基于验证元的三方口令认证密钥交换协议

基于验证元的口令认证密钥交换协议的最基本安全目标是抵抗字典攻击和服务器泄露攻击.利用双线性对的性质给出了一个基于验证元的三方口令认证密钥交换协议,有如下特点:能够抵抗字典攻击和服务器泄露攻击;保持密钥秘密性,提供前向安全性;确保无密钥控制;抵抗已知密钥攻击和中间人攻击;协议执行一次可以生成4个会话密钥等.     

Analysis of the SPEKE password-authenticated key exchange protocol

In this letter, we show that for the SPEKE password-authenticated key exchange protocol, an adversary is able to test multiple possible passwords using a single impersonation attempt. In particular, when passwords are short Personal Identification Numbers (PINs), we show that a fully-constrained SPEKE is susceptible to password guessing attack. Our analysis contradicts the claim that the SPEKE protocol appears to be at least as strong as the Bellovin-Merritt EKE protocol. For EKE, an adversary can gain information about at most one possible password in each impersonation attempt.     

CL-AGKA: certificateless authenticated group key agreement protocol for mobile networks

Wireless Networks - Wireless group communication has gained much popularity recently due to the increase in portable, lightweight devices. These devices are capable of performing group...     

基于双线性配对的密钥树口令认证组密钥交换协议

针对组密钥交换协议存在的安全性及执行效率问题,提出了基于双线性配对的密钥树口令认证组密钥交换协议nPAKE'.协议中使用双线性配对取代了一般组密钥交换协议中的幂指数运算,并为协议的参与方建立了二叉密钥树结构.对协议的安全性及效率进行的分析表明协议中所采用的双线性配对技术能够满足对组密钥交换协议的安全性要求,并且协议在执行效率上相对于其他组密钥交换协议有很大的提高.     

A secure and efficient password‐authenticated group key exchange protocol for mobile ad hoc networks

Password‐authenticated group key exchange protocols enable communication parties to establish a common secret key (a session key) by only using short secret passwords. Such protocols have been receiving significant attention. This paper shows some security weaknesses in some recently proposed password‐authenticated group key exchange protocols. Furthermore, a secure and efficient password‐authenticated group key exchange protocol in mobile ad hoc networks is proposed. It only requires constant round to generate a group session key under the dynamic scenario. In other words, the overhead of key generation is independent of the size of a total group. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. Security and performance analyses show that, compared with other related group key exchange schemes, the proposed protocol is also efficient for real‐world applications in enhancing the security over wireless communications. Copyright © 2011 John Wiley & Sons, Ltd.     

A pairing-free identity-based authenticated group key agreement protocol for imbalanced mobile networks

The secure and reliable group communication gains popularity in imbalanced mobile networks due to the increase demand of the group-oriented applications such as teleconferences, collaborative workspaces, etc. For acquiring the group security objectives, many authenticated group key agreement (AGKA) protocols exploiting the public key infrastructure have been proposed, which require additional processing and storage space for validation of the public keys and the certificates. In addition, the most of the AGKA protocols are implemented using bilinear pairing and a map-to-point (MTP) hash function. The relative computation cost of the bilinear pairing is approximately two to three times more than the elliptic curve point multiplication (ECPM) and the MTP function has higher computation cost than an ECPM. Due to the limitation of communication bandwidth, computation ability, and storage space of the low-power mobile devices, these protocols are not suitable especially for insecure imbalanced mobile networks. To cope with the aforementioned problems, in this paper, we proposed a pairing-free identity-based authenticated group key agreement protocol using elliptic curve cryptosystem. It is found that the proposed protocol, compared with the related protocols, not only improves the computational efficiencies, but also enhances the security features.     

Improved modelling for mobile Ad-hoc networks

In the existing mobile ad-hoc network (MANET) literature the vast majority of simulation studies that investigate routing protocol performance use a simplistic radio channel model, based on a two-ray ground-reflected path, and ignore both fast and slow fading. Reported are results from the first phase of an investigation into the use of a more realistic channel model, which incorporates the slow (lognormal) fading typically found in both outdoor and indoor mobile radio channels. The significance of the results are that they show previous papers may have significantly underestimated the radio path loss, thereby overestimating the performance of particular routing protocols.     

