With the development of cloud computing technology,more and more data owners upload their local data to the public cloud server for storage and calculation.While this can save customers’operating costs,it also poses ...With the development of cloud computing technology,more and more data owners upload their local data to the public cloud server for storage and calculation.While this can save customers’operating costs,it also poses privacy and security challenges.Such challenges can be solved using secure multi-party computation(SMPC),but this still exposes more security issues.In cloud computing using SMPC,clients need to process their data and submit the processed data to the cloud server,which then performs the calculation and returns the results to each client.Each client and server must be honest.If there is cooperation or dishonest behavior between clients,some clients may profit from it or even disclose the private data of other clients.This paper proposes the SMPC based on a Partially-Homomorphic Encryption(PHE)scheme in which an addition homomorphic encryption algorithm with a lower computational cost is used to ensure data comparability and Zero-Knowledge Proof(ZKP)is used to limit the client’s malicious behavior.In addition,the introduction of Oblivious Transfer(OT)technology also ensures that the semi-honest cloud server knows nothing about private data,so that the cloud server of this scheme can calculate the correct data in the case of malicious participant models and safely return the calculation results to each client.Finally,the security analysis shows that the scheme not only ensures the privacy of participants,but also ensures the fairness of the comparison protocol data.展开更多
This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in d...This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in data networks has been increasing owing to the high cyber attacks and potential risks associated with networks spread over distant geographical locations. The MPLS networks ride on the public network backbone that is porous and highly susceptible to attacks and so the need for reliable security mechanisms to be part of the deployment plan. The evaluation criteria concentrated on Voice over Internet Protocol (VoIP) and Video conferencing with keen interest in jitter, end to end delivery and general data flow. This study used both structured questionnaire and observation methods. The structured questionnaire was administered to a group of 70 VPN users in a company. This provided the study with precise responses. The observation method was used in data simulations using OPNET Version 14.5 Simulation software. The results show that the IPSec features increase the size of data packets by approximately 9.98% translating into approximately 90.02% effectiveness. The tests showed that the performance metrics are all well within the recommended standards. The IPSec Based MPLS Virtual private network is more stable and secure than one without IPSec.展开更多
Semi-device-independent quantum key distribution(SDI-QKD) has been proposed by applying the quantum dimension correlation, and the security relies on the violation of quantum dimension witness inequalities. We prove t...Semi-device-independent quantum key distribution(SDI-QKD) has been proposed by applying the quantum dimension correlation, and the security relies on the violation of quantum dimension witness inequalities. We prove the security of the SDI-QKD protocol under the depolarization channel by considering the quantum dimension witness inequalities and minimum entropy and the specific process of the QKD protocol, combining with a fourquantum-state preparation and three measurement bases. We also provide the relationship between the dimension witness value, the error rate and the security key rate by the numerical simulation.展开更多
Modem information technology has been utilized progressively to store and distribute a large amount of healthcare data to reduce costs and improve medical facilities.In this context,the emergence of e-Health clouds of...Modem information technology has been utilized progressively to store and distribute a large amount of healthcare data to reduce costs and improve medical facilities.In this context,the emergence of e-Health clouds offers novel opportunities,like easy and remote accessibility of medical data.However,this achievement produces plenty of new risks and challenges like how to provide integrity,security,and confidentiality to the highly susceptible e-Health data.Among these challenges,authentication is a major issue that ensures that the susceptible medical data in clouds is not available to illegal participants.The smart card,password and biometrics are three factors of authentication which fulfill the requirement of giving high security.Numerous three-factor ECC-based authentication protocols on e-Health clouds have been presented so far.However,most of the protocols have serious security flaws and produce high computation and communication overheads.Therefore,we introduce a novel protocol for the e-Health cloud,which thwarts some major attacks,such as user anonymity,offline password guessing,impersonation,and stolen smart card attacks.Moreover,we evaluate our protocol through formal security analysis using the Random Oracle Model(ROM).The analysis shows that our proposed protocol is more efficient than many existing protocols in terms of computation and communication costs.Thus,our proposed protocol is proved to be more efficient,robust and secure.展开更多
