基于通用软件无线电外设的OFDM信道物理密钥量化分析

为了对比分析实测数据下单门限量化算法与双门限量化算法的性能差异，并通过优化量化参数改善物理密钥性能，采用通用软件无线电外设（USRP）搭建了正交频分复用（OFDM）系统，通过信道估计提取信道幅度特征作为密钥源（实测数据），从密钥一致性、密钥随机性和密钥剩余长度三个方面分析了两种量化算法的性能。基于实测数据得到了单门限量化和双门限量化下密钥一致性、密钥随机性和密钥剩余长度仿真结果。仿真结果表明：在单门限量化算法中，在给定密钥随机性约束下存在最优量化门限使得密钥不一致率最低；在双门限量化算法中，存在最优量化因子使得有效密钥长度最大化；结合Cascade密钥协商算法进行协商时，不同量化算法的密钥一致性与密钥生成速率存在折中关系。     

面向无人机空地通信的无线信道密钥生成技术研究

无人机(unmanned aerial vehicles, UAVs)部署为空中通信节点为地面用户提供服务是未来非常具有吸引力的通信手段,基于信道密钥生成的方式可用于解决无线通信的安全问题.但空地信道的信道特征在短时间内互易性不佳的特点,会导致信道密钥生成性能急剧下降.针对这一问题,本文针对无人机测控单载波频域均衡(signal carrier frequency-domain equalization, SC-FDE)通信体制,提出了一种基于信道频域响应幅度最大值位置变化的单比特信道特征量化方法设计,所提量化方法有效融合了信道频域响应的幅度和位置信息,降低了初始密钥的不一致率.进一步,基于此量化方法设计了一整套可应用于无人机测控通信的密钥生成方案.最后,利用Xilinx的ZYNQ平台,搭建实现了实时的测控信道密钥生成系统,验证了所提方案在无人机空地信道下的可行性和可靠性.特别地,基于搭建的无线信道密钥生成系统,在节点静止、运动等不同无人机空地通信场景下进行了外场测试.结果表明,在终端运动状态下生成的密钥可以通过NIST随机性测试,且其密钥生成速率达28 bps.     

Physical layer authentication for automotive cyber physical systems based on modified HB protocol

Automotive cyber physical systems (CPSs) are ever more utilizing wireless technology for V2X communication as a potential way out for challenges regarding collision detection, wire strap up troubles and collision avoidance. However, security is constrained as a result of the energy and performance limitations of modern wireless systems. Accordingly, the need for efficient secret key generation and management mechanism for secured communication among computationally weak wireless devices has motivated the introduction of new authentication protocols. Recently, there has been a great interest in physical layer based secret key generation schemes by utilizing channel reciprocity. Consequently, it is observed that the sequence generated by two communicating parties contain mismatched bits which need to be reconciled by exchanging information over a public channel. This can be an immense security threat as it may let an adversary attain and recover segments of the key in known channel conditions. We proposed Hopper-Blum based physical layer (HB-PL) authentication scheme in which an enhanced physical layer key generation method integrates the Hopper-Blum (HB) authentication protocol. The information collected from the shared channel is used as secret keys for the HB protocol and the mismatched bits are used as the induced noise for learning parity with noise (LPN) problem. The proposed scheme aims to provide a way out for bit reconciliation process without leakage of information over a public channel. Moreover, HB protocol is computationally efficient and simple which helps to reduce the number of exchange messages during the authentication process. We have performed several experiments which show that our proposed design can generate secret keys with improved security strength and high performance in comparison to the current authentication techniques. Our scheme requires less than 55 exchange messages to achieve more than 95% of correct authentication.     

Visually meaningful image encryption using data hiding and chaotic compressive sensing

A visually secure multiple image encryption using chaotic map and compressive sensing is proposed. The existing image encryption algorithms transform a secret image into a random noise like cipher image which can lead to cryptanalysis by an intruder. In the proposed method, compressive sampling is done using a chaos based, key controlled measurement matrix. An image dependent key generation scheme is used to generate the parameters of the chaotic map. The secret images are transformed into wavelet coefficients, and scrambled along a zigzag path, so that the high correlation among them can be reduced and thereby provide increased security level. The sparse coefficients are measured using the chaotic map-based measurement matrix, whose initial parameters are obtained from the keys generated. Then the reduced measurements are embedded into the sub-bands of the wavelet transformed cover image. Therefore, the proposed algorithm is highly sensitive to the secret images and can effectively withstand known-plaintext and chosen-plaintext attacks. Additionally, the cipher image and the secret images are of same size and do not require additional transmission bandwidth and storage space.

