CBCR:采用循环移位的CBC MAC

在现代通信中,消息鉴别码广泛应用于数据的完整性保护和起源认证.文中提出一个基于分组密码的消息鉴别码算法CBCR,它在认证任意长度的消息时都具备可证明安全的保障.CBCR在密码分组链接模式的末端采用循环移位操作,并且对所有消息都加入一个定长的前缀,后者使得它在现实应用中具备一定的灵活性.比如说,这些定长的前缀可以是一些安...     

带标签的基于证书密钥封装机制

基于证书加密方案通常将消息空间限制于某个特殊的群并且不适合大块消息加密.为了解决这一问题,将带标签的密钥封装机制引入到基于证书系统中,提出了带标签的基于证书密钥封装机制的形式化定义及安全模型.在此基础上构造了一个带标签的基于证书密钥封装方案,并证明了该方案在随机预言模型下是自适应选择密文不可区分的.     

Linkable message tagging: solving the key distribution problem of signature schemes

Digital signatures guarantee practical security only if the corresponding verification keys are distributed authentically; however, arguably, satisfying solutions for the latter have not been found yet. This paper introduces a novel approach for cryptographic message authentication where this problem does not arise: A linkable message tagging scheme (LMT) identifies pairs of messages and accompanying authentication tags as related if and only if these tags were created using the same secret key. Importantly, our primitive fully avoids public keys and hence elegantly sidesteps the key distribution problem of signature schemes. As an application of LMT we envision an email authentication system with minimal user interaction. Email clients could routinely equip all outgoing messages with corresponding tags and verify for incoming messages whether they indeed originate from the same entity as previously or subsequently received messages with identical sender address. As technical contributions we formalize the notions of LMT and its (more efficient) variant CMT (classifiable message tagging), including corresponding notions of unforgeability. For both variants we propose a range of provably secure constructions, basing on different hardness assumptions, with and without requiring random oracles. This article extends prior work of the same authors that appeared in the proceedings of ACISP 2015 (Günther and Poettering in 2015).     

基于智能电网的安全密钥共享算法

针对多数密钥建立协议存在中间参数泄露和私钥泄露问题,提出新的公钥共享的对称加密(PKS-SE)算法,进而维护智能电表与服务商间通信的安全.PKS-SE算法以双线性映射、超奇异曲线为基础,构建智能电表与服务商通信的通信密钥,避免密钥托管问题.同时,PKS-SE算法减少了认证过程中交互的消息数,进而控制了 PKS-SE算法...     

Algorithms and complexity results for graph-based pursuit evasion

We study the classical edge-searching pursuit-evasion problem where a number of pursuers have to clear a given graph of fast-moving evaders despite poor visibility, for example, where robots search a cave system to ensure that no terrorists are hiding in it. We study when polynomial-time algorithms exist to determine how many robots are needed to clear a given graph (minimum robot problem) and how a given number of robots should move on the graph to clear it with either a minimum sum of their travel distances (minimum distance problem) or minimum task-completion time (minimum time problem). The robots cannot clear a graph if the vertex connectivity of some part of the graph exceeds the number of robots. Researchers therefore focus on graphs whose subgraphs can always be cut at a limited number of vertices, that is, graphs of low treewidth, typically trees. We describe an optimal polynomial-time algorithm, called CLEARTHETREE, that is shorter and algorithmically simpler than the state-of-the-art algorithm for the minimum robot problem on unit-width unit-length trees. We then generalize prior research to both unit-width arbitrary-length and unit-length arbitrary-width graphs and derive both algorithms and time complexity results for a variety of graph topologies. Pursuit-evasion problems on the former graphs are generally simpler than pursuit-evasion problems on the latter graphs. For example, the minimum robot and distance problems are solvable in polynomial time on unit-width arbitrary-length trees but NP-hard on unit-length arbitrary-width trees.     

基于MD5的迭代冗余加密算法

MD5报文摘要算法是一种非常流行的加密方案,是对任意长度的消息提取数字指纹或消息摘要的算法,但是,在计算上难以提供两个具有相同数字指纹的不同消息,并难以由给定的数字指纹推算出相应的消息.基于MD5的迭代冗余加密算法对MD5算法进行了扩展,利用了MD5算法的强大安全性,实现了文件加密、解密和数据完整性保护的功能.     

