多源线性网络编码的同态签名算法

网络编码易遭受污染攻击,但传统的签名技术不适用于多源网络编码。为此,基于同态函数,使用双线性对技术,提出一种可抵御污染攻击的多源线性网络编码签名算法,其中,每个源节点用自己的私钥对文件签名,中间或信宿节点仅用公钥即可验证收到的签名,利用随机预言模型证明该算法能够抵抗信源节点和中间节点的攻击。     

抵御污染攻击的双源网络编码签名算法

网络编码易遭受污染攻击的破坏,而传统的签名技术不能适用于多源网络编码。基于一种离散对数问题安全的向量哈希函数,提出一种有效抵御污染攻击的双源线性网络编码签名算法,方案中每个源节点用自己的私钥对文件签名,中间节点可用向量的合并算法线性组合来自不同源的消息,且中间（信宿）节点仅用公钥就可验证收到的签名。方案的安全性依赖于Co-Diffie、Hellman问题,并在随机预言模型下,证明能够抵抗信源节点和中间节点的攻击。     

一种多源网络编码快速签名算法

针对污染和重放攻击提出一个新的多源网络编码签名算法,利用同态加密算法构造签名方案来抵御污染攻击,通过引入消息代的序号,防止了代间的重放攻击,并且采用线性计算方法来减少节点的验证时间,降低了对结点计算能力的要求,特别适合于无线传感器网络或自组织网络.     

基于RSA的多源网络编码签名方案

由于网络编码极易遭受污染攻击的破坏,文中基于RSA问题的难解性提出了一种适用于多源网络编码同态签名方案,以应对污染攻击和重放攻击.该方案能够阻止恶意修改的数据分组,被污染的数据分组会被验证者丢弃,从而保证了系统的安全性.由于方案是为多源网络编码设计的,不需要额外的安全信道,且采用线性计算,大大降低了对结点计算能力的要求,节省了结点的验证时间.此外,通过引入消息代序号,该方案可以防止代间重放攻击.     

基于消息认证混合同态签名的无线网络抗污染攻击方案

为提高无线网络抗污染攻击性能,提出一种基于消息认证混合同态签名的无线网络抗污染攻击方案。首先,采用有向多重图的源节点、非源节点集和链路集对无线网络编码过程进行模型构建,并考虑数据污染攻击和标签污染攻击2种类型的污染攻击建立网络抗污染模型;其次,利用MACs和D-MACs以及Sign同态签名方案,建立混合型的同态签名方案,实现对抗污染攻击模型的消息验证过程的改进,保证了每个MAC编码数据包内容的完整性,并提升了算法的执行效率;最后,通过在基于ASNC机制的实验模拟环境下,对所提算法在被污染节点百分比、流量累积分布和计算效率3个指标中的实验对比,验证了所提算法的性能优势。     

多源网络编码同态签名方案*

由于网络编码的系统很容易受到污染攻击,提出了一个适用于多源网络编码应对污染攻击的同态签名方案.该方案使用了同态哈希函数,能够阻止恶意修改的数据分组.被污染的数据分组会被验证者丢弃,从而保证了系统的安全性.该方案是同态的且是为多源网络编码特别设计的,与文件和分组的大小无关,而且方案中的公钥和每个分组的开销是常量.     

多源网络编码数据完整性验证方案

基于同态向量哈希函数和向量合并算法,提出一种能够抵御污染攻击的多源网络编码数据完整性验证方案。通过信源节点计算发送向量的哈希值,利用私钥对该哈希值进行签名,并将消息向量、哈希值以及哈希值的签名发送至中间节点。中间节点和信宿节点基于系统公钥,验证来自不同信源节点的线性编码消息的完整性。实验结果表明,当信源节点数大于200时,该方案的计算效率优于现有多源网络编码方案,更适用于大规模分布式网络数据的安全验证。     

一种基于RSA的抗多重攻击安全网络编码方案

为解决无线网络易遭受污染攻击和窃听攻击以及攻击方式多样化等安全问题,在无线网络中引入代标识符和时间戳2个参数并结合RSA签名方案,提出一种抗多重攻击的安全网络编码方案。利用同态性质对组合消息生成有效签名,以降低系统的带宽消耗。将该方案与抗代间污染攻击的网络编码同态签名方案进行对比分析,结果表明,两者的开销比接近1,但所提方案能同时抵御代内污染攻击、代间污染攻击以及重放攻击。     

基于数字签名的防污染网络编码方案

网络编码技术对于提高网络吞吐量、均衡网络负载、提高带宽利用率、增强网络的鲁棒性等方面都有明显的优势,但是无法直接抵抗污染攻击.最近,学者提出了基于同态哈希函数的签名方案,可以较好检测污染攻击,但是很难定位被污染的节点.本文结合两者的优势提出了一个基于数字签名的网络编码方案,该方案不仅能够抵抗污染攻击,而且能有效地确定出攻击源的位置,从而降低污染攻击对网络造成的影响,并提升网络的健壮性.     

