基于数字证书的树型结构安全多播方案

该文提出一种基于数字证书的安全多播方案，采用树型的多播拓扑结构。多播树中的每个节点都有一个标识其身份的数字证书，除了成员身份认证外，还可以安全地分发会话密钥和实现会话数据的认证，因而减少了多播群密钥管理的复杂度；由于采用分层的树型多播结构，成员加入和退出有了更大的可扩展性。     

A secure conference scheme for mobile communications

A growing application area in mobile communications is mobile teleconference in which a group of mobile users collaborate in an interactive procedure, such as a board meeting, a task force, a scientific discussion, or even a virtual classroom. Wireless communications transmit conversations via radio, making them more susceptible to eavesdropping and unauthorized access than are conversations carried via wires. Therefore, it is crucial to ensure confidentiality and authenticity in a mobile teleconference. The authors design a new secure conference scheme for mobile communications. Based on a modular square root technique, this scheme is secure against eavesdropping, impersonating, and tracking attacks and allows a participant to join or quit a mobile teleconference dynamically.     

A secure and efficient conference scheme for mobile communications

A growing application area in mobile communications is mobile teleconferencing, in which a group of mobile users collaborate in an interactive procedure, such as a board meeting, a task force, a scientific discussion, or even a virtual classroom. Wireless communications transmit conversations via radio, making them more susceptible to eavesdropping and unauthorized access than are conversations carried via wires. Therefore, it is crucial to ensure confidentiality and authenticity in mobile teleconferencing. When deploying secure services in mobile teleconferences, it has to be taken into account that the mobility of users is usually built on portable devices with limited computing capability. A secure conference scheme for mobile communications needs to be executed efficiently on portable devices. We propose a new secure and efficient conference scheme for mobile communications. Based on a modular square root technique, this scheme is secure against eavesdropping, impersonating, and tracking attacks and allows a participant to join or quit a mobile teleconference dynamically. In addition, the scheme is particularly efficient on the mobile user's portable device because the mobile user needs to perform only single modular multiplication plus encryptions and decryptions of a secret key cryptosystem.     

A provable and secure mobile user authentication scheme for mobile cloud computing services

The mobile cloud computing (MCC) has enriched the quality of services that the clients access from remote cloud‐based servers. The growth in the number of wireless users for MCC has further augmented the requirement for a robust and efficient authenticated key agreement mechanism. Formerly, the users would access cloud services from various cloud‐based service providers and authenticate one another only after communicating with the trusted third party (TTP). This requirement for the clients to access the TTP during each mutual authentication session, in earlier schemes, contributes to the redundant latency overheads for the protocol. Recently, Tsai et al have presented a bilinear pairing based multi‐server authentication (MSA) protocol, to bypass the TTP, at least during mutual authentication. The scheme construction works fine, as far as the elimination of TTP involvement for authentication has been concerned. However, Tsai et al scheme has been found vulnerable to server spoofing attack and desynchronization attack, and lacks smart card‐based user verification, which renders the protocol inapt for practical implementation in different access networks. Hence, we have proposed an improved model designed with bilinear pairing operations, countering the identified threats as posed to Tsai scheme. Additionally, the proposed scheme is backed up by performance evaluation and formal security analysis.     

Direct trust-based security scheme for RREQ flooding attack in mobile ad hoc networks

The routing algorithms in MANETs exhibit distributed and cooperative behaviour which makes them easy target for denial of service (DoS) attacks. RREQ flooding attack is a flooding-type DoS attack in context to Ad hoc On Demand Distance Vector (AODV) routing protocol, where the attacker broadcasts massive amount of bogus Route Request (RREQ) packets to set up the route with the non-existent or existent destination in the network. This paper presents direct trust-based security scheme to detect and mitigate the impact of RREQ flooding attack on the network, in which, every node evaluates the trust degree value of its neighbours through analysing the frequency of RREQ packets originated by them over a short period of time. Taking the node’s trust degree value as the input, the proposed scheme is smoothly extended for suppressing the surplus RREQ and bogus RREQ flooding packets at one-hop neighbours during the route discovery process. This scheme distinguishes itself from existing techniques by not directly blocking the service of a normal node due to increased amount of RREQ packets in some unusual conditions. The results obtained throughout the simulation experiments clearly show the feasibility and effectiveness of the proposed defensive scheme.     

A secure multicast protocol for the internet's multicast backbone

In this paper we propose a secure and efficient multicast protocol where the key management is distributed to local groups. The proposed protocol takes advantage of MBone topology to maintain scalability and efficiency at the same time. Copyright © 2001 John Wiley & Sons, Ltd.     

