Group key management

Energy Technology Data Exchange (ETDEWEB)

Dunigan, T.; Cao, C.

1997-08-01

This report describes an architecture and implementation for doing group key management over a data communications network. The architecture describes a protocol for establishing a shared encryption key among an authenticated and authorized collection of network entities. Group access requires one or more authorization certificates. The implementation includes a simple public key and certificate infrastructure. Multicast is used for some of the key management messages. An application programming interface multiplexes key management and user application messages. An implementation using the new IP security protocols is postulated. The architecture is compared with other group key management proposals, and the performance and the limitations of the implementation are described.

Minimum Interference Channel Assignment Algorithm for Multicast in a Wireless Mesh Network

Directory of Open Access Journals (Sweden)

Sangil Choi

2016-12-01

Full Text Available Wireless mesh networks (WMNs have been considered as one of the key technologies for the configuration of wireless machines since they emerged. In a WMN, wireless routers provide multi-hop wireless connectivity between hosts in the network and also allow them to access the Internet via gateway devices. Wireless routers are typically equipped with multiple radios operating on different channels to increase network throughput. Multicast is a form of communication that delivers data from a source to a set of destinations simultaneously. It is used in a number of applications, such as distributed games, distance education, and video conferencing. In this study, we address a channel assignment problem for multicast in multi-radio multi-channel WMNs. In a multi-radio multi-channel WMN, two nearby nodes will interfere with each other and cause a throughput decrease when they transmit on the same channel. Thus, an important goal for multicast channel assignment is to reduce the interference among networked devices. We have developed a minimum interference channel assignment (MICA algorithm for multicast that accurately models the interference relationship between pairs of multicast tree nodes using the concept of the interference factor and assigns channels to tree nodes to minimize interference within the multicast tree. Simulation results show that MICA achieves higher throughput and lower end-to-end packet delay compared with an existing channel assignment algorithm named multi-channel multicast (MCM. In addition, MICA achieves much lower throughput variation among the destination nodes than MCM.

High Performance Computing Multicast

Science.gov (United States)

2012-02-01

A History of the Virtual Synchrony Replication Model,” in Replication: Theory and Practice, Charron-Bost, B., Pedone, F., and Schiper, A. (Eds...Performance Computing IP / IPv4 Internet Protocol (version 4.0) IPMC Internet Protocol MultiCast LAN Local Area Network MCMD Dr. Multicast MPI

Ancestors protocol for scalable key management

Directory of Open Access Journals (Sweden)

Dieter Gollmann

2010-06-01

Full Text Available Group key management is an important functional building block for secure multicast architecture. Thereby, it has been extensively studied in the literature. The main proposed protocol is Adaptive Clustering for Scalable Group Key Management (ASGK. According to ASGK protocol, the multicast group is divided into clusters, where each cluster consists of areas of members. Each cluster uses its own Traffic Encryption Key (TEK. These clusters are updated periodically depending on the dynamism of the members during the secure session. The modified protocol has been proposed based on ASGK with some modifications to balance the number of affected members and the encryption/decryption overhead with any number of the areas when a member joins or leaves the group. This modified protocol is called Ancestors protocol. According to Ancestors protocol, every area receives the dynamism of the members from its parents. The main objective of the modified protocol is to reduce the number of affected members during the leaving and joining members, then 1 affects n overhead would be reduced. A comparative study has been done between ASGK protocol and the modified protocol. According to the comparative results, it found that the modified protocol is always outperforming the ASGK protocol.

Optical multicast system for data center networks.

Science.gov (United States)

Samadi, Payman; Gupta, Varun; Xu, Junjie; Wang, Howard; Zussman, Gil; Bergman, Keren

2015-08-24

We present the design and experimental evaluation of an Optical Multicast System for Data Center Networks, a hardware-software system architecture that uniquely integrates passive optical splitters in a hybrid network architecture for faster and simpler delivery of multicast traffic flows. An application-driven control plane manages the integrated optical and electronic switched traffic routing in the data plane layer. The control plane includes a resource allocation algorithm to optimally assign optical splitters to the flows. The hardware architecture is built on a hybrid network with both Electronic Packet Switching (EPS) and Optical Circuit Switching (OCS) networks to aggregate Top-of-Rack switches. The OCS is also the connectivity substrate of splitters to the optical network. The optical multicast system implementation requires only commodity optical components. We built a prototype and developed a simulation environment to evaluate the performance of the system for bulk multicasting. Experimental and numerical results show simultaneous delivery of multicast flows to all receivers with steady throughput. Compared to IP multicast that is the electronic counterpart, optical multicast performs with less protocol complexity and reduced energy consumption. Compared to peer-to-peer multicast methods, it achieves at minimum an order of magnitude higher throughput for flows under 250 MB with significantly less connection overheads. Furthermore, for delivering 20 TB of data containing only 15% multicast flows, it reduces the total delivery energy consumption by 50% and improves latency by 55% compared to a data center with a sole non-blocking EPS network.

WDM Network and Multicasting Protocol Strategies

Directory of Open Access Journals (Sweden)

Pinar Kirci

2014-01-01

Full Text Available Optical technology gains extensive attention and ever increasing improvement because of the huge amount of network traffic caused by the growing number of internet users and their rising demands. However, with wavelength division multiplexing (WDM, it is easier to take the advantage of optical networks and optical burst switching (OBS and to construct WDM networks with low delay rates and better data transparency these technologies are the best choices. Furthermore, multicasting in WDM is an urgent solution for bandwidth-intensive applications. In the paper, a new multicasting protocol with OBS is proposed. The protocol depends on a leaf initiated structure. The network is composed of source, ingress switches, intermediate switches, edge switches, and client nodes. The performance of the protocol is examined with Just Enough Time (JET and Just In Time (JIT reservation protocols. Also, the paper involves most of the recent advances about WDM multicasting in optical networks. WDM multicasting in optical networks is given as three common subtitles: Broadcast and-select networks, wavelength-routed networks, and OBS networks. Also, in the paper, multicast routing protocols are briefly summarized and optical burst switched WDM networks are investigated with the proposed multicast schemes.

Multicast middleware for performance and topology analysis of multimedia grids

Directory of Open Access Journals (Sweden)

Jerry Z. Xie

2017-04-01

Full Text Available Since multicast reduces bandwidth consumption in multimedia grid computing, the middleware for monitoring the performance and topology of multicast communications is important to the design and management of multimedia grid applications. However, the current middleware technologies for multicast performance monitoring are still far from attaining the level of maturity and there lacks consistent approaches to obtain the evaluation data for multicast. In this study, to serve a clear guide for the design and implementation of the multicast middleware, two algorithms are developed for organising all constituents in multicast communications and analysing the multicast performance in two topologies – ‘multicast distribution tree’ and ‘clusters distribution’, and a definitive set of corresponding metrics that are comprehensive yet viable for evaluating multicast communications are also presented. Instead of using the inference data from unicast measurements, in the proposed middleware, the measuring data of multicast traffic are obtained directly from multicast protocols in real time. Moreover, this study makes a middleware implementation which is integrated into a real access grid multicast communication infrastructure. The results of the implementation demonstrate the substantial improvements in the accuracy and real time in evaluating the performance and topology of multicast network.

Scalable Multicasting over Next-Generation Internet Design, Analysis and Applications

CERN Document Server

Tian, Xiaohua

2013-01-01

Next-generation Internet providers face high expectations, as contemporary users worldwide expect high-quality multimedia functionality in a landscape of ever-expanding network applications. This volume explores the critical research issue of turning today’s greatly enhanced hardware capacity to good use in designing a scalable multicast  protocol for supporting large-scale multimedia services. Linking new hardware to improved performance in the Internet’s next incarnation is a research hot-spot in the computer communications field.   The methodical presentation deals with the key questions in turn: from the mechanics of multicast protocols to current state-of-the-art designs, and from methods of theoretical analysis of these protocols to applying them in the ns2 network simulator, known for being hard to extend. The authors’ years of research in the field inform this thorough treatment, which covers details such as applying AOM (application-oriented multicast) protocol to IPTV provision and resolving...

Cross-Layer Optimal Rate Allocation for Heterogeneous Wireless Multicast

Directory of Open Access Journals (Sweden)

Amr Mohamed

2009-01-01

Full Text Available Heterogeneous multicast is an efficient communication scheme especially for multimedia applications running over multihop networks. The term heterogeneous refers to the phenomenon when multicast receivers in the same session require service at different rates commensurate with their capabilities. In this paper, we address the problem of resource allocation for a set of heterogeneous multicast sessions over multihop wireless networks. We propose an iterative algorithm that achieves the optimal rates for a set of heterogeneous multicast sessions such that the aggregate utility for all sessions is maximized. We present the formulation of the multicast resource allocation problem as a nonlinear optimization model and highlight the cross-layer framework that can solve this problem in a distributed ad hoc network environment with asynchronous computations. Our simulations show that the algorithm achieves optimal resource utilization, guarantees fairness among multicast sessions, provides flexibility in allocating rates over different parts of the multicast sessions, and adapts to changing conditions such as dynamic channel capacity and node mobility. Our results show that the proposed algorithm not only provides flexibility in allocating resources across multicast sessions, but also increases the aggregate system utility and improves the overall system throughput by almost 30% compared to homogeneous multicast.

Multicast traffic grooming in flexible optical WDM networks

Science.gov (United States)

Patel, Ankitkumar N.; Ji, Philip N.; Jue, Jason P.; Wang, Ting

2012-12-01

In Metropolitan Area Networks (MANs), point-to-multipoint applications, such as IPTV, video-on-demand, distance learning, and content distribution, can be efficiently supported through light-tree-based multicastcommunications instead of lightpath-based unicast-communications. The application of multicasting for such traffic is justified by its inherent benefits of reduced control and management overhead and elimination of redundant resource provisioning. Supporting such multicast traffic in Flexible optical WDM (FWDM) networks that can provision light-trees using optimum amount of spectrum within flexible channel spacing leads to higher wavelength and spectral efficiencies compared to the conventional ITU-T fixed grid networks. However, in spite of such flexibility, the residual channel capacity of stranded channels may not be utilized if the network does not offer channels with arbitrary line rates. Additionally, the spectrum allocated to guard bands used to isolate finer granularity channels remains unutilized. These limitations can be addressed by using traffic grooming in which low-rate multicast connections are aggregated and switched over high capacity light-trees. In this paper, we address the multicast traffic grooming problem in FWDM networks, and propose a novel auxiliary graph-based algorithm for the first time. The performance of multicast traffic grooming is evaluated in terms of spectral, cost, and energy efficiencies compared to lightpath-based transparent FWDM networks, lightpathbased traffic grooming-capable FWDM networks, multicast-enabled transparent FWDM networks, and multicast traffic grooming-capable fixed grid networks. Simulation results demonstrate that multicast traffic grooming in FWDM networks not only improves spectral efficiency, but also cost, and energy efficiencies compared to other multicast traffic provisioning approaches of FWDM and fixed grid networks.

Multi-area layered multicast scheme for MPLS networks

Science.gov (United States)

Ma, Yajie; Yang, Zongkai; Wang, Yuming; Chen, Jingwen

2005-02-01

Multi-protocol label switching (MPLS) is multiprotocols both at layer 2 and layer 3. It is suggested to overcome the shortcomings of performing complex longest prefix matching in layer 3 routing by using short, fixed length labels. The MPLS community has put more effort into the label switching of unicast IP traffic, but less in the MPLS multicast mechanism. The reasons are the higher label consumption, the dynamical mapping of L3 multicast tree to L2 LSPs and the 20-bit shim header which is much fewer than the IPv4 IP header. On the other hand, heterogeneity of node capability degrades total performance of a multicast group. In order to achieve the scalability as well as the heterogeneity in MPLS networks, a novel scheme of MPLS-based Multi-area Layered Multicast Scheme (MALM) is proposed. Unlike the existing schemes which focus on aggregating the multicast stream, we construct the multicast tree based on the virtual topology aggregation. The MPLS area is divided into different sub-areas to form the hierarchical virtual topology and the multicast group is reconstructed into multiple layers according to the node capability. At the same time, the label stack is used to save the label space. For stability of the MALM protocol, a multi-layer protection scheme is also discussed. The experiment results show that the proposed scheme saves label space and decrease the Multicast Forwarding Table in much degree.

A Novel Video Data-Source Authentication Model Based on Digital Watermarking and MAC in Multicast

Institute of Scientific and Technical Information of China (English)

ZHAO Anjun; LU Xiangli; GUO Lei

2006-01-01

A novel video data authentication model based on digital video watermarking and MAC (message authentication code) in multicast protocol is proposed in this paper. The digital watermarking which composes of the MAC of the significant video content, the key and instant authentication data is embedded into the insignificant video component by the MLUT (modified look-up table) video watermarking technology. We explain a method that does not require storage of each data packet for a time, thus making receiver not vulnerable to DOS (denial of service) attack. So the video packets can be authenticated instantly without large volume buffer in the receivers. TESLA(timed efficient stream loss-tolerant authentication) does not explain how to select the suitable value for d, which is an important parameter in multicast source authentication. So we give a method to calculate the key disclosure delay (number of intervals). Simulation results show that the proposed algorithms improve the performance of data source authentication in multicast.

Implementing Resource-aware Multicast Forwarding in Software Defined Networks

DEFF Research Database (Denmark)

Poderys, Justas; Sunny, Anjusha; Soler, José

2018-01-01

Using multicast data transmissions, data can be eciently distributed to a high number of network users. However, in order to ef-ciently stream multimedia using multicast communication, multicast routing protocols must have knowledge of all network links and their available bandwidth. In Software...

A Dynamic Active Multicast Group Access Control Framework Based on Trust Management System

Institute of Scientific and Technical Information of China (English)

YANG Chang; CHEN Xiaolin; ZHANG Huanguo

2006-01-01

The current multicast model provides no access control mechanism. Any host can send data directly to a multicast address or join a multicast group to become a member, which brings safety problems to multicast. In this paper, we present a new active multicast group access control mechanism that is founded on trust management. This structure can solve the problem that exists in multicast members' access control and distributing authorization of traditional IP multicast.

A high performance totally ordered multicast protocol

Science.gov (United States)

Montgomery, Todd; Whetten, Brian; Kaplan, Simon

1995-01-01

This paper presents the Reliable Multicast Protocol (RMP). RMP provides a totally ordered, reliable, atomic multicast service on top of an unreliable multicast datagram service such as IP Multicasting. RMP is fully and symmetrically distributed so that no site bears un undue portion of the communication load. RMP provides a wide range of guarantees, from unreliable delivery to totally ordered delivery, to K-resilient, majority resilient, and totally resilient atomic delivery. These QoS guarantees are selectable on a per packet basis. RMP provides many communication options, including virtual synchrony, a publisher/subscriber model of message delivery, an implicit naming service, mutually exclusive handlers for messages, and mutually exclusive locks. It has commonly been held that a large performance penalty must be paid in order to implement total ordering -- RMP discounts this. On SparcStation 10's on a 1250 KB/sec Ethernet, RMP provides totally ordered packet delivery to one destination at 842 KB/sec throughput and with 3.1 ms packet latency. The performance stays roughly constant independent of the number of destinations. For two or more destinations on a LAN, RMP provides higher throughput than any protocol that does not use multicast or broadcast.

Mobile Multicast in Hierarchical Proxy Mobile IPV6

Science.gov (United States)

Hafizah Mohd Aman, Azana; Hashim, Aisha Hassan A.; Mustafa, Amin; Abdullah, Khaizuran

2013-12-01

Mobile Internet Protocol Version 6 (MIPv6) environments have been developing very rapidly. Many challenges arise with the fast progress of MIPv6 technologies and its environment. Therefore the importance of improving the existing architecture and operations increases. One of the many challenges which need to be addressed is the need for performance improvement to support mobile multicast. Numerous approaches have been proposed to improve mobile multicast performance. This includes Context Transfer Protocol (CXTP), Hierarchical Mobile IPv6 (HMIPv6), Fast Mobile IPv6 (FMIPv6) and Proxy Mobile IPv6 (PMIPv6). This document describes multicast context transfer in hierarchical proxy mobile IPv6 (H-PMIPv6) to provide better multicasting performance in PMIPv6 domain.

All-optical broadcast and multicast technologies based on PPLN waveguide

DEFF Research Database (Denmark)

Ye, Lingyun; Wang, Ju; Hu, Hao

2013-01-01

All-optical 1×4 broadcast and 1×3 multicast experiments of a 40-Gb/s return-to-zero on-off keying (RZ-OOK) signal based on a periodically poled lithium niobate (PPLN) waveguide are demonstrated in this letter. Clear opened eye diagrams and error-free performance are achieved for the broadcast...

Multicast Performance Analysis for High-Speed Torus Networks

National Research Council Canada - National Science Library

Oral, S; George, A

2002-01-01

... for unicast-based and path-based multicast communication on high-speed torus networks. Software-based multicast performance results of selected algorithms on a 16-node Scalable Coherent Interface (SCI) torus are given...

An Optical Multicast Routing with Minimal Network Coding Operations in WDM Networks

Directory of Open Access Journals (Sweden)

Huanlin Liu

2014-01-01

Full Text Available Network coding can improve the optical multicast routing performance in terms of network throughput, bandwidth utilization, and traffic load balance. But network coding needs high encoding operations costs in all-optical WDM networks due to shortage of optical RAM. In the paper, the network coding operation is defined to evaluate the number of network coding operation cost in the paper. An optical multicast routing algorithm based on minimal number of network coding operations is proposed to improve the multicast capacity. Two heuristic criteria are designed to establish the multicast routing with low network coding cost and high multicast capacity. One is to select one path from the former K shortest paths with the least probability of dropping the multicast maximal capacity. The other is to select the path with lowest potential coding operations with the highest link shared degree among the multiple wavelength disjoint paths cluster from source to each destination. Comparing with the other multicast routing based on network coding, simulation results show that the proposed multicast routing algorithm can effectively reduce the times of network coding operations, can improve the probability of reaching multicast maximal capacity, and can keep the less multicast routing link cost for optical WDM networks.

