 355-367, 1993). Finally, we prove that one-way functions are necessary (and sufficient) for the existence of protocols breaking the above lower bounds in the computational setting.     

Batch Throughput Efficiency of ADCCP/HDLC/SDLC Selective Reject Protocols

The batch throughput efficiency is studied for three variants on selective reject protocols that operate in a full duplex asynchronous response mode and that adhere to the common architectural features of ADCCP, HDLC, and SDLC. In these architectures, the receiver of information frames may use the REJ supervisory frame to request the sender of information frames to back up to an earlier point in the send sequence. Alternatively, the receiver of information frames may issue the SREJ supervisory frame, which requests resending of a single previous information frame followed by continuation of the ongoing send sequence. The first protocol discussed here uses SREJ as the principle method for recovering lost frames but reverts to REJ recovery if certain combinations of errors occur. The second protocol uses SREJ as the only means for recovery. The third protocol uses SREJ for "isolated" frame losses; if a second frame loss occurs within a specified time after the first, then recovery of the first loss is done by REJ. Results plotted for transmission via satellite at 1.544 Mbits/s show that the selective reject protocols permitted by the current versions of ADCCP, HDLC, and SDLC outperform the simpler REJ protocol only for bit error rates in a narrow range. Thus, it may be worthwhile to consider modifications to these architectures that will permit more flexible selective reject protocols.     

一种基于计算能力的无需可信第三方公平非抵赖信息交换协议

随着互联网电子商务等业务的发展,公平非抵赖的信息传送协议(fair non-repudiation protocol)逐渐成为网络安全研究的新热点.现有的一些协议大多建立在可信第三方(trusted third party——TTP)基础之上,协议能否顺利进行主要依赖于TTP,如果TTP受到攻击,那么协议将失效.因此,迫切需要一个无需TTP的公平非抵赖协议.由于已有此类协议在安全性上是不对称的,不能保证发送方的信息安全.本文在分析已有非抵赖协议机制及其安全性的基础上,设计了一种发送方优先的协议,并根据双方的计算能力提出了一种可协商的无需可信第三方的公平非抵赖信息交换协议,使非抵赖信息交换的安全性摆脱了对TTP的依赖,并解决了信息的发送方和接收方的计算能力不对等时而存在的安全问题.     

An Identity-Based Group Key Agreement Proto col for Low-Power Mobile Devices

In wireless mobile networks, group mem-bers join and leave the group frequently, a dynamic group key agreement protocol is required to provide a group of users with a shared secret key to achieve cryptographic goal. Most of previous group key agreement protocols for wireless mobile networks are static and employ traditional PKI. This paper presents an ID-based dynamic authen-ticated group key agreement protocol for wireless mobile networks. In Setup and Join algorithms, the protocol re-quires two rounds and each low-power node transmits con-stant size of messages. Furthermore, in Leave algorithm, only one round is required and none of low-power nodes is required to transmit any message, which improves the e?-ciency of the entire protocol. The protocol’s AKE-security with forward secrecy is proved under Decisional bilinear in-verse Di?e-Hellman (DBIDH) assumption. It is addition-ally proved to be contributory.     

建设国家公钥基础结构初探

由于现代信息社会对电子通信的依赖,信息安全变得更加脆弱。用户要求机密性、消息完整性、发方鉴别和收方不可抵赖。公钥基础结构支持国家信息高速公路上的公钥密码体制和数字签名,将在提供这些服务中起非常重要的作用。     