To address security and privacy issues in radio frequency identification (RFID) traceability networks, a multi-layer privacy and security framework is proposed, which includes four facets: a security model, a communic...To address security and privacy issues in radio frequency identification (RFID) traceability networks, a multi-layer privacy and security framework is proposed, which includes four facets: a security model, a communication protocol, access permission and privacy preservation. According to the security requirements that are needed in an RFID system, a security model that incorporates security requirements that include privacy of tag data, privacy of ownership, and availability of tag identity is introduced. Using this model, a secure communication protocol that can be used for anti-counterfeiting, automatic identification and privacy preservation is then developed. In order to manage the number of parties, data records of items, and complicated transitions of access permissions in an item-level traceability context, a well-designed access control protocol is proposed to parties that can prove the physical possession of an item;meanwhile, to address the privacy issues during data sharing in an RFID network, a vision of database systems that take responsibility for the privacy of the data they manage is also presented.展开更多
Satellite networks are recognized as the most essential communication infrastructures in the world today,which complement land networks and provide valuable services for their users.Extensive coverage and service stab...Satellite networks are recognized as the most essential communication infrastructures in the world today,which complement land networks and provide valuable services for their users.Extensive coverage and service stability of these networks have increased their popularity.Since eavesdropping and active intrusion in satellite communications are much easier than in terrestrial networks,securing satellite communications is vital.So far,several protocols have been proposed for authentication and key exchange of satellite communications,but none of them fullymeet the security requirements.In this paper,we examine one of these protocols and identify its security vulnerabilities.Moreover,we propose a robust and secure authentication and session key agreement protocol using the elliptic curve cryptography(ECC).We show that the proposed protocol meets common security requirements and is resistant to known security attacks.Moreover,we prove that the proposed scheme satisfies the security features using the Automated Validation of Internet Security Protocols and Applications(AVISPA)formal verification tool and On-the fly Model-Checker(OFMC)and ATtack SEarcher(ATSE)model checkers.We have also proved the security of the session key exchange of our protocol using theReal orRandom(RoR)model.Finally,the comparison of our scheme with similar methods shows its superiority.展开更多
Pervasive IoT applications enable us to perceive,analyze,control,and optimize the traditional physical systems.Recently,security breaches in many IoT applications have indicated that IoT applications may put the physi...Pervasive IoT applications enable us to perceive,analyze,control,and optimize the traditional physical systems.Recently,security breaches in many IoT applications have indicated that IoT applications may put the physical systems at risk.Severe resource constraints and insufficient security design are two major causes of many security problems in IoT applications.As an extension of the cloud,the emerging edge computing with rich resources provides us a new venue to design and deploy novel security solutions for IoT applications.Although there are some research efforts in this area,edge-based security designs for IoT applications are still in its infancy.This paper aims to present a comprehensive survey of existing IoT security solutions at the edge layer as well as to inspire more edge-based IoT security designs.We first present an edge-centric IoT architecture.Then,we extensively review the edge-based IoT security research efforts in the context of security architecture designs,firewalls,intrusion detection systems,authentication and authorization protocols,and privacy-preserving mechanisms.Finally,we propose our insight into future research directions and open research issues.展开更多
The single planar routing protocol has a slow convergence rate in the large-scale Wireless Sensor Network(WSN).Although the hierarchical routing protocol can effectively cope with large-scale application scenarios,how...The single planar routing protocol has a slow convergence rate in the large-scale Wireless Sensor Network(WSN).Although the hierarchical routing protocol can effectively cope with large-scale application scenarios,how to elect a secure cluster head and balance the network load becomes an enormous challenge.In this paper,a Trust Management-based and Low Energy Adaptive Clustering Hierarchy protocol(LEACH-TM)is proposed.In LEACH-TM,by using the number of dynamic decision cluster head nodes,residual energy and density of neighbor nodes,the size of the cluster can be better constrained to improve energy efficiency,and avoid excessive energy consumption of a node.Simultaneously,the trust management scheme is introduced into LEACH-TM to defend against internal attacks.The simulation results show that,compared with LEACH-SWDN protocol and LEACH protocol,LEACH-TM outperforms in prolonging the network lifetime and balancing the energy consumption,and can effectively mitigate the influence of malicious nodes on cluster head selection,which can greatiy guarantee the security of the overall network.展开更多