A SURVEY ON MULTICAST ROUTING PROTOCOLS FOR PERFORMANCE EVALUATION IN WIRELESS SENSOR NETWORK

Directory of Open Access Journals (Sweden)

A. Suruliandi

2015-03-01

Full Text Available Multicast is a process used to transfer same message to multiple receivers at the same time. This paper presents the simulation and analysis of the performance of six different multicast routing protocols for Wireless Sensor Network (WSN. They are On Demand Multicast Routing Protocol (ODMRP, Protocol for Unified Multicasting through Announcement (PUMA, Multicast Adhoc On demand Distance Vector Protocol (MAODV, Overlay Boruvka-based Adhoc Multicast Protocol (OBAMP, Application Layer Multicast Algorithm (ALMA and enhanced version of ALMA (ALMA-H for WSN. Among them, ODMRP, MAODV and PUMA are reactive protocols while OBAMP, ALMA and ALMA-H are proactive protocols. This paper compares the performance of these protocols with common parameters such as Throughput, Reliability, End-to-End delay and Packet Delivery Ratio (PDR with increasing the numbers of nodes and increasing the speed of the nodes. The main objective of this work is to select the efficient multicast routing protocol for WSN among six multicast routing protocol based on relative strength and weakness of each protocol. The summary of above six multicast routing protocols is presented with a table of different performance characteristics. Experimental result shows that ODMRP attains higher throughput, reliability and higher packet delivery ratio than other multicast routing protocol, while incurring far less end-to-end delay.

IP over optical multicasting for large-scale video delivery

Science.gov (United States)

Jin, Yaohui; Hu, Weisheng; Sun, Weiqiang; Guo, Wei

2007-11-01

In the IPTV systems, multicasting will play a crucial role in the delivery of high-quality video services, which can significantly improve bandwidth efficiency. However, the scalability and the signal quality of current IPTV can barely compete with the existing broadcast digital TV systems since it is difficult to implement large-scale multicasting with end-to-end guaranteed quality of service (QoS) in packet-switched IP network. China 3TNet project aimed to build a high performance broadband trial network to support large-scale concurrent streaming media and interactive multimedia services. The innovative idea of 3TNet is that an automatic switched optical networks (ASON) with the capability of dynamic point-to-multipoint (P2MP) connections replaces the conventional IP multicasting network in the transport core, while the edge remains an IP multicasting network. In this paper, we will introduce the network architecture and discuss challenges in such IP over Optical multicasting for video delivery.

Implementing Resource-aware Multicast Forwarding in Software Defined Networks

DEFF Research Database (Denmark)

Poderys, Justas; Sunny, Anjusha; Soler, José

2018-01-01

Using multicast data transmissions, data can be eciently distributed to a high number of network users. However, in order to ef-ciently stream multimedia using multicast communication, multicast routing protocols must have knowledge of all network links and their available bandwidth. In Software......-Karp algorithm, by taking into account network topology and links load information. This paper presents the algorithm, implementation details, and an analysis of the testing results....

Reliable multicast for the Grid: a case study in experimental computer science.

Science.gov (United States)

Nekovee, Maziar; Barcellos, Marinho P; Daw, Michael

2005-08-15

In its simplest form, multicast communication is the process of sending data packets from a source to multiple destinations in the same logical multicast group. IP multicast allows the efficient transport of data through wide-area networks, and its potentially great value for the Grid has been highlighted recently by a number of research groups. In this paper, we focus on the use of IP multicast in Grid applications, which require high-throughput reliable multicast. These include Grid-enabled computational steering and collaborative visualization applications, and wide-area distributed computing. We describe the results of our extensive evaluation studies of state-of-the-art reliable-multicast protocols, which were performed on the UK's high-speed academic networks. Based on these studies, we examine the ability of current reliable multicast technology to meet the Grid's requirements and discuss future directions.

IMPLEMENTASI IP V 6 MULTICAST DALAM JARINGAN WIRELESS

Directory of Open Access Journals (Sweden)

Dessyanto Boedi Prasetyo

2015-04-01

Full Text Available Teleconferencing is a media technology to create a long-distance communication of audio data and video can also be data. With teleconferencing you can perform a communication with another person that much with a relatively low cost. At this time the use of computers in a network more complex. Some time ago has developed a new network protocol, the IPv6 is a solution to overcome the deficiencies found on previous generation protocol is IPv4 Multicast is a communication mechanism of one-to-many, or point-to-multipoint. In IPv6 technology, multicast is a basic feature and has become the standard specification of every router. In the implementation is done using IPv6 multicast teleconferencing application on the LAN network topology. At the teleconference has been observed with the amount of traffic parameters that occurred during the last teleconference. Used in this study SDR and RAT teleconferencing applications. SDR (Session Directory Tool and RAT (Robust Audio Tool used for teleconferencing, which is part of the MBone tools. Protocol MLD (Multicast Listener Directory is also used in this study for multicast signaling can run well.

Evaluating multicast resilience in carrier ethernet

DEFF Research Database (Denmark)

Ruepp, Sarah Renée; Wessing, Henrik; Zhang, Jiang

2010-01-01

This paper gives an overview of the Carrier Ethernet technology with specific focus on resilience. In particular, we show how multicast traffic, which is essential for IPTV can be protected. We detail the ackground for resilience mechanisms and their control and e present Carrier Ethernet...... resilience methods for linear nd ring networks. By simulation we show that the vailability of a multicast connection can be significantly increased by applying protection methods....

Multicast routing for wavelength-routed WDM networks with dynamic membership

Science.gov (United States)

Huang, Nen-Fu; Liu, Te-Lung; Wang, Yao-Tzung; Li, Bo

2000-09-01

Future broadband networks must support integrated services and offer flexible bandwidth usage. In our previous work, we explore the optical link control layer on the top of optical layer that enables the possibility of bandwidth on-demand service directly over wavelength division multiplexed (WDM) networks. Today, more and more applications and services such as video-conferencing software and Virtual LAN service require multicast support over the underlying networks. Currently, it is difficult to provide wavelength multicast over the optical switches without optical/electronic conversions although the conversion takes extra cost. In this paper, based on the proposed wavelength router architecture (equipped with ATM switches to offer O/E and E/O conversions when necessary), a dynamic multicast routing algorithm is proposed to furnish multicast services over WDM networks. The goal is to joint a new group member into the multicast tree so that the cost, including the link cost and the optical/electronic conversion cost, is kept as less as possible. The effectiveness of the proposed wavelength router architecture as well as the dynamic multicast algorithm is evaluated by simulation.

VMCast: A VM-Assisted Stability Enhancing Solution for Tree-Based Overlay Multicast.

Directory of Open Access Journals (Sweden)

Weidong Gu

Full Text Available Tree-based overlay multicast is an effective group communication method for media streaming applications. However, a group member's departure causes all of its descendants to be disconnected from the multicast tree for some time, which results in poor performance. The above problem is difficult to be addressed because overlay multicast tree is intrinsically instable. In this paper, we proposed a novel stability enhancing solution, VMCast, for tree-based overlay multicast. This solution uses two types of on-demand cloud virtual machines (VMs, i.e., multicast VMs (MVMs and compensation VMs (CVMs. MVMs are used to disseminate the multicast data, whereas CVMs are used to offer streaming compensation. The used VMs in the same cloud datacenter constitute a VM cluster. Each VM cluster is responsible for a service domain (VMSD, and each group member belongs to a specific VMSD. The data source delivers the multicast data to MVMs through a reliable path, and MVMs further disseminate the data to group members along domain overlay multicast trees. The above approach structurally improves the stability of the overlay multicast tree. We further utilized CVM-based streaming compensation to enhance the stability of the data distribution in the VMSDs. VMCast can be used as an extension to existing tree-based overlay multicast solutions, to provide better services for media streaming applications. We applied VMCast to two application instances (i.e., HMTP and HCcast. The results show that it can obviously enhance the stability of the data distribution.

Optimización multiobjetivo para enrutamiento multicast en overlay networks utilizando algoritmos evolutivos Multiobjective Optimization for Multicast Routing in Overlay Networks using Evolutionary Algorithms

Directory of Open Access Journals (Sweden)

Juan Carlos Montoya M.

2008-06-01

Full Text Available Multicast juega un papel muy importante para soportar una nueva generación de aplicaciones. En la actualidad y por diferentes razones, técnicas y no técnicas, multicast IP no ha sido totalmente adoptado en Internet. Durante los últimos a˜nos, un área de investigación activa es la de implementar este tipo de tráfico desde la perspectiva del nivel de aplicación, donde la funcionalidad de multicast no es responsabilidad de los enrutadores sino de los hosts, a lo que se le conoce como Multicast Overlay Network (MON. En este artículo se plantea el enrutamiento en MON como un problema de Optimización Multiobjetivo (MOP donde se optimizan dos funciones: 1 el retardo total extremo a extremo del árbol multicast, y 2 la máxima utilización de los enlaces. La optimización simultánea de estas dos funciones es un problema NP completo y para resolverlo se propone utilizar Algoritmos Evolutivos Multiobjetivos (MOEA, específicamente NSGAIMulticast plays an important role in supporting a new generation of applications. At present and for different reasons, technical and non–technical, multicast IP hasn’t yet been totally adopted for Internet. During recent years, an active area of research is that of implementing this kind of traffic in the application layer where the multicast functionality isn´t a responsibility of the routers but that of the hosts, which we know as Multicast Overlay Networks (MON. In this article, routing in an MON is put forward as a multiobjective optimization problem (MOP where two functions are optimized: 1 the total end to end delay of the multicast tree and 2 the maximum link utilization. The simultaneous optimization of these two functions is an NP–Complete problem and to solve this we suggest using Multiobjective Evolutionary Algorithms (MOEA, specifically NSGA–II.

Multicasting in Wireless Communications (Ad-Hoc Networks): Comparison against a Tree-Based Approach

Science.gov (United States)

Rizos, G. E.; Vasiliadis, D. C.

2007-12-01

We examine on-demand multicasting in ad hoc networks. The Core Assisted Mesh Protocol (CAMP) is a well-known protocol for multicast routing in ad-hoc networks, generalizing the notion of core-based trees employed for internet multicasting into multicast meshes that have much richer connectivity than trees. On the other hand, wireless tree-based multicast routing protocols use much simpler structures for determining route paths, using only parent-child relationships. In this work, we compare the performance of the CAMP protocol against the performance of wireless tree-based multicast routing protocols, in terms of two important factors, namely packet delay and ratio of dropped packets.

Construction of Light-trees for WDM Multicasting under Splitting Capability Constraints

DEFF Research Database (Denmark)

Zsigri, Anikó; Guitton, A.; Molnár, M.

2003-01-01

Communication systems with all-optical multicasting have better performance than those using optical/electrical/optical conversion. Multicast protocols assume that all nodes in the network can forward the signal from one input to several outputs. Since fabrication of an optical switch with splitt......Communication systems with all-optical multicasting have better performance than those using optical/electrical/optical conversion. Multicast protocols assume that all nodes in the network can forward the signal from one input to several outputs. Since fabrication of an optical switch...

Resource Allocation Management for Broadcast/Multicast Services

OpenAIRE

Fuente Iglesias, Alejandro de la; Pérez Leal, Raquel; García-Armada, Ana

2015-01-01

Ponencia presentada en: XXX Simposium Nacional de la Unión Científica Internacional de Radio, los dias 2 y 4 septiembre 2015, en Pamplona (españa). Video services are expected to become more than 70% of the mobile traffic in 2020. Broadcast and multicast service is the most efficient mechanism to deliver the same content to many users. Not only focusing on venue casting, but also distributing many other media such as software updates and breaking news, 5G broadcasting is a key driver to a...

Integrating security in a group oriented distributed system

Science.gov (United States)

Reiter, Michael; Birman, Kenneth; Gong, LI

1992-01-01

A distributed security architecture is proposed for incorporation into group oriented distributed systems, and in particular, into the Isis distributed programming toolkit. The primary goal of the architecture is to make common group oriented abstractions robust in hostile settings, in order to facilitate the construction of high performance distributed applications that can tolerate both component failures and malicious attacks. These abstractions include process groups and causal group multicast. Moreover, a delegation and access control scheme is proposed for use in group oriented systems. The focus is the security architecture; particular cryptosystems and key exchange protocols are not emphasized.

A Multicast Sparse-Grooming Algorithm Based on Network Coding in WDM Networks

Science.gov (United States)

Zhang, Shengfeng; Peng, Han; Sui, Meng; Liu, Huanlin

2015-03-01

To improve the limited number of wavelength utilization and decrease the traffic blocking probability in sparse-grooming wavelength-division multiplexing (WDM) networks, a multicast sparse-grooming algorithm based on network coding (MCSA-NC) is put forward to solve the routing problem for dynamic multicast requests in this paper. In the proposed algorithm, a traffic partition strategy, that the coarse-granularity multicast request with grooming capability on the source node is split into several fine-granularity multicast requests, is designed so as to increase the probability for traffic grooming successfully in MCSA-NC. Besides considering that multiple destinations should receive the data from source of the multicast request at the same time, the traditional transmission mechanism is improved by constructing edge-disjoint paths for each split multicast request. Moreover, in order to reduce the number of wavelengths required and further decrease the traffic blocking probability, a light-tree reconfiguration mechanism is presented in the MCSA-NC, which can select a minimal cost light tree from the established edge-disjoint paths for a new multicast request.

An Efficient SDN Multicast Architecture for Dynamic Industrial IoT Environments

Directory of Open Access Journals (Sweden)

Hyeong-Su Kim

2018-01-01

Full Text Available Large-scale industrial IoT services appear in smart factory domains such as factory clouds which integrate distributed small factories into a large virtual factory with dynamic combination based on orders of consumers. A smart factory has so many industrial elements including various sensors/actuators, gateways, controllers, application servers, and IoT clouds. Since there are complex connections and relations, it is hard to handle them in point-to-point manner. In addition, many duplicated traffics are exchanged between them through the Internet. Multicast is believed as an effective many-to-many communication mechanism by establishing multicast trees between sources and receivers. There are, however, some issues for adopting multicast to large-scale industrial IoT services in terms of QoS. In this paper, we propose a novel software-defined network multicast based on group shared tree which includes near-receiver rendezvous point selection algorithm and group shared tree switching mechanism. As a result, the proposed multicast mechanism can reduce the packet loss by 90% compared to the legacy methods under severe congestion condition. GST switching method obtains to decreased packet delay effect, respectively, 2%, 20% better than the previously studied multicast and the legacy SDN multicast.

Deploying Next Generation Multicast-enabled Applications Label Switched Multicast for MPLS VPNs, VPLS, and Wholesale Ethernet

CERN Document Server

Joseph, Vinod

2011-01-01

The growth, scale, and prominence of video applications over the years have placed emphasis on the most scalable and efficient way to deliver multi-play content (voice, video and data) to the end user. Multicast is the most effective and efficient carrier of video applications from a network standpoint. Financial organizations deploy large-scale multicast infrastructures to enable trading and e-commerce. The introduction of 4G and beyond makes this technology even more indispensible since mobile operators need an efficient mechanism to deliver repetitive content to many a handset, and multicas

Merging Network Coding with Feedback Management in Multicast Streaming

DEFF Research Database (Denmark)

Moreira, André; Almeida, Luis; Roetter, Daniel Enrique Lucani

2015-01-01

Reliable multicast over wireless poses interesting challenges arising from the unreliable nature of the wireless medium. Recovering lost packets is particularly challenging in multicast scenarios since different receivers lose different packets. For this reason, simply retransmitting packets does...

Efficient round-robin multicast scheduling for input-queued switches

DEFF Research Database (Denmark)

Rasmussen, Anders; Yu, Hao; Ruepp, Sarah Renée

2014-01-01

The input-queued (IQ) switch architecture is favoured for designing multicast high-speed switches because of its scalability and low implementation complexity. However, using the first-in-first-out (FIFO) queueing discipline at each input of the switch may cause the head-of-line (HOL) blocking...... problem. Using a separate queue for each output port at an input to reduce the HOL blocking, that is, the virtual output queuing discipline, increases the implementation complexity, which limits the scalability. Given the increasing link speed and network capacity, a low-complexity yet efficient multicast...... by means of queue look-ahead. Simulation results demonstrate that this FIFO-based IQ multicast architecture is able to achieve significant improvements in terms of multicast latency requirements by searching through a small number of cells beyond the HOL cells in the input queues. Furthermore, hardware...

Experimental characterization of a new multicasting node architecture based on space splitters and wavelength converters

Science.gov (United States)

He, Hao; Su, Yikai; Hu, Peigang; Hu, Weisheng

2005-11-01

IPTV-based broadband services such as interactive multimedia and video conferencing are considered as promising revenue-adding services, and multicast is proven to be a good supplier to support these applications for its reduced consumption of network bandwidth. Generally there are two approaches to implement optical layer multicast. One is space-domain multicast using space-splitter which is low cost but has wavelength continuity constraint, the other is frequency-domain multicast using wavelength converter which resolves the wavelength continuity but with high costs. A new multicasting node which adopts both space-domain multicast and frequency-domain multicast is recently discussed. In this paper we present an experimental demonstration of the new multicasting node architecture based on space splitters and wavelength converters, measurements to characterize such a node are provided.

Dynamic multicast routing scheme in WDM optical network

Science.gov (United States)

Zhu, Yonghua; Dong, Zhiling; Yao, Hong; Yang, Jianyong; Liu, Yibin

2007-11-01

During the information era, the Internet and the service of World Wide Web develop rapidly. Therefore, the wider and wider bandwidth is required with the lower and lower cost. The demand of operation turns out to be diversified. Data, images, videos and other special transmission demands share the challenge and opportunity with the service providers. Simultaneously, the electrical equipment has approached their limit. So the optical communication based on the wavelength division multiplexing (WDM) and the optical cross-connects (OXCs) shows great potentials and brilliant future to build an optical network based on the unique technical advantage and multi-wavelength characteristic. In this paper, we propose a multi-layered graph model with inter-path between layers to solve the problem of multicast routing wavelength assignment (RWA) contemporarily by employing an efficient graph theoretic formulation. And at the same time, an efficient dynamic multicast algorithm named Distributed Message Copying Multicast (DMCM) mechanism is also proposed. The multicast tree with minimum hops can be constructed dynamically according to this proposed scheme.

Maximization Network Throughput Based on Improved Genetic Algorithm and Network Coding for Optical Multicast Networks

Science.gov (United States)

Wei, Chengying; Xiong, Cuilian; Liu, Huanlin

2017-12-01

Maximal multicast stream algorithm based on network coding (NC) can improve the network's throughput for wavelength-division multiplexing (WDM) networks, which however is far less than the network's maximal throughput in terms of theory. And the existing multicast stream algorithms do not give the information distribution pattern and routing in the meantime. In the paper, an improved genetic algorithm is brought forward to maximize the optical multicast throughput by NC and to determine the multicast stream distribution by hybrid chromosomes construction for multicast with single source and multiple destinations. The proposed hybrid chromosomes are constructed by the binary chromosomes and integer chromosomes, while the binary chromosomes represent optical multicast routing and the integer chromosomes indicate the multicast stream distribution. A fitness function is designed to guarantee that each destination can receive the maximum number of decoding multicast streams. The simulation results showed that the proposed method is far superior over the typical maximal multicast stream algorithms based on NC in terms of network throughput in WDM networks.