A novel authenticated group key agreement protocol for mobile environment

An authenticated group key agreement protocol allows a group of parties to authenticate each other and then determine a group key via an insecure network environment. In 2009, Lee et al. first adopted bilinear pairings to propose a new nonauthenticated group key agreement protocol and then extend it to an authenticated group key agreement protocol. This paper points out that the authenticated protocol of Lee et al. is vulnerable to an impersonation attack such that any adversary can masquerade as a legal node to determine a group key with the other legal nodes and the powerful node. This paper shall employ the short signature scheme of Zhang et al. to propose a new authenticated group key agreement protocol. The short signature scheme of Zhang et al. is proven to be secure against the adaptive chosen-message attacks in the random oracle model, so the proposed protocol can withstand the possible attacks. Besides, compared with the authenticated protocol of Lee et al., the proposed protocol is more secure and efficient.     

A secure enhanced privacy-preserving key agreement protocol for wireless mobile networks

The rapid proliferation of mobile networks has made security an important issue, particularly for transaction oriented applications. Recently, Jo et al. presented an efficient authentication protocol for wireless mobile networks and asserted that their proposed approach provides all known security functionalities including session key (SK) security under the assumption of the widely-accepted Canetti–Krawczyk (CK) model. We reviewed Jo et al.’s proposed roaming protocol and we demonstrate that it fails to provide the SK-security under the CK-adversary setting. We then propose an enhancement to Jo et al.’s roaming protocol to address the security drawback found in Jo et al.’s protocol. In the enhanced roaming protocol, we achieve the SK-security along with reduced computation, communication and storage costs. We also simulate the enhanced roaming protocol using NS2 for end-to-end delay and network throughput, and the simulation results obtained demonstrate the efficiency of our protocol.     

An efficient two‐party authentication key exchange protocol for mobile environment

The primary goal of this research is to ensure secure communications by client‐server architectures in mobile environment. Although various two‐party authentication key exchange protocols are proposed and claimed to be resistant to a variety of attacks, studies have shown that various loopholes exist in these protocols. What's more, many two‐party authentication key exchange protocols use timestamp to prevent the replay attack and transmit the user's identity in plaintext form. Obviously, these methods will lead to the clock synchronization problem and user's anonymity problem. Fortunately, the three‐way challenged‐response handshake technique and masking user's original identity with a secret hash value used in our study address these problems well. Of course, the proposed protocol based on elliptic curve cryptography supports flawless mutual authentication of participants, agreement of session key, impersonation attack resistance, replay attack resistance, and prefect forward secrecy, as well. The analyses in the aspects of efficiency and security show that the proposed protocol is a better choice for mobile users.     

Analysis and improvement of an authenticated key exchange protocol for sensor networks

In 2003, Huang et al. proposed: an authenticated key exchange protocol for secure communications between a sensor and a security manager in a self-organizing sensor network. The protocol is, based on elliptic curve cryptography. In this letter, we show that a security manager will learn the long-term private key of a sensor after having one normal run of-the protocol with the sensor. This contradicts to some of their security claims. We explain why this is undesirable in practice and also-propose an improvement which solves the problem and makes all of their security claims hold again.     

Ad-hoc网络上的动态路由协议研究及实现

概要介绍了Ad-hoc网络的概念。通过分析其网络特点,描述了该种网络对动态路由协议的要求。简要介绍了当前流行的几种Ad-hoc动态路由协议及特点。详细描述了OLSR路由协议的术语和主要思想。最后结合工程实践,介绍了实现该协议过程中的关键问题,并在模拟网络环境下验证了该协议的正确性。     

A secure group key management scheme for hierarchical mobile ad hoc networks

In this paper, we present a secure group key management scheme for hierarchical mobile ad hoc networks. Our approach aims to improve both scalability and survivability of group key management for large-scale wireless ad hoc networks. To achieve our goal, we propose the following approaches: (1) a multi-level security model, which follows a modified Bell-La Padula security model that is suitable in a hierarchical mobile ad hoc networking environment, and (2) a decentralized group key management infrastructure to achieve such a multi-level security model. Our approaches reduce the key management overhead and improve resilience to any single point failure problem. In addition, we have developed a roaming protocol that is able to provide secure group communication involving group members from different groups without requiring new keys; an advantage of this protocol is that it is able to provide continuous group communication even when the group manager fails.     