Cloud computing becomes an important application development platform for processing user data with high security.Service providers are accustomed to providing storage centers outside the trusted location preferred by...Cloud computing becomes an important application development platform for processing user data with high security.Service providers are accustomed to providing storage centers outside the trusted location preferred by the data owner.Thus,ensuring the security and confidentiality of the data while processing in the centralized network is very difficult.The secured key transmission between the sender and the receiver in the network is a huge challenge in managing most of the sensitive data transmission among the cloud network.Intruders are very active over the network like real authenticated user to hack the personal sensitive data,such as bank balance,health data,personal data,and confidential documents over the cloud network.In this research,a secured key agreement between the sender and the receiver using Kerberos authentication protocol with fingerprint is proposed to ensure security in M-Healthcare.Conditions of patients are monitored using wireless sensor devices and are then transferred to the server.Kerberos protocol helps in avoiding unnecessary communication of authenticated data over the cloud network.Biometric security process is a procedure with the best security in most of the authentication field.Trust node is responsible in carrying data packets from the sender to the receiver in the cloud network.The Kerberos protocol is used in trust node to ensure security.Secured communication between the local health center and the healthcare server is ensured by using a fingerprint feature called minutiae form,which refers to the fingerprint image of both sender and receiver.The computational and communicational cost of the proposed system is lesser when compared with other existing authentication methods.展开更多
Based on the deterministic secure quantum communication,we present a novel quantum dialogue protocol without information leakage over the collective noise channel.The logical qubits and four-qubit decoherence-free sta...Based on the deterministic secure quantum communication,we present a novel quantum dialogue protocol without information leakage over the collective noise channel.The logical qubits and four-qubit decoherence-free states are introduced for resisting against collective-dephasing noise,collective-rotation noise and all kinds of unitary collective noise,respectively.Compared with the existing similar protocols,the analyses on security and information-theoretical efficiency show that the proposed protocol is more secure and efficient.展开更多
With the advent of state-of-art technologies,the Telecare Medicine Information System(TMIS)now offers fast and convenient healthcare services to patients at their doorsteps.However,this architecture engenders new risk...With the advent of state-of-art technologies,the Telecare Medicine Information System(TMIS)now offers fast and convenient healthcare services to patients at their doorsteps.However,this architecture engenders new risks and challenges to patients'and the server's confidentiality,integrity and security.In order to avoid any resource abuse and malicious attack,employing an authentication scheme is widely considered as the most effective approach for the TMIS to verify the legitimacy of patients and the server.Therefore,several authentication protocols have been proposed to this end.Very recently,Chaudhry et al.identified that there are vulnerabilities of impersonation attacks in Islam et al.'s scheme.Therefore,they introduced an improved protocol to mitigate those security flaws.Later,Qiu et al.proved that these schemes are vulnerable to the man-in-the-middle,impersonation and offline password guessing attacks.Thus,they introduced an improved scheme based on the fuzzy verifier techniques,which overcome all the security flaws of Chaudhry et al.'s scheme.However,there are still some security flaws in Qiu et al.'s protocol.In this article,we prove that Qiu et al.'s protocol has an incorrect notion of perfect user anonymity and is vulnerable to user impersonation attacks.Therefore,we introduce an improved protocol for authentication,which reduces all the security flaws of Qiu et al.'s protocol.We also make a comparison of our protocol with related protocols,which shows that our introduced protocol is more secure and efficient than previous protocols.展开更多
In order to transmit the secure messages,a deterministic secure quantum direct communication protocol,called the "Ping-pong"protocol was proposed by Bostrm and Felbinger [Phys.Rev.Lett.89,187902(2002) ].Bu...In order to transmit the secure messages,a deterministic secure quantum direct communication protocol,called the "Ping-pong"protocol was proposed by Bostrm and Felbinger [Phys.Rev.Lett.89,187902(2002) ].But the protocol was proved to have many vulnerabilities,and can be attacked by eavesdroppers.To overcome the problem,an improved security detection strategy which inserts the | 0〉,| 1〉,|+〉and |-〉particles into the messages as the decoy particles randomly in the"Ping-pong"protocol is presented.During the security analysis,the method of the entropy theory is introduced,and three detection strategies are compared quantitatively by using the constraint between the information which eavesdroppers can obtain and the interference introduced.Because of the presence of the trap particles |+〉and |-〉,the detection rate will be no less than 25% when Eve attacks the communication.The security analysis result shows that the efficiency of eavesdropping detection in the presented protocol is higher than the other two,so the detection strategy in the protocol can ensure that the "Ping-pong"protocol is more secure.展开更多