Many-to-Many Multicast Routing Schemes under a Fixed Topology

Directory of Open Access Journals (Sweden)

Wei Ding

2013-01-01

Full Text Available Many-to-many multicast routing can be extensively applied in computer or communication networks supporting various continuous multimedia applications. The paper focuses on the case where all users share a common communication channel while each user is both a sender and a receiver of messages in multicasting as well as an end user. In this case, the multicast tree appears as a terminal Steiner tree (TeST. The problem of finding a TeST with a quality-of-service (QoS optimization is frequently NP-hard. However, we discover that it is a good idea to find a many-to-many multicast tree with QoS optimization under a fixed topology. In this paper, we are concerned with three kinds of QoS optimization objectives of multicast tree, that is, the minimum cost, minimum diameter, and maximum reliability. All of three optimization problems are distributed into two types, the centralized and decentralized version. This paper uses the dynamic programming method to devise an exact algorithm, respectively, for the centralized and decentralized versions of each optimization problem.

Stateless multicast switching in software defined networks

OpenAIRE

Reed, Martin J.; Al-Naday, Mays; Thomos, Nikolaos; Trossen, Dirk; Petropoulos, George; Spirou, Spiros

2016-01-01

Multicast data delivery can significantly reduce traffic in operators' networks, but has been limited in deployment due to concerns such as the scalability of state management. This paper shows how multicast can be implemented in contemporary software defined networking (SDN) switches, with less state than existing unicast switching strategies, by utilising a Bloom Filter (BF) based switching technique. Furthermore, the proposed mechanism uses only proactive rule insertion, and thus, is not l...

Connectivity-Based Reliable Multicast MAC Protocol for IEEE 802.11 Wireless LANs

Directory of Open Access Journals (Sweden)

Woo-Yong Choi

2009-01-01

Full Text Available We propose the efficient reliable multicast MAC protocol based on the connectivity information among the recipients. Enhancing the BMMM (Batch Mode Multicast MAC protocol, the reliable multicast MAC protocol significantly reduces the RAK (Request for ACK frame transmissions in a reasonable computational time and enhances the MAC performance. By the analytical performance analysis, the throughputs of the BMMM protocol and our proposed MAC protocol are derived. Numerical examples show that our proposed MAC protocol increases the reliable multicast MAC performance for IEEE 802.11 wireless LANs.

Security for Key Management Interfaces

OpenAIRE

Kremer , Steve; Steel , Graham; Warinschi , Bogdan

2011-01-01

International audience; We propose a much-needed formal definition of security for cryptographic key management APIs. The advantages of our definition are that it is general, intuitive, and applicable to security proofs in both symbolic and computational models of cryptography. Our definition relies on an idealized API which allows only the most essential functions for generating, exporting and importing keys, and takes into account dynamic corruption of keys. Based on this we can define the ...

Cooperative relay-based multicasting for energy and delay minimization

KAUST Repository

Atat, Rachad

2012-08-01

Relay-based multicasting for the purpose of cooperative content distribution is studied. Optimized relay selection is performed with the objective of minimizing the energy consumption or the content distribution delay within a cluster of cooperating mobiles. Two schemes are investigated. The first consists of the BS sending the data only to the relay, and the second scheme considers the scenario of threshold-based multicasting by the BS, where a relay is selected to transmit the data to the mobiles that were not able to receive the multicast data. Both schemes show significant superiority compared to the non-cooperative scenarios, in terms of energy consumption and delay reduction. © 2012 IEEE.

A novel WDM passive optical network architecture supporting two independent multicast data streams

Science.gov (United States)

Qiu, Yang; Chan, Chun-Kit

2012-01-01

We propose a novel scheme to perform optical multicast overlay of two independent multicast data streams on a wavelength-division-multiplexed (WDM) passive optical network. By controlling a sinusoidal clock signal and shifting the wavelength at the optical line terminal (OLT), the delivery of the two multicast data, being carried by the generated optical tones, can be independently and flexibly controlled. Simultaneous transmission of 10-Gb/s unicast downstream and upstream data as well as two independent 10-Gb/s multicast data was successfully demonstrated.

Fundamental quantitative security in quantum key generation

International Nuclear Information System (INIS)

Yuen, Horace P.

2010-01-01

We analyze the fundamental security significance of the quantitative criteria on the final generated key K in quantum key generation including the quantum criterion d, the attacker's mutual information on K, and the statistical distance between her distribution on K and the uniform distribution. For operational significance a criterion has to produce a guarantee on the attacker's probability of correctly estimating some portions of K from her measurement, in particular her maximum probability of identifying the whole K. We distinguish between the raw security of K when the attacker just gets at K before it is used in a cryptographic context and its composition security when the attacker may gain further information during its actual use to help get at K. We compare both of these securities of K to those obtainable from conventional key expansion with a symmetric key cipher. It is pointed out that a common belief in the superior security of a quantum generated K is based on an incorrect interpretation of d which cannot be true, and the security significance of d is uncertain. Generally, the quantum key distribution key K has no composition security guarantee and its raw security guarantee from concrete protocols is worse than that of conventional ciphers. Furthermore, for both raw and composition security there is an exponential catch-up problem that would make it difficult to quantitatively improve the security of K in a realistic protocol. Some possible ways to deal with the situation are suggested.

An efficient mechanism for dynamic survivable multicast traffic grooming

Science.gov (United States)

Yu, Xiaojun; Xiao, Gaoxi; Cheng, Tee Hiang

2015-06-01

Recent advances in wavelength division multiplexing (WDM) networks have helped enhance the popularity of multicasting services. However, as a single network failure may disrupt the information transmission to multiple end-users, protecting multicast requests against network failures becomes an important issue in network operation. This paper investigates the sub-wavelength level protection for dynamic multicast traffic grooming. A new method named lightpath-fragmentation based segment shared protection (LF-SSP) scheme is proposed. By carefully splitting primary/backup lightpaths into segments to improve resource sharing for both traffic grooming and protection, LF-SSP aims to minimize the network resources allocated for request protection. Extensive simulations are carried out to compare the performance of LF-SSP to some existing approaches, on sub-wavelength-level as well as wavelength-level multicast protections in different cases. Results show that LF-SSP steadily outperforms these existing methods as long as the network resources are not too limited. Influences of the add/drop port resources and the average number of destinations per connection request on the LF-SSP performance are also evaluated.

A multicast tree aggregation algorithm in wavelength-routed WDM networks

Science.gov (United States)

Cheng, Hsu-Chen; Kuo, Chin-Chun; Lin, Frank Y.

2005-02-01

Wavelength division multiplexing (WDM) has been considered a promising transmission technology in optical communication networks. With the continuous advance in optical technology, WDM network will play an important role in wide area backbone networks. Optical wavelength switching, compared with optical packet switching, is a more mature and more cost-effective choice for optical switching technologies. Besides, the technology of time division multiplexing in optical communication networks has been working smoothly for a long time. In the proposed research, the problem of multicast groups aggregation and multicast routing and wavelength assignment in wavelength-routed WDM network is studied. The optical cross connect switches in the problem are assumed to have limited optical multicast/splitting and TDM functionalities. Given the physical network topology and capacity, the objective is to maximize the total revenue by means of utmost merging multicast groups into larger macro-groups. The groups in the same macro-group will share a multicast tree to conduct data transmission. The problem is formulated as an optimization problem, where the objective function is to maximize the total revenue subject to capacity constraints of components in the optical network, wavelength continuity constraints, and tree topology constraints. The decision variables in the formulations include the merging results between groups, multicast tree routing assignment and wavelength assignment. The basic approach to the algorithm development for this model is Lagrangean relaxation in conjunction with a number of optimization techniques. In computational experiments, the proposed algorithms are evaluated on different network topologies and perform efficiently and effectively according to the experiment results.

Integration of look-ahead multicast and unicast scheduling for input-queued cell switches

DEFF Research Database (Denmark)

Yu, Hao; Ruepp, Sarah Renée; Berger, Michael Stübert

2012-01-01

This paper presents an integration of multicast and unicast traffic scheduling algorithms for input-queued cell switches. The multi-level round-robin multicast scheduling (ML-RRMS) algorithm with the look-ahead (LA) mechanism provides a highly scalable architecture and is able to reduce the head...... module that filters out the conflicting requests to ensure fairness. Simulation results show that comparing with the scheme using WBA for the multicast scheduling, the scheme proposed in this paper reduces the HOL blocking problem for multicast traffic and provides a significant improvement in terms...

A Scalable and Fault-Tolerant Architecture for Internet Multicasting Using Meshes

National Research Council Canada - National Science Library

Garcia-Luna-Aceves, J. J; Balasubramaniyan, Saravanan; Balakrishnan, Ramesh

2002-01-01

... communication within a group. A new protocol is presented for the creation and management of multicast meshes that substitute for the traditional multicast trees as the underlying routing structure for multipoint communication within groups...

A Novel OBDD-Based Reliability Evaluation Algorithm for Wireless Sensor Networks on the Multicast Model

Directory of Open Access Journals (Sweden)

Zongshuai Yan

2015-01-01

Full Text Available The two-terminal reliability calculation for wireless sensor networks (WSNs is a #P-hard problem. The reliability calculation of WSNs on the multicast model provides an even worse combinatorial explosion of node states with respect to the calculation of WSNs on the unicast model; many real WSNs require the multicast model to deliver information. This research first provides a formal definition for the WSN on the multicast model. Next, a symbolic OBDD_Multicast algorithm is proposed to evaluate the reliability of WSNs on the multicast model. Furthermore, our research on OBDD_Multicast construction avoids the problem of invalid expansion, which reduces the number of subnetworks by identifying the redundant paths of two adjacent nodes and s-t unconnected paths. Experiments show that the OBDD_Multicast both reduces the complexity of the WSN reliability analysis and has a lower running time than Xing’s OBDD- (ordered binary decision diagram- based algorithm.

Design, Implementation, and Performance Evaluation of Efficient PMIPv6 Based Mobile Multicast Sender Support Schemes

Directory of Open Access Journals (Sweden)

Lili Wang

2015-01-01

Full Text Available Proxy Mobile IPv6 (PMIPv6 is proposed as a promising network-based mobility management protocol, which does not need any participation of mobile nodes. PMIPv6 does not support the multicast well and most of the current research concentrates on the mobile multicast receiver. However, the mobile multicast sender is also very important and challenging, which has not been addressed well. Therefore, in this paper we propose two efficient PMIPv6 based mobile multicast sender support schemes which are PMIP bidirectional tunneling (PMIP-BT and PMIP direct routing (PMIP-DR. In the PMIP-BT, the multicast traffic can be delivered through the PMIPv6 bidirectional tunnel, while, in the PMIP-DR, the multicast data can be transmitted via an optimized direct multicast routing. Both of them can support the multicast sender mobility transparently enabled in the PMIPv6 networks. We evaluate the performance of the proposed schemes by theoretical analysis, and the numerical results show that the proposed schemes have a better performance in terms of the signaling cost than the current schemes. Meanwhile, the proposed schemes are also implemented on the test bed, and the experimental results not only verify the validity and feasibility of our proposed schemes, but also conclude the different scenarios to which they are applicable.

Transmission techniques for emergent multicast and broadcast systems

CERN Document Server

da Silva, Mario Marques; Dinis, Rui; Souto, Nuno; Silva, Joao Carlos

2010-01-01

Describing efficient transmission schemes for broadband wireless systems, Transmission Techniques for Emergent Multicast and Broadcast Systems examines advances in transmission techniques and receiver designs capable of supporting the emergent wireless needs for multimedia broadcast and multicast service (MBMS) requirements. It summarizes the research and development taking place in wireless communications for multimedia MBMS and addresses the means to improved spectral efficiency to allow for increased user bit rate, as well as increased capacity of the digital cellular radio network.The text

Hybrid digital-analog video transmission in wireless multicast and multiple-input multiple-output system

Science.gov (United States)

Liu, Yu; Lin, Xiaocheng; Fan, Nianfei; Zhang, Lin

2016-01-01

Wireless video multicast has become one of the key technologies in wireless applications. But the main challenge of conventional wireless video multicast, i.e., the cliff effect, remains unsolved. To overcome the cliff effect, a hybrid digital-analog (HDA) video transmission framework based on SoftCast, which transmits the digital bitstream with the quantization residuals, is proposed. With an effective power allocation algorithm and appropriate parameter settings, the residual gains can be maximized; meanwhile, the digital bitstream can assure transmission of a basic video to the multicast receiver group. In the multiple-input multiple-output (MIMO) system, since nonuniform noise interference on different antennas can be regarded as the cliff effect problem, ParCast, which is a variation of SoftCast, is also applied to video transmission to solve it. The HDA scheme with corresponding power allocation algorithms is also applied to improve video performance. Simulations show that the proposed HDA scheme can overcome the cliff effect completely with the transmission of residuals. What is more, it outperforms the compared WSVC scheme by more than 2 dB when transmitting under the same bandwidth, and it can further improve performance by nearly 8 dB in MIMO when compared with the ParCast scheme.

Pseudo-Cycle-Based Multicast Routing in Wormhole-Routed Networks

Institute of Scientific and Technical Information of China (English)

SONG JianPing (宋建平); HOU ZiFeng (侯紫峰); XU Ming (许铭)

2003-01-01

This paper addresses the problem of fault-tolerant multicast routing in wormholerouted multicomputers. A new pseudo-cycle-based routing method is presented for constructing deadlock-free multicast routing algorithms. With at most two virtual channels this technique can be applied to any connected networks with arbitrary topologies. Simulation results show that this technique results in negligible performance degradation even in the presence of a large number of faulty nodes.

Multisites Coordination in Shared Multicast Trees

National Research Council Canada - National Science Library

Dommel, H-P; Garcia-Luna-Aceves, J. J

1999-01-01

.... The protocol supports Internet-wide coordination for large and highly interactive groupwork, relying on transmission of coordination directives between group members across a shared end-to-end multicast tree...

Public key infrastructure for DOE security research

Energy Technology Data Exchange (ETDEWEB)

Aiken, R.; Foster, I.; Johnston, W.E. [and others

1997-06-01

This document summarizes the Department of Energy`s Second Joint Energy Research/Defence Programs Security Research Workshop. The workshop, built on the results of the first Joint Workshop which reviewed security requirements represented in a range of mission-critical ER and DP applications, discussed commonalties and differences in ER/DP requirements and approaches, and identified an integrated common set of security research priorities. One significant conclusion of the first workshop was that progress in a broad spectrum of DOE-relevant security problems and applications could best be addressed through public-key cryptography based systems, and therefore depended upon the existence of a robust, broadly deployed public-key infrastructure. Hence, public-key infrastructure ({open_quotes}PKI{close_quotes}) was adopted as a primary focus for the second workshop. The Second Joint Workshop covered a range of DOE security research and deployment efforts, as well as summaries of the state of the art in various areas relating to public-key technologies. Key findings were that a broad range of DOE applications can benefit from security architectures and technologies built on a robust, flexible, widely deployed public-key infrastructure; that there exists a collection of specific requirements for missing or undeveloped PKI functionality, together with a preliminary assessment of how these requirements can be met; that, while commercial developments can be expected to provide many relevant security technologies, there are important capabilities that commercial developments will not address, due to the unique scale, performance, diversity, distributed nature, and sensitivity of DOE applications; that DOE should encourage and support research activities intended to increase understanding of security technology requirements, and to develop critical components not forthcoming from other sources in a timely manner.

Demonstration of flexible multicasting and aggregation functionality for TWDM-PON

Science.gov (United States)

Chen, Yuanxiang; Li, Juhao; Zhu, Paikun; Zhu, Jinglong; Tian, Yu; Wu, Zhongying; Peng, Huangfa; Xu, Yongchi; Chen, Jingbiao; He, Yongqi; Chen, Zhangyuan

2017-06-01

The time- and wavelength-division multiplexed passive optical network (TWDM-PON) has been recognized as an attractive solution to provide broadband access for the next-generation networks. In this paper, we propose flexible service multicasting and aggregation functionality for TWDM-PON utilizing multiple-pump four-wave-mixing (FWM) and cyclic arrayed waveguide grating (AWG). With the proposed scheme, multiple TWDM-PON links share a single optical line terminal (OLT), which can greatly reduce the network deployment expense and achieve efficient network resource utilization by load balancing among different optical distribution networks (ODNs). The proposed scheme is compatible with existing TDM-PON infrastructure with fixed-wavelength OLT transmitter, thus smooth service upgrade can be achieved. Utilizing the proposed scheme, we demonstrate a proof-of-concept experiment with 10-Gb/s OOK and 10-Gb/s QPSK orthogonal frequency division multiplexing (OFDM) signal multicasting and aggregating to seven PON links. Compared with back-to-back (BTB) channel, the newly generated multicasting OOK signal and OFDM signal have power penalty of 1.6 dB and 2 dB at the BER of 10-3, respectively. For the aggregation of multiple channels, no obvious power penalty is observed. What is more, to verify the flexibility of the proposed scheme, we reconfigure the wavelength selective switch (WSS) and adjust the number of pumps to realize flexible multicasting functionality. One to three, one to seven, one to thirteen and one to twenty-one multicasting are achieved without modifying OLT structure.

Secure image retrieval with multiple keys

Science.gov (United States)

Liang, Haihua; Zhang, Xinpeng; Wei, Qiuhan; Cheng, Hang

2018-03-01

This article proposes a secure image retrieval scheme under a multiuser scenario. In this scheme, the owner first encrypts and uploads images and their corresponding features to the cloud; then, the user submits the encrypted feature of the query image to the cloud; next, the cloud compares the encrypted features and returns encrypted images with similar content to the user. To find the nearest neighbor in the encrypted features, an encryption with multiple keys is proposed, in which the query feature of each user is encrypted by his/her own key. To improve the key security and space utilization, global optimization and Gaussian distribution are, respectively, employed to generate multiple keys. The experiments show that the proposed encryption can provide effective and secure image retrieval for each user and ensure confidentiality of the query feature of each user.

Out-of-Sequence Preventative Cell Dispatching for Multicast Input-Queued Space-Memory-Memory Clos-Network

DEFF Research Database (Denmark)

Yu, Hao; Ruepp, Sarah Renée; Berger, Michael Stübert

2011-01-01

This paper proposes two out-of-sequence (OOS) preventative cell dispatching algorithms for the multicast input-queued space-memory-memory (IQ-SMM) Clos-network switch architecture, i.e. the multicast flow-based DSRR (MF-DSRR) and the multicast flow-based round-robin (MFRR). Treating each cell...

