量子密码协议的改进

本文研究了量子密钥分发方案。结果表明以前的量子密钥分发方案存在安全漏洞。为保证方案安全性,本文提出了两种改进方案,使量子密钥实现真正上的安全密钥分发。     

连续变量量子密钥分发发展综述

量子密钥分发基于量子物理基本原理,提供信息论安全性,是迄今发展最为成熟的量子密码技术。其中,连续变量量子密钥分发具有与现有光通信网络兼容性较好的特点,同时具备高重复频率和高密钥速率发展潜力,是当前量子保密通信领域的重要发展方向。综述了连续变量量子密钥分发的基本原理,回顾了连续变量量子密钥分发协议的发展历程,介绍了协议的安全证明现状和主流方案,包括随路本振系统和本地本振系统,以及高斯调制方案和离散调制方案。最后概述了连续变量量子密钥分发的发展现状并展望了其未来发展趋势。     

量子密钥分发系统与经典光通信系统共纤传输分析

阐述量子信号与经典信号共纤传输的技术难点和解决办法,结合实际经典网络特点,提出了量子密钥分发系统与经典光通信系统共纤传输方案,为量子密钥分发系统与经典光通信系统共纤传输技术进一步研究提供参考,从而促进量子密钥网络的发展。     

量子密钥分发网方案的改进设计

量子密码术要走向实用化,必须实现多用户间的量子密钥分配.首先介绍了基于EPR对的E91量子密钥分发方案.利用该协议,我们在现有量子密钥分发网方案的基础上提出了一种实现多用户网络下任意多个用户之间的密钥分发方案,并融合波分复用技术对级联式环型量子密钥分发网方案进行了改进.     

互联网骨干网企业互联行为与结算因子关系

通过对互联网互联与电信网互联的差异性比较,得出了互联网网间互联的特点。在互联网网间互联特点的基础上,分析了骨干网经营单位的企业互联行为和提出网络价值结算模型,最后简要地说明我国NAP点结算价格的管制外部性。     

具有密钥自动分配功能的网络化口令认证系统

首先讨论了现有各种口令认证方法的特点，然后提出了一种可以进行密钥自动分发的不可重复口令认证方案。该方案具有以下基本特征：非法用户无法以重发攻击的方式入侵网络；主机系统可以自动分发加密密钥；用户不需事先取得加密密钥．可以不受限制的自由更改口令；系统管理者可以随时更改加密，解密密钥，并自动分发更新。显然，该方案在保持强安全性的同时具有很大的灵活性。     

一种基于智能卡的会话密钥交换和认证方案

基于RSA算法的安全性和求解离散对数问题的困难性 ,给出一种将密钥交换和身份认证有效结合的会话密钥管理方案 ,并对其安全性进行了分析。智能卡管理中心 (SMC)用于智能卡的分发和管理 ,系统所有用户均使用SMC的一个公开密钥 ,由通信双方独立实现共享密钥交换和身份认证 ,而无需智能卡管理中心的参与或预先获取对方的公开密钥证书     

联合作战密钥分发架构设计

以联合作战使命任务需求为牵引,基于作战网络模型,提出了密码信息网络和密码任务群组概念;作战网络的动态性导致了密码任务群组的不确定性,从而增大了密钥的生成与分发难度。利用复杂网络的邻接矩阵机理设计了密码任务群组的计算方法,并对密码态势认知、密码网络建模、密钥的生成和分发路径等关键环节进行了分析研究。结合信息化条件下联合作战指挥特点,设计了分发流程和架构,实现了密钥自动生成和灵活动态调整,解决了特定战斗任务之不确定性、多样性和复杂性带来的密钥分发难题。有效提高了密钥分发科学化和规范化水平,为密钥分发系统与指挥信息系统的深度融合、与作战系统和通信网络系统的自动协同筹划奠定了基础。     

适合于无线传感器网络的混合式组密钥管理方案

针对无线传感器网络中经常出现节点加入或退出网络的情况,提出了一种安全有效的混合式组密钥管理方案.多播报文的加密和节点加入时的组密钥更新,采用了对称加密技术;而系统建立后,组密钥的分发和节点退出后的组密钥更新,采用了基于身份的公钥广播加密方法.方案可抗同谋、具有前向保密性、后向保密性等安全性质.与典型组密钥管理方案相比,方案在适当增加计算开销的情况下,有效降低了节点的存储开销和组密钥更新通信开销.由于节点的存储量、组密钥更新开销独立于群组大小,方案具有较好的扩展性,适合应用于无线传感器网络环境.     

