Secure Internet access to gateway using secure socket layer

The Internet is the most widely used medium to access remote sites. Data sent and received using transmission control protocol/Internet Protocol (TCP/IP) is in plain text format and can be accessed and tampered with quite easily and, hence, provides no data security. This is the case especially if the data are confidential and access to the gateway server has to be strictly controlled, although there are several protocols and mechanisms that have been thoroughly scrutinized to tackle these problems. This paper also intends to provide a model that uses secure socket layer (SSL) to provide a secure channel between client and gateway server. A smart card will be used for client authentication and encryption/decryption of the data.     

条件接收系统中机顶盒和智能卡安全通信协议

提出了条件接收系统中智能卡和机顶盒安全通信的协议.协议使用了Schnorr身份方案实现机顶盒对智能卡的认证,并使用一个非对称密码系统实现智能卡对机顶盒的认证.协议最小化了智能卡的在线计算负担,同时保持与其它协议同样的安全水平.对协议的安全性和性能进行了分析.分析结果表明,协议对于恶意攻击是鲁棒的,并且非常适合于只有有限处理能力的智能卡.而且,协议为不同的条件接收系统使用同样的机顶盒提供了可能,因为在协议中机顶盒不需要事先存储任何条件接收系统的秘密私有数据.     

Secure Multifactor Remote Access User Authentication Framework for IoT Networks

The term IoT refers to the interconnection and exchange of data among devices/sensors. IoT devices are often small, low cost, and have limited resources. The IoT issues and challenges are growing increasingly. Security and privacy issues are among the most important concerns in IoT applications, such as smart buildings. Remote cybersecurity attacks are the attacks which do not require physical access to the IoT networks, where the attacker can remotely access and communicate with the IoT devices through a wireless communication channel. Thus, remote cybersecurity attacks are a significant threat. Emerging applications in smart environments such as smart buildings require remote access for both users and resources. Since the user/building communication channel is insecure, a lightweight and secure authentication protocol is required. In this paper, we propose a new secure remote user mutual authentication protocol based on transitory identities and multi-factor authentication for IoT smart building environment. The protocol ensures that only legitimate users can authenticate with smart building controllers in an anonymous, unlinkable, and untraceable manner. The protocol also avoids clock synchronization problem and can resist quantum computing attacks. The security of the protocol is evaluated using two different methods: (1) informal analysis; (2) model check using the automated validation of internet security protocols and applications (AVISPA) toolkit. The communication overhead and computational cost of the proposed are analyzed. The security and performance analysis show that our protocol is secure and efficient.     

A Lightweight Three-Factor User Authentication Protocol for the Information Perception of IoT

With the development of computer hardware technology and network technology, the Internet of Things as the extension and expansion of traditional computing network has played an increasingly important role in all professions and trades and has had a tremendous impact on people lifestyle. The information perception of the Internet of Things plays a key role as a link between the computer world and the real world. However, there are potential security threats in the Perceptual Layer Network applied for information perception because Perceptual Layer Network consists of a large number of sensor nodes with weak computing power, limited power supply, and open communication links. We proposed a novel lightweight authentication protocol based on password, smart card and biometric identification that achieves mutual authentication among User, GWN and sensor node. Biometric identification can increase the non-repudiation feature that increases security. After security analysis and logical proof, the proposed protocol is proven to have a higher reliability and practicality.     

Server-Aided Multi-Secret Sharing Scheme for Weak Computational Devices

In the setting of (t, n) threshold secret sharing, at least t parties can reconstruct the secret, and fewer than t parties learn nothing about the secret. However, to achieve fairness, the existing secret sharing schemes either assume a trusted party exists or require running multi-round, which is not practical in a real application. In addition, the cost of verification grows dramatically with the number of participants and the communication complexity is O(t), if there is not a trusted combiner in the reconstruction phase. In this work, we propose a fair server-aided multi-secret sharing scheme for weak computational devices. The malicious behavior of clients or server providers in the scheme can be verified, and the server provider learns nothing about the secret shadows and the secrets. Unlike other secret sharing schemes, our scheme does not require interaction among users and can work in asynchronous mode, which is suitable for mobile networks or cloud computing environments since weak computational mobile devices are not always online. Moreover, in the scheme, the secret shadow is reusable, and expensive computation such as reconstruction computation and homomorphic verification computation can be outsourced to the server provider, and the users only require a small amount of computation     

E-commerce of digital items and the problem of item validation: introducing the concept of reversible degradation