The Key to School Security.

Science.gov (United States)

Hotle, Dan

1993-01-01

In addition to legislative accessibility requirements, other security issues facing school administrators who select a security system include the following: access control; user friendliness; durability or serviceability; life safety precautions; possibility of vandalism, theft, and tampering; and key control. Offers steps to take in considering…

Experimental Evaluation of Unicast and Multicast CoAP Group Communication

Directory of Open Access Journals (Sweden)

Isam Ishaq

2016-07-01

Full Text Available The Internet of Things (IoT is expanding rapidly to new domains in which embedded devices play a key role and gradually outnumber traditionally-connected devices. These devices are often constrained in their resources and are thus unable to run standard Internet protocols. The Constrained Application Protocol (CoAP is a new alternative standard protocol that implements the same principals as the Hypertext Transfer Protocol (HTTP, but is tailored towards constrained devices. In many IoT application domains, devices need to be addressed in groups in addition to being addressable individually. Two main approaches are currently being proposed in the IoT community for CoAP-based group communication. The main difference between the two approaches lies in the underlying communication type: multicast versus unicast. In this article, we experimentally evaluate those two approaches using two wireless sensor testbeds and under different test conditions. We highlight the pros and cons of each of them and propose combining these approaches in a hybrid solution to better suit certain use case requirements. Additionally, we provide a solution for multicast-based group membership management using CoAP.

Increase in Multicast OFDM Data Rate in PLC Network using Adaptive LP-OFDM

OpenAIRE

Maiga , Ali; Baudais , Jean-Yves; Hélard , Jean-François

2009-01-01

ISBN: 978-1-4244-3523-4; International audience; Linear precoding (LP) technique applied to OFDM systems has already proved its ability to significantly increase the system throughput in a powerline communication (PLC) context. In this paper, we propose resource allocation algorithms based on the LP technique to increase the multicast OFDM systems bit rate. The conventional multicast capacity is limited by the user which experiences the worst channel conditions. To increase the multicast bit ...

A Contents Encryption Mechanism Using Reused Key in IPTV

Science.gov (United States)

Jeong, Yoon-Su; Kim, Yong-Tae; Cho, Young-Bok; Lee, Ki-Jeong; Park, Gil-Cheol; Lee, Sang-Ho

Recently IPTV is being spotlighted as a new stream service to stably provide video, audio and control signals to subscribers through the application of IP protocol. However, the IPTV system is facing more security threats than the traditional TV. This study proposes a multicasting encryption mechanism for secure transmission of the contents of IPTV by which the content provider encrypts their contents and send the encrypted contents and the key used for encryption of the contents to the user. In order to reduce the time and cost of Head-End, the proposed mechanism encrypts the media contents at the Head-End, embeds the code of the IPTV terminal used at the Head-End in the media contents for user tracking, and performs desynchronization for protection of the media contents from various attacks.

Tunable Sparse Network Coding for Multicast Networks

DEFF Research Database (Denmark)

Feizi, Soheil; Roetter, Daniel Enrique Lucani; Sørensen, Chres Wiant

2014-01-01

This paper shows the potential and key enabling mechanisms for tunable sparse network coding, a scheme in which the density of network coded packets varies during a transmission session. At the beginning of a transmission session, sparsely coded packets are transmitted, which benefits decoding...... complexity. At the end of a transmission, when receivers have accumulated degrees of freedom, coding density is increased. We propose a family of tunable sparse network codes (TSNCs) for multicast erasure networks with a controllable trade-off between completion time performance to decoding complexity...... a mechanism to perform efficient Gaussian elimination over sparse matrices going beyond belief propagation but maintaining low decoding complexity. Supporting simulation results are provided showing the trade-off between decoding complexity and completion time....

WDM Multicast Tree Construction Algorithms and Their Comparative Evaluations

Science.gov (United States)

Makabe, Tsutomu; Mikoshi, Taiju; Takenaka, Toyofumi

We propose novel tree construction algorithms for multicast communication in photonic networks. Since multicast communications consume many more link resources than unicast communications, effective algorithms for route selection and wavelength assignment are required. We propose a novel tree construction algorithm, called the Weighted Steiner Tree (WST) algorithm and a variation of the WST algorithm, called the Composite Weighted Steiner Tree (CWST) algorithm. Because these algorithms are based on the Steiner Tree algorithm, link resources among source and destination pairs tend to be commonly used and link utilization ratios are improved. Because of this, these algorithms can accept many more multicast requests than other multicast tree construction algorithms based on the Dijkstra algorithm. However, under certain delay constraints, the blocking characteristics of the proposed Weighted Steiner Tree algorithm deteriorate since some light paths between source and destinations use many hops and cannot satisfy the delay constraint. In order to adapt the approach to the delay-sensitive environments, we have devised the Composite Weighted Steiner Tree algorithm comprising the Weighted Steiner Tree algorithm and the Dijkstra algorithm for use in a delay constrained environment such as an IPTV application. In this paper, we also give the results of simulation experiments which demonstrate the superiority of the proposed Composite Weighted Steiner Tree algorithm compared with the Distributed Minimum Hop Tree (DMHT) algorithm, from the viewpoint of the light-tree request blocking.

Delay Bounded Multi-Source Multicast in Software-Defined Networking

Directory of Open Access Journals (Sweden)

Thabo Semong

2018-01-01

Full Text Available Software-Defined Networking (SDN is the next generation network architecture with exciting application prospects. The control function in SDN is decoupled from the data forwarding plane, hence it provides a new centralized architecture with flexible network resource management. Although SDN is attracting much attention from both industry and research, its advantage over the traditional networks has not been fully utilized. Multicast is designed to deliver content to multiple destinations. The current traffic engineering in SDN focuses mainly on unicast, however, multicast can effectively reduce network resource consumption by serving multiple clients. This paper studies a novel delay-bounded multi-source multicast SDN problem, in which among the set of potential sources, we select a source to build the multicast-tree, under the constraint that the transmission delay for every destination is bounded. This problem is more difficult than the traditional Steiner minimum tree (SMT problem, since it needs to find a source from the set of all potential sources. We model the problem as a mixed-integer linear programming (MILP and prove its NP-Hardness. To solve the problem, a delay bounded multi-source (DBMS scheme is proposed, which includes a DBMS algorithm to build a minimum delay cost DBMS-Forest. Through a MATLAB experiment, we demonstrate that DBMS is significantly more efficient and outperforms other existing algorithms in the literature.

Optimization of multicast optical networks with genetic algorithm

Science.gov (United States)

Lv, Bo; Mao, Xiangqiao; Zhang, Feng; Qin, Xi; Lu, Dan; Chen, Ming; Chen, Yong; Cao, Jihong; Jian, Shuisheng

2007-11-01

In this letter, aiming to obtain the best multicast performance of optical network in which the video conference information is carried by specified wavelength, we extend the solutions of matrix games with the network coding theory and devise a new method to solve the complex problems of multicast network switching. In addition, an experimental optical network has been testified with best switching strategies by employing the novel numerical solution designed with an effective way of genetic algorithm. The result shows that optimal solutions with genetic algorithm are accordance with the ones with the traditional fictitious play method.

Key on demand (KoD) for software-defined optical networks secured by quantum key distribution (QKD).

Science.gov (United States)

Cao, Yuan; Zhao, Yongli; Colman-Meixner, Carlos; Yu, Xiaosong; Zhang, Jie

2017-10-30

Software-defined optical networking (SDON) will become the next generation optical network architecture. However, the optical layer and control layer of SDON are vulnerable to cyberattacks. While, data encryption is an effective method to minimize the negative effects of cyberattacks, secure key interchange is its major challenge which can be addressed by the quantum key distribution (QKD) technique. Hence, in this paper we discuss the integration of QKD with WDM optical networks to secure the SDON architecture by introducing a novel key on demand (KoD) scheme which is enabled by a novel routing, wavelength and key assignment (RWKA) algorithm. The QKD over SDON with KoD model follows two steps to provide security: i) quantum key pools (QKPs) construction for securing the control channels (CChs) and data channels (DChs); ii) the KoD scheme uses RWKA algorithm to allocate and update secret keys for different security requirements. To test our model, we define a security probability index which measures the security gain in CChs and DChs. Simulation results indicate that the security performance of CChs and DChs can be enhanced by provisioning sufficient secret keys in QKPs and performing key-updating considering potential cyberattacks. Also, KoD is beneficial to achieve a positive balance between security requirements and key resource usage.

QoS Supported IPTV Service Architecture over Hybrid-Tree-Based Explicit Routed Multicast Network

Directory of Open Access Journals (Sweden)

Chih-Chao Wen

2012-01-01

Full Text Available With the rapid advance in multimedia streaming and multicast transport technology, current IP multicast protocols, especially PIM-SM, become the major channel delivery mechanism for IPTV system over Internet. The goals for IPTV service are to provide two-way interactive services for viewers to select popular program channel with high quality for watching during fast channel surfing period. However, existing IP multicast protocol cannot meet above QoS requirements for IPTV applications between media server and subscribers. Therefore, we propose a cooperative scheme of hybrid-tree based on explicit routed multicast, called as HT-ERM to combine the advantages of shared tree and source tree for QoS-supported IPTV service. To increase network utilization, the constrained shortest path first (CSPF routing algorithm is designed for construction of hybrid tree to deliver the high-quality video stream over watching channel and standard quality over surfing channel. Furthermore, the Resource Reservation Protocol- Traffic Engineering (RSVP-TE is used as signaling mechanism to set up QoS path for multicast channel admission control. Our simulation results demonstrated that the proposed HT-ERM scheme outperforms other multicast QoS-based delivery scheme in terms of channel switching delay, resource utilization, and blocking ratio for IPTV service.

Enhanced first-in-first-out-based round-robin multicast scheduling algorithm for input-queued switches

DEFF Research Database (Denmark)

Yu, Hao; Ruepp, Sarah Renée; Berger, Michael Stübert

2011-01-01

This study focuses on the multicast scheduling for M × N input-queued switches. An enhanced first-in-first-out -based round-robin multicast scheduling algorithm is proposed with a function of searching deeper into queues to reduce the head-of-line (HOL) blocking problem and thereby the multicast...... out on the decision matrix to reduce the number of transmission for each cell. To reduce the HOL blocking problem, a complement matrix is constructed based on the traffic matrix and the decision matrix, and a process of searching deeper into the queues is carried out to find cells that can be sent...... to the idle outputs. Simulation results show that the proposed function of searching deeper into the queues can alleviate the HOL blocking and as a result reduce the multicast latency significantly. Under both balanced and unbalanced multicast traffic, the proposed algorithm is able to maintain a stable...

LKHW: A Directed Diffusion-Based Secure Multicast Scheme for Wireless Sensor Networks

NARCIS (Netherlands)

Di Pietro, Roberto; Mancini, Luigi V.; Law, Y.W.; Etalle, Sandro; Havinga, Paul J.M.; Huang, C.H; Ramanujam, J.

2003-01-01

We present a mechanism for securing group communications in Wireless Sensor Networks (WSN). First, we derive an extension of Logical Key Hierarchy (LKH). Then we merge the extension with Directed Diffusion (DD). The resulting protocol, LKHW, combines the advantages of both LKH and DD. In particular,

LKHW: A Directed Diffusion-Based Secure Multicast Scheme for Wireless Sensor Networks

NARCIS (Netherlands)

Di Pietro, Roberto; Mancini, Luigi V.; Law, Y.W.; Etalle, Sandro; Havinga, Paul J.M.

In this paper, we present a mechanism for securing group communications in Wireless Sensor Networks (WSN). First, we derive an extension of Logical Key Hierarchy (LKH). Then we merge the extension with directed diffusion. The resulting protocol, LKHW, combines the advantages of both LKH and directed

Energy-Efficient Multicast Transmission for Underlay Device-to-Device Communications: A Social-Aware Perspective

Directory of Open Access Journals (Sweden)

Fan Jiang

2017-01-01

Full Text Available In this paper, by utilizing the social relationships among mobile users, we present a framework of energy-efficient cluster formation and resource allocation for multicast D2D transmission. In particular, we first deal with D2D multicast cluster/group formation strategy from both physical distance and social trust level. Then we aim to maximize the overall energy-efficiency of D2D multicast groups through resource allocation and power control scheme, which considers the quality-of-service (QoS requirements of both cellular user equipment and D2D groups. A heuristic algorithm is proposed to solve above energy-efficiency problem with less complexity. After that, considering the limited battery capacity of mobile users, we propose an energy and social aware cluster head update algorithm, which incorporates both the energy constraint and social centrality measurement. Numerical results indicate that the proposed social-tie based D2D multicast group formation and update algorithm form a multicast group in an energy efficient way. Moreover, the proposed resource and power allocation scheme achieves better energy efficiency in terms of throughput per energy consumption. These results show that, by exploiting social domain information, underlay D2D multicast transmission has high practical potential in saving the source on wireless links and in the backhaul.

Preventing Out-of-Sequence for Multicast Input-Queued Space-Memory-Memory Clos-Network

DEFF Research Database (Denmark)

Yu, Hao; Ruepp, Sarah Renée; Berger, Michael Stübert

2011-01-01

This paper proposes an out-of-sequence (OOS) preventative cell dispatching algorithm, the multicast flow-based round robin (MFRR), for multicast input-queued space-memory-memory (IQ-SMM) Clos-network architecture. Independently treating each incoming cell, such as the desynchronized static round...

A Multicast Protocol Utilizing On-demand Routing Strategy for MPRN

Institute of Scientific and Technical Information of China (English)

无

2002-01-01

This paper proposes a multicast protocol utilizing ondemand routing strategy for mobile packet radio network. It does not maintain permanent route tables with full topological views. Instead, multicast senders apply on-demand procedures to dynamically discover routes and build forwarding group in this protocol. The data packets are propagated by each forwarding group member via scoped flooding, so the protocol can reduce network bandwidth overhead and avoid the propagation of potentially large routing updates throughout the network.

Dynamic segment shared protection for multicast traffic in meshed wavelength-division-multiplexing optical networks

Science.gov (United States)

Liao, Luhua; Li, Lemin; Wang, Sheng

2006-12-01

We investigate the protection approach for dynamic multicast traffic under shared risk link group (SRLG) constraints in meshed wavelength-division-multiplexing optical networks. We present a shared protection algorithm called dynamic segment shared protection for multicast traffic (DSSPM), which can dynamically adjust the link cost according to the current network state and can establish a primary light-tree as well as corresponding SRLG-disjoint backup segments for a dependable multicast connection. A backup segment can efficiently share the wavelength capacity of its working tree and the common resources of other backup segments based on SRLG-disjoint constraints. The simulation results show that DSSPM not only can protect the multicast sessions against a single-SRLG breakdown, but can make better use of the wavelength resources and also lower the network blocking probability.

Secure Hybrid Encryption from Weakened Key Encapsulation

NARCIS (Netherlands)

D. Hofheinz (Dennis); E. Kiltz (Eike); A. Menezes

2007-01-01

textabstractWe put forward a new paradigm for building hybrid encryption schemes from constrained chosen-ciphertext secure (CCCA) key-encapsulation mechanisms (KEMs) plus authenticated symmetric encryption. Constrained chosen-ciphertext security is a new security notion for KEMs that we propose. It

Key Exchange Trust Evaluation in Peer-to-Peer Sensor Networks With Unconditionally Secure Key Exchange

Science.gov (United States)

Gonzalez, Elias; Kish, Laszlo B.

2016-03-01

As the utilization of sensor networks continue to increase, the importance of security becomes more profound. Many industries depend on sensor networks for critical tasks, and a malicious entity can potentially cause catastrophic damage. We propose a new key exchange trust evaluation for peer-to-peer sensor networks, where part of the network has unconditionally secure key exchange. For a given sensor, the higher the portion of channels with unconditionally secure key exchange the higher the trust value. We give a brief introduction to unconditionally secured key exchange concepts and mention current trust measures in sensor networks. We demonstrate the new key exchange trust measure on a hypothetical sensor network using both wired and wireless communication channels.

QoS and QoE Aware N-Screen Multicast Service

Directory of Open Access Journals (Sweden)

Ghulam Sarwar

2016-01-01

Full Text Available The paper focuses on ensuring the quality-of-service (QoS and quality-of-experience (QoE requirements of users having heterogeneous devices in a multicast session. QoS parameters such as bit rate, delays, and packet losses are good indicators for optimizing network services but fall short in characterizing user perception (QoE. In N-Screen service, the users have different devices with heterogeneous attributes like screen size, resolution, and access network interface, and the users have different QoE on N-Screen devices with the same QoS parameters. We formulate the objective function of the N-Screen multicast grouping to ensure the minimum user’s QoE with smaller bandwidth requirement. We propose a dynamic user reassignment scheme to maintain and satisfy the QoE by adapting the user’s membership to the varying network conditions. The proposed schemes combine the available bandwidth and multimedia visual quality to ensure the QoS and QoE. In the network architecture, we introduce the functions of the QoS and QoE aware multicast group management and the estimation schemes for the QoS and QoE parameters. The simulation results show that the proposed multicast service ensures the network QoS and guarantees the QoE of users in the varying network conditions.

Polarization Insensitive One-to-Six WDM Multicasting in a Silicon Nanowire

DEFF Research Database (Denmark)

Pu, Minhao; Hu, Hao; Peucheret, Christophe

2012-01-01

We present polarization insensitive one-to-six WDM multicasting based on nondegenerate four-wave mixing in a silicon nanowire with angled-pump scheme. Bit-error rate measurements are performed and error-free operation is achieved.......We present polarization insensitive one-to-six WDM multicasting based on nondegenerate four-wave mixing in a silicon nanowire with angled-pump scheme. Bit-error rate measurements are performed and error-free operation is achieved....

Throughput, Energy and Overhead of Multicast Device-to-Device Communications with Network Coded Cooperation

DEFF Research Database (Denmark)

Hernandez, Nestor; Heide, Janus; Roetter, Daniel Enrique Lucani

2017-01-01

, this assumes that the throughput gains and energy savings in multicasting are much larger between devices than the base station to the receivers. However, current mobile networks suffer from many different issues varying the performance in data rates, which calls into question these assumptions. Therefore......, a first objective of this work is to assess the operating regions where employing cooperation results in higher throughput and/or energy savings. We consider multicast scenarios with network coded mechanisms employing Random Linear Network Coding (RLNC). However, although RLNC is good for low amount...... of transmissions in multicast, it has an inherent overhead from extreme high or low field related caveats. Thus, as a second objective, we review and propose the application of new network codes that posses low overhead for multicasting, by having a short representation and low dependence probability. We provide...

