个人通信系统中的一种移动用户登记认证协议

假冒和窃听攻击是无线通信面临的主要威胁。在个人通信系统中,为了对无线链路提供安全保护,必须对链路上所传送的数据/话音进行加密,而且在用户与服务网络之间必须进行相互认证。近年来,人们在不同的移动通信网络(如GSM,IS-41,CDPD,Wireless LAN等)中提出了许多安全协议。然而,这些协议在个人通信环境中应用时存在不同的弱点。本文基于个人通信系统的双钥保密与认证模型,设计了用户位置登记认证协议;并采用BAN认证逻辑对协议的安全性进行了形式化证明,也对协议的计算复杂性进行了定性分析。分析表明,所提出的协议与现有的协议相比具有许多新的安全特性。     

Anonymity handover authentication protocol based on group signature for wireless Mesh network

In order to ensure that the Mesh network mobile client video,voice and other real-time strong applications without interruption,a secure and efficient handover authentication was very important.To protect the privacy of mobile nodes,an anonymity handover authentication protocol was proposed based on group signature for wireless mesh network.Compared with other handover authentication protocols based on group signature,the proposed scheme did not involve the group signature correlation operation,and the group signature algorithm was only carried out on the router.The pro-posed protocol not only enhances the security but also performs well in authentication efficiency and privacy-preserving.     

一种基于RSA算法的加密芯片设计

给出了一种1024位RSA算法加密芯片的完整设计方案.本方案采用了Barret模缩减算法和反复平方法,根据大数运算的特点和降低资源消耗的需要改进了电路结构,并采用全定制IC的设计流程进行实现.结果表明,该方案结构简单,资源利用率高,且能达到较高的性能.     

关于提高RSA算法速度的研究

RSA是第一个既能用于数据加密也能用于数字签名的公开密钥算法,是目前应用最为广泛的数字签名算法。RSA的安全性依赖于大数分解,由于进行的都是大数计算,使得RSA最快的情况也比DES慢100倍,无论软件还是硬件实现,速度一直是RSA的缺陷。从密钥产生、加密和解密的速度制约条件进行了分析,提出了依赖n进制数组大数的表示法、最优个数素数表和中国剩余定理的高性能RSA算法,并在PIC32单片机上对算法进行了测速。     

基于混合密钥数字签名在移动OA系统的研究

针对传统RSA算法在移动OA系统中签名效率较低的问题,研究了基于混合密钥数字签名技术,开发了一个完整的移动OA系统。使用RSA算法进行数字签名前,先对文档用Hash函数生成数字摘要,然后进行数字签名。实验证明,混合密钥数字签名技术在保证安全的情况下,大幅提高了数字签名的效率。     

基于改进RSA算法的隐私数据集同态加密方法

为提高对数据集的加密效果和保障数据集的安全性,在分析传统非对称密钥(RSA)算法运行原理及其参数选择、素数判定条件的基础上,提出了改进RSA算法。为进一步提升加密速度,引入数据加密(DES)算法。首先利用DES算法实现明文数据集的加密,并针对密钥进行RSA加密;在此基础上,在明文和密文空间中,利用加法同态过程对密文进行计算,并通过对结果的解密操作得到相应的明文计算结果。实验结果表明,与基于传统RSA算法或DES算法的加密方法相比,该方法的加密效率和抵御攻击成功率更高,加密过程耗时5~6 s,抵御攻击成功率保持在95%上下,说明该方法能够有效保护隐私数据集的安全。     

一种快速的强素数生成方法

针对传统的大素数生成方法需进行较复杂的模幂运算,从而导致运算速度较慢的缺陷,本文基于Miller-Rabin概率性素数检测法提出了一种大素数生成的优化方法,有效地提高了寻找大素数的速度。基于此优化方法,提出了一种新的强素数生成算法,该方法根据强素数的特征,用自顶向下的方法来生成强素数,算法简单、易实现,满足RSA算法安全性的需求。     

基于统一通信技术的异构网络穿越安全算法研究

在统一通信异构网络环境中,由于统一的协议规范、加密以及防火墙等安全措施的存在,在网络环境内部进行的通信具有良好的可用性和安全性。当前的电力通信网,由于业务网络众多、网络层级明显,异构网络环境被广泛地应用在其通信的各个方面。但异构网络之间的通信,为了保证其可用性,安全性却被降低。在研究了异构网络穿越的问题和现状之后,又对对称密钥密码体制、非对称密钥密码体制进行了深入的研究,并且提出了一种基于RSA算法和改进型DES算法的混合加密算法。最后,运用实例分析表明,该算法具有很好的安全性。     

