基于信念绑定的安全协议消息块设计方法

为解决安全协议设计中容易忽视的信念问题,分析了安全协议中密钥新鲜性、密钥共享性和公钥归属性等信念,定义了描述这些信念的参数,最后提出了一种基于信念绑定的安全协议消息块设计方法。利用该方法来设计安全协议,可提高安全协议抗攻击的能力。     

三个无证书签名方案的密码学分析与改进

分析3个无证书签名方案,指出第1种方案不能抵抗消极不诚实密钥生成中心的攻击,后2种方案不能抵抗公钥替换攻击.通过在部分私钥生成阶段绑定公钥,提高第1种方案的安全性.在签名阶段,利用公钥绑定散列函数将用户公钥与消息绑定,由此弥补后2种方案的安全缺陷.     

优化认证消息流防止中间人攻击

中间人攻击是对网络协议的攻击,该攻击普遍存在并危害较大,很多安全协议也面临威胁.按照发展层次比较了对一般通信、附加认证和安全协议的通信和受保护认证通信的中间人攻击方式,分析了可以避免该攻击的几种方法.以联锁协议为基础,以受保护的认证协议为例,提出了通过改变认证消息序列避免攻击的安全认证协议构造方法.     

园区网ARP欺骗攻击防御模式设计与实现

地址解析协议(ARP)工作于OSI参考模型第二层,在园区网VLAN中实现IP地址到网络接口硬件地址(MAC)的映射功能,攻击者利用ARP协议安全缺陷,在网关与主机(整个网段)之间实施ARP欺骗攻击,将会对VALN内主机产生巨大安全威胁。针对此类攻击设计与实现的网络防御模式,通过IP地址与接入层交换机端口绑定、定期在VLAN广播网关MAC地址等方法,可有效阻止该类攻击发生。     

园区网ARP欺骗攻击防御模式设计与实现

地址解析协议（ARP）工作于OSI参考模型第二层，在园区网VLAN中实现IP地址到网络接口硬件地址（MAC）的映射功能，攻击者利用ARP协议安全缺陷，在网关与主机（整个网段）之间实施ARP欺骗攻击，将会对VALN内主机产生巨大安全威胁。针对此类攻击设计与实现的网络防御模式，通过IP地址与接人层交换机端口绑定、定期在VLAN广播网关MAC地址等方法，可有效阻止该类攻击发生。     

OLSR路由协议中MPR节点安全性研究

OLSR(最优链路状态路由协议)是一种先应式路由协议,其MPR(多点中继)节点易受恶意攻击,严重时将导致路由协议崩溃.针对这一安全隐患,提出了一种MPR节点综合抗攻击方案:消息加密和消息频率检测技术.消息加密技术主要是对广播的HELLO消息进行加密,防止攻击节点冒充合法节点;频率检测是对HELLO消息发送频率进行检测,若频率过大则可以认为发送该HELLO消息的节点为恶意节点.仿真结果表明,该综合方案可以有效抵制对MPR节点的攻击,保证OLSR路由协议的安全.     

ARP攻击防范及解决方案分析

ARP协议自身设计上存在缺陷,其攻击成为局域网安全的首要威胁.ARP欺骗主机的检测和欺骗主杌的定位成为防范的首要工作.防范ARP攻击,需要在客户和服务器端做相应的设置,并且,对于四元绑定模式、酒店模式、电信宽带模式,提出了不同的防治措施.     

安全协议认证属性的设计框架研究

提出了一种安全协议的认证属性设计方法。该方法设计了协议认证消息结构,通过通道模型增加设计过程中消息结构的动态安全特性,采用迹模型准确描述消息交互过程。讨论了避免攻击的安全属性设计原则,并通过形式化的方法表示出来。最后证明了该形式化方法的有效性。     

基于CGA技术的移动IPv6绑定更新安全机制

为解决移动IPv6路由优化过程当中绑定更新消息的安全问题,结合返回路径可达协议和CAM协议的优点,提出一种基于加密生成地址(CGA)技术的绑定更新安全机制。该机制在没有部署PKI的环境下,利用CGA技术实现了跨信任域的2个节点基于地址的身份认证,可有效防止攻击者伪造、篡改绑定更新消息,解决路由优化过程中存在的反射式攻击问题。     

改进Athena算法的多协议攻击自动化验证方法

多协议环境下协议安全性问题是安全协议形式化分析验证领域的一个公开问题。针对此问题,在分析Athena算法的基础上提出了一种多协议攻击自动化验证方法。该方法扩展了Athena状态表示方法和后继状态生成算法,使得攻击者具备截取其它协议交互消息和计算生成当前协议消息的能力,能够以自动化的方式验证协议是否存在多协议攻击。实验结果表明,提出的方法能够实现多协议攻击的自动化验证。     

设计密码协议的若干原则与方法

传统的密码协议设计主要考虑理想环境下运行的安全性。为了设计实用安全的密码协议,首先对理想环境下密码协议中存在的主要攻击进行研究和总结,提出四条协议设计原则,以避免常见的设计缺陷;然后通过对消息完整性的研究,提出一种协议转换算法,可将理想环境下安全的密码协议转换为现实环境下安全的密码协议,并证明算法的安全性。该转换算法的提出,有助于设计在现实环境下运行安全的密码协议。     