Near-field self-interference cancellation and quality of service multicast beamforming in full-duplex

Science.gov (United States)

Wu, Fei; Shao, Shihai; Tang, Youxi

2016-10-01

To enable simultaneous multicast downlink transmit and receive operations on the same frequency band, also known as full-duplex links between an access point and mobile users. The problem of minimizing the total power of multicast transmit beamforming is considered from the viewpoint of ensuring the suppression amount of near-field line-of-sight self-interference and guaranteeing prescribed minimum signal-to-interference-plus-noise-ratio (SINR) at each receiver of the multicast groups. Based on earlier results for multicast groups beamforming, the joint problem is easily shown to be NP-hard. A semidefinite relaxation (SDR) technique with linear program power adjust method is proposed to solve the NP-hard problem. Simulation shows that the proposed method is feasible even when the local receive antenna in nearfield and the mobile user in far-filed are in the same direction.

Reliable Multicast MAC Protocol for IEEE 802.11 Wireless LANs with Extended Service Range

Science.gov (United States)

Choi, Woo-Yong

2011-11-01

In this paper, we propose the efficient reliable multicast MAC protocol by which the AP (Access Point) can transmit reliably its multicast data frames to the recipients in the AP's one-hop or two-hop transmission range. The AP uses the STAs (Stations) that are directly associated with itself as the relays for the data delivery to the remote recipients that cannot be reached directly from itself. Based on the connectivity information among the recipients, the reliable multicast MAC protocol optimizes the number of the RAK (Request for ACK) frame transmissions in a reasonable computational time. Numerical examples show that our proposed MAC protocol significantly enhances the MAC performance compared with the BMMM (Batch Mode Multicast MAC) protocol that is extended to support the recipients that are in the AP's one-hop or two-hop transmission range in IEEE 802.11 wireless LANs.

Link importance incorporated failure probability measuring solution for multicast light-trees in elastic optical networks

Science.gov (United States)

Li, Xin; Zhang, Lu; Tang, Ying; Huang, Shanguo

2018-03-01

The light-tree-based optical multicasting (LT-OM) scheme provides a spectrum- and energy-efficient method to accommodate emerging multicast services. Some studies focus on the survivability technologies for LTs against a fixed number of link failures, such as single-link failure. However, a few studies involve failure probability constraints when building LTs. It is worth noting that each link of an LT plays different important roles under failure scenarios. When calculating the failure probability of an LT, the importance of its every link should be considered. We design a link importance incorporated failure probability measuring solution (LIFPMS) for multicast LTs under independent failure model and shared risk link group failure model. Based on the LIFPMS, we put forward the minimum failure probability (MFP) problem for the LT-OM scheme. Heuristic approaches are developed to address the MFP problem in elastic optical networks. Numerical results show that the LIFPMS provides an accurate metric for calculating the failure probability of multicast LTs and enhances the reliability of the LT-OM scheme while accommodating multicast services.

Bit rate maximization for multicast LP-OFDM systems in PLC context

OpenAIRE

Maiga , Ali; Baudais , Jean-Yves; Hélard , Jean-François

2009-01-01

ISBN: 978-88-900984-8-2.; International audience; In this paper, we propose a new resource allocation algorithm based on linear precoding technique for multicast OFDM systems. Linear precoding technique applied to OFDM systems has already proved its ability to significantly increase the system throughput in a powerline communication (PLC) context. Simulations through PLC channels show that this algorithm outperforms the classical multicast method (up to 7.3% bit rate gain) and gives better pe...

A secure key agreement protocol based on chaotic maps

International Nuclear Information System (INIS)

Wang Xing-Yuan; Luan Da-Peng

2013-01-01

To guarantee the security of communication in the public channel, many key agreement protocols have been proposed. Recently, Gong et al. proposed a key agreement protocol based on chaotic maps with password sharing. In this paper, Gong et al.'s protocol is analyzed, and we find that this protocol exhibits key management issues and potential security problems. Furthermore, the paper presents a new key agreement protocol based on enhanced Chebyshev polynomials to overcome these problems. Through our analysis, our key agreement protocol not only provides mutual authentication and the ability to resist a variety of common attacks, but also solve the problems of key management and security issues existing in Gong et al.'s protocol

Towards understanding the known-key security of block ciphers

DEFF Research Database (Denmark)

Andreeva, Elena; Bogdanov, Andrey; Mennink, Bart

2014-01-01

ciphers based on ideal components such as random permutations and random functions as well as propose new generic known-key attacks on generalized Feistel ciphers. We introduce the notion of known-key indifferentiability to capture the security of such block ciphers under a known key. To show its...... meaningfulness, we prove that the known-key attacks on block ciphers with ideal primitives to date violate security under known-key indifferentiability. On the other hand, to demonstrate its constructiveness, we prove the balanced Feistel cipher with random functions and the multiple Even-Mansour cipher...... with random permutations known-key indifferentiable for a sufficient number of rounds. We note that known-key indifferentiability is more quickly and tightly attained by multiple Even-Mansour which puts it forward as a construction provably secure against known-key attacks....

Design of an IPTV Multicast System for Internet Backbone Networks

Directory of Open Access Journals (Sweden)

T. H. Szymanski

2010-01-01

Full Text Available The design of an IPTV multicast system for the Internet backbone network is presented and explored through extensive simulations. In the proposed system, a resource reservation algorithm such as RSVP, IntServ, or DiffServ is used to reserve resources (i.e., bandwidth and buffer space in each router in an IP multicast tree. Each router uses an Input-Queued, Output-Queued, or Crosspoint-Queued switch architecture with unity speedup. A recently proposed Recursive Fair Stochastic Matrix Decomposition algorithm used to compute near-perfect transmission schedules for each IP router. The IPTV traffic is shaped at the sources using Application-Specific Token Bucker Traffic Shapers, to limit the burstiness of incoming network traffic. The IPTV traffic is shaped at the destinations using Application-Specific Playback Queues, to remove residual network jitter and reconstruct the original bursty IPTV video streams at each destination. All IPTV traffic flows are regenerated at the destinations with essentially zero delay jitter and essentially-perfect QoS. The destination nodes deliver the IPTV streams to the ultimate end users using the same IPTV multicast system over a regional Metropolitan Area Network. It is shown that all IPTV traffic is delivered with essentially-perfect end-to-end QoS, with deterministic bounds on the maximum delay and jitter on each video frame. Detailed simulations of an IPTV distribution system, multicasting several hundred high-definition IPTV video streams over several essentially saturated IP backbone networks are presented.

Design, Implementation, and Verification of the Reliable Multicast Protocol. Thesis

Science.gov (United States)

Montgomery, Todd L.

1995-01-01

This document describes the Reliable Multicast Protocol (RMP) design, first implementation, and formal verification. RMP provides a totally ordered, reliable, atomic multicast service on top of an unreliable multicast datagram service. RMP is fully and symmetrically distributed so that no site bears an undue portion of the communications load. RMP provides a wide range of guarantees, from unreliable delivery to totally ordered delivery, to K-resilient, majority resilient, and totally resilient atomic delivery. These guarantees are selectable on a per message basis. RMP provides many communication options, including virtual synchrony, a publisher/subscriber model of message delivery, a client/server model of delivery, mutually exclusive handlers for messages, and mutually exclusive locks. It has been commonly believed that total ordering of messages can only be achieved at great performance expense. RMP discounts this. The first implementation of RMP has been shown to provide high throughput performance on Local Area Networks (LAN). For two or more destinations a single LAN, RMP provides higher throughput than any other protocol that does not use multicast or broadcast technology. The design, implementation, and verification activities of RMP have occurred concurrently. This has allowed the verification to maintain a high fidelity between design model, implementation model, and the verification model. The restrictions of implementation have influenced the design earlier than in normal sequential approaches. The protocol as a whole has matured smoother by the inclusion of several different perspectives into the product development.

Flexible and re-configurable optical three-input XOR logic gate of phase-modulated signals with multicast functionality for potential application in optical physical-layer network coding.

Science.gov (United States)

Lu, Guo-Wei; Qin, Jun; Wang, Hongxiang; Ji, XuYuefeng; Sharif, Gazi Mohammad; Yamaguchi, Shigeru

2016-02-08

Optical logic gate, especially exclusive-or (XOR) gate, plays important role in accomplishing photonic computing and various network functionalities in future optical networks. On the other hand, optical multicast is another indispensable functionality to efficiently deliver information in optical networks. In this paper, for the first time, we propose and experimentally demonstrate a flexible optical three-input XOR gate scheme for multiple input phase-modulated signals with a 1-to-2 multicast functionality for each XOR operation using four-wave mixing (FWM) effect in single piece of highly-nonlinear fiber (HNLF). Through FWM in HNLF, all of the possible XOR operations among input signals could be simultaneously realized by sharing a single piece of HNLF. By selecting the obtained XOR components using a followed wavelength selective component, the number of XOR gates and the participant light in XOR operations could be flexibly configured. The re-configurability of the proposed XOR gate and the function integration of the optical logic gate and multicast in single device offer the flexibility in network design and improve the network efficiency. We experimentally demonstrate flexible 3-input XOR gate for four 10-Gbaud binary phase-shift keying signals with a multicast scale of 2. Error-free operations for the obtained XOR results are achieved. Potential application of the integrated XOR and multicast function in network coding is also discussed.

Triple symmetric key cryptosystem for data security

Science.gov (United States)

Fuzail, C. Md; Norman, Jasmine; Mangayarkarasi, R.

2017-11-01

As the technology is getting spreads in the macro seconds of speed and in which the trend changing era from human to robotics the security issue is also getting increased. By means of using machine attacks it is very easy to break the cryptosystems in very less amount of time. Cryptosystem is a process which provides the security in all sorts of processes, communications and transactions to be done securely with the help of electronical mechanisms. Data is one such thing with the expanded implication and possible scraps over the collection of data to secure predominance and achievement, Information Security is the process where the information is protected from invalid and unverified accessibilities and data from mishandling. So the idea of Information Security has risen. Symmetric key which is also known as private key.Whereas the private key is mostly used to attain the confidentiality of data. It is a dynamic topic which can be implemented over different applications like android, wireless censor networks, etc. In this paper, a new mathematical manipulation algorithm along with Tea cryptosystem has been implemented and it can be used for the purpose of cryptography. The algorithm which we proposed is straightforward and more powerful and it will authenticate in harder way and also it will be very difficult to break by someone without knowing in depth about its internal mechanisms.

History-based Adaptive Modulation for a Downlink Multicast Channel in OFDMA systems

DEFF Research Database (Denmark)

Wang, Haibo; Schwefel, Hans-Peter; Toftegaard, Thomas Skjødeberg

2008-01-01

In this paper we investigated the adaptive modulation strategies for Multicast service in orthogonal frequency division multiple access systems. We defined a Reward function as the performance optimization target and developed adaptive modulation strategies to maximize this Reward function....... The proposed optimization algorithm varied the instantaneous BER constraint of each mobile Multicast receiver according to its individual cumulated BER, which resulted in a significant Reward gain....

A Grooming Nodes Optimal Allocation Method for Multicast in WDM Networks

Directory of Open Access Journals (Sweden)

Chengying Wei

2016-01-01

Full Text Available The grooming node has the capability of grooming multicast traffic with the small granularity into established light at high cost of complexity and node architecture. In the paper, a grooming nodes optimal allocation (GNOA method is proposed to optimize the allocation of the grooming nodes constraint by the blocking probability for multicast traffic in sparse WDM networks. In the proposed GNOA method, the location of each grooming node is determined by the SCLD strategy. The improved smallest cost largest degree (SCLD strategy is designed to select the nongrooming nodes in the proposed GNOA method. The simulation results show that the proposed GNOA method can reduce the required number of grooming nodes and decrease the cost of constructing a network to guarantee a certain request blocking probability when the wavelengths per fiber and transmitter/receiver ports per node are sufficient for the optical multicast in WDM networks.

Empirical Evaluation of Superposition Coded Multicasting for Scalable Video

KAUST Repository

Chun Pong Lau

2013-03-01

In this paper we investigate cross-layer superposition coded multicast (SCM). Previous studies have proven its effectiveness in exploiting better channel capacity and service granularities via both analytical and simulation approaches. However, it has never been practically implemented using a commercial 4G system. This paper demonstrates our prototype in achieving the SCM using a standard 802.16 based testbed for scalable video transmissions. In particular, to implement the superposition coded (SPC) modulation, we take advantage a novel software approach, namely logical SPC (L-SPC), which aims to mimic the physical layer superposition coded modulation. The emulation results show improved throughput comparing with generic multicast method.

Fault recovery in the reliable multicast protocol

Science.gov (United States)

Callahan, John R.; Montgomery, Todd L.; Whetten, Brian

1995-01-01

The Reliable Multicast Protocol (RMP) provides a unique, group-based model for distributed programs that need to handle reconfiguration events at the application layer. This model, called membership views, provides an abstraction in which events such as site failures, network partitions, and normal join-leave events are viewed as group reformations. RMP provides access to this model through an application programming interface (API) that notifies an application when a group is reformed as the result of a some event. RMP provides applications with reliable delivery of messages using an underlying IP Multicast (12, 5) media to other group members in a distributed environment even in the case of reformations. A distributed application can use various Quality of Service (QoS) levels provided by RMP to tolerate group reformations. This paper explores the implementation details of the mechanisms in RMP that provide distributed applications with membership view information and fault recovery capabilities.

Secure quantum key distribution using squeezed states

International Nuclear Information System (INIS)

Gottesman, Daniel; Preskill, John

2001-01-01

We prove the security of a quantum key distribution scheme based on transmission of squeezed quantum states of a harmonic oscillator. Our proof employs quantum error-correcting codes that encode a finite-dimensional quantum system in the infinite-dimensional Hilbert space of an oscillator, and protect against errors that shift the canonical variables p and q. If the noise in the quantum channel is weak, squeezing signal states by 2.51 dB (a squeeze factor e r =1.34) is sufficient in principle to ensure the security of a protocol that is suitably enhanced by classical error correction and privacy amplification. Secure key distribution can be achieved over distances comparable to the attenuation length of the quantum channel

An FEC Adaptive Multicast MAC Protocol for Providing Reliability in WLANs

Science.gov (United States)

Basalamah, Anas; Sato, Takuro

For wireless multicast applications like multimedia conferencing, voice over IP and video/audio streaming, a reliable transmission of packets within short delivery delay is needed. Moreover, reliability is crucial to the performance of error intolerant applications like file transfer, distributed computing, chat and whiteboard sharing. Forward Error Correction (FEC) is frequently used in wireless multicast to enhance Packet Error Rate (PER) performance, but cannot assure full reliability unless coupled with Automatic Repeat Request forming what is knows as Hybrid-ARQ. While reliable FEC can be deployed at different levels of the protocol stack, it cannot be deployed on the MAC layer of the unreliable IEEE802.11 WLAN due to its inability to exchange ACKs with multiple recipients. In this paper, we propose a Multicast MAC protocol that enhances WLAN reliability by using Adaptive FEC and study it's performance through mathematical analysis and simulation. Our results show that our protocol can deliver high reliability and throughput performance.

Quantum cryptography to satellites for global secure key distribution

Science.gov (United States)

Rarity, John G.; Gorman, Philip M.; Knight, Paul; Wallace, Kotska; Tapster, Paul R.

2017-11-01

We have designed and built a free space secure key exchange system using weak laser pulses with polarisation modulation by acousto-optic switching. We have used this system to exchange keys over a 1.2km ground range with absolute security. Building from this initial result we analyse the feasibility of exchanging keys to a low earth orbit satellite.

Multicast backup reprovisioning problem for Hamiltonian cycle-based protection on WDM networks

Science.gov (United States)

Din, Der-Rong; Huang, Jen-Shen

2014-03-01

As networks grow in size and complexity, the chance and the impact of failures increase dramatically. The pre-allocated backup resources cannot provide 100% protection guarantee when continuous failures occur in a network. In this paper, the multicast backup re-provisioning problem (MBRP) for Hamiltonian cycle (HC)-based protection on WDM networks for the link-failure case is studied. We focus on how to recover the protecting capabilities of Hamiltonian cycle against the subsequent link-failures on WDM networks for multicast transmissions, after recovering the multicast trees affected by the previous link-failure. Since this problem is a hard problem, an algorithm, which consists of several heuristics and a genetic algorithm (GA), is proposed to solve it. The simulation results of the proposed method are also given. Experimental results indicate that the proposed algorithm can solve this problem efficiently.

A Bypass-Ring Scheme for a Fault Tolerant Multicast

Directory of Open Access Journals (Sweden)

V. Dynda

2003-01-01

Full Text Available We present a fault tolerant scheme for recovery from single or multiple node failures in multi-directional multicast trees. The scheme is based on cyclic structures providing alternative paths to eliminate faulty nodes and reroute the traffic. Our scheme is independent of message source and direction in the tree, provides a basis for on-the-fly repair and can be used as a platform for various strategies for reconnecting tree partitions. It only requires an underlying infrastructure to provide a reliable routing service. Although it is described in the context of a message multicast, the scheme can be used universally in all systems using tree-based overlay networks for communication among components.

Providing resilience for carrier ethernet multicast traffic

DEFF Research Database (Denmark)

Ruepp, Sarah Renée; Wessing, Henrik; Zhang, Jiang

2009-01-01

This paper presents an overview of the Carrier Ethernet technology with specific focus on resilience. In particular, we detail how multicast traffic, which is essential for e.g. IPTV can be protected. We present Carrier Ethernet resilience methods for linear and ring networks and show by simulation...

Security of a single-state semi-quantum key distribution protocol

Science.gov (United States)

Zhang, Wei; Qiu, Daowen; Mateus, Paulo

2018-06-01

Semi-quantum key distribution protocols are allowed to set up a secure secret key between two users. Compared with their full quantum counterparts, one of the two users is restricted to perform some "classical" or "semi-quantum" operations, which potentially makes them easily realizable by using less quantum resource. However, the semi-quantum key distribution protocols mainly rely on a two-way quantum channel. The eavesdropper has two opportunities to intercept the quantum states transmitted in the quantum communication stage. It may allow the eavesdropper to get more information and make the security analysis more complicated. In the past ten years, many semi-quantum key distribution protocols have been proposed and proved to be robust. However, there are few works concerning their unconditional security. It is doubted that how secure the semi-quantum ones are and how much noise they can tolerate to establish a secure secret key. In this paper, we prove the unconditional security of a single-state semi-quantum key distribution protocol proposed by Zou et al. (Phys Rev A 79:052312, 2009). We present a complete proof from information theory aspect by deriving a lower bound of the protocol's key rate in the asymptotic scenario. Using this bound, we figure out an error threshold value such that for all error rates that are less than this threshold value, the secure secret key can be established between the legitimate users definitely. Otherwise, the users should abort the protocol. We make an illustration of the protocol under the circumstance that the reverse quantum channel is a depolarizing one with parameter q. Additionally, we compare the error threshold value with some full quantum protocols and several existing semi-quantum ones whose unconditional security proofs have been provided recently.