An efficient certificateless key exchange protocol for heterogeneous networks in human-centered IoT systems

Human-centered Internet of things (IoT) systems enable human beings to enjoy the ubiquitous services and play more and more important roles in our life. A common application scenario in human-centered IoT systems is that two distributed wireless devices from heterogeneous networks want to communicate with each other. However, key generation centers (KGCs) from different networks usually use independent security parameters. It is difficult for two users with different security parameters to establish a common session key. We propose a certificateless key exchange protocol for two different devices managed by different KGCs to address the issue. The security of the proposed protocol is conducted in the random oracle model with the hardness assumption of elliptic curve computational Diffie-Hellman (ECDH) problem. The main merits of our protocol include the following: (a) it enables users from heterogeneous networks to establish upon a shared session key, (b) it can solve the key escrow problem, (c) it does not use bilinear pairings and obtains computational efficiency, and (d) it achieves stronger security compared with other related protocols.     

Building a signaling protocol architecture for future mobile networks

Third-generation mobile systems are emerging. These systems will support a unified user access to a variety of services, including the existing mobile and fixed network (PSTN, N-ISDN) services, the enhanced multimedia and multiparty services envisaged for broadband networks, and personal communication services as well. The role of signaling is predominant in building a flexible, efficient, and evolving system. The aim of this paper is to provide a framework for developing a signaling protocol architecture for future mobile networks. The study especially focuses on the universal mobile telecommunication system (UMTS). Within this framework various design and operational requirements imposed on UMTS can be satisfied. A method to deal with the functional complexity of UMTS is provided. Mobile networks are viewed as integral parts of the broadband infrastructure and are built upon the IN principles.     

移动P2P网络安全拓扑构造协议

针对移动对等(MP2P)网络的安全问题,提出一种MP2P网络安全拓扑构造协议(AMPSTP).AMPSTP协议首先利用Fortune算法完成对地理区域的划分,然后给出临时锚节点的选取和更新策略、MP2P覆盖网拓扑模型的构造和维护机制、MP2P覆盖网的路由发现算法以及基于博弈的MP2P覆盖网的节点选择机制.最后对AMPSTP协议的性能进行理论分析和仿真实验.结果表明,与MADPastry协议相比AMPSTP协议不仅可以保障网络安全和提高网络性能,而且还大大降低了控制开销.     

基于身份密钥交换的安全模型

研究了基于身份的密钥交换协议的可证明安全问题.在通用可组合安全框架下,提出了基于身份密钥交换协议的模型.在攻击模型中,添加了攻陷密钥生成中心的能力.根据基于身份密钥交换的特点,设计了基于身份密钥交换的理想函数.在新的攻击模型和理想函数下,提出的模型既保证了基于身份密钥交换的通用可组合安全性,又保证了一个重要的安全属性--密钥生成中心前向保密性.此外,带有密钥确认属性的Chen-Kudla协议可以安全实现基于身份密钥交换的理想函数.     

AN ENHANCEMENT SCHEME OF TCP PROTOCOL IN MOBILE AD HOC NETWORKS： MME-TCP

Transmission Control Protocol （TCP） optimization in Mobile Ad hoc NETworks （MANETs） is a challenging issue because of some unique characteristics of MANETs. In this paper, a new end-to-end mechanism based on multiple metrics measurement is proposed to improve TCP performance in MANETs. Multi-metric Measurement based Enhancement of TCP （MME-TCP） designs the metrics and the identification algorithm according to the characteristics of MANETs and the experiment results. Furthermore, these metrics are measured at the sender node to reduce the overhead of control information over networks. Simulation results show that MME-TCP mechanism achieves a significant performance improvement over standard TCP in MANETs.