Fair exchange protocols have been widely studied since their proposal, but are still not implemented on most e-commerce transactions available. For several types of digital items (e-goods), the current e-commerce business model fails to provide fairness to customers. The item validation problem is a critical step in fair exchange, and is yet to receive the proper attention from researchers. We believe these issues should be addressed in a comprehensive and integrated fashion before fair exchange protocols can be effectively deployed in the marketplace. In this work, we contextualize how the current model for buying and selling digital items fails, by overlooking the subtleties of the item validation problem, to provide guarantees of a successful transaction outcome to customers—thus being unfair by design. We also introduce the concept of Reversible Degradation, a method for enhancing buy–sell transactions concerning digital items that inherently includes the item validation step in the purchase protocol in order to tackle the discussed problems. In this paper we further explore the concept of reversible degradation (Piva and Dahab in Proceedings of international conference on security and cryptography (SECRYPT). SciTePress Digital Library, 2011) and propose a deliverable instantiation based on systematic error correction codes, suitable for multimedia content. We describe our technique in detail and provide methods for key generation, degradation and recovery, as well as a discussion about efficiency, security and flexibility. We also present and discuss experimental data, and exemplify how the technique can be useful for enabling item validation and dispute resolution in some application scenarios.     

Enhancing enhanced distributed channel access function based on cross-layer information for multirate wireless networks

IEEE 802.lie provides guaranteed quality of service (QoS) by proving different transmission priorities. IEEE 802. lie improves the media access control layer of IEEE 802.11 to satisfy the different QoS requirements by introducing two new channel access functions: the enhanced distributed channel access (EDCA) and the hybrid coordination function-controlled channel access. The available bandwidth and transmission rate may be easily affected by the signal quality, because the communication channel in a wireless environment operates in a random time-variation manner. Generally, a station using a low transmission rate will occupy the communication channel for a long time and degrade system performance, which causes bandwidth waste and unfairness; thus the guaranteed QoS for stations with higher transmission rates cannot be provided. An enhancing EDCAF (E DCAF) is proposed that consolidates the cross-layer concept and the IEEE 802.1 le EDCAF protocol. After simulation experiments, E DCAF obviously improves performance, especially in throughput and fairness. E DCAF scheduling also allows the different QoS requirements to be processed efficiently and flexibly.     

办公空间智能空气管理系统设计研究

目的办公空间智能空气管理系统通过采用人工智能技术,依托物联网系统和交互设计,对办公空间中不同场所的空气质量进行自动监测和治理。方法通过智能空气管理系统中空气监测传感器对办公空间不同场所的室内空气进行实时监测,将信息上传到服务器进行数据分析,当室内空气污染指数、温度、干湿度等数值超过设定的适合工作环境的阈值,服务器发出命令,该房间的中央空调、空气净化器、新风系统、加湿器等相应设备自动清理空气中的污染物,调节温度和干湿度。结论利用开源硬件Arduino,ZigBee无线传输模块,按约定的协议,将空气监测传感器、空气管理设备和服务器连接起来进行信息交换和通信,构成一个智能空气管理系统,实现对办公空间空气质量的精准监测、智能控制与决策处理。     

A Novel Quantum Stegonagraphy Based on Brown States

In this paper, a novel quantum steganography protocol based on Brown entangled states is proposed. The new protocol adopts the CNOT operation to achieve the transmission of secret information by the best use of the characteristics of entangled states. Comparing with the previous quantum steganography algorithms, the new protocol focuses on its anti-noise capability for the phase-flip noise, which proved its good security resisting on quantum noise. Furthermore, the covert communication of secret information in the quantum secure direct communication channel would not affect the normal information transmission process due to the new protocol’s good imperceptibility. If the number of Brown states transmitted in carrier protocol is many enough, the imperceptibility of the secret channel can be further enhanced. In aspect of capacity, the new protocol can further expand its capacity by combining with other quantum steganography protocols. Due to that the proposed protocol does not require the participation of the classic channel when it implements the transmission of secret information, any additional information leakage will not be caused for the new algorithm with good security. The detailed theoretical analysis proves that the new protocol can own good performance on imperceptibility, capacity and security.     

