无线平坦衰落信道的密钥生成速率研究

针对传统窃听信道模型中假定合法信道完全互易、窃听方只处理合法双方一方信号的问题,对传统的窃听信道模型进行了改进.一方面引入相关系数ρ0来刻画合法信道的互易程度,另一方面考虑窃听方能够获取并利用合法双方的信息.在此基础上,推导得到了密钥生成速率的解析表达式,并对影响密钥生成速率的因素进行了仿真分析.仿真结果表明,密钥生成速率随合法信道的相关系数ρ0、信噪比γ的增大而增大,随合法信道与窃听信道之间的相关系数ρ1、ρ2的增大而减小.     

相关衰落信道下的安全协作系统及中断性能

基于相关的瑞利衰落信道,研究安全协作系统的安全中断性能。假定发送端知道全部信道的信道状态信息,系统中存在单个窃听节点以及多个进行协作的中继节点,某个中继节点被选择作为干扰者来发送干扰信号,合法信道与干扰节点到目的节点的信道相关,窃听信道与干扰节点到窃听节点的信道也相关。在此类协作场景中,分析了信道相关性对安全协作系统安全性能的影响,获得了安全中断概率表达式。数值结果表明信道相关对安全协作系统的安全性能存在显著影响。     

不同环境下无线信道密钥生成性能研究

在无线通信物理层安全的研究中,通信双方的信道具有很好的短时互易性,可以从无线信道中提取出相似的信道特征并生成一致的密钥.该技术可以利用无线信道天然的随机性为无线通信系统实时的分配对称密钥.本文利用通用软件无线电平台(USRP)设计并实现了实时的无线信道密钥生成系统.基于设计的无线密钥生成系统,本文在室内房间、室内走廊、空旷室外三种不同场景中的终端固定、终端移动以及人员走动三种不同信道环境下长时间测量了无线信道并生成了密钥.通过分析合法通信双方和窃听者信道状态信息(CSI)的互易性、CSI信息泄露率、CSI随机性、密钥随机性四个指标,详细分析了不同场景及环境下无线信道密钥生成技术的安全性与可靠性.通过实验表明,空旷室外信道随机性最高,室内走廊随机性其次,室内房间随机性最低.此外,周围环境变化愈快,信道随机性愈高.通过选择合适的密钥生成参数,都可以在不同的场景及环境下生成满足随机性要求的密钥.     

窄带信道中基于接收信号相位的密钥容量研究

无线信道具有互易性、时变性和空变性等特点,合法双方可以利用无线信道的特性生成共享密钥。基于此,提出一种密钥容量的求解方法。对窄带信道中基于相关随机源模型的窃听信道进行合理建模,利用信息论及随机信号分析理论,对基于接收信号相位信息的密钥容量进行推导,得到密钥容量的表达式。仿真结果表明,密钥容量随信噪比与合法双方信道相关系数的增大而增大,且基于接收信号相位的密钥容量小于基于接收信号的密钥容量,因此,合法双方为得到更长的密钥,可以进行接收信号包络、相位信息的联合提取。     

WSN的一种分布式组密钥管理方案

文章利用拉格朗日插值多项式,提出一种基于簇的无线传感器网络组密钥管理方案。方案将组密钥以分量的形式存储在各合法节点中,合法节点通过和一定数目的邻居节点协作获得新的组密钥,并利用加密广播更新组密钥分量,提高了系统抗合谋攻击的能力,通信、存储开销也有所降低。     

多节点AF协作通信系统中的信道估计方法

依据频率选择性衰落信道下基于正交频分复用技术的多节点放大转发协作通信系统,提出一种基于叠加导频的分段式信道估计方法。该方法采用双块状导频,分别记录级联链路和第2段链路状态信息,并估计相应的信道状态信息,计算出第1段链路信道状态信息。仿真结果表明,该方法能够获得2段链路的信道状态信息,减小信道估计导频开销和时隙周期,提高信道估计的实时性。     

无条件安全密钥协商中认证问题的研究

无条件安全密钥协商一般包括初始化,通信和决策三个阶段,该文基于纠错码理论提出了一个认证方案。该方案利用通信双方在初始阶段所获得的相关信息对通信阶段的通信内容进行认证,如果初始阶段中通信双方及敌手所获得的初始信息是由一个二元对称信源通过二元对称信道广播所得到的,该研究结果认为在敌手的信道比通信双方的信道都差的条件下,总能够找到一种（Ｎ,Ｋ,ｄ）线性码来实现作者所提出的认证方案,并使得收方接受合法消息     

