Dynamic participation in a secure conference scheme for mobilecommunications

We propose a scheme to implement secure digital mobile communications. The scheme can both enable multiple users to hold a secure teleconference and also resolve the problem of allowing a participant to join dynamically or to quit a teleconference already in progress. Essentially, teleconference is a synchronous collaboration session in which participants at remote locations cooperate through wireless communications. Two requirements for the system are: privacy and authentication. Privacy signifies that an eavesdropper cannot intercept conversations of a conference. Authentication ensures that the service is not obtained fraudulently in order to avoid usage charge usage. We present a conference key distribution scheme for digital mobile communications, according to which users can share a common secret key to hold a secure teleconference over a public channel. The participants need not alter their secret information when a participant joins late or quits the conference early     

Can we ever charge Napster users?

We need a robust method to assure secure storage, retrieval, and transmission of such digital data, especially for mobile devices. This has become more apparent after hearing the high-profile story of Napster. This new type of music delivery service brought up issues of how to protect copyrighted data, particularly in the new generation of peer-to-peer distribution schemes. Furthermore, the rapid penetration of mobile phones worldwide suggests that downloading copyrighted data onto these portable devices is possible around the clock at any place. I primarily focus on the copyright management of Secure MultiMediaCards (SecureMMCs) to handle users' access to digital copyrighted data in a unique scheme called Super Distribution. Using SecureMMCs, Super Distribution technology can build legitimate peer-to-peer systems where copyrighted data are freely copied and exchanged, but users must obtain the right to use the data. Users may then be charged to reimburse the copyright holders. I also discuss Keltaide-Music, a mobile phone music distribution service using SecureMMCs     

移动通信网中端端认证方案的研究

现有的数字移动通信网中提供移动用户与基地地间的保密通信服务,移动用户的间的端端保密通信在移动通信网中还是一个新问题。本文分析了已有端端认证方案的安全性,提出了一种单钥体制域内端端认证方案和一种单钥／双钥混合体制域间端端认证方案。分析结果结果：新方案不仅安全性很高,而且利用于移动端的实现,也便于网络端的密钥管理。     

A secure and efficient conference scheme for mobile communications

A growing application area in mobile communications is mobile teleconferencing, in which a group of mobile users collaborate in an interactive procedure, such as a board meeting, a task force, a scientific discussion, or even a virtual classroom. Wireless communications transmit conversations via radio, making them more susceptible to eavesdropping and unauthorized access than are conversations carried via wires. Therefore, it is crucial to ensure confidentiality and authenticity in mobile teleconferencing. When deploying secure services in mobile teleconferences, it has to be taken into account that the mobility of users is usually built on portable devices with limited computing capability. A secure conference scheme for mobile communications needs to be executed efficiently on portable devices. We propose a new secure and efficient conference scheme for mobile communications. Based on a modular square root technique, this scheme is secure against eavesdropping, impersonating, and tracking attacks and allows a participant to join or quit a mobile teleconference dynamically. In addition, the scheme is particularly efficient on the mobile user's portable device because the mobile user needs to perform only single modular multiplication plus encryptions and decryptions of a secret key cryptosystem.     

Resource-aware conference key establishment for heterogeneous networks

The Diffie-Hellman problem is often the basis for establishing conference keys. In heterogeneous networks, many conferences have participants of varying resources, yet most conference keying schemes do not address this concern and place the same burden upon less powerful clients as more powerful ones. The establishment of conference keys should minimize the burden placed on resource-limited users while ensuring that the entire group can establish the key. In this paper, we present a hierarchical conference keying scheme that forms subgroup keys for successively larger subgroups en route to establishing the group key. A tree, called the conference tree, governs the order in which subgroup keys are formed. Key establishment schemes that consider users with varying costs or budgets are built by appropriately designing the conference tree. We then examine the scenario where users have both varying costs and budget constraints. A greedy algorithm is presented that achieves near-optimal performance, and requires significantly less computational effort than finding the optimal solution. We provide a comparison of the total cost of tree-based conference keying schemes against several existing schemes, and introduce a new performance criterion, the probability of establishing the session key (PESKY), to study the likelihood that a conference key can be established in the presence of budget constraints. Simulations show that the likelihood of forming a group key using a tree-based conference keying scheme is higher than the GDH schemes of Steiner et al.. Finally, we study the effect that greedy users have upon the Huffman-based conference keying scheme, and present a method to mitigate the detrimental effects of the greedy users upon the total cost.     