非接触式智能卡协议测试系统的设计与实现

针对智能卡协议测试存在的自动化和标准化程度低、脚本复用性差等问题,提出了一种非接触式智能卡协议测试系统Proxi CPTS(Protocol Test System of Proximity Card)。系统采用分层结构和模块化设计的思想,通过硬件抽象层屏蔽测试设备的不一致,构建功能函数库以实现代码隔离,采用工程化方法管理测试用例,支持系统扩展。实际应用表明,该系统能够提高测试效率,且系统结构清晰,具有较高的可维护性,可以满足自动化测试的应用需求。     

ESAP: Efficient and secure authentication protocol for roaming user in mobile communication networks

The Global System for Mobile communication (GSM) network is proposed to mitigate the security problems and vulnerabilities observed in the mobile telecommunication system. However, the GSM network is vulnerable to different kinds of attacks such as redirection attack, impersonation attack and Man in-the Middle (MiTM) attack. The possibility of these attacks makes the wireless mobile system vulnerable to fraudulent access and eavesdropping. Different authentication protocols of GSM were proposed to overcome the drawbacks but many of them lead to network signalling overload and increases the call set-up time. In this paper, an efficient and secure authentication and key agreement protocol (ESAP-AKA) is proposed to overcome the flaws of existing authentication protocol for roaming users in the GSM network. The formal verification of the proposed protocol is presented by BAN logic and the security analysis is shown using the AVISPA tool. The security analysis shows that the proposed protocol avoids the different possible attacks on the communication network. The performance analysis based on the fluid flow mobility model shows that the proposed protocol reduces the communication overhead of the network by reducing a number of messages. On an average, the protocol reduces 60% of network signalling congestion overhead as compared with other existing GSM-AKA protocols. Moreover, the protocol not only removes the drawbacks of existing protocols but also accomplishes the needs of roaming users.     

Multi-Rate Polling: Improve the Performance of Energy Harvesting Backscatter Wireless Networks

In recent years, Researchers have proposed the concept of Energy Harvesting Backscatter Wireless Networks (EHBWN). EHBWN usually consists of one sink and several backscatter nodes. Backscatter nodes harvest energy from their environment and communicate with sink through backscattering the carrier wave transmitted by sink. Although a certain amount of access protocols for Energy Harvesting Wireless Networks have been present, they usually do not take the sink’s receiver sensitivity into account, which makes those protocols unsuitable in practice. In this paper, we first give an analysis of the backscatter channel link budget and the relationship between the effective communication range and uplink data rate. After that, we point out that a single uplink data rate for all the backscatter nodes is no longer suitable due to the constraint of sink receiver sensitivity. Later we propose Multi-rate Polling which divides the network into different uplink data rata regions to make sure the correct packet reception by the sink and improve the network performance. Multi-rate Polling also introduces a parameter K, through adjusting it, we can achieve the trade-off between network throughput and fairness to meet the requirement under various scenarios. We validate Multi-rate Polling under different networks and average harvesting rates through simulation. The result shows that the proposed protocol can effectively improve the network performance and has excellent scalability, which makes it suitable for EHBWN.     

EAP-FAST在公共无线局域网安全接入控制中的研究及实现

Cisco公司于2004年提出基于隧道的灵活认证协议（EAP-FAST）以替代存在安全漏洞的LEAP认证协议，该协议具有安全性和易部署性的特点。文章论述了基于8021x协议的EAP-FAST认证协议及其实现技术，并在公共无线局域网(PWLAN)综合实验平台上实现了EAP-FAST认证的客户端、认证者、认证服务器端功能。     

Design and implementation of the push-to-talk service in ad hoc VoIP network

Push-to-talk (PTT) is a walkie-talkie like service which performs an efficient and instant voice over Internet protocol (VoIP) communication in mobile ad hoc network especially for certain circumstances, such as battle field and earthquake or disaster relief. The authors have designed and implemented the PTT mechanism in ad hoc VoIP network. The PTT server and user agent combined with the pseudo session initiation protocol (SIP) server in the implementation provide the PTT service without standalone SIP server support. The authors also conduct the experimental measurements, in terms of delay and packet loss, in the test-bed to demonstrate the realisation of PTT service in ad hoc VoIP network.     