基于多比特自适应量化方案的相位密钥生成方法

本文利用时分系统无线信道的互易性,对两个节点之间的信道相位进行测量从而提取密钥比特,使得可以在信道估计时获得密钥,无需进行预分配。本文提出了一种多比特自适应量化方案,将信道测量值量化成多个比特,并给出了密钥一致性概率理论推导。仿真结果表明,方案可以达到较高的密钥生成一致率,并具有一定的抗干扰能力。     

无线网络中的多跳协作机制*

现有的协作机制过度地依赖于信道状态信息,而无线信道状态瞬时变化,使得信道状态信息在实践中很难获取。提出一种新的多跳协作机制,该机制不依赖信道状态信息,而是充分利用无线网络的广播特性,使得系统中的节点缓存其前面节点发送的信号,并对接收到的信号进行最大比合并,恢复原信号再转发。通过理论分析以及仿真分析验证所提方案的可行性和有效性,并与多跳非协作机制进行比较,仿真结果表明,多跳协作机制可以获得额外的分集增益,有效地提高了交付率以及增大系统中的端到端的平均吞吐量。     

准静态场景下基于智能超表面的密钥生成方法

针对物联网准静态场景中信道变化缓慢、密钥速率低的问题,提出了一种基于智能超表面（RIS, reconfigurable intelligent surface）的密钥生成方法。首先,利用RIS的捷变特性构造快速变化的信道;然后,基站（BS,base station）与合法用户通过信道估计、量化、信息协商等步骤从信道信息中提取对称密钥;最后,对相干时间内密钥生成和数据传输进行最优时间分配,实现最大传输速率的“一次一密”。仿真结果表明,所提方法的密钥速率高于现有的中继辅助、随机信号流和随机数方法,并且随着RIS反射单元个数和相干时间内信道估计次数的增加,密钥速率有进一步的提高。     

Physical layer authentication for automotive cyber physical systems based on modified HB protocol

Automotive cyber physical systems (CPSs) are ever more utilizing wireless technology for V2X communication as a potential way out for challenges regarding collision detection, wire strap up troubles and collision avoidance. However, security is constrained as a result of the energy and performance limitations of modern wireless systems. Accordingly, the need for efficient secret key generation and management mechanism for secured communication among computationally weak wireless devices has motivated the introduction of new authentication protocols. Recently, there has been a great interest in physical layer based secret key generation schemes by utilizing channel reciprocity. Consequently, it is observed that the sequence generated by two communicating parties contain mismatched bits which need to be reconciled by exchanging information over a public channel. This can be an immense security threat as it may let an adversary attain and recover segments of the key in known channel conditions. We proposed Hopper-Blum based physical layer (HB-PL) authentication scheme in which an enhanced physical layer key generation method integrates the Hopper-Blum (HB) authentication protocol. The information collected from the shared channel is used as secret keys for the HB protocol and the mismatched bits are used as the induced noise for learning parity with noise (LPN) problem. The proposed scheme aims to provide a way out for bit reconciliation process without leakage of information over a public channel. Moreover, HB protocol is computationally efficient and simple which helps to reduce the number of exchange messages during the authentication process. We have performed several experiments which show that our proposed design can generate secret keys with improved security strength and high performance in comparison to the current authentication techniques. Our scheme requires less than 55 exchange messages to achieve more than 95% of correct authentication.     

Efficient and secure key extraction using channel state information

Generating keys and keeping them secret are critical in secure communications. Due to the “open air” nature, key distribution is more susceptible to attacks in wireless communications. An ingenious solution is to generate secret keys for two communicating parties separately without the need of key exchange or distribution, and regenerate them on needs. Recently, it is promising to extract keys by measuring the random variation in wireless channels, e.g., RSS. In this paper, we propose an efficient secret key extraction protocol with decorrelating compressive (SKEDC). It establishes common cryptographic keys for two communicating parties in wireless networks via real-time measurement on channel state information (CSI). It outperforms RSS-based key generation approaches in terms of multiple subcarriers measurement, perfect symmetry in channel for key coincidence, rapid decorrelation with distance, and high sensitivity towards environments changes. In the SKEDC design, we also propose effective mechanisms, such as the adaptive key stream generation, to fully exploit the excellent properties of CSI and eliminate the correlation among the subcarriers. We implement SKEDC on off-the-shelf 802.11n devices and evaluate its performance via extensive experiments. The results demonstrate that SKEDC achieves more than \(3\times \) throughput gain in the key generation from the state-of-the-art RSS-based approaches.     