     

基于同态加密的密文策略属性加密方案

属性加密方案极其适用于云存储环境下的数据访问控制,但用户私钥的安全问题仍然是一个极具挑战的问题,影响了属性加密的实际运用。针对该问题,提出一种基于同态加密的密文策略属性加密方案,属性授权中心和云服务中心拥有包含各自系统私钥信息的秘密坐标,两者利用各自秘密坐标进行保密计算两点一线斜率的方式来交互生成用户私钥。分析结果表明,所提方案在消除单密钥生成机构的同时极大地降低了生成用户密钥所需的通信交互次数,从而降低了交互过程中秘密信息泄露的风险。     

基于接收信号的多用户密钥生成方案

基于信道特征生成密钥的方案为通信安全带来了新思路。但在多用户慢衰落条件下,基于信道特征的密钥生成方案由于参数变化慢,导致密钥更新慢。针对此问题,提出了基于接收信号的多用户密钥生成方案,即通过块对角化预编码实现多个随机信号流的分发,使基站与用户能够从用户接收信号中提取密钥。仿真结果表明,提出的基于接收信号的多用户密钥生成方案能够有效提高多用户在准静态及慢衰落条件下的密钥速率。     

基于信道特征和随机插值的物理层算法

分析无线通信系统当下的安全现状及保护物理层安全的必要性,结合无线信道的密钥生成方法,提出一种基于正交频分复用（OFDM）系统并行调制特点的随机插值的物理层安全算法。该算法的核心思想是在共享密钥的控制下,通过对快速傅里叶逆变换（IFFT）后输出的数据符号进行随机插值,将原OFDM符号重构,使得非法用户难以正确解调信号,达到保护传输信息安全的目的。该算法基于物理层加密,可更好地保护空中接口和无线链路,并行加密的过程也降低了通信系统实现的复杂度。通过理论分析及仿真实验表明,新算法可有效对抗各种非法攻击,同时对通信系统的固有性能影响较小,且能较好地适应多径信道,表现出不错的抗多径衰落能力。     

基于多比特自适应量化方案的相位密钥生成方法

本文利用时分系统无线信道的互易性,对两个节点之间的信道相位进行测量从而提取密钥比特,使得可以在信道估计时获得密钥,无需进行预分配。本文提出了一种多比特自适应量化方案,将信道测量值量化成多个比特,并给出了密钥一致性概率理论推导。仿真结果表明,方案可以达到较高的密钥生成一致率,并具有一定的抗干扰能力。     

基于三维混沌系统的彩色图像加密新算法

一维混沌加密算法由于利用了混沌序列的良好复杂性、伪随机性和对初值的敏感特性而具有较好的加密性能,但与其它方法比较,其缺点是密钥空间较小。为此,提出了一种基于三维混沌系统的图像加密新方法,扩大了密钥空间,提高了加密系统的抗破译强度。通过在密钥发生器中嵌入密文像素值,在加密过程中引入反馈加密法,使得扩散函数的影响得到了进一步的加强。实验结果表明,算法具有密钥空间大,加密速度快及效果好等优点。     

抗密钥泄露的在线/离线身份基加密机制

目前已有的在线离线身份基加密（IBOOE）方案无法抵抗边信道攻击,引起密码系统秘密信息泄露问题。新方案通过将随机提取器嵌入在线加密算法来隐藏私钥泄露和密文之间的关系,提出首个有界泄露模型下安全的IBOOE方案;新方案基于合数阶双线性群上的三个静态假设,利用双系统加密技术在标准模型下抵抗选择明文攻击达到完全安全性和泄露弹性。此外,与传统的IBOOE方案相比较,新方案特别适用于敏感数据存储且资源受限的场景。     

Secure key management scheme for dynamic hierarchical access control based on ECC