As an Industrial Wireless Sensor Network(IWSN)is usually deployed in a harsh or unattended environment,the privacy security of data aggregation is facing more and more challenges.Currently,the data aggregation protoco...As an Industrial Wireless Sensor Network(IWSN)is usually deployed in a harsh or unattended environment,the privacy security of data aggregation is facing more and more challenges.Currently,the data aggregation protocols mainly focus on improving the efficiency of data transmitting and aggregating,alternately,the aim at enhancing the security of data.The performances of the secure data aggregation protocols are the trade-off of several metrics,which involves the transmission/fusion,the energy efficiency and the security in Wireless Sensor Network(WSN).Unfortunately,there is no paper in systematic analysis about the performance of the secure data aggregation protocols whether in IWSN or in WSN.In consideration of IWSN,we firstly review the security requirements and techniques in WSN data aggregation in this paper.Then,we give a holistic overview of the classical secure data aggregation protocols,which are divided into three categories:hop-by-hop encrypted data aggregation,end-to-end encrypted data aggregation and unencrypted secure data aggregation.Along this way,combining with the characteristics of industrial applications,we analyze the pros and cons of the existing security schemes in each category qualitatively,and realize that the security and the energy efficiency are suitable for IWSN.Finally,we make the conclusion about the techniques and approach in these categories,and highlight the future research directions of privacy preserving data aggregation in IWSN.展开更多
This paper deals with an in-line network security processor (NSP) design that implements the Internet Protocol Security (IPSec) protocol processing for the 10 Gbps Ethernet. The 10 Gbps high speed data transfer, the I...This paper deals with an in-line network security processor (NSP) design that implements the Internet Protocol Security (IPSec) protocol processing for the 10 Gbps Ethernet. The 10 Gbps high speed data transfer, the IPSec processing including the crypto-operation, the database query, and IPSec header processing are integrated in the design. The in-line NSP is implemented using 65 nm CMOS technology and the layout area is 2.5 mm×3 mm with 360 million gates. A configurable crossbar data transfer skeleton implementing an iSLIP scheduling algorithm is proposed, which enables simultaneous data transfer between the heterogeneous multiple cores. There are, in addition, a high speed input/output data buffering mechanism and design of high performance hardware structures for modules, wherein the transfer efficiency and the resource utilization are maximized and the IPSec protocol processing achieves 10 Gbps line speed. A high speed and low power hardware look-up method is proposed, which effectively reduces the area and power dissipation. The post simulation results demonstrate that the design gives a peak throughput for the Authentication Header (AH) transport mode of 10.06 Gbps with the average test packet length of 512 bytes under the clock rate of 250 MHz, and power dissipation less than 1 W is obtained. An FPGA prototype is constructed to verify the function of the design. A test bench is being set up for performance and function verification.展开更多
Multi-party systems are important for business processes but can be complex.Blockchain facilitates trust in multiparty systems by providing transparency,decentralised control,and immutable transaction history,to impro...Multi-party systems are important for business processes but can be complex.Blockchain facilitates trust in multiparty systems by providing transparency,decentralised control,and immutable transaction history,to improve security and accountability between parties.The use of cryptographic hashes and the continual validation of the shared ledger in a blockchain system provides parties with data integrity for historical transactions and process integrity for smart contract execution.However,in the design of a broader system combining a blockchain with off-chain components,it is not always clear how system-level integrity is supported.This paper proposes two modelling schemes to better understand blockchain's support for integrity in multi-party blockchain-based systems.The schemes model interactions between components in an architecture as security protocols,for analysis by standard techniques and tools.We first illustrate how blockchain-based systems can be abstractly modelled directly as security protocols.Then we show how blockchain-specific issues such as consensus-based‘forking’(also known as‘orphan blocks’or‘uncle blocks’)can be encoded.This allows transaction reordering behaviour to manifest in the model,and allows design mitigation for that problem to be checked.We illustrate our approach with analyses of three design alternatives for possible enhancements to a multi-party system for sharing trade certificates.展开更多
基金supported by the National Natural Science Foundation of China under Grant No.(62202118.61962009)And in part by Natural Science Foundation of Shandong Province(ZR2021MF086)+1 种基金And in part by Top Technology Talent Project from Guizhou Education Department(Qian jiao ji[2022]073)And in part by Foundation of Guangxi Key Laboratory of Cryptography and Information Security(GCIS202118).
