Oblivious polynomial evaluation

The problem of two-party oblivious polynomial evaluation (OPE) is studied, where one party (Alice) has a polynomial P(x) and the other party (Bob) with an input x wants to learn P(x) in such an oblivious way that Bob obtains P(x) without learning any additional information about P except what is implied by P(x) and Alice does not know Bob‘s input x. The former OPE protocols are based on an intractability assumption except for OT protocols. In fact, evaluating P(x) is equivalent to computing the product of the coefficient vectors (a0,..., am) and (1,..., x^n). Using this idea, an efficient scale product protocol of two vectors is proposed first and then two OPE protocols are presented which do not need any other cryptographic assumption except for OT protocol. Compared with the existing OPE protocol, another characteristic of the proposed protocols is the degree of the polynomial is private. Another OPE protocol works in case of existence of untrusted third party.     

面向比特流的未知协议识别与分析技术综述

在日益严峻的网络安全形势下,为确保信息的安全性,大量的网络应用开始采用未知的私有协议进行数据传输,尤其是在军事对抗中的战场无线通信网络下,通信所采用的协议不仅未知,还有可能被加密。要从截获的通信比特流中提取可用信息并加以利用,推断出以比特流形式存在的未知协议的报文格式是首要前提。首先从整体上介绍了现有面向比特流的协议识别研究领域所涉及的主要内容,重点分析了现有未知协议格式推断方法,包括频繁模式挖掘、关联规则挖掘、比特流帧切分以及协议格式推断,最后总结其优缺点及下一步研究方向。     

Distributed oblivious function evaluation and its applications

This paper is about distributed oblivious function evaluation (DOFE). In this setting one party (Alice) has a function f(x), and the other party (Bob) with an input α wants to learn f(α) in an oblivious way with the help of a set of servers. What Alice should do is to share her secret function f(x) among the servers.Bob obtains what he should get by interacting with the servers. This paper proposes the model and security requirements for DOFE and analyzes three distributed oblivious polynomial evaluation protocols presented in the paper.     

基于Hash函数的RFID安全认证协议的设计

随着RFID系统应用的不断扩大,RFID的安全问题也越来越受到人们的关注。基于Hash函数的RFID安全协议以其低成本的优势得到了广泛的应用,但其安全性能尚不完善。文章在分析已有的HashLock安全协议的基础上,提出了3种基于Hash函数的RFID安全认证协议IHSAP、IHSAP2和IHSAP3。通过对其进行安全性分析和性能评价可知,IHSAP3性能最好,它可以很好地解决了RFID系统中的信息泄露、位置跟踪、假冒攻击、重放攻击等安全与隐私问题。     

Multiversion locking protocol with freezing for secure real-time database systems

Database systems for real-time applications must satisfy timing constraints associated with transactions. Typically, a timing constraint is expressed in the form of a deadline and is represented as a priority to be used by schedulers. Recently, security has become another important issue in many real-time applications. In many systems, sensitive information is shared by multiple users with different levels of security clearance. As more advanced database systems are being used in applications that need to support timeliness while managing sensitive information, there is an urgent need to develop protocols for concurrency control in transaction management that satisfy both timing and security requirements. In this paper, we propose a new multiversion concurrency control protocol that ensures that both security and real-time requirements are met. The proposed protocol is primarily based on locking. However, in order to satisfy timing constraints and security requirements, a new method, called the freezing method, is proposed. In order to show that our protocol provides a higher degree of concurrency than existing multiversion protocols, we define a new serializability for multiversion concurrency control, called FR-serializability, which is more general than traditional serializability. We present several examples to illustrate the behavior of our protocol, along with performance comparisons with other protocols. The simulation results show significant performance improvement of the new protocol.     

Unicast routing protocols for urban vehicular networks: review,taxonomy, and open research issues

Over the past few years, numerous traffic safety applications have been developed using vehicular ad hoc networks（VANETs）. These applications represent public interest and require network-wide dissemination techniques. On the other hand, certain non-safety applications do not require network-wide dissemination techniques.Such applications can be characterized by their individual interest between two vehicles that are geographically apart. In the existing literature, several proposals of unicast protocols exist that can be used for these non-safety applications. Among the proposals, unicast protocols for city scenarios are considered to be most challenging.This implies that in city scenarios unicast protocols show minimal persistence towards highly dynamic vehicular characteristics, including mobility, road structure, and physical environment. Unlike other studies, this review is motivated by the diversity of vehicular characteristics and difficulty of unicast protocol adaption in city scenarios.The review starts with the categorization of unicast protocols for city scenarios according to their requirement for a predefined unicast path. Then, properties of typical city roads are discussed, which helps to explore limitations in efficient unicast communication. Through an exhaustive literature review, we propose a thematic taxonomy based on different aspects of unicast protocol operation. It is followed by a review of selected unicast protocols for city scenarios that reveal their fundamental characteristics. Several significant parameters from the taxonomy are used to qualitatively compare the reviewed protocols. Qualitative comparison also includes critical investigation of distinct approaches taken by researchers in experimental protocol evaluation. As an outcome of this review, we point out open research issues in unicast routing.     