On-Chip SDM Switching for Unicast, Multicast and Traffic Grooming in Data Center Networks

DEFF Research Database (Denmark)

Kamchevska, Valerija; Ding, Yunhong; Dalgaard, Kjeld

2017-01-01

This paper reports on the use of a novel photonic integrated circuit that facilitates multicast and grooming in an optical data center architecture. The circuit allows for on-chip spatial multiplexing and demultiplexing as well as fiber core switching. Using this device, we experimentally verify...... that multicast and/or grooming can be successfully performed along the full range of output ports, for different group size and different power ratio. Moreover, we experimentally demonstrate SDM transmission and 5 Tbit/s switching using the on-chip fiber switch with integrated fan-in/fan-out devices and achieve...... errorfree performance (BER≤10-9) for a network scenario including simultaneous unicast/multicast switching and traffic grooming....

The specification-based validation of reliable multicast protocol: Problem Report. M.S. Thesis

Science.gov (United States)

Wu, Yunqing

1995-01-01

Reliable Multicast Protocol (RMP) is a communication protocol that provides an atomic, totally ordered, reliable multicast service on top of unreliable IP multicasting. In this report, we develop formal models for RMP using existing automated verification systems, and perform validation on the formal RMP specifications. The validation analysis help identifies some minor specification and design problems. We also use the formal models of RMP to generate a test suite for conformance testing of the implementation. Throughout the process of RMP development, we follow an iterative, interactive approach that emphasizes concurrent and parallel progress of implementation and verification processes. Through this approach, we incorporate formal techniques into our development process, promote a common understanding for the protocol, increase the reliability of our software, and maintain high fidelity between the specifications of RMP and its implementation.

Analysis and Optimization of Sparse Random Linear Network Coding for Reliable Multicast Services

DEFF Research Database (Denmark)

Tassi, Andrea; Chatzigeorgiou, Ioannis; Roetter, Daniel Enrique Lucani

2016-01-01

Point-to-multipoint communications are expected to play a pivotal role in next-generation networks. This paper refers to a cellular system transmitting layered multicast services to a multicast group of users. Reliability of communications is ensured via different random linear network coding (RLNC......) techniques. We deal with a fundamental problem: the computational complexity of the RLNC decoder. The higher the number of decoding operations is, the more the user's computational overhead grows and, consequently, the faster the battery of mobile devices drains. By referring to several sparse RLNC...... techniques, and without any assumption on the implementation of the RLNC decoder in use, we provide an efficient way to characterize the performance of users targeted by ultra-reliable layered multicast services. The proposed modeling allows to efficiently derive the average number of coded packet...

On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys

Directory of Open Access Journals (Sweden)

Junghyun Nam

2014-01-01

Full Text Available Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010: (1 the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2 the protocol cannot protect clients’ passwords against an offline dictionary attack; and (3 the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.

Optimal multicasting in a multi-line-rate ethernet-over-WDM network

Science.gov (United States)

Harve, Shruthi; Batayneh, Marwan; Mukherjee, Biswanath

2009-11-01

Ethernet is the dominant transport technology for Local Area Networks. Efforts are now under way to use carrier-grade Ethernet in backbone networks of different service providers. With the advent of applications such as IPTV and Videoon- Demand, there is need for techniques to route multicast traffic over the Ethernet backbone networks. Here, we address the problem of Routing and Wavelength Assignment (RWA) of a set of multicast requests in a Multi-Line-Rate Ethernet backbone network with the objective of minimizing the cost of setting up the network, in terms of the Service Provider's Capital Expenditure (CAPEX). We present an Auxiliary Graph based heuristic algorithm that routes each multicast request on a light-tree structure, and assigns minimum cost wavelengths along the route. We compare the properties of the algorithm to the optimal solution given by a mathematical model formulated as an Integer Linear Program (ILP), and show that they compare very well. We also find that the algorithm is most cost-effective when the incoming requests are processed in descending order of their bandwidth requirements.

Anticollusion Attack Noninteractive Security Hierarchical Key Agreement Scheme in WHMS

Directory of Open Access Journals (Sweden)

Kefei Mao

2016-01-01

Full Text Available Wireless Health Monitoring Systems (WHMS have potential to change the way of health care and bring numbers of benefits to patients, physicians, hospitals, and society. However, there are crucial barriers not only to transmit the biometric information but also to protect the privacy and security of the patients’ information. The key agreement between two entities is an essential cryptography operation to clear the barriers. In particular, the noninteractive hierarchical key agreement scheme becomes an attractive direction in WHMS because each sensor node or gateway has limited resources and power. Recently, a noninteractive hierarchical key agreement scheme has been proposed by Kim for WHMS. However, we show that Kim’s cryptographic scheme is vulnerable to the collusion attack if the physicians can be corrupted. Obviously, it is a more practical security condition. Therefore, we proposed an improved key agreement scheme against the attack. Security proof, security analysis, and experimental results demonstrate that our proposed scheme gains enhanced security and more efficiency than Kim’s previous scheme while inheriting its qualities of one-round communication and security properties.

Empirical Evaluation of Superposition Coded Multicasting for Scalable Video

KAUST Repository

Chun Pong Lau; Shihada, Basem; Pin-Han Ho

2013-01-01

In this paper we investigate cross-layer superposition coded multicast (SCM). Previous studies have proven its effectiveness in exploiting better channel capacity and service granularities via both analytical and simulation approaches. However

Energy-efficient multicast traffic grooming strategy based on light-tree splitting for elastic optical networks

Science.gov (United States)

Liu, Huanlin; Yin, Yarui; Chen, Yong

2017-07-01

In order to address the problem of optimizing the spectrum resources and power consumption in elastic optical networks (EONs), we investigate the potential gains by jointly employing the light-tree splitting and traffic grooming for multicast requests. An energy-efficient multicast traffic grooming strategy based on light-tree splitting (EED-MTGS-LS) is proposed in this paper. Firstly, we design a traffic pre-processing mechanism to decide the multicast requests' routing order, which considers the request's bandwidth requirement and physical hops synthetically. Then, by dividing a light-tree to some sub-light-trees and grooming the request to these sub-light-trees, the light-tree sharing ratios of multicast requests can be improved. What's more, a priority scheduling vector is constructed, which aims to improve the success rate of spectrum assignment for grooming requests. Finally, a grooming strategy is designed to optimize the total power consumption by reducing the use of transponders and IP routers during routing. Simulation results show that the proposed strategy can significantly improve the spectrum utilization and save the power consumption.

Multicasting based optical inverse multiplexing in elastic optical network.

Science.gov (United States)

Guo, Bingli; Xu, Yingying; Zhu, Paikun; Zhong, Yucheng; Chen, Yuanxiang; Li, Juhao; Chen, Zhangyuan; He, Yongqi

2014-06-16

Optical multicasting based inverse multiplexing (IM) is introduced in spectrum allocation of elastic optical network to resolve the spectrum fragmentation problem, where superchannels could be split and fit into several discrete spectrum blocks in the intermediate node. We experimentally demonstrate it with a 1-to-7 optical superchannel multicasting module and selecting/coupling components. Also, simulation results show that, comparing with several emerging spectrum defragmentation solutions (e.g., spectrum conversion, split spectrum), IM could reduce blocking performance significantly but without adding too much system complexity as split spectrum. On the other hand, service fairness for traffic with different granularity of these schemes is investigated for the first time and it shows that IM performs better than spectrum conversion and almost as well as split spectrum, especially for smaller size traffic under light traffic intensity.

Exploiting the In-Network Capabilities of Multicast to Discover Proximate IPTV Channels

Directory of Open Access Journals (Sweden)

William Donnelly

2010-09-01

Full Text Available IPTV has become the next generation of television due, in part, to its ability to support features that have been lacking in conventional broadcasting—for example, end-user interactivity, personalisation and localisation. Providers are also searching for the most efficient delivery methods to provide the greatest amount of contents at the lowest cost. At present IPTV uses IP multicast to deliver live TV channels in an over-provisioned walled-garden network due to issues of deploying multicast and QoS challenges in the public Internet. However, IPTV is likely to shift into some parts of the public Internet in the future as a managed service. Multicast routing is performed on a per-session destination-address basis so each router maintains a table of all of the multicast addresses to which the content is being forwarded. We exploit this information to discover and join the in-progress channels of geographically proximate users and to create a new incentivised premium service in future IPTV networks called ProxyTV. This approach is expected to minimise network bandwidth requirements as it enables ISPs to optimise bandwidth on their edge networks. This becomes increasingly significant as TV content consumes more and more bandwidth, especially with the onset of HD and 3D capabilities. In this paper, we have presented in detail the concept with the results of a survey and an analysis of network traffic to justify the proposed approach.

Secret-Key-Aided Scheme for Securing Untrusted DF Relaying Networks

KAUST Repository

Shafie, Ahmed El

2017-06-12

This paper proposes a new scheme to secure the transmissions in an untrusted decode-and-forward (DF) relaying network. A legitimate source node, Alice, sends her data to a legitimate destination node, Bob, with the aid of an untrusted DF relay node, Charlie. To secure the transmissions from Charlie during relaying time slots, each data codeword is secured using a secret-key codeword that has been previously shared between Alice and Bob during the perfectly secured time slots (i.e., when the channel secrecy rate is positive). The secret-key bits exchanged between Alice and Bob are stored in a finite-length buffer and are used to secure data transmission whenever needed. We model the secret-key buffer as a queueing system and analyze its Markov chain. Our numerical results show the gains of our proposed scheme relative to benchmarks. Moreover, the proposed scheme achieves an upper bound on the secure throughput.

Secret-Key-Aided Scheme for Securing Untrusted DF Relaying Networks

KAUST Repository

Shafie, Ahmed El; Salem, Ahmed Sultan; Mabrouk, Asma; Tourki, Kamel; Al-Dhahir, Naofal

2017-01-01

This paper proposes a new scheme to secure the transmissions in an untrusted decode-and-forward (DF) relaying network. A legitimate source node, Alice, sends her data to a legitimate destination node, Bob, with the aid of an untrusted DF relay node, Charlie. To secure the transmissions from Charlie during relaying time slots, each data codeword is secured using a secret-key codeword that has been previously shared between Alice and Bob during the perfectly secured time slots (i.e., when the channel secrecy rate is positive). The secret-key bits exchanged between Alice and Bob are stored in a finite-length buffer and are used to secure data transmission whenever needed. We model the secret-key buffer as a queueing system and analyze its Markov chain. Our numerical results show the gains of our proposed scheme relative to benchmarks. Moreover, the proposed scheme achieves an upper bound on the secure throughput.

Randomness determines practical security of BB84 quantum key distribution

Science.gov (United States)

Li, Hong-Wei; Yin, Zhen-Qiang; Wang, Shuang; Qian, Yong-Jun; Chen, Wei; Guo, Guang-Can; Han, Zheng-Fu

2015-11-01

Unconditional security of the BB84 quantum key distribution protocol has been proved by exploiting the fundamental laws of quantum mechanics, but the practical quantum key distribution system maybe hacked by considering the imperfect state preparation and measurement respectively. Until now, different attacking schemes have been proposed by utilizing imperfect devices, but the general security analysis model against all of the practical attacking schemes has not been proposed. Here, we demonstrate that the general practical attacking schemes can be divided into the Trojan horse attack, strong randomness attack and weak randomness attack respectively. We prove security of BB84 protocol under randomness attacking models, and these results can be applied to guarantee the security of the practical quantum key distribution system.

Development of a real-time monitoring system and integration of different computer system in LHD experiments using IP multicast

International Nuclear Information System (INIS)

Emoto, Masahiko; Nakamura, Yukio; Teramachi, Yasuaki; Okumura, Haruhiko; Yamaguchi, Satarou

2002-01-01

There are several different computer systems in LHD (Large Helical Device) experiment, and therefore the coalition of these computers is a key to perform the experiment. Real-time monitoring system is also important because the long discharge is needed in the LHD experiment. In order to achieve these two requirements, the technique of IP multicast is adopted. The authors have developed three new systems, the first one is the real-time monitoring system, the next one is the delivery system of the shot number and the last one is the real-time notification system of the plasma data registration. The first system can deliver the real-time monitoring data to the LHD experimental LAN through the firewall of the LHD control LAN in NIFS. The other two systems are used to realize high coalition of the different computers in the LHD plasma experiment. We can conclude that IP multicast is very useful both in the LHD experiment and a future large plasma experiment from various experiences. (author)

Unbelievable security : Matching AES using public key systems

NARCIS (Netherlands)

Lenstra, A.K.; Boyd, C.

2001-01-01

The Advanced Encryption Standard (AES) provides three levels of security: 128, 192, and 256 bits. Given a desired level of security for the AES, this paper discusses matching public key sizes for RSA and the ElGamal family of protocols. For the latter both traditional multiplicative groups of finite

Adaptive live multicast video streaming of SVC with UEP FEC

Science.gov (United States)

Lev, Avram; Lasry, Amir; Loants, Maoz; Hadar, Ofer

2014-09-01

Ideally, video streaming systems should provide the best quality video a user's device can handle without compromising on downloading speed. In this article, an improved video transmission system is presented which dynamically enhances the video quality based on a user's current network state and repairs errors from data lost in the video transmission. The system incorporates three main components: Scalable Video Coding (SVC) with three layers, multicast based on Receiver Layered Multicast (RLM) and an UnEqual Forward Error Correction (FEC) algorithm. The SVC provides an efficient method for providing different levels of video quality, stored as enhancement layers. In the presented system, a proportional-integral-derivative (PID) controller was implemented to dynamically adjust the video quality, adding or subtracting quality layers as appropriate. In addition, an FEC algorithm was added to compensate for data lost in transmission. A two dimensional FEC was used. The FEC algorithm came from the Pro MPEG code of practice #3 release 2. Several bit errors scenarios were tested (step function, cosine wave) with different bandwidth size and error values were simulated. The suggested scheme which includes SVC video encoding with 3 layers over IP Multicast with Unequal FEC algorithm was investigated under different channel conditions, variable bandwidths and different bit error rates. The results indicate improvement of the video quality in terms of PSNR over previous transmission schemes.

Secure Clustering and Symmetric Key Establishment in Heterogeneous Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Azarderskhsh Reza

2011-01-01

Full Text Available Information security in infrastructureless wireless sensor networks (WSNs is one of the most important research challenges. In these networks, sensor nodes are typically sprinkled liberally in the field in order to monitor, gather, disseminate, and provide the sensed data to the command node. Various studies have focused on key establishment schemes in homogeneous WSNs. However, recent research has shown that achieving survivability in WSNs requires a hierarchy and heterogeneous infrastructure. In this paper, to address security issues in the heterogeneous WSNs, we propose a secure clustering scheme along with a deterministic pairwise key management scheme based on public key cryptography. The proposed security mechanism guarantees that any two sensor nodes located in the same cluster and routing path can directly establish a pairwise key without disclosing any information to other nodes. Through security performance evaluation, it is shown that the proposed scheme guarantees node-to-node authentication, high resiliency against node capture, and minimum memory space requirement.

SOME NOTES ON COST ALLOCATION IN MULTICASTING

Directory of Open Access Journals (Sweden)

Darko Skorin-Kapov

2012-12-01

Full Text Available We analyze the cost allocation strategies with the problef of broadcasting information from some source to a number of communication network users. A multicast routing chooses a minimum cost tree network that spans the source and all the receivers. The cost of such a network is distributed among its receivers who may be individuals or organizations with possibly conflicting interests. Providing network developers, users and owners with practical computable 'fair' cost allocation solution procedures is of great importance for network mamagement. Consequently, this multidisciplinary problem was extensively studied by Operational Researchers, Economists, Mathematicians and Computer Scientists. The fairness of various proposed solutions was even argued in US courts. This presentation overviews some previously published, as well as some recent results, in the development of algorithmic mechanisms to efficiently compute 'attractive' cost allocation solutions for multicast networks. Specifically, we will analyze cooperative game theory based cost allocation models that avoid cross subsidies and/or are distance and population monotonic. We will also present some related open cost allocation problems and the potential contribution that such models might make to this problem in the future.

Secure multi-party communication with quantum key distribution managed by trusted authority

Science.gov (United States)

Nordholt, Jane Elizabeth; Hughes, Richard John; Peterson, Charles Glen

2013-07-09

Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution ("QKD") are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD are extended to multi-party communication scenarios. In addition, the protocols can retain benefit of QKD even when a trusted authority is offline or a large group seeks to establish secure communication within the group.

Secure multi-party communication with quantum key distribution managed by trusted authority

Science.gov (United States)

Hughes, Richard John; Nordholt, Jane Elizabeth; Peterson, Charles Glen

2017-06-14

Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution ("QKD") are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD are extended to multi-party communication scenarios. In addition, the protocols can retain benefit of QKD even when a trusted authority is offline or a large group seeks to establish secure communication within the group.

Cooperative relay-based multicasting for energy and delay minimization

KAUST Repository

Atat, Rachad; Yaacoub, Elias E.; Alouini, Mohamed-Slim; Abu-Dayya, Adnan A.

2012-01-01

mobiles. Two schemes are investigated. The first consists of the BS sending the data only to the relay, and the second scheme considers the scenario of threshold-based multicasting by the BS, where a relay is selected to transmit the data to the mobiles

Distributed public key schemes secure against continual leakage

DEFF Research Database (Denmark)

Akavia, Adi; Goldwasser, Shafi; Hazay, Carmit

2012-01-01

-secure against continual memory leakage. Our DPKE scheme also implies a secure storage system on leaky devices, where a value s can be secretely stored on devices that continually leak information about their internal state to an external attacker. The devices go through a periodic refresh protocol......In this work we study distributed public key schemes secure against continual memory leakage. The secret key will be shared among two computing devices communicating over a public channel, and the decryption operation will be computed by a simple 2-party protocol between the devices. Similarly...... against continual memory leakage, under the Bilinear Decisional Diffie-Hellman and $2$-linear assumptions. Our schemes have the following properties: 1. Our DPKE and DIBE schemes tolerate leakage at all times, including during refresh. During refresh the tolerated leakage is a (1/2-o (1),1)-fraction...