A secure dynamic IP configuration scheme for mobile ad hoc networks

Secure dynamic IP addressing is a prime requirement for unicast communication between authorized hosts in mobile ad hoc networks (MANETs). Recently, several approaches have been proposed for dynamic addressing scheme. However, most of the approaches rely on broadcasting for address solicitation and/or duplicate address detection. As a result, several types of security threats in dynamic IP configuration can be observed. In this paper, we present an ID based dynamic IP configuration scheme that can securely allocate IP addresses to the authorized hosts for a mobile ad hoc network without broadcasting over the entire network. Each host in the MANET can generate an unique IP address from its own IP address for a new host. The proposed scheme provides authentication for address configuration without the help of a trusted third party while taking care of the security-threats associated with dynamic IP configuration. Performance analysis shows that even with added security mechanisms our proposed addressing scheme has fairly good addressing latency and control overhead compared to the similar existing schemes. Moreover, the proposed scheme is able to solve the problem of network partitions and mergers along with the arrival and departure of a host efficiently and securely.     

Scalable location guide overlay multicast in mobile ad hoc networks using tree partition scheme

Nodes mobility brings flinty challenges to multicast in Mobile ad hoc Networks (MANETs). To track nodes mobility, flooding messages are widely used for data delivery structure construction and maintenance in many multicast protocols. These periodic flooding messages significantly consume network resources, such as energy and bandwidth, and result in network collisions. To release data delivery structure maintenance onus, profited from GPS location service, a number of stateless location based multicast protocol were proposed, where a destination list is encapsulated into each data packet for data packet orientation. However, due to data packet capability limitation, the way of encapsulating a destination list in each data packet header restricts the protocol scalability. To solve the scalability issue of multicast protocols, we propose a Scalable Location Guide Overlay Multicast (SLGOM) for MANETs. Analysis and simulation results show that SLGOM achieves high performance in large multicast group and significantly improves the scalability of stateless multicast with respect to group size. Copyright © 2010 John Wiley & Sons, Ltd.     

A secure group key management scheme for hierarchical mobile ad hoc networks

In this paper, we present a secure group key management scheme for hierarchical mobile ad hoc networks. Our approach aims to improve both scalability and survivability of group key management for large-scale wireless ad hoc networks. To achieve our goal, we propose the following approaches: (1) a multi-level security model, which follows a modified Bell-La Padula security model that is suitable in a hierarchical mobile ad hoc networking environment, and (2) a decentralized group key management infrastructure to achieve such a multi-level security model. Our approaches reduce the key management overhead and improve resilience to any single point failure problem. In addition, we have developed a roaming protocol that is able to provide secure group communication involving group members from different groups without requiring new keys; an advantage of this protocol is that it is able to provide continuous group communication even when the group manager fails.     

Analysis of a secure conference scheme for mobile communication

Dynamic participation is a feature of the secure conference schemes that allows new conferees to join and the old conferees to leave. The conferees who have left should not be able to decrypt the secure conference communication anymore. A secure conference scheme with dynamic participation was proposed in M.S. Hwang and W.P. Yang (1995) and later it was modified with the self-encryption mechanism in K.F. Hwang and C.C. Chang (2003) for a better performance. In this paper we analyze both the original scheme and the modified version. We show that both of them are subject to the active and passive attacks presented in this paper. Our active attack works in the way that a colluding group of attackers can still obtain the conference key even after they all leave the conference. The passive attack does not need any attacker to ever participate the conference. The conference key can be compromised with a large probability as long as the number of conferees is large.     

安全电子时间戳系统的设计方案

在电子政务与电子商务系统中，机要电子文档、重要商业合同与电子交易等都需要安全、准确、权威的统一时间，因些有必要在电子数据信息流中加入时间标识，即时间戳。本文主要分析了安全电子时间戳系统设计的一般方法及应注意的一些因素，并结合我国实际给出了一种电子时间戳系统的设计方案。     

Digital mobile telephone system using TD/FDMA scheme

Multiple access is an indispensable technique for efficient radio spectrum utilization in mobile radio systems, because a large number of subscribers can be connected only when they require radio channels. Frequency division multiple access (FDMA) scheme using single channel per carrier (SCPC) has been widely used. However, the SCPC-FDMA scheme has some problems, such as difficulty in setting up a large number of base station transceivers and in realizing a low-cost highly stabilized local oscillator. A time and frequency division multiple access (TD/FDMA) scheme, which is a combination scheme of TDMA and FDMA, is proposed as one of the possible solutions for these problems. After explaining the background of the proposal, some of the restrictions of the TD/FDMA scheme resulting from the land mobile radio channel characteristics are described. Basic concept of the digital mobile radio telephone system using TD/ FDMA scheme is then presented. An example of the possible system design is finally shown.     

