基于Schnorr签名体制的远程用户认证系统

提出了一个新的基于Schnorr签名体制和智能卡的远程用户认证系统，系统不需要使用传统的通行字表，并可防范重放攻击，能够安全而有效地工作在通信链路不安全的网络环境中。     

A fingerprint-based user authentication protocol considering both the mobility and security in the telematics environment

With the advance of the Internet and mobile communication techniques, the telematics environment where users in vehicles can use the Internet service has been realized. For the safe driving, however, we propose that user authentication for the Internet service is performed by using the driver's fingerprint, instead of typing his/her password. Since the driver's fingerprint is private information to be protected and the size of the fingerprint information is much larger than that of a typical password, we need a different user authentication protocol for the telematics environment. That is, in addition to the compliance with the standard X9.84 protocol to protect the fingerprint information transmitted, we use the watermarking technique to lessen the privacy threat, and propose a secure and efficient protocol between Access Points (APs) considering the possible hand-off during the authentication in the mobile telematics environment. Based on the experimental measurement of the proposed protocol, we confirm that the fingerprint-based user authentication can be performed in real-time in the telematics environment.     

Internet-Based Robotic System Using CORBA as Communication Architecture

In this paper, we propose the Internet-based robotic system that uses Common Object Request Broker Architecture (CORBA) to implement networking connections between a client and a remote robotic system. The client can transparently invoke a method on a server across the network without any need to know where the application servers are located, or what programming language and operating system are used. This lets the system overcome the shortcomings of the other typical Internet robotic system. To cope with time delays on the communication path, we have implemented the robot control server, which allows the user to control the telerobotic system at a task-level. We have also implemented the live image feedback server, which provides live image feedback for a remote user. The proposed system gives the users the ability to operate the remote robotic system to retrieve and manipulate the desired tableware or other things to support the aged and disabled over the Internet by using the intuitive user interface.     

物联网移动节点直接匿名漫游认证协议

无线网络下传统匿名漫游协议中远程域认证服务器无法直接完成对移动节点的身份合法性验证,必须在家乡域认证服务器的协助下才能完成,导致漫游通信时延较大,无法满足物联网感知子网的快速漫游需求.针对上述不足,提出可证安全的物联网移动节点直接匿名漫游认证协议,远程域认证服务器通过与移动节点间的1轮消息交互,可直接完成对移动节点的身份合法性验证.该协议在实现移动节点身份合法性验证的同时,具有更小的通信时延、良好的抗攻击能力和较高的执行效率.相较于传统匿名漫游协议而言,该协议快速漫游的特点更适用于物联网环境.安全性证明表明,该协议在CK安全模型下是可证安全的.     

A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks

Wireless sensor network (WSN) can be deployed in any unattended environment. With the new developed IoT (Internet of Things) technology, remote authorized users are allowed to access reliable sensor nodes to obtain data and even are allowed to send commands to the nodes in the WSN. Because of the resource constrained nature of sensor nodes, it is important to design a secure, effective and lightweight authentication and key agreement scheme. The gateway node (GWN) plays a crucial role in the WSN as all data transmitted to the outside network must pass through it. We propose a temporal-credential-based mutual authentication scheme among the user, GWN and the sensor node. With the help of the password-based authentication, GWN can issue a temporal credential to each user and sensor node. For a user, his/her temporal credential can be securely protected and stored openly in a smart card. For a sensor node, its temporal credential is related to its identity and must privately stored in its storage medium. Furthermore, with the help of GWN, a lightweight key agreement scheme is proposed to embed into our protocol. The protocol only needs hash and XOR computations. The results of security and performance analysis demonstrate that the proposed scheme provides relatively more security features and high security level without increasing too much overhead of communication, computation and storage. It is realistic and well adapted for resource-constrained wireless sensor networks.     

一种扩展代理服务器认证能力的方法研究

计算机互联网发展迅速,为了保护内部网络的安全及计费的需要,必须设置防火墙与代理服务器。而如何使代理服务器利用多台服务器上的用户认证信息进行认证,却是未曾解决的问题。文章提出了一种安全的分布式实时认证方案,安全、高效地解决了这一问题,减轻了系统管理员的维护工作量,具有实用价值。     

Watch out, Tiger Woods![golf playing robot]

This article describes the development of an autonomous robotic system for playing mini-golf. The system was designed and built to serve as a demonstration of robotic application for engineering students. The system was built using a Yasakawa robot fitted with two arms. The software was developed to control the machine using the C++ language. Standard C++ libraries were used in addition to communication libraries provided by the Yasakawa Corporation. The current configuration works with Microsoft Windows NT and an Ethernet environment. This article describes the hardware and software design aspects of this machine.     

Security flaws of remote user access over insecure networks

Remote user authentication based on passwords over untrusted networks is the conventional method of authentication in the Internet and mobile communication environments. Typical secure remote user access solutions rely on pre-established secure cryptographic keys, public-key infrastructure, or secure hardware. Recently, Peyravian and Jeffries proposed password-based protocols for remote user authentication, password change, and session key establishment over insecure networks without requiring any additional private- or public-key infrastructure. In this paper we point out security flaws of Peyravian–Jeffries’s protocols against off-line password guessing attacks and Denial-of-Service attacks.     