Security of practical quantum key distribution systems

Energy Technology Data Exchange (ETDEWEB)

Jain, Nitin

2015-02-24

This thesis deals with practical security aspects of quantum key distribution (QKD) systems. At the heart of the theoretical model of any QKD system lies a quantum-mechanical security proof that guarantees perfect secrecy of messages - based on certain assumptions. However, in practice, deviations between the theoretical model and the physical implementation could be exploited by an attacker to break the security of the system. These deviations may arise from technical limitations and operational imperfections in the physical implementation and/or unrealistic assumptions and insufficient constraints in the theoretical model. In this thesis, we experimentally investigate in depth several such deviations. We demonstrate the resultant vulnerabilities via proof-of-principle attacks on a commercial QKD system from ID Quantique. We also propose countermeasures against the investigated loopholes to secure both existing and future QKD implementations.

Secure Key Management in the Cloud

DEFF Research Database (Denmark)

Damgård, Ivan Bjerre; Jakobsen, Thomas Pelle; Nielsen, Jesper Buus

2013-01-01

information such as cryptographic keys. Applications like this include many cases where secure multiparty computation is outsourced to the cloud, and in particular a number of online auctions and benchmark computations with confidential inputs. We consider fully autonomous servers that switch between online......We consider applications involving a number of servers in the cloud that go through a sequence of online periods where the servers communicate, separated by offline periods where the servers are idle. During the offline periods, we assume that the servers need to securely store sensitive...... and offline periods without communicating with anyone from outside the cloud, and semi-autonomous servers that need a limited kind of assistance from outside the cloud when doing the transition. We study the levels of security one can – and cannot – obtain in this model, propose light-weight protocols...

Virtual-optical information security system based on public key infrastructure

Science.gov (United States)

Peng, Xiang; Zhang, Peng; Cai, Lilong; Niu, Hanben

2005-01-01

A virtual-optical based encryption model with the aid of public key infrastructure (PKI) is presented in this paper. The proposed model employs a hybrid architecture in which our previously published encryption method based on virtual-optics scheme (VOS) can be used to encipher and decipher data while an asymmetric algorithm, for example RSA, is applied for enciphering and deciphering the session key(s). The whole information security model is run under the framework of international standard ITU-T X.509 PKI, which is on basis of public-key cryptography and digital signatures. This PKI-based VOS security approach has additional features like confidentiality, authentication, and integrity for the purpose of data encryption under the environment of network. Numerical experiments prove the effectiveness of the method. The security of proposed model is briefly analyzed by examining some possible attacks from the viewpoint of a cryptanalysis.

The ultimate security bounds of quantum key distribution protocols

International Nuclear Information System (INIS)

Nikolopoulos, G.M.; Alber, G.

2005-01-01

Full text: Quantum key distribution (QKD) protocols exploit quantum correlations in order to establish a secure key between two legitimate users. Recent work on QKD has revealed a remarkable link between quantum and secret correlations. In this talk we report on recent results concerning the ultimate upper security bounds of various QKD schemes (i.e., the maximal disturbance up to which the two legitimate users share quantum correlations) under the assumption of general coherent attacks. In particular, we derive an analytic expression for the ultimate upper security bound of QKD schemes that use two mutually unbiased bases. As long as the two legitimate users focus on the sifted key and treat each pair of data independently during the post processing, our results are valid for arbitrary dimensions of the information carriers. The bound we have derived is well below the predictions of optimal cloning machines. The possibility of extraction of a secret key beyond entanglement distillation is also discussed. In the case of qutrits we argue that any eavesdropping strategy is equivalent to a symmetric one. For higher dimensions, however, such equivalence is generally no longer valid. (author)

Physical Layer Secret-Key Generation Scheme for Transportation Security Sensor Network.

Science.gov (United States)

Yang, Bin; Zhang, Jianfeng

2017-06-28

Wireless Sensor Networks (WSNs) are widely used in different disciplines, including transportation systems, agriculture field environment monitoring, healthcare systems, and industrial monitoring. The security challenge of the wireless communication link between sensor nodes is critical in WSNs. In this paper, we propose a new physical layer secret-key generation scheme for transportation security sensor network. The scheme is based on the cooperation of all the sensor nodes, thus avoiding the key distribution process, which increases the security of the system. Different passive and active attack models are analyzed in this paper. We also prove that when the cooperative node number is large enough, even when the eavesdropper is equipped with multiple antennas, the secret-key is still secure. Numerical results are performed to show the efficiency of the proposed scheme.

One-to-six WDM multicasting of DPSK signals based on dual-pump four-wave mixing in a silicon waveguide

DEFF Research Database (Denmark)

Pu, Minhao; Hu, Hao; Ji, Hua

2011-01-01

We present WDM multicasting based on dual-pump four-wave mixing in a 3-mm long dispersion engineered silicon waveguide. One-to-six phase-preserving WDM multicasting of 10-Gb/s differential phase-shiftkeying (DPSK) data is experimentally demonstrated with bit-error rate measurements. All the six...

Secure networking quantum key distribution schemes with Greenberger-Horne-Zeilinger states

Energy Technology Data Exchange (ETDEWEB)

Guo, Ying; Shi, Ronghua [School of Information Science and Engineering, Central South University, Changsha 410083 (China); Zeng, Guihua [Department of Electronic Engineering, Shanghai Jiaotong University, Shanghai 200030 (China)], E-mail: sdguoying@gmail.com, E-mail: rhshi@mail.edu.com, E-mail: ghzeng@sjtu.edu.cn

2010-04-15

A novel approach to quantum cryptography to be called NQKD, networking quantum key distribution, has been developed for secure quantum communication schemes on the basis of the complementary relations of entanglement Greenberger-Horne-Zeilinger (GHZ) triplet states. One scheme distributes the private key among legal participants in a probabilistic manner, while another transmits the deterministic message with some certainty. Some decoy photons are employed for preventing a potential eavesdropper from attacking quantum channels. The present schemes are efficient as there exists an elegant method for key distributions. The security of the proposed schemes is exactly guaranteed by the entanglement of the GHZ quantum system, which is illustrated in security analysis.

Secure networking quantum key distribution schemes with Greenberger-Horne-Zeilinger states

International Nuclear Information System (INIS)

Guo, Ying; Shi, Ronghua; Zeng, Guihua

2010-01-01

A novel approach to quantum cryptography to be called NQKD, networking quantum key distribution, has been developed for secure quantum communication schemes on the basis of the complementary relations of entanglement Greenberger-Horne-Zeilinger (GHZ) triplet states. One scheme distributes the private key among legal participants in a probabilistic manner, while another transmits the deterministic message with some certainty. Some decoy photons are employed for preventing a potential eavesdropper from attacking quantum channels. The present schemes are efficient as there exists an elegant method for key distributions. The security of the proposed schemes is exactly guaranteed by the entanglement of the GHZ quantum system, which is illustrated in security analysis.

Security of differential-phase-shift quantum key distribution against individual attacks

International Nuclear Information System (INIS)

Waks, Edo; Takesue, Hiroki; Yamamoto, Yoshihisa

2006-01-01

We derive a proof of security for the differential-phase-shift quantum key distribution protocol under the assumption that Eve is restricted to individual attacks. The security proof is derived by bounding the average collision probability, which leads directly to a bound on Eve's mutual information on the final key. The security proof applies to realistic sources based on pulsed coherent light. We then compare individual attacks to sequential attacks and show that individual attacks are more powerful

Provably-Secure Authenticated Group Diffie-Hellman KeyExchange

Energy Technology Data Exchange (ETDEWEB)

Bresson, Emmanuel; Chevassut, Olivier; Pointcheval, David

2007-01-01

Authenticated key exchange protocols allow two participantsA and B, communicating over a public network and each holding anauthentication means, to exchange a shared secret value. Methods designedto deal with this cryptographic problem ensure A (resp. B) that no otherparticipants aside from B (resp. A) can learn any information about theagreed value, and often also ensure A and B that their respective partnerhas actually computed this value. A natural extension to thiscryptographic method is to consider a pool of participants exchanging ashared secret value and to provide a formal treatment for it. Startingfrom the famous 2-party Diffie-Hellman (DH) key exchange protocol, andfrom its authenticated variants, security experts have extended it to themulti-party setting for over a decade and completed a formal analysis inthe framework of modern cryptography in the past few years. The presentpaper synthesizes this body of work on the provably-secure authenticatedgroup DH key exchange.

IPTV multicast with peer-assisted lossy error control

Science.gov (United States)

Li, Zhi; Zhu, Xiaoqing; Begen, Ali C.; Girod, Bernd

2010-07-01

Emerging IPTV technology uses source-specific IP multicast to deliver television programs to end-users. To provide reliable IPTV services over the error-prone DSL access networks, a combination of multicast forward error correction (FEC) and unicast retransmissions is employed to mitigate the impulse noises in DSL links. In existing systems, the retransmission function is provided by the Retransmission Servers sitting at the edge of the core network. In this work, we propose an alternative distributed solution where the burden of packet loss repair is partially shifted to the peer IP set-top boxes. Through Peer-Assisted Repair (PAR) protocol, we demonstrate how the packet repairs can be delivered in a timely, reliable and decentralized manner using the combination of server-peer coordination and redundancy of repairs. We also show that this distributed protocol can be seamlessly integrated with an application-layer source-aware error protection mechanism called forward and retransmitted Systematic Lossy Error Protection (SLEP/SLEPr). Simulations show that this joint PARSLEP/ SLEPr framework not only effectively mitigates the bottleneck experienced by the Retransmission Servers, thus greatly enhancing the scalability of the system, but also efficiently improves the resistance to the impulse noise.

A Survey of Public Key Infrastructure-Based Security for Mobile Communication Systems

Directory of Open Access Journals (Sweden)

Mohammed Ramadan

2016-08-01

Full Text Available Mobile communication security techniques are employed to guard the communication between the network entities. Mobile communication cellular systems have become one of the most important communication systems in recent times and are used by millions of people around the world. Since the 1990s, considerable efforts have been taken to improve both the communication and security features of the mobile communications systems. However, these improvements divide the mobile communications field into different generations according to the communication and security techniques such as A3, A5 and A8 algorithms for 2G-GSM cellular system, 3G-authentication and key agreement (AKA, evolved packet system-authentication and key agreement (EPS-AKA, and long term evolution-authentication and key agreement (LTE-AKA algorithms for 3rd generation partnership project (3GPP systems. Furthermore, these generations have many vulnerabilities, and huge security work is involved to solve such problems. Some of them are in the field of the public key cryptography (PKC which requires a high computational cost and more network flexibility to be achieved. As such, the public key infrastructure (PKI is more compatible with the modern generations due to the superior communications features. This paper surveys the latest proposed works on the security of GSM, CDMA, and LTE cellular systems using PKI. Firstly, we present the security issues for each generation of mobile communication systems, then we study and analyze the latest proposed schemes and give some comparisons. Finally, we introduce some new directions for the future scope. This paper classifies the mobile communication security schemes according to the techniques used for each cellular system and covers some of the PKI-based security techniques such as authentication, key agreement, and privacy preserving.

Linear and non-linear video and TV applications using IPv6 and IPv6 multicast

CERN Document Server

Minoli, Daniel

2012-01-01

Provides options for implementing IPv6 and IPv6 multicast in service provider networks New technologies, viewing paradigms, and content distribution approaches are taking the TV/video services industry by storm. Linear and Nonlinear Video and TV Applications: Using IPv6 and IPv6 Multicast identifies five emerging trends in next-generation delivery of entertainment-quality video. These trends are observable and can be capitalized upon by progressive service providers, telcos, cable operators, and ISPs. This comprehensive guide explores these evolving directions in the TV/v

Lossless Multicast Handovers in Proxy Fast Mobile IPv6 Networks

NARCIS (Netherlands)

Meijerink, Berend Jan; Heijenk, Geert

2015-01-01

There is a demand in the Public Protection and Disaster Relief (PPDR) community for high bandwidth services on mobile devices. Group communication is an important aspect of PPDR networks. In IP based networks multicast is the preferred method to efficiently transmit data to more than one receiver

Tunable Photonic RF Generator for Dynamic Allocation and Multicast of 1.25 Gbps Channels in the 60 GHz Unlicensed Band

DEFF Research Database (Denmark)

Lebedev, Alexander; Pang, Xiaodan; Vegas Olmos, Juan José

2013-01-01

) or in the central office (CO). At the RN, we perform the replication of the original channel suitable for closely spaced multicast applications such as high definition (HD) video delivery where RN serves as a photonic radio frequency (RF) generator for both channel allocation and multicast. Experimental...

Unconditionally secure key distillation from multi-photons in a single-photon polarization based quantum key distribution

CERN Document Server

Tamaki, K

2005-01-01

In this presentation, we show some counter-examples to a naive belief that the security of QKD is based on no-cloning theorem. One example is shown by explicitly proving that one can indeed generate an unconditionally secure key from Alice's two-photon emission part in "SARG04 protocol" proposed by V. Scarani et al, in Phys. Rev. Lett. 92, 057901 (2004). This protocol differs from BB84 only in the classical communication. It is, thus, interesting to see how only the classical communication of QKD protocol might qualitatively change its security. We also show that one can generate an unconditionally secure key from the single to the four-photon part in a generalized SARG04 that uses six states. Finally, we also compare the bit error rate threshold of these protocols with the one in BB84 and the original six-state protocol assuming a depolarizing channel.

Device-independent quantum key distribution secure against collective attacks

International Nuclear Information System (INIS)

Pironio, Stefano; Gisin, Nicolas; AcIn, Antonio; Brunner, Nicolas; Massar, Serge; Scarani, Valerio

2009-01-01

Device-independent quantum key distribution (DIQKD) represents a relaxation of the security assumptions made in usual quantum key distribution (QKD). As in usual QKD, the security of DIQKD follows from the laws of quantum physics, but contrary to usual QKD, it does not rely on any assumptions about the internal working of the quantum devices used in the protocol. In this paper, we present in detail the security proof for a DIQKD protocol introduced in AcIn et al (2008 Phys. Rev. Lett. 98 230501). This proof exploits the full structure of quantum theory (as opposed to other proofs that exploit only the no-signaling principle), but only holds against collective attacks, where the eavesdropper is assumed to act on the quantum systems of the honest parties independently and identically in each round of the protocol (although she can act coherently on her systems at any time). The security of any DIQKD protocol necessarily relies on the violation of a Bell inequality. We discuss the issue of loopholes in Bell experiments in this context.

Efficient KDM-CCA Secure Public-Key Encryption via Auxiliary-Input Authenticated Encryption

Directory of Open Access Journals (Sweden)

Shuai Han

2017-01-01

Full Text Available KDM[F]-CCA security of public-key encryption (PKE ensures the privacy of key-dependent messages f(sk which are closely related to the secret key sk, where f∈F, even if the adversary is allowed to make decryption queries. In this paper, we study the design of KDM-CCA secure PKE. To this end, we develop a new primitive named Auxiliary-Input Authenticated Encryption (AIAE. For AIAE, we introduce two related-key attack (RKA security notions, including IND-RKA and weak-INT-RKA. We present a generic construction of AIAE from tag-based hash proof system (HPS and one-time secure authenticated encryption (AE and give an instantiation of AIAE under the Decisional Diffie-Hellman (DDH assumption. Using AIAE as an essential building block, we give two constructions of efficient KDM-CCA secure PKE based on the DDH and the Decisional Composite Residuosity (DCR assumptions. Specifically, (i our first PKE construction is the first one achieving KDM[Faff]-CCA security for the set of affine functions and compactness of ciphertexts simultaneously. (ii Our second PKE construction is the first one achieving KDM[Fpolyd]-CCA security for the set of polynomial functions and almost compactness of ciphertexts simultaneously. Our PKE constructions are very efficient; in particular, they are pairing-free and NIZK-free.

A Secure Key Establishment Protocol for ZigBee Wireless Sensor Networks

DEFF Research Database (Denmark)

Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

2009-01-01

ZigBee is a wireless sensor network standard that defines network and application layers on top of IEEE 802.15.4’s physical and medium access control layers. In the latest version of ZigBee, enhancements are prescribed for the security sublayer but we show in this paper that problems persist....... In particular we show that the End-to-End Application Key Establishment Protocol is flawed and we propose a secure protocol instead. We do so by using formal verification techniques based on static program analysis and process algebras. We present a way of using formal methods in wireless network security......, and propose a secure key establishment protocol for ZigBee networks....

Semi-device-independent security of one-way quantum key distribution

OpenAIRE

Pawlowski, Marcin; Brunner, Nicolas

2011-01-01

By testing nonlocality, the security of entanglement-based quantum key distribution (QKD) can be enhanced to being 'device-independent'. Here we ask whether such a strong form of security could also be established for one-way (prepare and measure) QKD. While fully device-independent security is impossible, we show that security can be guaranteed against individual attacks in a semi-device-independent scenario. In the latter, the devices used by the trusted parties are non-characterized, but t...

Energy-Efficient Resource and Power Allocation for Underlay Multicast Device-to-Device Transmission

Directory of Open Access Journals (Sweden)

Fan Jiang

2017-11-01

Full Text Available In this paper, we present an energy-efficient resource allocation and power control scheme for D2D (Device-to-Device multicasting transmission. The objective is to maximize the overall energy-efficiency of D2D multicast clusters through effective resource allocation and power control schemes, while considering the quality of service (QoS requirements of both cellular users (CUs and D2D clusters. We first build the optimization model and a heuristic resource and power allocation algorithm is then proposed to solve the energy-efficiency problem with less computational complexity. Numerical results indicate that the proposed algorithm outperforms existing schemes in terms of throughput per energy consumption.

Security of public key encryption technique based on multiple chaotic systems

International Nuclear Information System (INIS)

Wang Kai; Pei Wenjiang; Zou Liuhua; Cheung Yiuming; He Zhenya

2006-01-01

Recently, a new public key encryption technique based on multiple chaotic systems has been proposed [B. Ranjan, Phys. Rev. Lett. 95 (2005) 098702]. This scheme employs m-chaotic systems and a set of linear functions for key exchange over an insecure channel. Security of the proposed algorithm grows as (NP) m , where N, P are the size of the key and the computational complexity of the linear functions respectively. In this Letter, the fundamental weakness of the cryptosystem is pointed out and a successful attack is described. Given the public keys and the initial vector, one can calculate the secret key based on Parseval's theorem. Both theoretical and experimental results show that the attacker can access to the secret key without difficulty. The lack of security discourages the use of such algorithm for practical applications

Efficient and Security Enhanced Anonymous Authentication with Key Agreement Scheme in Wireless Sensor Networks.