国家级互联网骨干直联点建设方案分析

【】：国家级互联网骨干直联点(以下简称骨干直联点),作为国家重要通信枢纽,主要用于汇聚和疏通全国网间通信流量,是我国互联网网间互联架构的顶层关键环节。目前已在全国13个城市建成,开通网间互联带宽总量达2T。本文针对骨干直联点的特点及存在问题,分析增设骨干直联点对网络质量、流量均衡等方面的影响,提出了建设骨干直联点的方案,并对各种不同方案进行比较,为骨干直联点的实际建设提供指导。     

Efficient identity-based security schemes for ad hoc network routing protocols

Wireless ad hoc networks consist of nodes with no central administration and rely on the participating nodes to share network responsibilities. Such networks are more vulnerable to security attacks than conventional wireless networks. We propose two efficient security schemes for these networks that use pairwise symmetric keys computed non-interactively by the nodes which reduces communication overhead. We allow nodes to generate their broadcast keys for different groups and propose a collision-free method for computing such keys. We use identity-based keys that do not require certificates which simplifies key management. Our key escrow free scheme also uses identity-based keys but eliminates inherent key escrow in identity-based keys. Our system requires a minimum number of keys to be generated by the third party as compared to conventional pairwise schemes. We also propose an authenticated broadcast scheme based on symmetric keys and a corresponding signature scheme.     

Dynamic key management in sensor networks

Numerous key management schemes have been proposed for sensor networks. The objective of key management is to dynamically establish and maintain secure channels among communicating nodes. Desired features of key management in sensor networks include energy awareness, localized impact of attacks, and scaling to a large number of nodes. A primary challenge is managing the trade-off between providing acceptable levels of security and conserving scarce resources, in particular energy, needed for network operations. Many schemes, referred to as static schemes, have adopted the principle of key predistribution with the underlying assumption of a relatively static short-lived network (node replenishments are rare, and keys outlive the network). An emerging class of schemes, dynamic key management schemes, assumes long-lived networks with more frequent addition of new nodes, thus requiring network rekeying for sustained security and survivability. In this article we present a classification of key management schemes in sensor networks delineating their similarities and differences. We also describe a novel dynamic key management scheme, localized combinatorial keying (LOCK), and compare its security and performance with a representative static key management scheme. Finally, we outline future research directions.     

A study of multicast congestion control for UMTS

In this paper, we study the applicability of multicast congestion control over universal mobile telecommunications system (UMTS) networks. We analyze two well‐known multicast congestion control schemes for fixed networks, namely TCP‐friendly multicast congestion control and pragmatic general multicast congestion control. We investigate their behavior when they are employed in UMTS networks and we analyze the problems arose when these mechanisms are applied over the wireless links of the UMTS terrestrial radio‐access network. Additionally, we propose necessary improvements to these legacy schemes and explain the necessity of these modifications. The proposed schemes are implemented in the ns‐2 network simulator and are evaluated under various network conditions and topologies. Finally, we measure the performance of the proposed modified schemes and compare them with the corresponding legacy mechanisms. Copyright © 2009 John Wiley & Sons, Ltd.     

Memory‐Efficient Hypercube Key Establishment Scheme for Micro‐Sensor Networks

A micro‐sensor network is comprised of a large number of small sensors with limited memory capacity. Current key‐establishment schemes for symmetric encryption require too much memory for micro‐sensor networks on a large scale. In this paper, we propose a memory‐efficient hypercube key establishment scheme that only requires logarithmic memory overhead.     

A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security

Ubiquitous networks provide roaming service for mobile nodes enabling them to use the services extended by their home networks in a foreign network. A mutual authentication scheme between the roamed mobile node and the foreign network is needed to be performed through the home network. Various authentication schemes have been developed for such networks, but most of them failed to achieve security in parallel to computational efficiency. Recently, Shin et al. and Wen et al. separately proposed two efficient authentication schemes for roaming service in ubiquitous networks. Both argued their schemes to satisfy all the security requirements for such systems. However, in this paper, we show that Shin et al. 's scheme is susceptible to: (i) user traceability; (ii) user impersonation; (iii) service provider impersonation attacks; and (iv) session key disclosure. Furthermore, we show that Wen et al. 's scheme is also insecure against: (i) session key disclosure; and (ii) known session key attacks. To conquer the security problems, we propose an improved authentication scheme with anonymity for consumer roaming in ubiquitous networks. The proposed scheme not only improved the security but also retained a lower computational cost as compared with existing schemes. We prove the security of proposed scheme in random oracle model. Copyright © 2015 John Wiley & Sons, Ltd.     