基于量子密码的物联网RFID系统安全的研究

RFID系统的普及应用和计算机处理能力不断提高使得传统公钥密码体制的不足日益凸显。为了替代传统公钥密码体制,解决标签的安全问题,本文基于遍历矩阵构造多元二次多项式（Bisectional Multivariate Quadratic Equation,BMQE）的方法,建立一种新的基于量子计算机构造的公钥密码方案,并且给出物联网移动RFID安全协议模型。接着从密钥尺寸、加/解密速度等对该方案进行性能评估,表明该方案在RFID系统中应用的可行性。最后从各项攻击方法等进行分析,表明该方案的安全性。该研究成果对量子密码时代推进RFID的安全研究具有重要参考价值。     

轻量级的无线射频识别安全认证协议

针对现有无线射频识别(RFID)认证协议存在的安全缺陷,提出了一种新的轻量级RFID安全认证协议,并基于GNY逻辑给出了形式化证明。协议采用阅读器双重认证及预认证阶段刷新密钥的方法,通过在标签中添加保护密钥同步的恶意攻击标记Tm,解决了当前协议中存在的可扩展性欠佳、标签密钥更新失败导致位置跟踪和非法更新标签/服务器内部密钥造成拒绝服务(DoS)等问题,可抵抗重传、标签/阅读器假冒和通信量分析等多种恶意攻击,尤其防范来自位置隐私泄露和拒绝服务的安全威胁。分析结果表明,所提协议具有低成本、安全性高、计算复杂度低等特点,适合于标签数目较多的RFID系统。     

基于PUF的RFID协议分析与改进?

对一个基于PUF构造的低成本RFID安全协议进行分析,发现该协议不能保护标签的隐私性,即任何一个攻击者通过重放协议消息就可以跟踪同一个标签。并且由于识别标签的时间复杂度和通信复杂度都与标签个数呈线性关系,因此协议不具有扩展性。为此,提出一个改进的RFID协议,使得协议在效率和安全性两方面得到改善。     

手机短信息隐蔽转发机制的分析研究

对在智能手机上实现的通常短信息隐蔽转发机制进行分析研究。结果表明,短信息隐蔽转发一般是利用MAPI规则过滤机理,在手机上的短信息接收过程中将信息进行截获,提取接收的短信息内容及发件人信息,进行组合后隐蔽地转发到另外的监听手机上。仿真实验结果表明,该攻击方法具备高隐蔽性,低延迟等特点,容易对手机造成攻击。     

一个优化的分组密码的工作模式

作为基本工作模式OFB具有流密码的特点,它允许明文的分组单位长度小于分组密码的长度,从而可适应用户数据格式的需要。但当分组单位长度远远小于分组密码的长度时,此模式使用分组密码的效率不高。因为不管加密多短的明文块,每加密一块都要使用一次分组密码。为了提高其效率,引进了计数器和缓冲器,使分组密码的输出得到全部使用。同时为了增强安全性,改进了OFB模式的反馈输入方式,使得在P. Rogaway等人给出的强安全性定义(priv)下是可证明安全的,并用M.Bellare和V.Shoup的玩游戏的方法给出了一个自然、通俗易懂的证明。     

Cryptanalysis of an EPC Class-1 Generation-2 standard compliant authentication protocol

Recently, Chen and Deng (2009) proposed an interesting new mutual authentication protocol. Their scheme is based on a cyclic redundancy code (CRC) and a pseudo-random number generator in accordance with the EPC Class-1 Generation-2 specification. The authors claimed that the proposed protocol is secure against all classical attacks against RFID systems, and that it has better security and performance than its predecessors. However, in this paper we show that the protocol fails short of its security objectives, and in fact offers the same security level than the EPC standard it tried to correct. An attacker, following our suggested approach, will be able to impersonate readers and tags. Untraceability is also not guaranteed, since it is easy to link a tag to its future broadcast responses with a very high probability. Furthermore, readers are vulnerable to denial of service attacks (DoS), by obtaining an incorrect EPC identifier after a successful authentication of the tag. Moreover, from the implementation point of view, the length of the variables is not compatible with those proposed in the standard, thus further discouraging the wide deployment of the analyzed protocol. Finally, we propose a new EPC-friendly protocol, named Azumi, which may be considered a significant step toward the security of Gen-2 compliant tags.     

A minimum disclosure approach to authentication and privacy in RFID systems

In this paper we present a novel approach to authentication and privacy in RFID systems based on the minimum disclosure property and in conformance to EPC Class-1 Gen-2 specifications. We present two security schemes that are suitable for both fixed reader and mobile/wireless reader environments, the mutual authentication and the collaborative authentication schemes respectively. Both schemes are suited to the computational constraints of EPC Class-1 Gen-2 passive RFID tags as only the cyclic redundancy check (CRC) and pseudo random number generator (PRNG) functions that passive RFID tags are capable of are used. Detailed security analysis of both our schemes show that they offer robust security properties in terms of tag anonymity, tag untraceability and reader privacy while at the same time being robust to replay, tag impersonation and desynchronisation attacks. Simulations results are also presented to study the scalability of the schemes and its impact on authentication delay. In addition, Yeh et al. (2010) [20] proposed a security scheme for EPC Class-1 Gen-2 based mobile/wireless RFID systems. We show that this scheme has a security vulnerability and is not suitable for mobile/wireless RFID systems.     

Low-latency Mix Using Split and Merge Operations

One of the methods to maintain the anonymity of communicating nodes in a network is the mix technique. Mix networks have been subject to various traffic analysis attacks that aim at compromising the identities of these communication nodes. Our focus in this paper is to propose mix network schemes that are more robust against these attacks. To this end, we propose using traffic re-distribution techniques. Traffic re-distribution involves changing the number and size of messages in the network by splitting and merging the messages at network nodes and using variable size messages to confuse the attacker. The security and anonymity of the proposed techniques are evaluated against traffic analysis attacks. Performance analysis is provided to determine the effectiveness of the proposed techniques.     