移动漫游中强安全的两方匿名认证密钥协商方案

由于低功耗的移动设备计算和存储能力较低,设计一种高效且强安全的两方匿名漫游认证与密钥协商方案是一项挑战性的工作.现有方案不仅计算开销较高,而且不能抵抗临时秘密泄露攻击.针对这两点不足,提出一种新的两方匿名漫游认证与密钥协商方案.在新方案中,基于Schnorr签名机制,设计了一种高效的基于身份签密算法,利用签密的特性实现实体的相互认证和不可追踪;利用认证双方的公私钥直接构造了一个计算Diffie-Hellman（Computational Diffie-Hellman,CDH）问题实例,能抵抗临时秘密泄露攻击.新方案实现了可证明安全,在eCK（extended Canetti-Krawczyk）模型基础上,探讨两方漫游认证密钥协商方案安全证明过程中可能出现的情形,进行归纳和拓展,并给出新方案的安全性证明,其安全性被规约为多项式时间敌手求解椭圆曲线上的CDH问题.对比分析表明：新方案安全性更强,需要实现的算法库更少,计算和通信开销较低.新方案可应用于移动通信网络、物联网或泛在网络,为资源约束型移动终端提供漫游接入服务.     

Digital short-range radio

Trying to accommodate an ever-increasing number of private mobile-radio (PMR) users within the current PMR frequency bands is resulting in serious congestion and a decline in grade of service. In response to this situation, PMR licensing authorities are increasingly encouraging operators to use trunked PMR schemes. The author shows that, by pooling channels (so that users have potential access to a larger number of channels) trunking schemes can make better use of the channels available and improve the grade of service to users. Such a system is possible using digital short-range radio (DSRR) which is a high quality cost-effective trunked PMR scheme that is easy to use, simple to license the secure in operation. It should prove highly appealing to users of existing private nontrunked schemes, as well as attract a whole new class of users for whom all existing forms of PMR appear excessively complicated and expensive     

Improved (conference) public-key distribution system based on matrices

In a recent letter we proposed four new public-key distribution systems; however, we have since found that the third system is not secure. In the present letter we first show two attacks which can break the third system we have already proposed, and then give an improved version of this system and its corresponding conference scheme. The new version may be secure. We encourage readers to attack the improved version here and the other three schemes proposed earlier.     

Universal broadband mobility target for post-TINA infrastructure:toward the fourth generation

Future universal broadband mobile services present a challenge for telecommunications architectures, control, and management. The focus of the future mobile (fourth) generation vision is turned from capacity to services, from radio to network-wide issues. New types of applications will evolve that should be supported by an adequate programmable intelligent telecommunications infrastructure. A convergence between telecom and datacom networks will happen based on the communications middleware concept, which will provide universal secure connectivity between mobile users and their applications. Actual specifications of TINA-C do not address all such necessary issues. There is a need for technology evolution, enhancement, and integration to meet these new requirements at different levels. The author the concept of the universal broadband mobile telecommunications systems (UBMTS, or simply UBM) described as fourth-generation mobile systems. The UBMTS objective is both to extend mobile user access to the range of broadband services that will exist for broadband integrated services digital network (B-ISDN) users, and to extend the customization of new services related to personal communications systems (PCS) users     