An access control mechanism in a user hierarchy is used to provide the management of sensitive information for authorized users. The users and their own information can be organized into a number of disjoint sets of security classes according to their responsibilities. Each security class in a user hierarchy is assigned an encryption key and can derive the encryption keys of all lower security classes according to predefined partially ordered relation. In 2006, Jeng and Wang proposed an efficient key management scheme based on elliptic curve cryptosystems. This paper, however, pointed out that Jeng-Wang scheme is vulnerable to the so-called compromising attack that the secret keys of some security classes can be compromised by any adversary if some public information modified. We further proposed a secure key management scheme based on elliptic curve cryptosystems to eliminate the pointed out the security leak and provide better security requirements. As compared with Jeng and Wang's scheme (Jeng and Wang, 2006), the proposed scheme has the following properties. (i) It is simple to execute the key generation and key derivation phases. (ii) It is easily to address dynamic access control when a security class is added into or deleted from the hierarchy. (iii) It is secure against some potential attacks. (iv) The required storage of the public/secret parameters is constant.     

标准模型下可证明安全的入侵容忍公钥加密方案

在传统的公钥加密方案中,一旦解密密钥泄漏,系统的安全性将完全丧失.特别是随着越来越多的加密系统被应用到移动的、安全性低的设备中,密钥泄漏显得难以避免.入侵容忍公钥加密的提出就是为了减小密钥泄漏对加密系统的危害,具有比前向安全加密、密钥隔离加密更强的安全性.在这种体制下,整个生命周期被分割成离散的时间阶段,公钥固定不变,密钥信息分享在解密者和基地中,前者独立完成解密操作,而后者则在每个时间周期中提供一个更新信息来帮助演化解密密钥.此外,每个时间段内有多次密钥刷新的操作,可以刷新解密者的密钥和基密钥.当解密者和基地被入侵时,只要不是同时被入侵,安全性就可以得到保证.即使入侵者同时入侵解密者和基地,也不会影响以前时间段密文的安全性.提出了一个入侵容忍公钥加密方案,所有费用参数关于总共时间段数的复杂性均不超过对数的平方.证明了该方案是标准模型下安全的.这是一个不需要随机预言的可证明安全的入侵容忍公钥加密方案.     

基于多授权中心属性基加密的多域云访问控制方案

针对多授权属性基加密方案的合谋攻击和多域共享数据问题,提出了一种基于多授权中心属性基加密的多域云访问控制方案。中央认证机构不参与用户私钥的生成过程,有效避免了用户与授权机构之间的联合攻击;通过线性秘密共享方案和代理重加密技术,云服务器对上传的数据文件进行重加密,实现了单域和多域用户数据的共享。分析结果表明,新方案在用户私钥生成和文件加/解密上具有较高的性能,并在q parallel BDHE假设下是自适应性安全的。     

基于双混沌互扰系统的图像加密算法

针对低维混沌系统有可能退化为周期问题,以及高维混沌系统计算量大的缺陷,提出基于双混沌互扰系统的图像加密算法。通过两个简单的Logistic映射间的互扰,构造一个双混沌互扰系统。双混沌互扰系统的最大特点是扰动项同时包括常数扰动项和随机扰动项,不仅保证了系统必要的复杂性,而且增大了系统参数的取值范围。以双混沌互扰系统作为序列密钥发生器,提出一种改进的二值序列量化方法。对二值序列做随机性检验和相关性分析的结果表明,该二值序列具有良好的伪随机性和相关性,适合作为加密密钥。将其应用于图像加密的仿真实验结果也表明,该二值序列能有效且安全地掩盖明文信息,取得了较好的加密效果。     

一种新的基于双混沌系统的图像加密方案

提出了一种新的基于双混沌系统的图像加密方案。把Chen’s系统和Logistic映射结合起来产生随机性更加良好的三维混沌密钥序列,并从密钥序列中通过采样提取出新的用于加密的序列。提出了图像置乱算法和替代加密算法,利用Logistic映射产生的一维混沌序列来实现像素位置的置乱,像素值加密算法采用按分组进行加密和二次加密来对像素值进行加密。通过实验测试表明：算法具有良好的像素值混淆和扩散性能,有较强的抗统计攻击的能力和足够大的密钥空间,加密图像像素值具有类随机均匀分布特性,且相邻像素具有零相关特性。这些结果表明了所提出方案有很高的安全性。     