文摘With the development of cloud computing technology,more and more data owners upload their local data to the public cloud server for storage and calculation.While this can save customers’operating costs,it also poses privacy and security challenges.Such challenges can be solved using secure multi-party computation(SMPC),but this still exposes more security issues.In cloud computing using SMPC,clients need to process their data and submit the processed data to the cloud server,which then performs the calculation and returns the results to each client.Each client and server must be honest.If there is cooperation or dishonest behavior between clients,some clients may profit from it or even disclose the private data of other clients.This paper proposes the SMPC based on a Partially-Homomorphic Encryption(PHE)scheme in which an addition homomorphic encryption algorithm with a lower computational cost is used to ensure data comparability and Zero-Knowledge Proof(ZKP)is used to limit the client’s malicious behavior.In addition,the introduction of Oblivious Transfer(OT)technology also ensures that the semi-honest cloud server knows nothing about private data,so that the cloud server of this scheme can calculate the correct data in the case of malicious participant models and safely return the calculation results to each client.Finally,the security analysis shows that the scheme not only ensures the privacy of participants,but also ensures the fairness of the comparison protocol data.
文摘This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in data networks has been increasing owing to the high cyber attacks and potential risks associated with networks spread over distant geographical locations. The MPLS networks ride on the public network backbone that is porous and highly susceptible to attacks and so the need for reliable security mechanisms to be part of the deployment plan. The evaluation criteria concentrated on Voice over Internet Protocol (VoIP) and Video conferencing with keen interest in jitter, end to end delivery and general data flow. This study used both structured questionnaire and observation methods. The structured questionnaire was administered to a group of 70 VPN users in a company. This provided the study with precise responses. The observation method was used in data simulations using OPNET Version 14.5 Simulation software. The results show that the IPSec features increase the size of data packets by approximately 9.98% translating into approximately 90.02% effectiveness. The tests showed that the performance metrics are all well within the recommended standards. The IPSec Based MPLS Virtual private network is more stable and secure than one without IPSec.
基金Supported by the National Basic Research Program of China under Grant No 2013CB338002the National Natural Science Foundation of China under Grant Nos 11304397 and 61505261
文摘Semi-device-independent quantum key distribution(SDI-QKD) has been proposed by applying the quantum dimension correlation, and the security relies on the violation of quantum dimension witness inequalities. We prove the security of the SDI-QKD protocol under the depolarization channel by considering the quantum dimension witness inequalities and minimum entropy and the specific process of the QKD protocol, combining with a fourquantum-state preparation and three measurement bases. We also provide the relationship between the dimension witness value, the error rate and the security key rate by the numerical simulation.
文摘Modem information technology has been utilized progressively to store and distribute a large amount of healthcare data to reduce costs and improve medical facilities.In this context,the emergence of e-Health clouds offers novel opportunities,like easy and remote accessibility of medical data.However,this achievement produces plenty of new risks and challenges like how to provide integrity,security,and confidentiality to the highly susceptible e-Health data.Among these challenges,authentication is a major issue that ensures that the susceptible medical data in clouds is not available to illegal participants.The smart card,password and biometrics are three factors of authentication which fulfill the requirement of giving high security.Numerous three-factor ECC-based authentication protocols on e-Health clouds have been presented so far.However,most of the protocols have serious security flaws and produce high computation and communication overheads.Therefore,we introduce a novel protocol for the e-Health cloud,which thwarts some major attacks,such as user anonymity,offline password guessing,impersonation,and stolen smart card attacks.Moreover,we evaluate our protocol through formal security analysis using the Random Oracle Model(ROM).The analysis shows that our proposed protocol is more efficient than many existing protocols in terms of computation and communication costs.Thus,our proposed protocol is proved to be more efficient,robust and secure.