Cluster Based Routing Protocol for Mobile Nodes in Wireless Sensor Network

Mobility of sensor nodes in wireless sensor network (WSN) has posed new challenges particularly in packet delivery ratio and energy consumption. Some real applications impose combined environments of fixed and mobile sensor nodes in the same network, while others demand a complete mobile sensors environment. Packet loss that occurs due to mobility of the sensor nodes is one of the main challenges which comes in parallel with energy consumption. In this paper, we use cross layer design between medium access control (MAC) and network layers to overcome these challenges. Thus, a cluster based routing protocol for mobile sensor nodes (CBR-Mobile) is proposed. The CBR-Mobile is mobility and traffic adaptive protocol. The timeslots assigned to the mobile sensor nodes that had moved out of the cluster or have not data to send will be reassigned to incoming sensor nodes within the cluster region. The protocol introduces two simple databases to achieve the mobility and traffic adaptively. The proposed protocol sends data to cluster heads in an efficient manner based on received signal strength. In CBR-Mobile protocol, cluster based routing collaborates with hybrid MAC protocol to support mobility of sensor nodes. Schedule timeslots are used to send the data message while the contention timeslots are used to send join registration messages. The performance of proposed CBR-Mobile protocol is evaluated using MATLAB and was observed that the proposed protocol improves the packet delivery ratio, energy consumption, delay and fairness in mobility environment compared to LEACH-Mobile and AODV protocols.     

A Heuristic Buffer Management and Retransmission Control Scheme for Tree‐Based Reliable Multicast

We propose a heuristic buffer management scheme that uses both positive and negative acknowledgments to provide scalability and reliability. Under our scheme, most receiver nodes only send negative acknowledgments to their repair nodes to request packet retransmissions while some representative nodes also send positive acknowledgments to indicate which packets can be discarded from the repair node's buffer. Our scheme provides scalability because it significantly reduces the number of feedbacks sent by the receiver nodes. In addition, it provides fast recovery of transmission errors since the packets requested from the receiver nodes are almost always available in their buffers. Our scheme also reduces the number of additional retransmissions from the original sender node or upstream repair nodes. These features satisfy the original goal of tree‐based protocols since most packet retransmissions are performed within a local group.     

Reliable multicast transport protocol (RMTP)

This paper presents the design, implementation, and performance of a reliable multicast transport protocol (RMTP). The RMTP is based on a hierarchical structure in which receivers are grouped into local regions or domains and in each domain there is a special receiver called a designated receiver (DR) which is responsible for sending acknowledgments periodically to the sender, for processing acknowledgment from receivers in its domain, and for retransmitting lost packets to the corresponding receivers. Since lost packets are recovered by local retransmissions as opposed to retransmissions from the original sender, end-to-end latency is significantly reduced, and the overall throughput is improved as well. Also, since only the DRs send their acknowledgments to the sender, instead of all receivers sending their acknowledgments to the sender, a single acknowledgment is generated per local region, and this prevents acknowledgment implosion. Receivers in RMTP send their acknowledgments to the DRs periodically, thereby simplifying error recovery. In addition, lost packets are recovered by selective repeat retransmissions, leading to improved throughput at the cost of minimal additional buffering at the receivers. This paper also describes the implementation of RMTP and its performance on the Internet     

基于区块链技术的跨域认证方案

针对现有交互频繁的信息服务信任域（PKI域和IBC域）之间不能实现信息服务实体（ISE）安全高效的跨域认证的问题,提出一种基于区块链的跨异构域认证方案.在IBC域设置区块链域代理服务器参与SM9（国产标识密码）算法中密钥生成,并与PKI域区块链证书服务器等构成联盟链模型,利用区块链技术去中心化信任、数据不易篡改等优点保证模型内第三方服务器的可信性.基于此设计了跨域认证协议与重认证协议,并进行SOV逻辑证明.分析表明,与目前相关方案相比,协议在满足安全需求的前提下,降低了用户终端的计算量、通信量和存储负担,简化了重认证过程,实现域间安全通信,在信息服务跨异构域身份认证过程中具有良好的实用性.     