一种基于多径相对时延的密钥生成方法*

利用TDD系统上下行信道特征的一致性提取密钥,克服了现行密钥机制需要预分发的弊端,是保障物理层安全的一种新思路。针对宽带系统多径时延满足信道互易性的特点,设计了一种新的密钥生成方案。该方案在多径合并的同时提取各径间的相对时延,并计算相对时延与平均时延的差值生成密钥,具有较强的健壮性。超宽带信道的仿真结果表明,当信噪比等于15 dB时,密钥生成一致性可达95%。     

一种改进的无线传感器网络动态密钥管理方案

无线传感器网络是由大量资源有限的传感器节点组成。为了保证传感器节点间的安全通信,找到一种有效的密钥管理方式是十分重要的。针对无线传感器节点能量低,存储空间有限的特点,提出了一种改进的密钥管理方案。该方案采用或运算及异或运算生成共享密钥对,计算量小、耗能低,并且密钥可更新。最后通过对比分析,该方案比其他方案具有更强的安全性和更低的能量消耗。     

传感器网络中一种可靠的对密钥更新方案

提出了一种基于预分发和协作的可靠的对密钥更新方案RPKU(reliable pairwise key-updating).借助于一种改进的Blom密钥矩阵构造方法,该方案能够随着网络的动态变化而动态伸缩各个节点的密钥信息,从而解决了由于节点被攻击所导致的密钥泄漏和密钥连通性下降等问题.该方案还提出了一种基于分簇型传感器网络结构的密钥预分发方法,使得任意两个相邻节点间都能建立一个对密钥.仿真结果表明,与已有的密钥方案相比,该方案在安全性、密钥连通性和扩展性等方面都具有明显的优势.     

Pair-wise path key establishment in wireless sensor networks

When sensor networks deployed in unattended and hostile environments, for securing communication between sensors, secret keys must be established between them. Many key establishment schemes have been proposed for large scale sensor networks. In these schemes, each sensor shares a secret key with its neighbors via preinstalled keys. But it may occur that two end nodes which do not share a key with each other could use a secure path to share a secret key between them. However during the transmission of the secret key, the secret key will be revealed to each node along the secure path. Several researchers proposed a multi-path key establishment to prevent a few compromised sensors from knowing the secret key, but it is vulnerable to stop forwarding or Byzantine attacks. To counter these attacks, we propose a hop by hop authentication scheme for path key establishment to prevent Byzantine attacks. Compared to conventional protocols, our proposed scheme can mitigate the impact of malicious nodes from doing a Byzantine attack and sensor nodes can identify the malicious nodes. In addition, our scheme can save energy since it can detect and filter false data not beyond two hops.     

An efficient and scalable pairwise key pre-distribution scheme for sensor networks using deployment knowledge

Pairwise key establishment is a fundamental security service for sensor networks. However, establishing pairwise key in sensor networks is a challenging problem, particularly due to the resource constraints on sensor nodes and the threat of node compromises. On the other hand, adding new nodes to a sensor network is a fundamental requirement for their continuous operation over time, too. We analyze the weaknesses of security due to node capture when adding sensor nodes using key pre-distribution schemes with “fixed” key pools. In this paper, we propose a new approach, which separates the nodes into groups, the nodes in a group communicate with each other using pairwise keys pre-distributed, the communications between any two neighbor groups are accomplished also through pairwise keys, which is computed based on the pre-distributed Hash chain. We show that the performance (e.g. continuous connectivity, continuous network resilience against node capture and memory usage) of sensor networks can be substantially improved by using our scheme. The scheme and its detailed performance evaluation are presented.     

基于身份和Weil对的聚合签名方案

提出了一种基于身份和Weil对的聚合签名方案。方案中密钥生成中心负责系统公、私钥的生成,消息的分配和签名者公、私钥的生成。签名者是具有某种特殊身份的个体,并且这种身份是唯一的,这一身份是签名者从密钥生成中心获得签名私钥的唯一凭证。每个签名者只负责对某一段消息的签名,总的签名由签名聚合者结合每位签名者的单个签名生成。这样就避免了暴露整个消息给所有的签名者,这一特性在某些对消息保密要求性较高的场合得以广泛应用。该方案在签名时用到了双线性映射,从而减少了验证时的对运算。     

异构传感器网络中对密钥建立方案

针对现有异构传感器网络(HSN)密钥预分配方案的安全问题,提出一种基于部署知识和密钥链技术的对密钥建立方案.将部署区域划分成多个单元,整个HSN网络划分成簇.在部署区域中,相邻节点使用预分配密钥信息建立共享密钥.在节点部署完成后,当两相邻节点不能建立共享密钥时,通过其他高能节点为其分配共享密钥.理论分析和模拟结果表明,...     

Cryptanalysis of an authentication scheme using truncated polynomials

An attack on a recently proposed authentication scheme of Shpilrain and Ushakov is presented. The public information allows the derivation of a system of polynomial equations for the secret key bits. Our attack uses simple elimination techniques to distill linear equations. For the proposed parameter choice, the attack often finds secret keys or alternative secret keys within minutes with moderate resources.