基金Program for New Century Excellent Talents in University of Fujian Province (No.X04139)
文摘To address security and privacy issues in radio frequency identification (RFID) traceability networks, a multi-layer privacy and security framework is proposed, which includes four facets: a security model, a communication protocol, access permission and privacy preservation. According to the security requirements that are needed in an RFID system, a security model that incorporates security requirements that include privacy of tag data, privacy of ownership, and availability of tag identity is introduced. Using this model, a secure communication protocol that can be used for anti-counterfeiting, automatic identification and privacy preservation is then developed. In order to manage the number of parties, data records of items, and complicated transitions of access permissions in an item-level traceability context, a well-designed access control protocol is proposed to parties that can prove the physical possession of an item;meanwhile, to address the privacy issues during data sharing in an RFID network, a vision of database systems that take responsibility for the privacy of the data they manage is also presented.
文摘Satellite networks are recognized as the most essential communication infrastructures in the world today,which complement land networks and provide valuable services for their users.Extensive coverage and service stability of these networks have increased their popularity.Since eavesdropping and active intrusion in satellite communications are much easier than in terrestrial networks,securing satellite communications is vital.So far,several protocols have been proposed for authentication and key exchange of satellite communications,but none of them fullymeet the security requirements.In this paper,we examine one of these protocols and identify its security vulnerabilities.Moreover,we propose a robust and secure authentication and session key agreement protocol using the elliptic curve cryptography(ECC).We show that the proposed protocol meets common security requirements and is resistant to known security attacks.Moreover,we prove that the proposed scheme satisfies the security features using the Automated Validation of Internet Security Protocols and Applications(AVISPA)formal verification tool and On-the fly Model-Checker(OFMC)and ATtack SEarcher(ATSE)model checkers.We have also proved the security of the session key exchange of our protocol using theReal orRandom(RoR)model.Finally,the comparison of our scheme with similar methods shows its superiority.
基金This research has been supported by the National Science Foundation(under grant#1723596)the National Security Agency(under grant#H98230-17-1-0355).
文摘Pervasive IoT applications enable us to perceive,analyze,control,and optimize the traditional physical systems.Recently,security breaches in many IoT applications have indicated that IoT applications may put the physical systems at risk.Severe resource constraints and insufficient security design are two major causes of many security problems in IoT applications.As an extension of the cloud,the emerging edge computing with rich resources provides us a new venue to design and deploy novel security solutions for IoT applications.Although there are some research efforts in this area,edge-based security designs for IoT applications are still in its infancy.This paper aims to present a comprehensive survey of existing IoT security solutions at the edge layer as well as to inspire more edge-based IoT security designs.We first present an edge-centric IoT architecture.Then,we extensively review the edge-based IoT security research efforts in the context of security architecture designs,firewalls,intrusion detection systems,authentication and authorization protocols,and privacy-preserving mechanisms.Finally,we propose our insight into future research directions and open research issues.
基金supported by the National Natural Science Foundation of China(Grant No.61571303,No.61571004)the Shanghai Natural Science Foundation(Grant No.21ZR1461700)+3 种基金the Shanghai Sailing Program(Grant No.19YF1455800)the National Science and Technology Major Project of China(No.2018ZX03001031)the Fundamental Research Funds for State Key Laboratory of Synthetical Automation for Process Industries(Grant No.PAL-N201703)the National Key Research and Development Program of China-Internet of Things and Smart City Key Program(No.2019YFB2101600,NO.2019YFB2101602,No.2019YFB2101602-03).
文摘The single planar routing protocol has a slow convergence rate in the large-scale Wireless Sensor Network(WSN).Although the hierarchical routing protocol can effectively cope with large-scale application scenarios,how to elect a secure cluster head and balance the network load becomes an enormous challenge.In this paper,a Trust Management-based and Low Energy Adaptive Clustering Hierarchy protocol(LEACH-TM)is proposed.In LEACH-TM,by using the number of dynamic decision cluster head nodes,residual energy and density of neighbor nodes,the size of the cluster can be better constrained to improve energy efficiency,and avoid excessive energy consumption of a node.Simultaneously,the trust management scheme is introduced into LEACH-TM to defend against internal attacks.The simulation results show that,compared with LEACH-SWDN protocol and LEACH protocol,LEACH-TM outperforms in prolonging the network lifetime and balancing the energy consumption,and can effectively mitigate the influence of malicious nodes on cluster head selection,which can greatiy guarantee the security of the overall network.