Preventing the impact of selfish behavior under MANET using Neighbor Credit Value based AODV routing algorithm

Mobile Ad hoc Network (MANET) nodes exchange information using the multi-hop wireless communications without the need for any pre-existing infrastructure. Routing protocols of MANET are designed with an assumption that the nodes will cooperate in routing process. To achieve high throughput and reliable communication, the nodes are expected to cooperate with each other. Routing protocol plays a crucial role in an effective communication between nodes and operates on the assumption that the nodes are fully cooperative. Due to the open structure and limited battery-based energy in MANET, some nodes may not cooperate correctly or behave maliciously and such kind of misbehavior impacts the fairness, reliability and efficiency in MANET. Previous work addressed the ways to overcome these kinds of node misbehaviors and attacks. Most of the existing works need time to analyse the neighbor traffic and decide whether a neighbor is behaving maliciously or not. Further, the existing credit-based detection mechanisms may mark a genuine idle node as a malicious node. This work addresses a simple Neighbor Credit Value based AODV (NCV-AODV) routing algorithm for the detection of selfish behavior which avoids such false detection. The proposed idea is implemented in Ad hoc On Demand Distance Vector (AODV) routing protocol and an extensive analysis on the performance of the proposed detection mechanism against the selfish behavior of some MANET nodes are conducted.     

Formation of autonomous agent networks for manufacturing systems

Designing flexible manufacturing systems that can cope well with the dynamic environment has been an important goal. The objective of this paper is to describe a modelling approach developed to design a manufacturing system as a society of autonomous agents called autonomous agent network (AAN). Within the AAN, autonomous agents are loosely coupled. System's tasks are accomplished by the autonomous agents collaboratively through the communication and information exchange definitions protocols. The approach in this paper consists of autonomous agent formation and protocol formation. Reducing the degree of uncertainty, reducing the impact of uncertainty, and keeping the desired level of productivity are the main motivations for forming autonomous agents for manufacturing. By using two basic communication acts, 'request' and 'tell', five basic protocols are formed. The five basic protocols can further form specific taskapplication protocols to define the complex communication among autonomous agents. The methodology is demonstrated with an industrial case study. In addition, the validation of the performance in communication, autonomy and flexibility of AANs are also explained in this paper.     

Quantum Secure Direct Communication Protocol with Mutual Authentication Based on Single Photons and Bell States

Quantum secure direct communication (QSDC) can transmit secret messages directly from one user to another without first establishing a shared secret key, which is different from quantum key distribution. In this paper, we propose a novel quantum secure direct communication protocol based on signal photons and Bell states. Before the execution of the proposed protocol, two participants Alice and Bob exchange their corresponding identity IDA and IDB through quantum key distribution and keep them secret, respectively. Then the message sender, Alice, encodes each secret message bit into two single photons (| 01〉or|10〉) or a Bell state , and composes an ordered secret message sequence. To insure the security of communication, Alice also prepares the decoy photons and inserts them into secret message sequence on the basis of the values of IDA and IDB. By the secret identity IDA and IDB, both sides of the communication can check eavesdropping and identify each other. The proposed protocol not only completes secure direct communication, but also realizes the mutual authentication. The security analysis of the proposed protocol is presented in the paper. The analysis results show that this protocol is secure against some common attacks, and no secret message leaks even if the messages are broken. Compared with the two-way QSDC protocols, the presented protocol is a one-way quantum communication protocol which has the immunity to Trojan horse attack. Furthermore, our proposed protocol can be realized without quantum memory.     

Sum Rate Maximization-based Fair Power Allocation in Downlink NOMA Networks

Non-orthogonal multiple access (NOMA) has been seen as a promising technology for 5G communication. The performance optimization of NOMA systems depends on both power allocation (PA) and user pairing (UP). Most existing researches provide sub-optimal solutions with high computational complexity for PA problem and mainly focuses on maximizing the sum rate (capacity) without considering the fairness performance. Also, the joint optimization of PA and UP needs an exhaustive search. The main contribution of this paper is the proposing of a novel capacity maximization-based fair power allocation (CMFPA) with low-complexity in downlink NOMA. Extensive investigation and analysis of the joint impact of signal to noise ratio (SNR) per subcarrier and the channel gains of the paired users on the performance of NOMA in terms of the capacity and the user fairness is presented. Next, a closed-form equation for the power allocation coefficient of CMFPA as a function of SNR, and the channel gains of the paired users is provided. In addition, to jointly optimize UP and PA in NOMA systems an efficient low-complexity UP (ELCUP) method is proposed to be incorporated with the proposed CMFPA to compromise the proposed joint resource allocation (JRA). Simulation results demonstrate that the proposed CMFPA can improve the capacity and fairness performance of existing UP methods, such as conventional UP, and random UP methods. Furthermore, the simulation results show that the proposed JRA significantly outperforms the existing schemes and gives a near-optimal performance.