基于Goldwasser-Micali加密系统的隐私交集基数协议研究*

安全两方计算研究的是如何使两个互不信任的参与方在不借助任何第三方的情况下实现保护隐私的协同计算。隐私交集基数是一类重要的安全两方计算问题,其研究如何使各自拥有一个有限集合的两个参与方,在保护自己输入隐私的前提下,其中一方输出他们的集合交集的基数,而另一方没有输出。在半诚实攻击者模型下,对隐私交集基数问题的解决方案进行了研究,以Goldwasser-Micali加密系统作为基本的密码学工具,构建了一个隐私交集基数协议,证明了其正确性,并在半诚实攻击者模型下给出了基于模拟器的安全性证明。与已有方案相比,提出的协议在某些性能上更具优势。     

一种面向车联网通信的条件隐私保护认证协议

车联网可有效提高交通的效率和安全性,但通信过程中存在的隐私泄露问题严重阻碍了其应用落地。提出一种面向车联网V2X通信的条件隐私保护认证协议。针对现有协议大多仅支持车辆认证的局限性,基于用户身份和车辆身份信息生成车与用户绑定的生物密钥,使协议支持单车多用户或单用户多车认证。在保护用户和车辆身份的条件下完成对消息发送方的身份认证,并在特定情况下追溯车辆和用户的真实身份,从而实现对车辆和用户的条件隐私保护。同时,在协议中添加批量验证功能以提高验证效率。形式化的安全性分析和性能评估结果表明,该协议是安全且高效的。     

SecureSMS: A secure SMS protocol for VAS and other applications

Nowadays, the SMS is a very popular communication channel for numerous value added services (VAS), business and commercial applications. Hence, the security of SMS is the most important aspect in such applications. Recently, the researchers have proposed approaches to provide end-to-end security for SMS during its transmission over the network. Thus, in this direction, many SMS-based frameworks and protocols like Marko's SMS framework, Songyang's SMS framework, Alfredo's SMS framework, SSMS protocol, and, Marko and Konstantin's protocol have been proposed but these frameworks/protocols do not justify themselves in terms of security analysis, communication and computation overheads, prevention from various threats and attacks, and the bandwidth utilization of these protocols. The two protocols SMSSec and PK-SIM have also been proposed to provide end-to-end security and seem to be little better in terms of security analysis as compared to the protocols/framework mentioned above. In this paper, we propose a new secure and optimal protocol called SecureSMS, which generates less communication and computation overheads. We also discuss the possible threats and attacks in the paper and provide the justified prevention against them. The proposed protocol is also better than the above two protocols in terms of the bandwidth utilization. On an average the SecureSMS protocol reduces 71% and 59% of the total bandwidth used in the authentication process as compared to the SMSSec and PK-SIM protocols respectively. Apart from this, the paper also proposes a scheme to store and implement the cryptographic algorithms onto the SIM card. The proposed scheme provides end-to-end SMS security with authentication (by the SecureSMS protocol), confidentiality (by encryption AES/Blowfish; preferred AES-CTR), integrity (SHA1/MD5; preferred SHA1) and non-repudiation (ECDSA/DSA; preferred ECDSA).     

改进的数字版权保护模型

为有效解决目前数字版权保护模型中存在的对称性和不具备可撤销性等问题,提出了一种改进的基于叛逆者追踪方案的数字版权保护模型。该改进模型应用了不经意多项式估值(OPE)协议的特点,用户在注册阶段,商家和用户同时执行OPE协议,真正实现了两者之间的非对称性。针对买家付款后却可能收不到产品的问题,新模型还引进了既可以保护商家利益又可以保护用户利益的可信中心(TC),使其更具有实用性。改进模型还增加了软件服务撤销功能,该算法进一步完善了版权保护。通过具体实例表明了该模型的可行性和有效性。     

Towards Risk Evaluation of Denial-of-Service Vulnerabilities in Security Protocols

Denial-of-Service(DoS) attacks are virulent to both computer and networked systems.Modeling and evaluating DoS attacks are very important issues to networked systems;they provide both mathematical foundations and theoretic guidelines to security system design.As defense against DoS has been built more and more into security protocols,this paper studies how to evaluate the risk of DoS in security protocols.First,we build a formal framework to model protocol operations and attacker capabilities.Then we pro...     