文摘Cloud computing becomes an important application development platform for processing user data with high security.Service providers are accustomed to providing storage centers outside the trusted location preferred by the data owner.Thus,ensuring the security and confidentiality of the data while processing in the centralized network is very difficult.The secured key transmission between the sender and the receiver in the network is a huge challenge in managing most of the sensitive data transmission among the cloud network.Intruders are very active over the network like real authenticated user to hack the personal sensitive data,such as bank balance,health data,personal data,and confidential documents over the cloud network.In this research,a secured key agreement between the sender and the receiver using Kerberos authentication protocol with fingerprint is proposed to ensure security in M-Healthcare.Conditions of patients are monitored using wireless sensor devices and are then transferred to the server.Kerberos protocol helps in avoiding unnecessary communication of authenticated data over the cloud network.Biometric security process is a procedure with the best security in most of the authentication field.Trust node is responsible in carrying data packets from the sender to the receiver in the cloud network.The Kerberos protocol is used in trust node to ensure security.Secured communication between the local health center and the healthcare server is ensured by using a fingerprint feature called minutiae form,which refers to the fingerprint image of both sender and receiver.The computational and communicational cost of the proposed system is lesser when compared with other existing authentication methods.
基金Supported by the Foundation and Frontier Research Program of Chongqing Science and Technology Commission of China under Grant No cstc2016jcyjA0571
文摘Based on the deterministic secure quantum communication,we present a novel quantum dialogue protocol without information leakage over the collective noise channel.The logical qubits and four-qubit decoherence-free states are introduced for resisting against collective-dephasing noise,collective-rotation noise and all kinds of unitary collective noise,respectively.Compared with the existing similar protocols,the analyses on security and information-theoretical efficiency show that the proposed protocol is more secure and efficient.
文摘With the advent of state-of-art technologies,the Telecare Medicine Information System(TMIS)now offers fast and convenient healthcare services to patients at their doorsteps.However,this architecture engenders new risks and challenges to patients'and the server's confidentiality,integrity and security.In order to avoid any resource abuse and malicious attack,employing an authentication scheme is widely considered as the most effective approach for the TMIS to verify the legitimacy of patients and the server.Therefore,several authentication protocols have been proposed to this end.Very recently,Chaudhry et al.identified that there are vulnerabilities of impersonation attacks in Islam et al.'s scheme.Therefore,they introduced an improved protocol to mitigate those security flaws.Later,Qiu et al.proved that these schemes are vulnerable to the man-in-the-middle,impersonation and offline password guessing attacks.Thus,they introduced an improved scheme based on the fuzzy verifier techniques,which overcome all the security flaws of Chaudhry et al.'s scheme.However,there are still some security flaws in Qiu et al.'s protocol.In this article,we prove that Qiu et al.'s protocol has an incorrect notion of perfect user anonymity and is vulnerable to user impersonation attacks.Therefore,we introduce an improved protocol for authentication,which reduces all the security flaws of Qiu et al.'s protocol.We also make a comparison of our protocol with related protocols,which shows that our introduced protocol is more secure and efficient than previous protocols.
基金supported by Specialized Research Fund for the Doctoral Program of Higher Education of China under Grant No.20060013007National Natural Science Foundation of Beijing under Grant No.4092029National Natural Science Foundation of China under Grant No.60873001
文摘In order to transmit the secure messages,a deterministic secure quantum direct communication protocol,called the "Ping-pong"protocol was proposed by Bostrm and Felbinger [Phys.Rev.Lett.89,187902(2002) ].But the protocol was proved to have many vulnerabilities,and can be attacked by eavesdroppers.To overcome the problem,an improved security detection strategy which inserts the | 0〉,| 1〉,|+〉and |-〉particles into the messages as the decoy particles randomly in the"Ping-pong"protocol is presented.During the security analysis,the method of the entropy theory is introduced,and three detection strategies are compared quantitatively by using the constraint between the information which eavesdroppers can obtain and the interference introduced.Because of the presence of the trap particles |+〉and |-〉,the detection rate will be no less than 25% when Eve attacks the communication.The security analysis result shows that the efficiency of eavesdropping detection in the presented protocol is higher than the other two,so the detection strategy in the protocol can ensure that the "Ping-pong"protocol is more secure.
