A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography

As a signaling protocol for controlling communication on the internet, establishing, maintaining, and terminating the sessions, the Session Initiation Protocol (SIP) is widely used in the world of multimedia communication. To ensure communication security, many authentication schemes for the SIP have been proposed. However, those schemes cannot ensure user privacy since they cannot provide user anonymity. To overcome weaknesses in those authentication schemes with anonymity for SIP, we propose an authentication scheme with anonymity using elliptic curve cryptograph. By a sophisticated analysis of the security of the proposed protocol, we show that the proposed scheme not only overcomes weaknesses in previous schemes but also is very efficient. Therefore, it is suitable for applications with higher security requirements.     

智能电网中基于MQTT协议的ABAC访问控制方案

在智能电网环境中,电力运营商和消费者通过智能电表进行大量高精度的用电数据的实时监测,用户机密数据持续暴露于未经授权的访问,在这种传统通信模式下,智能电表对家庭用户能源消耗的细粒度测量造成了严重的隐私安全问题,而现有的静态访问控制方法并不满足智能电网环境基于上下文的动态访问特性。针对此问题,提出一种基于物联网通信协议（MQTT协议）的访问控制方案,通过在MQTT协议中对树型结构的主题列表设计基于ABAC访问控制模型的动态上下文授权策略,并在WSO2系统使用XACML策略语言实现了提出的访问控制方案。性能评估结果表明,该方案能在较低的通信开销内支持动态的访问控制,以解决智能电网中用户的用电信息未经授权而泄露的隐私安全问题。     

智能电网中的数据聚合方案分类研究

智能电网中其安全的通信架构是保证电网安全、稳定运行的基础,隐私保护的数据聚合是保证机密性、提高效率的有效途径。对最近面向智能电网通信系统的数据聚合的五种功能类型的方案进行了总结和分析。在聚合阶段,大部分的方案在系统架构上基本相差不大,不过在聚合方法的选取上,则各自有不同的考虑。诸如Paillier加密体制和ElGamal加密体制,是两种较为常规的加密体制,差分隐私、双线性对技术和数据签名技术也在一些文章中得到应用。通过安全性分析证明,这些方案不仅具有隐私保护、消息的认证性和完整性验证等功能;而且通过对这些方案进行性能比较分析,所述的方案在计算开销和用户的访问控制方面及通信开销都各有优势,对于智能电网多维数据的收集和云端的访问控制提供了更多的参考依据。     

工业物联网中基于PUFs轻量级的密钥交换协议研究

为了保障数据的安全性和隐私性,防止恶意用户访问传感器设备,针对工业物联网提出一种轻量级的认证与密钥交换协议.该协议采用物理不可克隆函数,模糊提取器保障传感器设备的安全.同时采用单向散列函数、异或操作和对称加解密等技术建立安全的会话通道.实验结果表明,相比于其他认证方案,该协议有效减少了密钥交换的通信和计算开销,所提出的...     

雾辅助智能电网中容错隐私保护数据聚合方案

针对雾辅助智能电网数据收集过程中存在的隐私泄露问题,本文提出一种新的支持容错的隐私保护数据聚合方案.首先,结合BGN同态加密算法和Shamir秘密共享方案确保电量数据的隐私性.同时,基于椭圆曲线离散对数困难问题构造高效的签名认证方法保证数据的完整性.特别地,方案具有两种容错措施,当部分智能电表数据无法正常发送或部分云服务器遭受攻击而无法工作时,方案仍然能够进行聚合统计.安全分析证明了方案满足智能电网的安全需求;性能实验表明,与已有方案相比,本文方案计算和通信性能更优.     