基于Zigbee的温室远程监控系统设计

针对国内现有温室建设情况,设计一种新型基于Zigbee无线传感器网络的温室远程监控系统。设计采用TI新一代Zigbee片上系统CC2530解决方案,实现了温室内光照、空气温湿度等环境因子的实时监测,喷淋电磁阀、通风风机的实时控制,实现了测控一体化。设计了现场与远程两类上位机并使用了通信协议转换模块,借助Internet实现了监控远程化。系统中还引入了网络摄像头,通过对它的控制,实现了温室内环境所见即所得的效果。通过实地运行测试,结果表明：系统运行可靠、采集灵敏、控制准确、视频流畅,满足系统设计和实际应用需求。     

Hybrid and Adaptive Cryptographic-based secure authentication approach in IoT based applications using hybrid encryption

The Internet of Things (IoT) in communication networks has gained major interest in recent decades. Accordingly, secure authentication of such individuals results in a major challenge due to the weakness in the authentication process. Hence, an effective Hybrid and Adaptive Cryptographic (HAC)-based secure authentication framework is designed in this research to perform an authentication process in IoT. The proposed approach uses cryptographic operations, like exclusive-or (Ex-or) operation, a hashing function, and hybrid encryption to accomplish the authentication process. However, the hybrid encryption function is carried out in two different ways: one depends on Advanced Encryption Standard (AES) as well as Elliptic Curve Cryptography (ECC), while other is based on Rivest Shamir Adleman (RSA) and AES. With a hybrid encryption function, security flaws can be effectively dealt through the cryptographic system. Moreover, the proposed approach provides high robustness with low complexity. The proposed HAC-based secure authentication approach obtained a minimum communication cost of 0.017sec, less computation time of 0.060sec, and minimum memory usage of 2.502MB, respectively.     

蓝牙网络中基于JINI查询服务器的安全通信方案

通过对蓝牙网络安全的分析，设计了一种：通过由查询服务器来产生服务提供者和服务请求者的会话密钥，并分别把这个会话密钥安全传递到服务提供者和服务请求者的基于Jini服务的鉴别方案，本方案大大降低了应用层中传递的安全协议数据。     

A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography

Internet of things (IoT) has become a new era of communication technology for performing information exchange. With the immense increment of usage of smart devices, IoT services become more accessible. To perform secure transmission of data between IoT network and remote user, mutual authentication, and session key negotiation play a key role. In this research, we have proposed an ECC-based three-factor remote user authentication scheme that runs in the smart device and preserves privacy, and data confidentiality of the communicating user. To support our claim, multiple cryptographic attacks are analyzed and found that the proposed scheme is not vulnerable to those attacks. Finally, the computation and communication overheads of the proposed scheme are compared with other existing protocols to confirm that the proposed scheme is lightweight. A formal security analysis using AVISPA simulation tool has been done that confirms the proposed scheme is robust against relevant security threats.

     

A novel deniable authentication protocol using generalized ElGamal signature scheme

A deniable authentication protocol enables a receiver to identify the true source of a given message, but not to prove the identity of the sender to a third party. This property is very useful for providing secure negotiation over the Internet. Consequently, many interactive and non-interactive deniable authentication protocols have been proposed. However, the interactive manner makes deniable protocols inefficient. In addition, a security hole is generated in deniable protocols that use the non-interactive manner if a session secret is compromised. Thus, there is no secure and efficient deniable authentication protocol as of now. In this paper, a new protocol based on the non-interactive manner is proposed to efficiently and securely achieve deniable authentication. This protocol can furthermore replace the underlying signature scheme in order to retain a secure status even if the previously used signature method is broken.     

Trusted Directory Services for Secure Internet Connectivity: Transport Layer Security using DNSSEC

The Internet today is a highly dynamic environment which frequently requires secure communication between peers that do not have a direct trust relationship. Current solutions for establishing trust often require static and application-specific Public Key Infrastructures (PKIs). This paper presents trusted directory services as a key infrastructural technology for setting up secure Internet connections, providing an alternative to application-specific PKIs. The directory securely binds public keys to peers through their names in a flexible way that matches the dynamic nature of the Internet. We elaborate on this concept by showing how the Domain Name System (DNS) and its security extensions (DNSSEC) can be leveraged for establishing secure Transport Layer Security (TLS) connections in a dynamic way. A simple enhancement of the TLS protocol, called Extended TLS (E-TLS), required for this purpose, is proposed. We describe our E-TLS implementation and we conclude with an evaluation of our results.     

Tele-Presence in Populated Exhibitions Through Web-Operated Mobile Robots

This paper presents techniques that facilitate mobile robots to be deployed as interactive agents in populated environments such as museum exhibitions or trade shows. The mobile robots can be tele-operated over the Internet and, this way, provide remote access to distant users. Throughout this paper we describe several key techniques that have been developed in this context. To support safe and reliable robot navigation, techniques for environment mapping, robot localization, obstacle detection and people-tracking have been developed. To support the interaction of both web and on-site visitors with the robot and its environment, appropriate software and hardware interfaces have been employed. By using advanced navigation capabilities and appropriate authoring tools, the time required for installing a robotic tour-guide in a museum or a trade fair has been drastically reduced. The developed robotic systems have been thoroughly tested and validated in the real-world conditions offered in the premises of various sites. Such demonstrations ascertain the functionality of the employed techniques, establish the reliability of the complete systems, and provide useful evidence regarding the acceptance of tele-operated robotic tour-guides by the broader public.     

