Efficient Protocols for Set Intersection and Pattern Matching with Security Against Malicious and Covert Adversaries

In this paper, we construct efficient secure protocols for set intersection and pattern matching. Our protocols for secure computing the set intersection functionality are based on secure pseudorandom function evaluations, in contrast to previous protocols that are based on polynomials. In addition to the above, we also use secure pseudorandom function evaluation in order to achieve secure pattern matching. In this case, we utilize specific properties of the Naor–Reingold pseudorandom function in order to achieve high efficiency.     

Fast Cut-and-Choose-Based Protocols for Malicious and Covert Adversaries

In the setting of secure two-party computation, two parties wish to securely compute a joint function of their private inputs, while revealing only the output. One of the primary techniques for achieving efficient secure two-party computation is that of Yao’s garbled circuits (FOCS 1986). In the semi-honest model, where just one garbled circuit is constructed and evaluated, Yao’s protocol has proven itself to be very efficient. However, a malicious adversary who constructs the garbled circuit may construct a garbling of a different circuit computing a different function, and this cannot be detected (due to the garbling). In order to solve this problem, many circuits are sent and some of them are opened to check that they are correct while the others are evaluated. This methodology, called cut-and-choose, introduces significant overhead, both in computation and in communication, and is mainly due to the number of circuits that must be used in order to prevent cheating. In this paper, we present a cut-and-choose protocol for secure computation based on garbled circuits, with security in the presence of malicious adversaries, that vastly improves on all previous protocols of this type. Concretely, for a cheating probability of at most \(2^{-40}\), the best previous works send between 125 and 128 circuits. In contrast, in our protocol 40 circuits alone suffice (with some additional overhead). Asymptotically, we achieve a cheating probability of \(2^{-s}\) where \(s\) is the number of garbled circuits, in contrast to the previous best of \(2^{-0.32s}\). We achieve this by introducing a new cut-and-choose methodology with the property that in order to cheat, all of the evaluated circuits must be incorrect, and not just the majority as in previous works. The security of our protocol relies on the decisional Diffie–Hellman assumption.     

一种高效的按需路由协议安全性改进方法

研究了移动AdHoc网络(MANET)按需路由协议的安全问题,分析了现有的安全改进方案的优缺点.以一种基于椭圆曲线密码体制的高效数字签名算法为基础,提出一种适合按需路由协议的安全性改进方法,对其执行效率和安全性进行了分析,并在QualNet仿真平台下对应用该方法改进的AODV协议进行验证.仿真过程实现了真实的安全算法,针对blackholes和rushing两种常见攻击分别构建了攻击模型,结果表明改进后协议以很小的延时和协议开销代价得到了较高的安全性.     

SPINS: Security Protocols for Sensor Networks

Wireless sensor networks will be widely deployed in the near future. While much research has focused on making these networks feasible and useful, security has received little attention. We present a suite of security protocols optimized for sensor networks: SPINS. SPINS has two secure building blocks: SNEP and TESLA. SNEP includes: data confidentiality, two-party data authentication, and evidence of data freshness. TESLA provides authenticated broadcast for severely resource-constrained environments. We implemented the above protocols, and show that they are practical even on minimal hardware: the performance of the protocol suite easily matches the data rate of our network. Additionally, we demonstrate that the suite can be used for building higher level protocols.     

安全电子邮件协议

一、PGP PGP(Pretty Good Privacy)是针对电子邮件在Internet上通信的安全问题而设计的一种公钥加密系统.PGP包含4个密码单元:单钥密码(IDEA)、双钥密码(RSA)、单向杂凑算法(MD-5)和一个随机数生成算法.PGP的用户拥有一张公钥列表(key ring),列出了所需要通信的用户及其公钥.PGP最初被设计为一个独立于邮件客户端的程序,邮件在发送前被作为附件进行加密.图l是利用PGP在Internet上通信的示意图.     

Efficient Set Operations in the Presence of Malicious Adversaries

We revisit the problem of constructing efficient secure two-party protocols for the problems of set intersection and set union, focusing on the model of malicious parties. Our main results are constant-round protocols that exhibit linear communication and a (practically) linear number of exponentiations with simulation-based security. At the heart of these constructions is a technique based on a combination of a perfectly hiding commitment and an oblivious pseudorandom function evaluation protocol. Our protocols readily transform into protocols that are UC secure, and we discuss how to perform these transformations.     