On Self-Healing Key Distribution Schemes

Self-healing key distribution schemes allow group managers to broadcast session keys to large and dynamic groups of users over unreliable channels. Roughly speaking, even if during a certain session some broadcast messages are lost due to network faults, the self-healing property of the scheme enables each group member to recover the key from the broadcast messages he has received before and after that session. Such schemes are quite suitable in supporting secure communication in wireless networks and mobile wireless ad-hoc networks. Recent papers have focused on self-healing key distribution, and have provided definitions, stated in terms of the entropy function, and some constructions. The contribution of this paper is the following: We analyze current definitions of self-healing key distribution and, for two of them, we show that no protocol can achieve the definition. We show that a lower bound on the size of the broadcast message, previously derived, does not hold. We propose a new definition of self-healing key distribution, and we show that it can be achieved by concrete schemes. We give some lower bounds on the resources required for implementing such schemes, i.e., user memory storage and communication complexity. We prove that the bounds are tight     

Video-aware opportunistic network coding over wireless networks

In this paper, we study video streaming over wireless networks with network coding capabilities. We build upon recent work, which demonstrated that network coding can increase throughput over a broadcast medium, by mixing packets from different flows into a single packet, thus increasing the information content per transmission. Our key insight is that, when the transmitted flows are video streams, network codes should be selected so as to maximize not only the network throughput but also the video quality. We propose video-aware opportunistic network coding schemes that take into account both the decodability of network codes by several receivers and the importance and deadlines of video packets. Simulation results show that our schemes significantly improve both video quality and throughput. This work is a first step towards content-aware network coding.     

局域网安全风险分析与防范

为保障安全,局域网和互联网经常并不直接相连甚至物理隔离,但这并不能彻底解决局域网络的安全问题。局域网络面临着内部攻击、“摆渡”攻击、非法外联以及非法接入等安全威胁。局域网安全防范的措施与方法主要包括：加强系统认证方式的安全,防止非授权访问;安装主机防火墙,防范网络内部攻击;加强涉密信息介质的管理和使用;加密存储、传输涉密信息以及及时更新安全补丁,保持系统和应用软件的安全。     

Modeling throughput gain of network coding in multi-channel multi-radio wireless ad hoc networks

In this paper, we model the network throughput gains of two types of wireless network coding (NC) schemes, including the conventional NC and the analog NC schemes, over the traditional non-NC transmission scheduling schemes in multihop, multi-channel, and multi-radio wireless ad hoc networks. In particular, we first show that the network throughput gains of the conventional NC and analog NC are (2n)/(2n-1) and n/(n-1), respectively, for the n-way relay networks where n ges 2. Second, we propose an analytical framework for deriving the network throughput gain of the wireless NC schemes over general wireless network topologies. By solving the problem of maximizing the network throughput subject to the fairness requirements under our proposed framework, we quantitatively analyze the network throughput gains of these two types of wireless NC schemes for a variety of wireless ad hoc network topologies with different routing strategies. Finally, we develop a heuristic joint link scheduling, channel assignment, and routing algorithm that aims at approaching the optimal solution to the optimization problem under our proposed framework.     

Pinning a complex dynamical network to its equilibrium

It is now known that the complexity of network topology has a great impact on the stabilization of complex dynamical networks. In this work, we study the control of random networks and scale-free networks. Conditions are investigated for globally or locally stabilizing such networks. Our strategy is to apply local feedback control to a small fraction of network nodes. We propose the concept of virtual control for microscopic dynamics throughout the process with different pinning schemes for both random networks and scale-free networks. We explain the main reason why significantly less local controllers are required by specifically pinning the most highly connected nodes in a scale-free network than those required by the randomly pinning scheme, and why there is no significant difference between specifically and randomly pinning schemes for controlling random dynamical networks. We also study the synchronization phenomenon of controlled dynamical networks in the stabilization process, both analytically and numerically.