Quantum security analysis of a lattice-based oblivious transfer protocol

Because of the concise functionality of oblivious transfer (OT) protocols, they have been widely used as building blocks in secure multiparty computation and high-level protocols. The security of OT protocols built upon classical number theoretic problems, such as the discrete logarithm and factoring, however, is threatened as a result of the huge progress in quantum computing. Therefore, post-quantum cryptography is needed for protocols based on classical problems, and several proposals for post-quantum OT protocols exist. However, most post-quantum cryptosystems present their security proof only in the context of classical adversaries, not in the quantum setting. In this paper, we close this gap and prove the security of the lattice-based OT protocol proposed by Peikert et al. (CRYPTO, 2008), which is universally composably secure under the assumption of learning with errors hardness, in the quantum setting. We apply three general quantum security analysis frameworks. First, we apply the quantum lifting theorem proposed by Unruh (EUROCRYPT, 2010) to prove that the security of the lattice-based OT protocol can be lifted into the quantum world. Then, we apply two more security analysis frameworks specified for post-quantum cryptographic primitives, i.e., simple hybrid arguments (CRYPTO, 2011) and game-preserving reduction (PQCrypto, 2014).     

Efficient, anonymous, and authenticated conference key setup in cellular wireless networks

Conference call is a key functionality that a wireless network should support. When a conference call is set up in a wireless network, conference attendees should be authenticated. In many applications, the attendees also need to be anonymous. In this paper, we propose a very efficient protocol for authenticated and anonymous conference key setup. Our protocol uses only symmetric-key encryptions/decryptions and hashing and is thus much faster than any existing protocol using public-key cryptography. In addition to the conference key setup protocol, we also present two protocols, for authenticated call setup and authenticated handoff, respectively. These two protocols are also much faster than existing protocols based on public-key cryptography. Consequently, a system using the three protocols presented in this paper will have both high security and high efficiency.     

On game theoretic DSA-driven MAC for cognitive radio networks

The game theoretic dynamic spectrum allocation (DSA) technique is an efficient approach to coordinate cognitive radios sharing the spectrum. However, existing game based DSA algorithms lack a platform to support the game process. On the other hand, existing medium access control (MAC) protocols for cognitive radio networks do not fully utilize the adaptability and intelligence of the cognitive radio (CR) to achieve efficient spectrum utilization, let alone fairness and QoS support. Therefore it is necessary to develop DSA-driven MAC protocols with the game theoretic DSA embedded into the MAC layer. In this paper, based on the analysis of challenges for the game theoretic DSA in realistic applications, we conclude that a unified game theoretic DSA-driven MAC framework should constitute of four integral components: (1) DSA algorithm, deriving the spectrum access strategy for data communication; (2) negotiation mechanism, coordinating players to follow the right game policy; (3) clustering algorithm, limiting the negotiation within one cluster for scalability; (4) collision avoidance mechanism, eliminating collisions among clusters. With our MAC framework, DSA-driven MAC protocols can be conveniently developed, as illustrated in the design process of a concrete QoSe-DSA-driven MAC protocol. The game theoretic DSA-driven MAC framework can fulfill merits of game theoretic DSA algorithms including high spectrum utilization, collision-free channel access for data communication, QoS and fairness support. Through simulations, the merits of the DSA-driven MAC framework are demonstrated.     

Multiparty quantum key agreement protocol based on locally indistinguishable orthogonal product states

Based on locally indistinguishable orthogonal product states, we propose a novel multiparty quantum key agreement (QKA) protocol. In this protocol, the private key information of each party is encoded as some orthogonal product states that cannot be perfectly distinguished by local operations and classical communications. To ensure the security of the protocol with small amount of decoy particles, the different particles of each product state are transmitted separately. This protocol not only can make each participant fairly negotiate a shared key, but also can avoid information leakage in the maximum extent. We give a detailed security proof of this protocol. From comparison result with the existing QKA protocols, we can know that the new protocol is more efficient.     