Two-way and anonymous heterogeneous signcryption scheme between PKI and IBC

Exiting heterogeneous signcryption schemes which were between public key infrastructure (PKI) and identity-based cryptosystem (IBC) have some limitations.A new heterogeneous signcryption scheme between PKI and IBC was proposed.In the random oracle mode,the scheme ensured confidentiality and unforgeability on the basis of the assumption of computational Diffie-Hellman problem (CDHP),q-Diffie-Hellman inversion problem (q-DHIP) and bilinear Diffie-Hellman problem (BDHP).Simultaneously,the proposed scheme guaranteed unconnectedness and anonymity of the ciphertext.Compared with other heterogeneous schemes,the scheme achieved two-way signcryption,and it generated parameters without restrict,which was suitable for actual situations.Simulation tests show that proposed scheme is feasible.     

基于门限思想1-out-n不经意传输协议

在一个1—out—n的不经意传输模型中。发送者提供n条消息给另一方接收者。但是接收者只能选择获取其中的1条消患，并且发送者不知道接收者获取的是哪一条消息。文章提出了一个基于门限思想并且可复用的1—out-n不经意传输协议。它在效率方面优于以往的Naor-Pinkas协议和Tzeng协议。     

Self-stabilizing sliding window ARQ protocols

It is shown that implementing a practical self-stabilizing sliding window protocol requires a bound on the maximum delay or maximum memory of the communication channel involved. This motivates using communication channel models that incorporate a delay or memory bound. For such models, two new ARQ protocols are presented that self-stabilize by using 1 bit of overhead in each transmitted message. The protocols operate like selective repeat ARQ, except that when a fault places them in an incorrect (unsafe) state, the additional bit in the protocol messages allows automatic recovery. Following a transient fault, the bounded delay protocol stabilizes within four round-trip times. The bounded memory protocol stabilizes after sending at most 2(K+n) messages, where K the is maximum number of messages that can be stored in one direction on the channel, and n is the window size of the sender     

基于数字签名的增强的不经意传输协议

该文在离散对数类数字签名及关于数据串的不经意传输的基础上提出了一种增强的不经意传输协议,解决了一种不经意传输的接入控制问题。除了具备一般不经意传输协议的特征外,该方案具有如下特点：只有持有权威机构发放的签字的接收者才能打开密文而且发送者不能确定接收者是否持有签字,即不能确定接受者的身份。在DDH( Decisional Diffie-Hellman)假设和随机预言模型下该文所提协议具有可证明的安全性。     

A reservation-based multicast protocol for WDM optical star networks

In this paper, we present a reservation-based medium access control (MAC) protocol with multicast support for wavelength-division multiplexing networks. Our system is based on the single-hop, passive optical star architecture. Of the available wavelengths (channels), one channel is designated as a control channel, and the remaining channels are used for data transmission. Each node is equipped with a pair of fixed transceiver to access the control channel, and a fixed transmitter and a tunable receiver to access data channels. For easy implementation of the protocol in hardware and for precisely computing the protocol's processing overhead, we give a register-transfer model of the protocol. We simulate the protocol to study its throughput behavior, and present its analytic model. For a node to be able to send data packets in successive data slots with no time gap between them, in spite of the situation that the protocol's execution time may be longer than data transmission time, we propose the idea of multiple MAC units at each node. Unicast throughput of our protocol reaches the theoretically possible maximum throughput for MAC protocols with distributed control, and the multicast throughput is at least as good as, and even better than, those delivered by existing MAC protocols with distributed control.     

A simple and efficient routing protocol for the UMTSA Access network

This paper presents a simple network layer protocol that integrates routing and connectionless transfer of data in a wireless environment. The protocol is specifically geared towards supporting transfer of signalling in mobile networks based on a rooted tree topology. Exploiting the special characteristics of such a topology allows the specification of a very simple and processing efficient routing function. Using the routing function, a connectionless message transport service is implemented. The connectionless transport service is comparable to that of typical network layer protocols of existing data networks. The protocol has originally been specified to carry signalling messages in the control plane of mobile, cellular systems but has the potential to be used also in other environments.