An anonymous and provably secure authentication scheme for mobile user

Chebyshev chaotic map is an important tool used in the domain of cryptography to develop different schemes for numerous applications. In 2014, Lin put forwarded a mobile user authentication system using dynamic identity and chaotic map. Lin declared that the scheme offers mutual authentication and session key agreement between user and server. Moreover, they stated that the scheme offers user anonymity and resilience against known attacks. However, we carefully examined Lin's scheme and found that it is no longer usable for practical applications as (i) it has no facility to identify the wrong password and identity, which are inputted by the user during login and password update phases, (ii) it has no facility to protect user impersonation attack, and (iii) it has the problem of session key forward secrecy. We put forwarded an enhanced scheme based on extended chaotic map to repair the fragilities of Lin's scheme. We formally examined the security of our scheme and demonstrated that it is provably secured in random oracle model. Further, we presented some informal cryptanalysis to make sure that the enhanced scheme is secure from known attacks. Our scheme is also computation efficient against other competitive protocols. Copyright © 2016 John Wiley & Sons, Ltd.     

可证明安全的智能移动终端私钥保护方案

提出一种可证明安全的智能移动终端私钥保护方案。充分利用口令保护、密钥分割与服务器动态交互获取部分私钥等技术保证用户私钥安全。与其他方案相比,该方案的优势在于：减少了智能移动终端的计算量和存储量,简化了交互过程参数的设置;将时间同步贯穿整个方案的设计过程,防止重放攻击的同时,更提供了便捷高效的用户私钥失效方案。方案达到了安全私钥获取和高效私钥失效的效果,符合智能移动终端的安全应用需求,在随机预言机模型下是可证明安全的。     

一种新型的ASON安全组播信令协议

针对自动变换光网络组播信令过程中存在的安全威胁,提出了一种高效的基于GMPLS RSVP-TE的安全组播信令协议。该协议采用P2MP(point-to-multipoint)信令模型,通过数字签名和消息反馈等安全机制,对信令消息中的不变对象和重要可变对象实施保护。考虑到组播成员的动态变化特性,采用高效的组密钥管理策略保证组通信的前向安全性和后向安全性。经仿真实验及分析表明,该协议在保证安全建立组播树的同时,取得了较好的连接阻塞性能和较低的密钥更新时延。     

A multicast mechanism for mobile networks

This letter proposes a multicast table approach to support GSM/UMTS multicast that minimizes the paging cost. The implementation and execution of the multicast tables are very efficient. The costs for updating these tables can be ignored compared with the costs of standard location update procedures. Furthermore, our mechanism can be implemented within the mobility databases without modifying the standard location update messages. We show that our mechanism always outperforms the existing GSM/UMTS multicast mechanisms     

基于短信息服务的移动安全通信系统设计

短信息由于其成本低廉、使用方便等特点,被广泛应用于业务数据交换。但由于其本身的不安全因素,无法满足传递敏感数据需求。为此,设计了基于短信息服务的移动安全通信系统,在移动终端设备、通信链路和应用服务等方面都采取了安全保障措施。通过短信息服务,可实现移动通信网络和固网应用服务的安全无缝集成。     

安全多播准入控制系统的研究与实现

安全问题一直是多播技术发展中一个亟待解决的问题,而在所有的安全问题中,安全多播准入控制是研究的焦点.研究了国内外现有的典型多播准入控制方案,对它们的优缺点进行了分析和比较研究.结合各种多播准入控制方案的优点,给出了一个基于IGMP协议的安全多播准入控制方案.实验表明该安全多播准入控制方案具有安全性高、稳定性好、扩展性好、易于迁移到IPv6环境和便于部署等特点,有较高的实际应用价值.     

一种改进的层次型移动组播协议

论文介绍了现有层次性移动组播协议——Mobi Cast协议,分析了该协议的优缺点。在Mobi Cast协议的基础上通过加入隧道技术,并减轻基站开销等方面进行了改进。仿真与分析表明,改进后的Mobi Cast协议具有组播数据丢包率低、网络维护开销小、切换延迟短等特点。