手机安全交易模型研究

随着手机增值服务业务日益繁荣,手机支付也成为一种流行的支付方式。执行效率和安全性是手机支付的两个关键问题。根据手机支付金额的不同,提出不同的手机支付方式,并在此基础上提出了相对应的3种安全支付模型：极小额安全交易模型、小额安全交易模型和大额安全交易模型。同时,分析了这3种支付模型的执行效率和安全性。     

Design and performance studies of an adaptive cache retrieval scheme in a mobile computing environment

In a mobile computing system, as users move to a new service area, the new server is usually considered to take over the execution of running programs for mobile users from the previous server so as to reduce the communication overhead of a mobile system. This procedure is referred to as service handoff. Note that when service handoff occurs, the new server will lose its advantage for cache access. To remedy this, we explore in this paper several cache retrieval schemes to improve the efficiency of cache retrieval. In particular, we analyze the impact of using a coordinator buffer to improve the overall performance of cache retrieval. Moreover, in light of the properties of transactions (i.e., temporal locality of data access among transactions), we devise a Dynamic and Adaptive cache Retrieval scheme (DAR) that can utilize proper cache methods according to some specific criteria to deal with the service handoff situation in a mobile computing environment. Performance of these cache retrieval schemes is analyzed and a system simulator is developed to validate our results. We devise a systematic procedure for determining the optimal operating points of DAR. Our experimental results show that by adaptively adopting the advantages of different cache retrieval methods, DAR significantly outperforms other schemes and is particularly effective for a mobile computing environment.     

A secure conference scheme for mobile communications

A growing application area in mobile communications is mobile teleconference in which a group of mobile users collaborate in an interactive procedure, such as a board meeting, a task force, a scientific discussion, or even a virtual classroom. Wireless communications transmit conversations via radio, making them more susceptible to eavesdropping and unauthorized access than are conversations carried via wires. Therefore, it is crucial to ensure confidentiality and authenticity in a mobile teleconference. The authors design a new secure conference scheme for mobile communications. Based on a modular square root technique, this scheme is secure against eavesdropping, impersonating, and tracking attacks and allows a participant to join or quit a mobile teleconference dynamically.     

Towards generalized ID‐based user authentication for mobile multi‐server environment

With the popularity of Internet and wireless networks, more and more network architectures are used in multi‐server environment, in which mobile users remotely access servers through open networks. In the past, many schemes have been proposed to solve the issue of user authentication for multi‐server environment and low‐power mobile devices. However, most of these schemes have suffered from many attacks because these schemes did not provide the formal security analysis. In this paper, we first give a security model for multi‐server environment. We then propose an ID‐based mutual authentication and key agreement scheme based on bilinear maps for mobile multi‐server environment. Our scheme can be used for both general users with a long validity period and anonymous users with a short validity period. Under the presented security model, we show that our scheme is secure against all known attacks. We demonstrate that the proposed scheme is well suitable for low‐power mobile devices. Copyright © 2011 John Wiley & Sons, Ltd.     

Real-time payments for mobile IP

The mobile IP protocol has evolved from providing mobility support for portable computers to support for wireless handheld devices with high mobility patterns. A new category of micromobility protocols has been proposed to deal with the increased signaling loads that will be generated with large populations of such devices on a network. We argue that the authentication schemes presently employed in these networks do not scale well for large numbers of nodes, and that the lack of accounting procedures prevents the mass deployment of these networks. We envisage that future access networks will be operated by independent service providers, who will charge users for access to services in the fixed network but may not have long-term contractual relationships with them. These access networks may also employ a variety of micromobility protocols for fast handover support. We present a scheme based on hash chains, which allows for fast authentication of datagrams for secure updating of router entries within the access network, and real-time accounting of network usage by mobile nodes. Such a system will alleviate problems of fraud in mobile networks and eliminate the need for interoperator billing agreements.     