空间通信安全协议研究

首先分析了CCSDS空间通信安全协议SCPS-SP,针对其安全服务功能相对单一和不能提供流量分析保护等问题,设计了空间通信自适应多级安全协议和空间通信安全隧道协议。分别从协议的应用场景和协议数据单元两个方面对这两个协议进行了介绍,并对空间通信安全协议构成基础—SA的安全属性进行了初步的定义。     

Security Requirements and Protocols for a Broadcast Scenario

Previous work (e.g., [1], [2]) has characterized communication security requirements in connection-oriented (virtual circuit) environments supporting applications such as interactive communication and file transfer. This work has developed protocols to achieve these requirements using conventional ciphers (CC's) such as the NBS data encryption standard (DES) [3]. More recently, several authors [4]-[6] have analyzed key distribution protocols for such environments based on CC's and on public-key ciphers (PKC's) such as the RSA algorithm [7], noting similarities in form, function, and vulnerability. Advances in satellite and packet radio technology [8], [9] and the development of high-speed, local area networks [10] have stimulated interest in broadcast protocols for various applications. This article examines security requirements for a simple broadcast scenario characteristic of some of these applications and develops protocols for achieving these requirements. Two sets of protocols, one based on CC's and the other based on PKC's, are developed and analyzed in terms of functionality and performance.     

Scalability and Security Conflict for RFID Authentication Protocols

RFID technology continues to flourish as an inherent part of virtually every ubiquitous environment. However, it became clear that the public—implying the industry—seriously needs mechanisms emerging the security and privacy issues for increasing RFID applications. As the nodes of RFID systems mostly suffer from low computational power and small memory size, various attempts which propose to implement the existing security primitives and protocols, have ignored the realm of the cost limitations and failed. In this study, two recently proposed protocols—SSM and LRMAP—claiming to meet the standard privacy and security requirements are analyzed. The design of both protocols based on defining states where the server authenticates the tag in constant time in a more frequent normal state and needs a linear search in a rare abnormal states. Although both protocols claim to provide untraceability criteria in their design objectives, we outline a generic attack that both protocols failed to fulfill this claim. Moreover, we showed that the SSM protocol is vulnerable to a desynchronization attack which prevents a server from authenticating a legitimate tag. Resultantly, we conclude that defining computationally unbalanced tag states yields to a security/scalability conflict for RFID authentication protocols.     

Security Enhanced RFID Authentication Protocols for Healthcare Environment

RFID technology, which is concerned as one of the core technologies of Internet of Things, has been widely deployed in healthcare environment and brings a lot of convenience for people’s daily life. However, the security and privacy challenges of RFID authentication protocols are receiving more and more attention. One of the problems is that the current RFID protocols usually use a backend server to store the detailed information of tagged objects, which may lead to the issue of information leakage if the server is hacked or attacked by the adversary. To address this challenge, in this paper, we propose a security enhanced RFID authentication protocol for healthcare environment using the technique of indistinguishability obfuscation, which prevents the leakage of sensitive data from the backend server. Meanwhile, we extend the protocol to fit for the scenario of cloud environment where the tags’ information is stored in the cloud server. To our knowledge, our protocols are the first applications of indistinguishability obfuscation in the field of RFID authentication system. Moreover, our protocols are scalable and practical, and they are analyzed to achieve most of the security properties of the RFID system.

     

Efficient Protocols Design and Performance Analysis for Centralized WLAN

Device-to-device communications have attracted much more attention recently in the realization of smart cities. In this paper, we propose a network coding (NC) scheme based on device-to-device communication for centralized wireless local area network (WLAN). In centralized WLAN scenarios, users’ communication can be implemented through multiple interaction of access points acted as relay nodes, which are similar to direct link session (DLS) protocol in IEEE 802.11 standard and we named the proposed protocol as advanced DLS scheme, where analytical performance results of the proposed two-way communication system using NC, with and without AP selection, are obtained in multi-AP cases, as well as the asymptotic results in high transmitting power. In addition, the performance comparisons of throughput, delay and collision probability of proposed scheme with IEEE 802.11 are provided in simulation, which present the advantages of centralized WLAN. By the analysis, it is found that the proposed advanced DLS scheme can achieve almost exactly the same bit error ratio performance as the optimal selection at all signal to noise ratio ranges. It is also shown that the proposed transmission scheme significantly outperform the current mode in two-way communication Nakagami channels owing to the diversity order and array gains. The proposed scheme only need little frame modification and can be compatible with the current standard. Finally, simulation results validate the theoretical analysis.     