Prototype of a secure wireless patient monitoring system for the medical community

Many medical applications set new demands on sensor network designs. They often involve highly variable data rates, multiple receivers and security. Most existing sensor network designs do not adequately support these requirements, focusing instead on aggregating small amounts of data from nodes without security. In this paper, we present a software design for medical sensor networks. This framework provides a set of protocols and services specifically tailored for this application domain. It includes a secure communications model, an interface for periodic collection of sensor data, a dynamic sensor discovery protocol and protocols that monitor and save up to 70% of the energy of a node. The framework is built in TinyOS and a JAVA based user interface is provided to debug the framework and display the measured data. An extensive evaluation of the framework of a 6-node sensor test-bed is presented, measuring scalability and robustness as the number of sensors and the per node data rate are varied. The results show that the proposed framework is a scalable, robust, reliable and secure solution for medical applications.     

Secure lightweight password authenticated key exchange for heterogeneous wireless sensor networks

Several three-party password authenticated key exchange (3-PAKE) protocols have recently been proposed for heterogeneous wireless sensor networks (HWSN). These are efficient and designed to address security concerns in ad-hoc sensor network applications for a global Internet of Things framework, where a user may request access to sensitive information collected by resource-constrained sensors in clusters managed by gateway nodes. In this paper we first analyze three recently proposed 3-PAKE protocols and discuss their vulnerabilities. Then, based on Radio Frequency Identification technologies we propose a novel 3-PAKE protocol for HWSN applications, with two extensions for additional security features, that is provably secure, efficient and flexible.     

SINGLETON: A lightweight and secure end-to-end encryption protocol for the sensor networks in the Internet of Things based on cryptographic ratchets

For many systems, safe connectivity is an important requirement, even if the transmitting machines are resource-constrained. The advent of the Internet of Things (IoT) has also increased the demand for low-power devices capable of connecting with each other or sending data to a central processing site. The IoT allows many applications in a smart environment, such as outdoor activity control, smart energy, infrastructure management, environmental sensing, or cyber-security issues. Security in such situations remains an open challenge because of the resource-constrained design of sensors and objects, or the multi-purpose adversaries may target the process during the life cycle of a smart sensor. This paper discusses widely used protocols that provide safe communications for various applications in IoT and also different attacks are defined. In this paper, to protect the IoT objects and sensors, we propose a comprehensive and lightweight security protocol based on Cryptographic Ratchets. That is, an encrypted messaging protocol using the Double Ratchet Algorithm is defined which we call Singleton, and the implementation of protocol is tested and compared to the implementation of the IoT standard protocols and a post-quantum version of the protocol. Various cryptographic primitives are also evaluated, and their suitability for use in the protocol is tested. The results show that the protocol as the building stone not only enables efficient resource-wise protocols and architectures but also provides advanced and scalable IoT sensors. Our design and analysis demonstrate that Singleton security architecture can be easily integrated into existing network protocols such as IEEE 802.15.4 or OMA LWM2M, which offers several benefits that existing approaches cannot offer both performance and important security services. For chat applications such as WhatsApp, Skype, Facebook Private Messenger, Google Allo, and Signal, a cryptographic ratchet-based protocol provides end-to-end encryption, forward secrecy, backward secrecy, authentication, and deniability.

     

标准模型下高效的三方口令认证密钥交换协议

三方口令认证密钥交换协议允许两个分别与服务器共享不同口令的用户在服务器的协助下建立共享的会话密钥,从而实现了用户间端到端的安全通信.现阶段,多数的三方口令认证密钥交换协议都是在随机预言模型下可证明安全的.但在实际应用中,利用哈希函数对随机预言函数进行实例化的时候会给随机预言模型下可证明安全的协议带来安全隐患,甚至将导致协议不安全.以基于ElGamal加密的平滑投射哈希函数为工具,在共同参考串模型下设计了一种高效的三方口令认证密钥交换协议,并且在标准模型下基于DDH假设证明了协议的安全性.与已有的同类协议相比,该协议在同等的安全假设下具有更高的计算效率和通信效率,因此更适用于大规模的端到端通信环境.     

Cryptographic Versus Trust-based Methods for MANET Routing Security

Mobile Ad-hoc Networks (MANETs) allow wireless nodes to form a network without requiring a fixed infrastructure. Early routing protocols for MANETs failed to take security issues into account. Subsequent proposals used strong cryptographic methods to secure the routing information. In the process, however, these protocols created new avenues for denial of service (DoS). Consequently, the trade-off between security strength and DoS vulnerability has emerged as an area requiring further investigation. It is believed that different trust methods can be used to develop protocols at various levels in this trade-off. To gain a handle on this exchange, real world testing that evaluates the cost of existing proposals is necessary. Without this, future protocol design is mere speculation. In this paper, we give the first comparison of SAODV and TAODV, two MANET routing protocols, which address routing security through cryptographic and trust-based means respectively. We provide performance comparisons on actual resource-limited hardware. Finally, we discuss design decisions for future routing protocols.