Signing a digital signature without using one-way hash functions and message redundancy schemes

In 2000, Shieh et al. proposed some multisignature schemes based on a new digital signature scheme to satisfy the special requirements of the mobile system. In these schemes, one-way hash functions and message redundancy schemes are not used. Later, Hwang and Li indicated that Shieh et al.'s digital signature scheme suffers from the forgery attacks. They also claimed that message redundancy schemes should still be used to resist some attacks. In this letter, we show another attack on Shieh et al.'s signature scheme and propose a secure digital signature scheme, where neither one-way hash functions nor message redundancy schemes are employed.     

基于SIM卡的移动互联网应用鉴权研究

智能终端的普及和移动互联网的迅速发展极大地改变了通信服务产业链。面对移动互联网行业,SIM卡作为天然的鉴权工具却无法发挥其优势。我们希望探索一种基于SIM卡的移动互联网应用鉴权机制,利用SIM卡现有能力,将SIM卡通信鉴权的便利性带到移动互联网的应用鉴权中,使用户享受更安全便捷,无感知的应用鉴权方式,同时为众多移动互联网应用提供开放性的平台化接入服务。     

Profit-Based Routing for Multihop Coverage Extension in Wireless Networks

In future wireless systems, the coverage of a base station will decrease due to the characteristics of the channel at high-frequency bands. To expand the service coverage, a hybrid network that combines an ad hoc network with a cellular (or wireless LAN) network, appears to have great potential. In such systems, some mobile users outside the service area can access the network with the aid of other intermediate mobiles. However, this method incurs energy consumption in routing users, which could be a serious obstacle for wide-spread deployment of multihop wireless networks. Therefore we consider a revenue-cost model and propose a profit-based routing strategy that encourages routing users to actively participate in the relaying service because they are compensated for their energy consumption cost. Our strategy enables each mobile node to find an appropriate multihop path to a base station (or access point) that satisfies the interests of the service provider and the users. Numerical results show that our model successfully expands the network coverage area while ensuring the profit of each system involved.     

Secured data offloading using reinforcement learning and Markov decision process in mobile edge computing

Mobile Internet services are developing rapidly for several applications based on computational ability such as augmented/virtual reality, vehicular networks, etc. The mobile terminals are enabled using mobile edge computing (MEC) for offloading the task at the edge of the cellular networks, but offloading is still a challenging issue due to the dynamism, and uncertainty of upcoming IoT requests and wireless channel state. Moreover, securing the offloading data enhanced the challenges of computational complexities and required a secure and efficient offloading technique. To tackle the mentioned issues, a reinforcement learning-based Markov decision process offloading model is proposed that optimized energy efficiency, and mobile users' time by considering the constrained computation of IoT devices, moreover guarantees efficient resource sharing among multiple users. An advanced encryption standard is employed in this work to fulfil the requirements of data security. The simulation outputs reveal that the proposed approach surpasses the existing baseline models for offloading overhead and service cost QoS parameters ensuring secure data offloading.     

Analysis of a secure conference scheme for mobile communication

Dynamic participation is a feature of the secure conference schemes that allows new conferees to join and the old conferees to leave. The conferees who have left should not be able to decrypt the secure conference communication anymore. A secure conference scheme with dynamic participation was proposed in M.S. Hwang and W.P. Yang (1995) and later it was modified with the self-encryption mechanism in K.F. Hwang and C.C. Chang (2003) for a better performance. In this paper we analyze both the original scheme and the modified version. We show that both of them are subject to the active and passive attacks presented in this paper. Our active attack works in the way that a colluding group of attackers can still obtain the conference key even after they all leave the conference. The passive attack does not need any attacker to ever participate the conference. The conference key can be compromised with a large probability as long as the number of conferees is large.     

A communication gateway for infrastructure-independent 4G wirelessaccess

Wireless communication infrastructure is characterized by an increasing multitude of heterogeneous systems. At the same time, service provider models are established and services designed to span physical networks irrespective of the access method used. To provide an infrastructure-independent access to services and applications for highly mobile users (e.g., in cars), we present a communication gateway architecture as an important component of fourth generation wireless communication systems. We especially emphasize the role of digital broadcast networks for future mobile networking