Efficient Protocols for the General Millionaires' Problem

Secure multiparty computation (SMC) is a research focusing in the international cryptographic com-munity. The protocols used to address the millionaires' problem are the basic building blocks of most SMC proto-cols and their efficiency dominates that of many other SMC protocols. To the best of our knowledge, almost all proto-cols used to address the millionaires' problem are based on integers, which means that their applications are lim-ited. In this study, we propose precise and efficient proto-cols for rational numbers based on additively homomorphic encryptions. One of our protocols is inspired by computa-tional geometry and it reduces the millionaires' problem to computing the area of a triangle formed by three private points. This approach can determine whether the relation-ship between two private inputs is greater than, equal to or less than, and it has a much lower computational complex-ity compared with existing methods. We proved that these protocols are secure using simulation paradigm. Our ap-proaches can be used in many SMC protocols that involve rational numbers and integers, and they can also be used directly to solve some secure multiparty computational ge-ometry problem in rational number field.     

Energy Efficient Multitier Random DEC Routing Protocols for WSN: In Agricultural

Wireless Personal Communications - Fog computing is an emerging paradigm that provides confluence facilities between Internet of Things (IoT) devices and cloud. The fog nodes process the...     

A Survey of Energy Efficient Network Protocols for Wireless Networks

Wireless networking has witnessed an explosion of interest from consumers in recent years for its applications in mobile and personal communications. As wireless networks become an integral component of the modern communication infrastructure, energy efficiency will be an important design consideration due to the limited battery life of mobile terminals. Power conservation techniques are commonly used in the hardware design of such systems. Since the network interface is a significant consumer of power, considerable research has been devoted to low-power design of the entire network protocol stack of wireless networks in an effort to enhance energy efficiency. This paper presents a comprehensive summary of recent work addressing energy efficient and low-power design within all layers of the wireless network protocol stack.     

Bioinspired Security Analysis of Wireless Protocols

Fraglets represent an execution model for communication protocols that resembles the chemical reactions in living organisms. The strong connection between their way of transforming and reacting and formal rewriting systems makes a fraglet program amenable to automatic verification. Grounded on past work, this paper investigates feasibility of adopting fraglets as model for specifying security protocols and analysing their properties. In particular, we give concrete sample analyses over a secure RFID protocol, showing evolution of the protocol run as chemical dynamics and simulating an adversary trying to circumvent the intended steps. The results of our analysis confirm the effectiveness of the cryptofraglets framework for the model and analysis of security properties and eventually show its potential to identify and uncover protocol flaws.     

A One-Time Stegosystem and Applications to Efficient Covert Communication

We present the first information-theoretic steganographic protocol with an asymptotically optimal ratio of key length to message length that operates on arbitrary covertext distributions with constant min-entropy. Our results are also applicable to the computational setting: our stegosystem can be composed over a pseudorandom generator to send longer messages in a computationally secure fashion. In this respect our scheme offers a significant improvement in terms of the number of pseudorandom bits generated by the two parties in comparison to previous results known in the computational setting. Central to our approach for improving the overhead for general distributions is the use of combinatorial constructions that have been found to be useful in other contexts for derandomization: almost t-wise independent function families.     

IPv6的安全性及其协议探讨

本文介绍了IPv6的安全性及IPSec协议的安全服务,重点讨论了IPv6中用以实现IPSec安全服务功能的认证报头AH和封装安全载荷报头ESP两个协议的格式及其工作模式,并分析了把AH和ESP结合起来使用的验证加保密性方法及其特点。     

Security Flaws in Authentication Protocols with Anonymity for Wireless Environments

The emerging wireless networks require the design of new authentication protocols due to their dynamic nature and vulnerable‐to‐attack structure. Recently, Wu and others proposed a wireless authentication protocol which is claimed to be an improvement of the authentication protocol proposed by Lee and others which provides user anonymity. In this letter, we show that these protocols have a common flaw and that these protocols fail to provide user anonymity. We also propose a modification method to solve this problem.