基金partially supported by the National Natural Science Foundation of China(61571004)the Shanghai Natural Science Foundation(No.17ZR1429100)+1 种基金the National Science and Technology Major Project of China(No.2018ZX03001017-004)the Scientific Instrument Developing Project of the Chinese Academy of Sciences(No.YJKYYQ20170074).
文摘As an Industrial Wireless Sensor Network(IWSN)is usually deployed in a harsh or unattended environment,the privacy security of data aggregation is facing more and more challenges.Currently,the data aggregation protocols mainly focus on improving the efficiency of data transmitting and aggregating,alternately,the aim at enhancing the security of data.The performances of the secure data aggregation protocols are the trade-off of several metrics,which involves the transmission/fusion,the energy efficiency and the security in Wireless Sensor Network(WSN).Unfortunately,there is no paper in systematic analysis about the performance of the secure data aggregation protocols whether in IWSN or in WSN.In consideration of IWSN,we firstly review the security requirements and techniques in WSN data aggregation in this paper.Then,we give a holistic overview of the classical secure data aggregation protocols,which are divided into three categories:hop-by-hop encrypted data aggregation,end-to-end encrypted data aggregation and unencrypted secure data aggregation.Along this way,combining with the characteristics of industrial applications,we analyze the pros and cons of the existing security schemes in each category qualitatively,and realize that the security and the energy efficiency are suitable for IWSN.Finally,we make the conclusion about the techniques and approach in these categories,and highlight the future research directions of privacy preserving data aggregation in IWSN.
基金Project (No. 2011ZX01034-002-002-003) supported by the National Science and Technology Major Projects of the Ministry of Industry and Information Technology, China
文摘This paper deals with an in-line network security processor (NSP) design that implements the Internet Protocol Security (IPSec) protocol processing for the 10 Gbps Ethernet. The 10 Gbps high speed data transfer, the IPSec processing including the crypto-operation, the database query, and IPSec header processing are integrated in the design. The in-line NSP is implemented using 65 nm CMOS technology and the layout area is 2.5 mm×3 mm with 360 million gates. A configurable crossbar data transfer skeleton implementing an iSLIP scheduling algorithm is proposed, which enables simultaneous data transfer between the heterogeneous multiple cores. There are, in addition, a high speed input/output data buffering mechanism and design of high performance hardware structures for modules, wherein the transfer efficiency and the resource utilization are maximized and the IPSec protocol processing achieves 10 Gbps line speed. A high speed and low power hardware look-up method is proposed, which effectively reduces the area and power dissipation. The post simulation results demonstrate that the design gives a peak throughput for the Authentication Header (AH) transport mode of 10.06 Gbps with the average test packet length of 512 bytes under the clock rate of 250 MHz, and power dissipation less than 1 W is obtained. An FPGA prototype is constructed to verify the function of the design. A test bench is being set up for performance and function verification.
文摘Multi-party systems are important for business processes but can be complex.Blockchain facilitates trust in multiparty systems by providing transparency,decentralised control,and immutable transaction history,to improve security and accountability between parties.The use of cryptographic hashes and the continual validation of the shared ledger in a blockchain system provides parties with data integrity for historical transactions and process integrity for smart contract execution.However,in the design of a broader system combining a blockchain with off-chain components,it is not always clear how system-level integrity is supported.This paper proposes two modelling schemes to better understand blockchain's support for integrity in multi-party blockchain-based systems.The schemes model interactions between components in an architecture as security protocols,for analysis by standard techniques and tools.We first illustrate how blockchain-based systems can be abstractly modelled directly as security protocols.Then we show how blockchain-specific issues such as consensus-based‘forking’(also known as‘orphan blocks’or‘uncle blocks’)can be encoded.This allows transaction reordering behaviour to manifest in the model,and allows design mitigation for that problem to be checked.We illustrate our approach with analyses of three design alternatives for possible enhancements to a multi-party system for sharing trade certificates.