移动感知器网络中基于随机游走和协作关系的任务分发算法

关于移动感知器网络中感知任务的分发问题,目前学术界已经有了诸多相关研究.然而,这些研究很少涉及到多个智能体协作完成复杂感知任务问题.针对这种情况,首先,通过分析移动感知器网络的结构特征、智能体相互之间、以及智能体和感知任务之间的关系,本文提出了智能体之间协作关系强度和智能体对感知任务适应度两个概念,并讨论了二者对于移动感知器网络中感知任务动态分发的作用.其次,在上述概念的基础上,将二者融合为偏好因子,提出了基于随机游走和协作关系的任务分发算法（TDCR,Task Distribution With Cooperative Relationship）,通过该算法达到提高任务分发效率的目的.最后,将TDCR与Personal Rank算法（PR）、HITS算法对比分析,表明所提出的算法TDCR在任务分发效率和准确度等性能指标上有较好的提升.     

End-to-End Security Protocol for Mobile Communications with End-User Identification/Authentication

As great progress has been made in mobile communications, many related researches on this topic have been proposed. In most of the proposed protocols so far, it has been assumed that the person using the mobile station is the registrar of the SIM card; as a matter of, the previous protocols for authentication and session key distribution are built upon this assumption. This way, the mobile user can only verify the identity of the owner of the SIM card. This means that the mobile user can only know that who registers the SIM card with which he communicates. Note that the human voice can be forged. To make sure that the speaker at the other end is the right owner of the SIM card, concept of the password is involved to construct the end-to-end security authentication protocol. In the proposed protocol, each mobile user can choose a password. When two mobile users want to communicate with each other, either user can request to perform a end-user identification process. Only when both of the end users input the correct passwords can the correct common session key be established.     

RSA密码协处理器的实现

密码协处理器的面积过大和速度较慢制约了公钥密码体制RSA在智能卡中的应用.文中对Montgomery模乘算法进行了分析和改进,提出了一种新的适合于智能卡应用的高基模乘器结构.由于密码协处理器采用两个32位乘法器的并行流水结构,这与心动阵列结构相比它有效地降低了芯片的面积和模乘的时钟数,从而可在智能卡中实现RSA的数字签名与认证.实验表明:在基于0.35μm TSMC标准单元库工艺下,密码协处理器执行一次1024位模乘需1216个时钟周期,芯片设计面积为38k门.在5MHz的时钟频率下,加密1024位的明文平均仅需374ms.该设计与同类设计相比具有最小的模乘运算时钟周期数,并使芯片的面积降低了1/3.这个指标优于当今电子商务的密码协处理器,适合于智能卡应用.     

混沌系统在RSA加密算法中的应用

信息安全中的加密算法日益受到重视,许多加密算法被提出,其中RSA公钥加密算法有着特殊的作用而被广泛使用。由于混沌序列有着良好的伪随机性和对初始值及系统参数敏感以及遍历性等特点,而具有很好的加密性能。因此根据混沌的这些特点,提出了一种利用混沌系统产生大随机数序列的方法,并把他运用于RSA公钥加密算法中,实验证明该方法是非常有效性的。     

Design and FPGA implementation of an efficient security mechanism for mobile pay‐TV systems

A mobile pay‐TV service is one of the ongoing services of multimedia systems. Designing an efficient mechanism for authentication and key distribution is an important security requirement in mobile pay‐TV systems. Until now, many security protocols have been proposed for mobile pay‐TV systems. However, the existing protocols for mobile pay‐TV systems are vulnerable to various security attacks. Recently, Wang and Qin proposed an authentication scheme for mobile pay‐TV systems using bilinear pairing on elliptic curve cryptography. They claimed that their scheme could withstand various attacks. In this paper, we demonstrate that Wang and Qin's scheme is vulnerable to replay attacks and impersonation attacks. Furthermore, we propose a novel security protocol for mobile pay‐TV systems using the elliptic curve cryptosystem to overcome the weaknesses of Wang and Qin's scheme. In order to improve the efficiency, the proposed scheme is designed in such a way that needs fewer scalar multiplication operations and does not use bilinear pairing, which is an expensive cryptographic operation. Detailed analyses, including verification using the Automated Validation of Internet Security Protocols and Applications tool and implementation on FPGA, demonstrate that the proposed scheme not only withstands active and passive attacks and provides user anonymity but also has a better performance than Wang and Qin's scheme.     