A reliable QoS-aware routing scheme for neighbor area network in smart grid

A reliable bi-directional communication network is one of the key factors in smart grid (SG) to meet application requirements and improve energy efficiency. As a promising communication infrastructure, wireless mesh network (WMN) can provide high speed and cost-effect communication for SG. However, challenges remain to maintain high reliability and quality of service (QoS) when applying WMNs to SG. In this paper, we first propose a hybrid wireless mesh protocol (HWMP) based neighbor area network (NAN) QoS-aware routing scheme, named HWMP-NQ, to meet the QoS requirements by applying an integrated routing metric to route decision with effective link condition probing and queue optimization. To further improve the reliability of the proposed HWMP-NQ, we present a multi-gateway backup routing scheme along with a routing reliability correction factor to mitigate the impact of routing oscillations. Finally, we evaluate the performances of the proposed schemes on NS3 simulator. Extensive simulations demonstrate that HWMP-NQ can distinguish different applications and satisfy the QoS requirements respectively, and also improve the average packet delivery ratio and throughput with a reduced routing overhead, even with a high failure rate of mesh nodes.     

基于隐私保护的实时电价计费方案

针对智能电网基于实时电价的计费过程中有大量实时用电数据需要交互和计算,且隐私数据保护不够完善的安全问题,提出了一种基于隐私保护的实时电价计费方案。利用加法同态加密、混合乘法同态加密等技术,保证了实时用电数据在通信、数据聚合、电费计算和账单验证过程中的安全。同时,通过聚合签名技术减少了数据认证过程中的开销。通过对所述方案进行安全性分析和性能分析,表明该方案具有很好的安全性且性能较高。     

智能电网中家域网安全数据汇聚与调度方法研究

智能电网中通信网络的安全是实施智能电网的一个重要环节。用户信息的隐私保护是智能电网安全服务的一个主要任务。智能电网中用户信息隐私保护主要围绕智能电表数据的机密性和匿名性展开。本文以家域网作为智能电网通信网络的一个基本数据汇聚与调度单元,提出了一种安全的网内数据汇聚与调度方法,从而保证了智能家居设备的用电信息的机密性和匿名性。采用NS-2对本文提出的网内方法进行了仿真研究。仿真结果表明,本文提出的网内数据汇聚与调度方法与传统方法相比具有较高的实用性。     

基于区块链的云数据审计方案

云存储凭借高扩展性、高可靠性、低成本的数据管理优点得到用户青睐。然而,如何确保云数据完整性成为亟待解决的安全挑战。目前的云数据完整性审计方案,绝大部分是基于半可信第三方来提供公共审计服务,它们存在单点失效、性能瓶颈以及泄露用户隐私等问题。针对这些缺点提出了基于区块链的审计模型。该模型采用分布式网络、共识算法建立一个去中心化、易扩展的网络解决单点失效问题和计算力瓶颈,利用区块链技术和共识算法加密用户数据保证数据不可窜改和伪造,确保了用户数据的隐私。实验结果表明,与基于半可信第三方云数据审计方案相比,该模型能够保护用户隐私,显著提高了审计效率,减少通信开销。     

一种基于区块链的车联网安全认证协议

针对车联网环境下,车辆节点快速移动造成的中心服务器认证效率低、车辆隐私保护差等问题,提出了一种基于区块链的车联网安全认证协议。该协议利用Fabric联盟链存储车辆临时公钥与临时假名,通过调用智能合约,完成车辆身份认证,同时协商出会话密钥,保证通信过程中数据的完整性与机密性;利用假名机制有效避免了车辆在数据传输过程中身份隐私泄露的风险;使用RAFT共识算法高效达成数据共识。经安全性分析与实验结果表明,所提协议具有抵抗多种网络攻击的能力,且计算开销低、区块链存储性能好,能够满足车联网通信的实时要求。     

Is the influence of privacy and security on online trust the same for all type of consumers?

This article analyzes the relationships among online trust and two of its most important antecedents, namely privacy and security, and explains how consumers’ characteristics (gender, age, education and extraversion), moderate the influence of both privacy and security in online trust. This study expands previous literature by identifying the conditions under which perceived privacy and security are likely to have the greatest positive effects on consumer trust in the online retailer. Based on data from 398 online consumers, the results revealed that the influence of both privacy and security on online trust was stronger for male, younger, more educated, and less extraverted consumers. Implications for theory and management are discussed.     