延迟容忍网络的安全网络编码方案

当前针对污染攻击的解决方案需要公钥基础设施支持,但这对于移动Ad hoc网络而言并不可取,因此提出了无需公钥基础设施的网络编码方案。所提方案允许数据包相互验证,从而使中间节点可判断这些包是否可以未经源验证即可共同编码。分析和比较了其他签名方案,表明无需公钥的网络编码签名功能足以防止污染攻击。     

Short signature scheme for multi-source network coding

It has been proven that network coding can provide significant benefits to networks. However, network coding is very vulnerable to pollution attacks. In recent years, many schemes have been designed to defend against these attacks, but as far as we know almost all of them are inapplicable for multi-source network coding system. This paper proposed a novel homomorphic signature scheme based on bilinear pairings to stand against pollution attacks for multi-source network coding, which has a broader application background than single-source network coding. Our signatures are publicly verifiable and the public keys are independent of the files so that our scheme can be used to authenticate multiple files without having to update public keys. The signature length of our proposed scheme is as short as the shortest signatures of a single-source network coding. The verification speed of our scheme is faster than those signature schemes based on elliptic curves in the single-source network.     

An efficient dynamic-identity based signature scheme for secure network coding

The network coding based applications are vulnerable to possible malicious pollution attacks. Signature schemes have been well-recognized as the most effective approach to address this security issue. However, existing homomorphic signature schemes for network coding either incur high transmission/computation overhead, or are vulnerable to random forgery attacks. In this paper, we propose a novel dynamic-identity based signature scheme for network coding by signing linear vector subspaces. The scheme can rapidly detect/drop the packets that are generated from pollution attacks, and efficiently thwart random forgery attack. By employing fast packet-based and generation-based batch verification approaches, a forwarding node can verify multiple received packets synchronously with dramatically reduced total verification cost. In addition, the proposed scheme provides one-way identity authentication without requiring any extra secure channels or separate certificates, so that the transmission cost can be significantly reduced. Simulation results demonstrate the practicality and efficiency of the proposed schemes.     

一种可确认身份的网络编码签名方案

网络编码理论的提出在提高网络吞吐量、构建网络的鲁棒性等方面都有着明显的优势,但是极易受到污染攻击。很多学者提出了使用同态函数的性质来构造安全方案,能够有效地抵抗污染攻击。但是很少能够确定出污染攻击所发生的网络节点。针对确定污染攻击所发生的节点问题,设计出一个基于同态哈希函数的签名方案,能够抵抗污染攻击并有效地确定出攻击所发生的节点位置。     

An efficient ECC-based mechanism for securing network coding-based P2P content distribution

Network coding has been demonstrated to be able to improve the performance of P2P content distribution. However, it is vulnerable to pollution attacks where malicious peers can flood the network with corrupted blocks easily, leading to substantial performance degradation. Moreover, existing corruption detection schemes for network coding are not well suited to P2P systems. Effective scheme to detect the corruption and identify the attacker is required to thwart such attacks. In this paper, we propose an efficient ECC-based mechanism for securing network coding-based P2P content distribution, namely ESNC, which includes an efficient network coding signature scheme and an identity-based malicious peer identification scheme. The two schemes cooperate to thwart pollution attacks on network coding effectively in P2P networks, not only detecting corrupted blocks on-the-fly efficiently, but also precisely identifying all the malicious peers quickly. ESNC is mainly based on elliptic curve cryptography (ECC) and can provide high level of security. It incurs significantly less computation and communication overheads than other comparable state-of-the-art schemes for P2P systems. ESNC can work with arbitrary topologies, as it is the case in P2P networks. Security analysis demonstrates that ESNC can resist hash collision attacks, signature forgery attacks, and collusion attacks with arbitrary number of colluding malicious peers. Simulation results show that ESNC effectively limits the corruption spread and identifies all the malicious peers in a short time under different practical settings.     

An efficient homomorphic MAC-based scheme against data and tag pollution attacks in network coding-enabled wireless networks

Recent research efforts have shown that wireless networks can benefit from network coding (NC) technology in terms of bandwidth, robustness to packet losses, delay and energy consumption. However, NC-enabled wireless networks are susceptible to a severe security threat, known as data pollution attack, where a malicious node injects into the network polluted packets that prevent the destination nodes from decoding correctly. Due to recoding, occurred at the intermediate nodes, according to the core principle of NC, the polluted packets propagate quickly into other packets and corrupt bunches of legitimate packets leading to network resource waste. Hence, a lot of research effort has been devoted to schemes against data pollution attacks. Homomorphic MAC-based schemes are a promising solution against data pollution attacks. However, most of them are susceptible to a new type of pollution attack, called tag pollution attack, where an adversary node randomly modifies tags appended to the end of the transmitted packets. Therefore, in this paper, we propose an efficient homomorphic message authentication code-based scheme, called HMAC, providing resistance against data pollution attacks and tag pollution attacks in NC-enabled wireless networks. Our proposed scheme makes use of three types of homomorphic tags (i.e., MACs, D-MACs and one signature) which are appended to the end of the coded packet. Our results show that the proposed HMAC scheme is more efficient compared to other competitive tag pollution immune schemes in terms of complexity, communication overhead and key storage overhead.