一种网络传输信息加密解密系统研制的方法

在对公钥密码体制分析的基础上，研究了RSA密码体制的实现算法，设计了系统程序模块。开发了端对端的网络传输信息加密解密系统。测试表明采用RSA密码体制可以研制出安全性更高的网络传输信息加密解密系统。     

An efficient pairing‐free identity‐based authenticated group key agreement protocol

An authenticated group key agreement protocol allows participants to agree on a group key that will be subsequently used to provide secure group communication over an insecure network. In this paper, we give a security analysis on a pairing‐free identity‐based authenticated group key agreement because of Islam et al. We show that the protocol of Islam et al. cannot satisfy the minimal security requirements of the key agreement protocols. We propose an efficient pairing‐free identity‐based authenticated group key agreement for imbalanced mobile network. The proposed protocol can be implemented easily for practical application in mobile networks as it is free from bilinear. Under the difficulty of the InvCDH and CDH we demonstrate that the proposed protocol provides perfect forward secrecy, implicit key authentication and the dynamic functionality. As compared with the group key agreement protocols for imbalanced mobile network, the proposed protocol provides stronger security properties and high efficiency. Copyright © 2013 John Wiley & Sons, Ltd.     

基于RSA算法的扩展算法

RSA的安全性是依据大整数分解的困难性而设计的。RSA公开密钥加密体制中n为2个大素数的乘积,即针对n=pq（p,q为大素数）的大整数分解,这里介绍了RSA算法的扩展算法的加密和解密原理,即针对n=p1,p2,…,pr（p1,p2,…,pr为大素数）的大整数分解。通过扩展素因子的个数达到RSA算法的安全性。比较RSA算法,扩展的RSA算法不仅可用于数据加密解密,也可用于数字签名。利用扩展的RSA算法实现数字签名也具有较高的安全性和可靠性。     

Performance-Scalable Array Architectures for Modular Multiplication

Modular multiplication is a fundamental operation in numerous public-key cryptosystems including the RSA method. Increasing popularity of internet e-commerce and other security applications translate into a demand for a scalable performance hardware design framework. Previous scalable hardware methodologies either were not systolic and thus involved performance-degrading, full-word-length broadcasts or were not scalable beyond linear array size. In this paper, these limitations are overcome with the introduction of three classes of scalable-performance modular multiplication architectures based on systolic arrays. Very high clock rates are feasible, since the cells composing the architectures are of bit-level complexity. Architectural methods based on both binary and high-radix modular multiplication are derived. All techniques are constructed to allow additional flexibility for the impact of interconnect delay within the design environment.     

Securing Wireless Sensor Networks Against Denial‐of‐Sleep Attacks Using RSA Cryptography Algorithm and Interlock Protocol

Wireless sensor networks (WSNs) have been vastly employed in the collection and transmission of data via wireless networks. This type of network is nowadays used in many applications for surveillance activities in various environments due to its low cost and easy communications. In these networks, the sensors use a limited power source which after its depletion, since it is non‐renewable, network lifetime ends. Due to the weaknesses in sensor nodes, they are vulnerable to many threats. One notable attack threating WSN is Denial of Sleep (DoS). DoS attacks denotes the loss of energy in these sensors by keeping the nodes from going into sleep and energy‐saving mode. In this paper, the Abnormal Sensor Detection Accuracy (ASDA‐RSA) method is utilized to counteract DoS attacks to reducing the amount of energy consumed. The ASDA‐RSA schema in this paper consists of two phases to enhancement security in the WSNs. In the first phase, a clustering approach based on energy and distance is used to select the proper cluster head and in the second phase, the RSA cryptography algorithm and interlock protocol are used here along with an authentication method, to prevent DoS attacks. Moreover, ASDA‐RSA method is evaluated here via extensive simulations carried out in NS‐2. The simulation results indicate that the WSN network performance metrics are improved in terms of average throughput, Packet Delivery Ratio (PDR), network lifetime, detection ratio, and average residual energy.     

基于F2812的VPN管理服务器设计

为充分利用公共网络资源来提供优质信息安全服务,文中介绍了一种新型的高安全虚拟专用网安全通信解决方案,该方案将网络安全协议完全嵌入到网络设备之中,从而使网络设备具有身份认证、通信保密以及防止主动攻击的功能,给出了该方案的硬件平台组成及组网网络拓扑结构,详细介绍了方案中管理服务器的功能设计、硬件结构及软件结构,同时介绍了RSA算法的实现方式,经验证该方案达到了预期的目的。     

公钥密码处理芯片的设计与实现

以RSA算法为例,探讨了公钥密码处理芯片的设计与实现.首先提出了公钥密码芯片实现中的核心问题,即大整数模幂运算算法和大整数模乘运算算法的实现;然后针对RSA算法,提出了Montgomery模乘算法的CIOS方法的一种新的快速硬件并行实现方法,其中采用了加法与乘法并行运算以及多级流水线技术以提高性能,较大地减少了乘法运算时间,提高了模乘器的性能.