基于群签名与属性加密的区块链可监管隐私保护方案

区块链技术的去中心化、数据难篡改等特性使其在溯源问题上体现出明显优势,基于区块链的溯源系统可以解决传统系统中信息孤岛、共享程度低以及数据可篡改等问题,从而保证数据的可追溯性。然而,区块链溯源系统中的数据可追溯性与用户隐私保护之间难以取得平衡。提出一种结合群签名、隐私地址协议、零知识证明以及属性加密的分布式可监管隐私保护方案。对群签名的群管理员机制进行改进,设置多群管理员生成用户私钥片段,用户根据返回的私钥片段计算自身私钥,并根据需要有选择性地对溯源数据进行属性加密,同时为链上数据设置特定的访问结构,以实现数据与用户的“一对多”通信。群管理员利用群公钥对交易双方的身份进行追踪与追责。符合数据特定访问结构的用户通过自身的属性私钥对密文进行解密从而获取数据信息。实验结果表明,该方案能在保证数据可追溯并实现交易双方监管的同时,提高链上数据的隐私保护水平,与现有隐私保护方案相比安全性更高。     

Do security and privacy policies in B2B and B2C e-commerce differ? A comparative study using content analysis

Security and privacy policies address consumer concerns related to security and privacy in e-commerce websites. As these policies represent only the vendor’s perspective, often there exists a mismatch between the stated and desired policy. Based on transaction cost theory, we speculate that business-to-business (B2B) and business-to-consumer (B2C) e-commerce customers use their transaction cost savings in order to obtain varying levels of security and privacy. These differences are bound to be reflected in the security and privacy policies of e-commerce companies. Therefore, in this paper, we perform a comparative content analysis of the security and privacy policies in B2C and B2B e-commerce. Results show that B2B vendors are more concerned about security than their B2C counterparts, while B2C vendors are anxious about intimacy and restriction privacy. Our findings have important implications for e-commerce consumers and vendors as individual and corporate consumers have varying concerns while transacting online. Individual consumers are concerned about maintaining security and intimacy privacy, whereas corporate users are anxious about regulatory issues. Therefore, B2C vendors should incorporate stringent measures dedicated to confidentiality and protection of consumer data as well as enhance intimacy privacy in their security policies, while their B2B counterparts should focus on enhancing restriction privacy.     

一种基于PUF的超轻量级RFID标签所有权转移协议

针对RFID标签所有权转移协议中存在的数据完整性受到破坏、物理克隆攻击、去同步攻击等多种安全隐私问题,新提出一种基于物理不可克隆函数(PUF)的超轻量级RFID标签所有权转移协议—PUROTP.该协议中标签所有权的原所有者和新所有者之间直接进行通信完成所有权转移,从而不需要引入可信第三方,主要涉及的运算包括左循环移位变换(Rot(X,Y))和异或运算($\oplus$)以及标签中内置的物理不可克隆函数(PUF),并且该协议实现了两重认证,即所有权转移之前的标签原所有者与标签之间的双向认证、所有权转移之后的标签新所有者与标签之间的双向认证.通过使用BAN(Burrows-Abadi-Needham)逻辑形式化安全性分析以及协议安全分析工具Scyther对PUROTP协议的安全性进行验证,结果表明该协议的通信过程是安全的,Scyther没有发现恶意攻击,PUROTP协议能够保证通信过程中交互信息的安全性及数据隐私性.通过与现有部分经典RFID所有权转移协议的安全性及性能对比分析,结果表明该协议不仅能够满足标签所有权转移过程中的数据完整性、前向安全性、双向认证性等安全要求,而且能够抵抗物理克隆攻击、重放攻击、中间人攻击、去同步攻击等多种恶意攻击.在没有额外增加计算代价和存储开销的同时克服了现有方案存在的安全和隐私隐患,具有一定的社会经济价值.     