A lightweight authentication and key agreement protocol preserving user anonymity

Nowadays with widespread employment of the Internet, servers provide various services for legal users. The vital issue in client/server connections is authentication protocols that make the communication channel safe and secure against famous attacks. Recently, Kumari et al. and Chaudhry et al. proposed two authentication and key agreement protocols and illustrated that their proposed protocols are secure against various security attacks. However, in this paper we demonstrate that both protocols are vulnerable to off-line password guessing attacks. Moreover, we show that Kumari et al.’s protocol does not provide the property of user anonymity. In order to overcome these weaknesses, we propose a lightweight authentication and key agreement protocol. The correctness of the proposed protocol is proved using BAN logic. Security analysis demonstrates that the proposed protocol resists various security attacks and provides user anonymity. Furthermore, performance analysis confirms that the computation cost of the proposed protocol is acceptable.

     

Detecting and Preventing Type flaws: a Control Flow Analysis with Tags

A type flaw attack on a security protocol is an attack where an honest principal is cheated on interpreting a field in a message as the one with a type other than the intended one. In this paper, we shall present an extension of the LySa calculus with tags attached to each field, indicating the intended types. We developed a control flow analysis for analysing the extended LySa, which over-approximates all the possible behaviour of a protocol and hence is able to capture any type confusion that may happen during the protocol execution. The control flow analysis has been applied to a number of security protocols, either subject to type flaw attacks or not. The results show that it is able to capture type flaw attacks on those security protocols.     

Quantum broadcasting multiple blind signature with constant size

Using quantum homomorphic signature in quantum network, we propose a quantum broadcasting multiple blind signature scheme. Different from classical signature and current quantum signature schemes, the multi-signature proposed in our scheme is not generated by simply putting the individual signatures together, but by aggregating the individual signatures based on homomorphic property. Therefore, the size of the multi-signature is constant. Furthermore, based on a wide range of investigation for the security of existing quantum signature protocols, our protocol is designed to resist possible forgery attacks against signature and message from the various attack sources and disavowal attacks from participants.     

The Interrogator: Protocol Secuity Analysis

The Interrogator is a Prolog program that searches for security vulnerabilities in network protocols for automatic cryptographic key distribution. Given a formal specification of the protocol, it looks for message modification attacks that defeat the protocol objective. It is still under developement, but is has been able to rediscover a known vulnerability in a published protocol. It is implemented in LM-Prolog on a Lisp Machine, with a graphical user interface.     

Countering jamming attacks against an authentication and key agreement protocol for mobile satellite communications

The radio-based medium of satellite communication systems is vulnerable to interference on physical channels: unintentional interferences occur frequently and jamming attacks can be achieved using low-grade technology. While application layer security protocols cannot defend against denial of service (DoS) attacks where the attacker jams continuously, effective security protocols ensure that communication can continue after such interference has stopped.This paper analyses an authentication and key agreement protocol for satellite communications. The presented analysis reveals that the protocol is susceptible to a new DoS attack, where attackers jam a single message to achieve a permanent DoS condition. A new authentication and key agreement protocol is proposed that additionally addresses the scenario where messages send over the mobile satellite channel may not reach their intended recipient due to accidental or malicious interference. Analysis of the new protocol demonstrates that it is effective in countering the disruptive effects of jamming.     

A secure routing model based on distance vector routing algorithm

Distance vector routing protocols have been widely adopted as an efcient routing mechanism in current Internet,and many wireless networks.However,as is well-known,the existing distance vector routing protocols are insecure as it lacks of efective authorization mechanisms and routing updates aggregated from other routers.As a result,the network routing-based attacks become a critical issue which could lead to a more deteriorate performance than other general network attacks.To efciently address this issue,this paper,through analyzing the routing model and its security aspect,and presents a novel approach on guaranteeing the routing security.Based on the model,we present the security mechanism including the message exchange and update message security authentication mechanism.The suggested approach shows that the security mechanism can efectively verify the integrity and validate the freshness of routing update messages received from neighbor nodes.In comparison with exiting mechanisms(SDV,S-RIP etc),the proposed model provides enhanced security without introducing significant network overheads and complexity.     

Adaptive fuzzy tracking control for a class of uncertain MIMO nonlinear systems using disturbance observer

In this paper,the adaptive fuzzy tracking control is proposed for a class of multi-input and multioutput(MIMO)nonlinear systems in the presence of system uncertainties,unknown non-symmetric input saturation and external disturbances.Fuzzy logic systems(FLS)are used to approximate the system uncertainty of MIMO nonlinear systems.Then,the compound disturbance containing the approximation error and the timevarying external disturbance that cannot be directly measured are estimated via a disturbance observer.By appropriately choosing the gain matrix,the disturbance observer can approximate the compound disturbance well and the estimate error converges to a compact set.This control strategy is further extended to develop adaptive fuzzy tracking control for MIMO nonlinear systems by coping with practical issues in engineering applications,in particular unknown non-symmetric input saturation and control singularity.Within this setting,the disturbance observer technique is combined with the FLS approximation technique to compensate for the efects of unknown input saturation and control singularity.Lyapunov approach based analysis shows that semi-global uniform boundedness of the closed-loop signals is guaranteed under the proposed tracking control techniques.Numerical simulation results are presented to illustrate the efectiveness of the proposed tracking control schemes.