On the use of virtual channels in networks of workstations withirregular topology

Networks of workstations are becoming increasingly popular as a cost-effective alternative to parallel computers. Typically, these networks connect workstations using irregular topologies, providing the wiring flexibility, scalability, and incremental expansion capability required in this environment. Recently, we proposed two methodologies for the design of adaptive routing algorithms for networks with irregular topology, as well as fully adaptive routing algorithms for these networks. These algorithms increase throughput considerably with respect to previously existing ones, but require the use of at least two virtual channels. In this paper, we propose a very efficient flow control protocol to support virtual channels when link wires are very long and/or have different lengths. This flow control protocol relies on the use of channel pipelining and control flits. Control traffic is minimized by assigning physical bandwidth to virtual channels until the corresponding message blocks or it is completely transmitted. Simulation results show that this flow control protocol performs as efficiently as an ideal network with short wires and flit-by-flit multiplexing. The effect of additional virtual channels per physical channel has also been studied, revealing that the optimal number of virtual channels varies with network size. The use of virtual channel priorities is also analyzed. The proposed flow control protocol may increase short message latency, due to long messages monopolizing channels and hindering the progress of short messages. Therefore, we have analyzed the impact of limiting the number of flits (block size) that a virtual channel may forward once it gets the link. Simulation results show that limiting the maximum block size causes the overall network performance to decrease     

增强型RFID极低限相互认证协议

针对极低限相互认证协议(M²AP)不能够抵御中间人攻击的缺点,通过对传输的信息进行一定的保护,提出了增强型极低限相互认证协议(EM²AP)。该协议通过计算标签和阅读器共享密钥的汉明权重,并根据这个值对传输的信息进行循环移位,从而有效地抵御了中间人攻击。通过BAN逻辑证明、安全分析和性能分析,表明该协议能够在维持标签低成本的同时具有较高的安全性和可靠性。     

Key值更新随机Hash锁对RFID安全隐私的加强

RFID无线通信的方式和无可视性读写要求带来了很多安全隐患,针对RFID技术在安全隐私方面存在的威胁,在分析几种典型的RFID安全隐私保护方法的特点和局限的基础上,提出了一种新的方法——Key值更新随机Hash锁。该方法使用单向Hash函数添加随机Hash锁,并在每次通信过程中更新标签Key值,且标签与阅读器之间的数据传输都经过了Hash加密,有效地防止了非法读取、位置跟踪、窃听、伪装哄骗、重放等攻击。分析表明,该方法具有成本低、前向安全、负载小、效率高、安全性好等特点,适用于标签数目较多的 情况。     

基于Weil对的成对密钥协商协议

为了实现网络安全,一个重要的方法是网络用户传送加密和可鉴定的消息.此时,用来加密和鉴定的密钥应该由网络中的用户协商得到.提出了3个基于Weil对的成对密钥协商协议.在协议中,所有用户共享一个秘密信息,通过较少的步骤,同时实现密钥协商和用户认证.提出的协议满足如下的安全特性:部分密钥泄漏的安全性、完备的前向安全性、个人密钥泄漏的安全性、无不明的密钥共享和无法控制密钥等.     

基于代理随机数的低成本RFID安全协议

针对低成本电子标签安全隐私保护能力和防跟踪能力较弱的问题,采用读写器代理生成随机数的方法,提出一种面向大容量被动型标签的新型无线射频识别(RFID)安全认证协议。理论分析证明,该协议具有前向安全性,能够防止位置隐私攻击、窃听攻击,保障数据的保密性、可靠性和一致性,且硬件复杂度较低,适用于低成本电子标签。     

Service oriented architectures: approaches,technologies and research issues

Service-oriented architectures (SOA) is an emerging approach that addresses the requirements of loosely coupled, standards-based, and protocol- independent distributed computing. Typically business operations running in an SOA comprise a number of invocations of these different components, often in an event-driven or asynchronous fashion that reflects the underlying business process needs. To build an SOA a highly distributable communications and integration backbone is required. This functionality is provided by the Enterprise Service Bus (ESB) that is an integration platform that utilizes Web services standards to support a wide variety of communications patterns over multiple transport protocols and deliver value-added capabilities for SOA applications. This paper reviews technologies and approaches that unify the principles and concepts of SOA with those of event-based programing. The paper also focuses on the ESB and describes a range of functions that are designed to offer a manageable, standards-based SOA backbone that extends middleware functionality throughout by connecting heterogeneous components and systems and offers integration services. Finally, the paper proposes an approach to extend the conventional SOA to cater for essential ESB requirements that include capabilities such as service orchestration, “intelligent” routing, provisioning, integrity and security of message as well as service management. The layers in this extended SOA, in short xSOA, are used to classify research issues and current research activities.