基于属性基加密的区块链数据共享模型

为确保当前区块链数据共享机制中的隐私保护及数据安全,受属性基加密技术能够有效实现云上数据安全共享与访问控制的启发,提出了基于属性基加密的区块链数据共享模型.该模型基于Waters所提出的密文策略属性基加密(CP-ABE)方案,首先,在私钥生成阶段,数据使用方委托多个节点参与联合计算并存储部分私钥,其他数据使用者则不可获取完整密钥,从而提升了私钥的生成效率;其次,为防止密钥滥用及算法中参数的管理,定义了一种密钥传递事务数据结构,实现了CP-ABE算法的可追责性;最后,通过构建具有链上链下协同计算与存储功能的共享链,实现了属性基加密与区块链系统的有效融合.安全性分析和实验仿真结果表明,所提模型在密钥生成计算效率和实际业务场景方面有一定的优化,满足工程应用的需要.     

基于秘密共享的无线传感器网络组密钥管理方案

提出了一种基于秘密共享的无线传感器网络组密钥管理方案,简称为GKMSSS.GKMSSS在采用LEACH协议进行网络分簇的基础上,利用秘密共享和对称密钥加密的原理,将组密钥分量分布式存储在各个组成员中,成功实现了密钥的预配置、层次密钥的生成、网络的分簇、密钥的生成与分发、密钥的更新、组新成员的加入和组成员的退出等关键过程.通过相关分析和实验表明,在保证存储开销和通信开销在可接受范围之内的情况下,有效保障了组通信的前向保密性、后向保密性以及抗串谋攻击,且有较好的节点抗俘虏能力.     

基于最大秩距离码的私钥加密方案

Jordan和Rao基于纠错码提出了一种私钥加密方案,通过安全性分析可知,基于大数选举方法,此方案中的秘密矩阵能有效地获得。Gabidulin于1985年提出了秩距离码及最大秩距离码的理论,由于秩范数和秩距离码的特点,利用秩距离码构造密码系统,可用比较小的参数获得比较大的工作因子。Gabidulin,Paramonov和Tretjakov基于最大秩距离码提出了一种新的McEliece公钥密码系统,该文基于最大秩距离码提出了与其稍有不同的一种私钥加密方案。讨论了它的可行性及安全性,并证明了它比基于最大秩距离码的上述公钥密码系统更安全。     

Subspace-based technique for speech encryption

The use of signal processing techniques in cryptographic field is an attractive approach in recent years. As an example, the intractability of the under-determined blind source separation (BSS) problem has been used for the proposal of BSS-based speech encryption. However, some weaknesses of this proposal from a cryptographic point of view have been recently published. In this paper, we propose a new encryption method that bypass these weaknesses. The proposed approach is based on the subspace concept together with the use of nonlinear functions and key signals. An interesting feature of the proposed technique is that only a part of the secret key parameters used during encryption is necessary for decryption. Furthermore, if no plain-text is fed to the encryption algorithm, the latter will provide no contents. Analysis results show that the proposed method significantly enhances the security level of existing BSS-based speech encryption methods.     

CCA2 secure (hierarchical) identity-based parallel key-insulated encryption without random oracles

In order to mitigate the damages of key-exposure, key-insulated encryption introduces a helper key used to periodically update the decryption key. Under the usual circumstances, frequent updating increases the risk of helper key-exposure. Parallel key-insulated encryption (PKIE) supports frequent key updates without increasing the risk of helper key-exposure. In an identity-based cryptosystem, a private key generator (PKG) uses a master secret key to issue private keys to users based on their identities. In this paper, we propose a new identity-based parallel key-insulated encryption (IBPKIE) scheme which achieves IND-ID-KI-CCA2 security without random oracles. Our IBPKIE scheme has short public parameters and a tight reduction with an additive factor.Hierarchical identity-based cryptography was first proposed in 2002. It allows a root PKG to distribute workload by delegating private key generation and entity authentication tasks to lower-level PKGs. In this paper, we formalize the syntax and security model for a hierarchical identity-based parallel key-insulated encryption (HIBPKIE) scheme. We then propose an HIBPKIE scheme with constant size ciphertext, and prove that it achieves IND-ID-KI-CCA2 security without random oracles. To the best of our knowledge, this is the first HIBPKIE scheme up to now.