Embedding robotic surgery into routine practice and impacts on communication and decision making: a review of the experience of surgical teams

While an increasing number of healthcare providers are purchasing surgical robots because of anticipated improvements in patient outcomes, their implementation into practice is highly variable. In robotic surgery, the surgeon is physically separated from the patient and the rest of the team with the potential to impact communication and decision making in the operating theatre and subsequently patient safety. Drawing on the approach of realist evaluation, in this article we review reports of the experience of surgical teams that have introduced robotic surgery to identify how and in what contexts robotic surgery is successfully integrated into practice and how and in what contexts it affects communication and decision making. Our analysis indicates that, while robotic surgery might bring about a number of benefits, it also creates new challenges. Robotic surgery is associated with increased operation duration, which has implications for patient safety, but strategies to reduce it can be effective with appropriate support from hospital administration and nursing management. The separation of the surgeon from the team can compromise communication but may be overcome through use of standardised communication. While surgeon situation awareness may be affected by the separation, the ergonomic benefits of robotic surgery may reduce stress and tiredness and enhance surgeon decision making. Our review adds to the existing literature by revealing strategies to support the introduction of robotic surgery and contextual factors that need to be in place for these to be effective.     

基于可信执行环境的物联网边缘流处理安全技术综述

万物互联时代,物联网中感知设备持续产生大量的敏感数据。实时且安全的数据流处理是面向物联网关键应用中需要解决的一个挑战。在近年兴起的边缘计算模式下,借助靠近终端的设备执行计算密集型任务与存储大量的终端设备数据,物联网中数据流处理的安全性和实时性可以得到有效的提升。然而,在基于边缘的物联网流处理架构下,数据被暴露在边缘设备易受攻击的软件堆栈中,从而给边缘带来了新的安全威胁。为此,文章对基于可信执行环境的物联网边缘流处理安全技术进行研究。从边缘出发,介绍边缘安全流处理相关背景并探讨边缘安全流处理的具体解决方案,接着分析主流方案的实验结果,最后展望未来研究方向。     

Distributing a robotic system on a network: the ETHNOS approach

Cognitive activity in intelligent robotic systems has often been modeled as a set of communicating intelligent distributed agents or modules. Some examples in this field are blackboard architectures, hybrid models or subsumption architectures. The rapid progress of communication technology offers the possibility of distributing computation not only on different processes but on a network of computers. This both results in greater available computational power and it allows the robot to merge with the environment it operates in. In suitable intelligent buildings a mobile robot may open doors, turn on/off lights or even avoid obstacles based not only on its sensors and actuators but on the interaction with other robotic entities. In addition the range of robot interactions is now only limited by the network and thus the robot can operate remotely on the environment. Similarly, users can issue commands to remote robots and receive feedback in real-time. In this paper we propose a global approach to distributing a robotic system over a computer network. The approach is named ETHNOS (Expert Tribe in a Hybrid Network Operating System) because it is based on a novel operating system we developed specifically for distributed intelligent robotics. The paper focuses on its characteristics that make it well suited for network robotics applications. It also illustrates an example of a real application in the field of mobile robotics.     

Integration of humanoid robots in collaborative working environment: a case study on motion generation

This paper illustrates through a practical example an integration of a humanoid robotic architecture, with an open-platform collaborative working environment called BSCW (Be Smart-Cooperate Worldwide). BSCW is primarily designed to advocate a futuristic shared workspace system for humans. We exemplify how a complex robotic system (such as a humanoid robot) can be integrated as a proactive collaborative agent which provides services and interacts with other agents sharing the same collaborative environment workspace. Indeed, the robot is seen as a ‘user’ of the BSCW which is able to handle simple tasks and reports on their achievement status. We emphasis on the importance of using standard software such as CORBA (Common Object Request Broker Architecture) in order to easily build interfaces between several interacting complex software layers, namely from real-time constraints up to basic Internet data exchange.     

A Generic Framework for Anonymous Authentication in Mobile Networks

Designing an anonymous user authentication scheme in global mobility networks is a non-trivial task because wireless networks are susceptible to attacks and mobile devices powered by batteries have limited communication, processing and storage capabilities. In this paper, we present a generic construction that converts any existing secure password authen- tication scheme based on a smart card into an anonymous authentication scheme for roaming services. The security proof of our construction can be derived from the underlying password authentication scheme employing the same assumptions. Compared with the original password authentication scheme, the transformed scheme does not sacrifice the authentication effciency, and additionally, an agreed session key can be securely established between an anonymous mobile user and the foreign agent in charge of the network being visited. Furthermore, we present an instantiation of the proposed generic construction. The performance analysis shows that compared with other related anonymous authentication schemes, our instantiation is more effcient.