智能电网隐私保护工程分析与相关对策

保护电力消费者的数据和隐私对于智能电网来说是至关重要的。纵观全球,目前的智能电网往往趋于关注隐私安全的需要,隐私仅仅作为智能电网的一个特性存在。为了填补隐私保护在智能电网中的空白,同时帮助智能电网工程师分析隐私威胁、选择合适的策略即隐私保护技术最后达到解决智能电网系统开发阶段的隐私问题的目的,描述了相应的方法框架和指导规则,对现有的隐私保护技术进行了详细的总结,讨论了其应用的环境,并阐述了隐私实施过程中面对的潜在挑战。     

基于时间扰动的智能电表隐私保护方法

针对目前智能电表隐私保护方法存在对用户用电模式保护力度不足的问题,提出采用时延扰动来破坏数据波形,在智能电表数据可用性的基础上推导基于时间扰动的智能电表隐私保护模型,通过扰动智能电表数据发布时间来实现数据安全性与可用性的折中,并利用非侵入式负载监测算法对隐私安全性进行检测。实验结果表明,基于时间扰动的智能电表隐私保护方法能够有效地抑制电器切换事件的识别准确率,相比于随机扰动和充电电池方法有更好的抑制效率,多用户的聚合误差稳定在10%左右,同时在计费误差上有着优异的表现。     

Integrated smart grid systems security threat model

The smart grid (SG) integrates the power grid and the Information and Communication Technology (ICT) with the aim of achieving more reliable and safe power transmission and distribution to the customers. Integrating the power grid with the ICT exposes the SG to systems security threats and vulnerabilities that could be compromised by malicious users and attackers. This paper presents a SG systems threats analysis and integrated SG Systems Security Threat Model (SSTM). The reference architecture of the SG, with its components and communication interfaces used to exchange the energy-related information, is integrated with the results of SG systems security threat analysis to produce a comprehensive, integrated SG SSTM. The SG SSTM in this paper helps better depict and understand the vulnerabilities exploited by attackers to compromise the components and communication links of the SG. The SG SSTM provides a reference of the systems security threats for industrial security practitioners, and can be used for design and implementation of SG systems security controls and countermeasures.     

适用于低成本的标签所有权转移协议

标签在使用过程中,标签的所有权归属者经常会发生变化。为了确保相关通信实体隐私信息的安全性,提出一种成本较低的标签所有权转移协议。为保障通信实体各方隐私信息的安全,所提出的协议采用循转函数及二次剩余定理对信息进行加密;采用标签新所有者与标签之间共享密钥二次同步更新机制,来保证所有权转移协议的前后向安全性。给出所提协议与其他此类相关协议之间的安全性比较分析,以及性能比较分析,突出所提协议的安全性高、成本低特性。     

Robust session key generation protocol for social internet of vehicles with enhanced security provision

Social internet of things (SIoT) is an emerging concept that enables the autonomous interactions between social networks and internet of things (IoT). Vehicle-to-grid (V2G) networks are one of the instances of the SIoT. To mitigate privacy and security issues exist in the V2G networks, it is crucial to employ proper security solutions. One of the most important and popular security solutions is the key exchange protocol. During the last decade, several key exchange schemes have been proposed considering the specific requirements of V2G networks. However, the existing schemes have not reached a proper balance between security and efficiency. Therefore, in this paper, after the security assessment of a recent work, we propose a key exchange protocol, which can provide the desired performance and security properties. Rigorous formal security analyses besides the security features, communication overhead, and computational complexity comparisons indicate that the proposed scheme is a robust one to be employed in the V2G networks. To be more specific, in comparison to one of the most secure schemes, the proposed protocol has 84% improvement in execution time and 54% improvement in communication overhead. Furthermore, experiments on realistic platform indicate that the proposed protocol only takes 3 s to be executed by the computationally constrained onboard unit of electric vehicle.