Science.gov (United States)

Jung, Jaewook; Moon, Jongho; Lee, Donghoon; Won, Dongho

2017-03-21

At present, users can utilize an authenticated key agreement protocol in a Wireless Sensor Network (WSN) to securely obtain desired information, and numerous studies have investigated authentication techniques to construct efficient, robust WSNs. Chang et al. recently presented an authenticated key agreement mechanism for WSNs and claimed that their authentication mechanism can both prevent various types of attacks, as well as preserve security properties. However, we have discovered that Chang et al's method possesses some security weaknesses. First, their mechanism cannot guarantee protection against a password guessing attack, user impersonation attack or session key compromise. Second, the mechanism results in a high load on the gateway node because the gateway node should always maintain the verifier tables. Third, there is no session key verification process in the authentication phase. To this end, we describe how the previously-stated weaknesses occur and propose a security-enhanced version for WSNs. We present a detailed analysis of the security and performance of our authenticated key agreement mechanism, which not only enhances security compared to that of related schemes, but also takes efficiency into consideration.

Social-Aware Relay Selection for Cooperative Multicast Device-to-Device Communications

Directory of Open Access Journals (Sweden)

Francesco Chiti

2017-12-01

Full Text Available The increasing use of social networks such as Facebook, Twitter, and Instagram to share photos, video streaming, and music among friends has generated a huge increase in the amount of data traffic over wireless networks. This social behavior has triggered new communication paradigms such as device-to-device (D2D and relaying communication schemes, which are both considered as strong drivers for the next fifth-generation (5G cellular systems. Recently, the social-aware layer and its relationship to and influence on the physical communications layer have gained great attention as emerging focus points. We focus here on the case of relaying communications to pursue the multicast data dissemination to a group of users forming a social community through a relay node, according to the extension of the D2D mode to the case of device-to-many devices. Moreover, in our case, the source selects the device to act as the relay among different users of the multicast group by taking into account both the propagation link conditions and the relay social-trust level with the constraint of minimizing the end-to-end content delivery delay. An optimization procedure is also proposed in order to achieve the best performance. Finally, numerical results are provided to highlight the advantages of considering the impact of social level on the end-to-end delivery delay in the integrated social–physical network in comparison with the classical relay-assisted multicast communications for which the relay social-trust level is not considered.

Blockchain-based Public Key Infrastructure for Inter-Domain Secure Routing

OpenAIRE

de la Rocha Gómez-Arevalillo , Alfonso; Papadimitratos , Panos

2017-01-01

International audience; A gamut of secure inter-domain routing protocols has been proposed in the literature. They use traditional PGP-like and centralized Public Key Infrastructures for trust management. In this paper, we propose our alternative approach for managing security associations, Secure Blockchain Trust Management (SBTM), a trust management system that instantiates a blockchain-based PKI for the operation of securerouting protocols. A main motivation for SBTM is to facilitate gradu...

An Economic Case for End System Multicast

Science.gov (United States)

Analoui, Morteza; Rezvani, Mohammad Hossein

This paper presents a non-strategic model for the end-system multicast networks based on the concept of replica exchange economy. We believe that microeconomics is a good candidate to investigate the problem of selfishness of the end-users (peers) in order to maximize the aggregate throughput. In this solution concept, the decisions that a peer might make, does not affect the actions of the other peers at all. The proposed mechanism tunes the price of the service in such a way that general equilibrium holds.

Ruteo multicast mediante algoritmos genéticos

OpenAIRE

Klenzi, Raúl O.; Sánchez Tores, Héctor A.; Ortega, Manuel Oscar; Naranjo, Viviana; Espósito, Gabriela

2000-01-01

Los sistemas o redes de comunicación construidos teniendo en cuenta el modelo de referencia OSI (Open Systems lnterconection) o la arquitectura de Internet, fueron diseñados para soportar servicios o comunicaciones punto a punto, donde la información fluye entre dos usuarios únicamente. Uno de los tópicos en el cual las redes de computadoras actuales están poniendo mucho énfasis, proviene de las aplicaciones multicast o de grupo. Estas involucran más de dos usuarios (estos usuarios definen...

Simple security proof of quantum key distribution based on complementarity

International Nuclear Information System (INIS)

Koashi, M

2009-01-01

We present an approach to the unconditional security of quantum key distribution protocols based on a complementarity argument. The approach is applicable to, but not limited to, every case that has been treated via the argument by Shor and Preskill based on entanglement distillation, with a benefit of decoupling of the error correction from the privacy amplification. It can also treat cases with uncharacterized apparatuses. We derive a secure key rate for the Bennett-Brassard-1984 protocol with an arbitrary source characterized only by a single parameter representing the basis dependence.

Multi-party quantum key agreement protocol secure against collusion attacks

Science.gov (United States)

Wang, Ping; Sun, Zhiwei; Sun, Xiaoqiang

2017-07-01

The fairness of a secure multi-party quantum key agreement (MQKA) protocol requires that all involved parties are entirely peer entities and can equally influence the outcome of the protocol to establish a shared key wherein no one can decide the shared key alone. However, it is found that parts of the existing MQKA protocols are sensitive to collusion attacks, i.e., some of the dishonest participants can collaborate to predetermine the final key without being detected. In this paper, a multi-party QKA protocol resisting collusion attacks is proposed. Different from previous QKA protocol resisting N-1 coconspirators or resisting 1 coconspirators, we investigate the general circle-type MQKA protocol which can be secure against t dishonest participants' cooperation. Here, t < N. We hope the results of the presented paper will be helpful for further research on fair MQKA protocols.

Device calibration impacts security of quantum key distribution.

Science.gov (United States)

Jain, Nitin; Wittmann, Christoffer; Lydersen, Lars; Wiechers, Carlos; Elser, Dominique; Marquardt, Christoph; Makarov, Vadim; Leuchs, Gerd

2011-09-09

Characterizing the physical channel and calibrating the cryptosystem hardware are prerequisites for establishing a quantum channel for quantum key distribution (QKD). Moreover, an inappropriately implemented calibration routine can open a fatal security loophole. We propose and experimentally demonstrate a method to induce a large temporal detector efficiency mismatch in a commercial QKD system by deceiving a channel length calibration routine. We then devise an optimal and realistic strategy using faked states to break the security of the cryptosystem. A fix for this loophole is also suggested.

Information security system based on virtual-optics imaging methodology and public key infrastructure

Science.gov (United States)

Peng, Xiang; Zhang, Peng; Cai, Lilong

In this paper, we present a virtual-optical based information security system model with the aid of public-key-infrastructure (PKI) techniques. The proposed model employs a hybrid architecture in which our previously published encryption algorithm based on virtual-optics imaging methodology (VOIM) can be used to encipher and decipher data while an asymmetric algorithm, for example RSA, is applied for enciphering and deciphering the session key(s). For an asymmetric system, given an encryption key, it is computationally infeasible to determine the decryption key and vice versa. The whole information security model is run under the framework of PKI, which is on basis of public-key cryptography and digital signatures. This PKI-based VOIM security approach has additional features like confidentiality, authentication, and integrity for the purpose of data encryption under the environment of network.

Securing quantum key distribution systems using fewer states

Science.gov (United States)

Islam, Nurul T.; Lim, Charles Ci Wen; Cahall, Clinton; Kim, Jungsang; Gauthier, Daniel J.

2018-04-01

Quantum key distribution (QKD) allows two remote users to establish a secret key in the presence of an eavesdropper. The users share quantum states prepared in two mutually unbiased bases: one to generate the key while the other monitors the presence of the eavesdropper. Here, we show that a general d -dimension QKD system can be secured by transmitting only a subset of the monitoring states. In particular, we find that there is no loss in the secure key rate when dropping one of the monitoring states. Furthermore, it is possible to use only a single monitoring state if the quantum bit error rates are low enough. We apply our formalism to an experimental d =4 time-phase QKD system, where only one monitoring state is transmitted, and obtain a secret key rate of 17.4 ±2.8 Mbits/s at a 4 dB channel loss and with a quantum bit error rate of 0.045 ±0.001 and 0.037 ±0.001 in time and phase bases, respectively, which is 58.4% of the secret key rate that can be achieved with the full setup. This ratio can be increased, potentially up to 100%, if the error rates in time and phase basis are reduced. Our results demonstrate that it is possible to substantially simplify the design of high-dimensional QKD systems, including those that use the spatial or temporal degrees of freedom of the photon, and still outperform qubit-based (d =2 ) protocols.

Semi-device-independent security of one-way quantum key distribution

International Nuclear Information System (INIS)

Pawlowski, Marcin; Brunner, Nicolas

2011-01-01

By testing nonlocality, the security of entanglement-based quantum key distribution (QKD) can be enhanced to being ''device-independent.'' Here we ask whether such a strong form of security could also be established for one-way (prepare and measure) QKD. While fully device-independent security is impossible, we show that security can be guaranteed against individual attacks in a semi-device-independent scenario. In the latter, the devices used by the trusted parties are noncharacterized, but the dimensionality of the quantum systems used in the protocol is assumed to be bounded. Our security proof relies on the analogies between one-way QKD, dimension witnesses, and random-access codes.

Almost optimal distributed M2M multicasting in wireless mesh networks

DEFF Research Database (Denmark)

Xin, Qin; Manne, Fredrik; Zhang, Yan

2012-01-01

Wireless Mesh Networking (WMN) is an emerging communication paradigm to enable resilient, cost-efficient and reliable services for the future-generation wireless networks. In this paper, we study the problem of multipoint-to- multipoint (M2M) multicasting in a WMN which aims to use the minimum nu...

Security of Color Image Data Designed by Public-Key Cryptosystem Associated with 2D-DWT

Science.gov (United States)

Mishra, D. C.; Sharma, R. K.; Kumar, Manish; Kumar, Kuldeep

2014-08-01

In present times the security of image data is a major issue. So, we have proposed a novel technique for security of color image data by public-key cryptosystem or asymmetric cryptosystem. In this technique, we have developed security of color image data using RSA (Rivest-Shamir-Adleman) cryptosystem with two-dimensional discrete wavelet transform (2D-DWT). Earlier proposed schemes for security of color images designed on the basis of keys, but this approach provides security of color images with the help of keys and correct arrangement of RSA parameters. If the attacker knows about exact keys, but has no information of exact arrangement of RSA parameters, then the original information cannot be recovered from the encrypted data. Computer simulation based on standard example is critically examining the behavior of the proposed technique. Security analysis and a detailed comparison between earlier developed schemes for security of color images and proposed technique are also mentioned for the robustness of the cryptosystem.

Optimal Caching in Multicast 5G Networks with Opportunistic Spectrum Access

KAUST Repository

Emara, Mostafa

2018-01-15

Cache-enabled small base station (SBS) densification is foreseen as a key component of 5G cellular networks. This architecture enables storing popular files at the network edge (i.e., SBS caches), which empowers local communication and alleviates traffic congestions at the core/backhaul network. This paper develops a mathematical framework, based on stochastic geometry, to characterize the hit probability of a cache-enabled multicast 5G network with SBS multi-channel capabilities and opportunistic spectrum access. To this end, we first derive the hit probability by characterizing opportunistic spectrum access success probabilities, service distance distributions, and coverage probabilities. The optimal caching distribution to maximize the hit probability is then computed. The performance and trade-offs of the derived optimal caching distributions are then assessed and compared with two widely employed caching distribution schemes, namely uniform and Zipf caching, through numerical results and extensive simulations. It is shown that the Zipf caching almost optimal only in scenarios with large number of available channels and large cache sizes.

Remote software upload techniques in future vehicles and their performance analysis

Science.gov (United States)

Hossain, Irina

Updating software in vehicle Electronic Control Units (ECUs) will become a mandatory requirement for a variety of reasons, for examples, to update/fix functionality of an existing system, add new functionality, remove software bugs and to cope up with ITS infrastructure. Software modules of advanced vehicles can be updated using Remote Software Upload (RSU) technique. The RSU employs infrastructure-based wireless communication technique where the software supplier sends the software to the targeted vehicle via a roadside Base Station (BS). However, security is critically important in RSU to avoid any disasters due to malfunctions of the vehicle or to protect the proprietary algorithms from hackers, competitors or people with malicious intent. In this thesis, a mechanism of secure software upload in advanced vehicles is presented which employs mutual authentication of the software provider and the vehicle using a pre-shared authentication key before sending the software. The software packets are sent encrypted with a secret key along with the Message Digest (MD). In order to increase the security level, it is proposed the vehicle to receive more than one copy of the software along with the MD in each copy. The vehicle will install the new software only when it receives more than one identical copies of the software. In order to validate the proposition, analytical expressions of average number of packet transmissions for successful software update is determined. Different cases are investigated depending on the vehicle's buffer size and verification methods. The analytical and simulation results show that it is sufficient to send two copies of the software to the vehicle to thwart any security attack while uploading the software. The above mentioned unicast method for RSU is suitable when software needs to be uploaded to a single vehicle. Since multicasting is the most efficient method of group communication, updating software in an ECU of a large number of vehicles

Study on the security of discrete-variable quantum key distribution over non-Markovian channels

International Nuclear Information System (INIS)

Huang Peng; Zhu Jun; He Guangqiang; Zeng Guihua

2012-01-01

The dynamic of the secret key rate of the discrete-variable quantum key distribution (QKD) protocol over the non-Markovian quantum channel is investigated. In particular, we calculate the secret key rate for the six-state protocol over non-Markovian depolarizing channels with coloured noise and Markovian depolarizing channels with Gaussian white noise, respectively. We find that the secure secret key rate for the non-Markovian depolarizing channel will be larger than the Markovian one under the same conditions even when their upper bounds of tolerable quantum bit error rate are equal. This indicates that this coloured noise in the non-Markovian depolarizing channel can enhance the security of communication. Moreover, we show that the secret key rate fluctuates near the secure point when the coupling strength of the system with the environment is high. The results demonstrate that the non-Markovian effects of the transmission channel can have a positive impact on the security of discrete-variable QKD. (paper)

Understanding security failures of two authentication and key agreement schemes for telecare medicine information systems.

Science.gov (United States)

Mishra, Dheerendra

2015-03-01

Smart card based authentication and key agreement schemes for telecare medicine information systems (TMIS) enable doctors, nurses, patients and health visitors to use smart cards for secure login to medical information systems. In recent years, several authentication and key agreement schemes have been proposed to present secure and efficient solution for TMIS. Most of the existing authentication schemes for TMIS have either higher computation overhead or are vulnerable to attacks. To reduce the computational overhead and enhance the security, Lee recently proposed an authentication and key agreement scheme using chaotic maps for TMIS. Xu et al. also proposed a password based authentication and key agreement scheme for TMIS using elliptic curve cryptography. Both the schemes provide better efficiency from the conventional public key cryptography based schemes. These schemes are important as they present an efficient solution for TMIS. We analyze the security of both Lee's scheme and Xu et al.'s schemes. Unfortunately, we identify that both the schemes are vulnerable to denial of service attack. To understand the security failures of these cryptographic schemes which are the key of patching existing schemes and designing future schemes, we demonstrate the security loopholes of Lee's scheme and Xu et al.'s scheme in this paper.

Comparative study of key exchange and authentication methods in application, transport and network level security mechanisms

Science.gov (United States)

Fathirad, Iraj; Devlin, John; Jiang, Frank

2012-09-01

The key-exchange and authentication are two crucial elements of any network security mechanism. IPsec, SSL/TLS, PGP and S/MIME are well-known security approaches in providing security service to network, transport and application layers; these protocols use different methods (based on their requirements) to establish keying materials and authenticates key-negotiation and participated parties. This paper studies and compares the authenticated key negotiation methods in mentioned protocols.

A Novel Re-keying Function Protocol (NRFP For Wireless Sensor Network Security

Directory of Open Access Journals (Sweden)

Naif Alsharabi

2008-12-01

Full Text Available This paper describes a novel re-keying function protocol (NRFP for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs, covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding in-network processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks.

A Novel Re-keying Function Protocol (NRFP) For Wireless Sensor Network Security

Science.gov (United States)

Abdullah, Maan Younis; Hua, Gui Wei; Alsharabi, Naif

2008-01-01

This paper describes a novel re-keying function protocol (NRFP) for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs), covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding innetwork processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks. PMID:27873963

A Novel Re-keying Function Protocol (NRFP) For Wireless Sensor Network Security.

Science.gov (United States)

Abdullah, Maan Younis; Hua, Gui Wei; Alsharabi, Naif

2008-12-04

This paper describes a novel re-keying function protocol (NRFP) for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs), covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding in-network processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks.

Wireless Physical Layer Security: On the Performance Limit of Secret-Key Agreement

KAUST Repository

Zorgui, Marwen

2015-05-01

Physical layer security (PLS) is a new paradigm aiming at securing communications between legitimate parties at the physical layer. Conventionally, achieving confidentiality in communication networks relies on cryptographic techniques such as public-key cryptography, secret-key distribution and symmetric encryption. Such techniques are deemed secure based on the assumption of limited computational abilities of a wiretapper. Given the relentless progress in computational capacities and the dynamic topology and proliferation of modern wireless networks, the relevance of the previous techniques in securing communications is more and more questionable and less and less reliable. In contrast to this paradigm, PLS does not assume a specific computational power at any eavesdropper, its premise to guarantee provable security via employing channel coding techniques at the physical layer exploiting the inherent randomness in most communication systems. In this dissertation, we investigate a particular aspect of PLS, which is secret-key agreement, also known as secret-sharing. In this setup, two legitimate parties try to distill a secret-key via the observation of correlated signals through a noisy wireless channel, in the presence of an eavesdropper who must be kept ignorant of the secret-key. Additionally, a noiseless public channel is made available to the legitimate parties to exchange public messages that are also accessible to the eavesdropper. Recall that key agreement is an important aspect toward realizing secure communications in the sense that the key can be used in a one-time pad scheme to send the confidential message. In the first part, our focus is on secret-sharing over Rayleigh fading quasi-static channels. We study the fundamental relationship relating the probability of error and a given target secret-key rate in the high power regime. This is characterized through the diversity multiplexing tradeoff (DMT) concept, that we define for our model and then

A General Construction of IND-CCA2 Secure Public Key Encryption

DEFF Research Database (Denmark)

Kiltz, Eike; Malone-Lee, John

2003-01-01

We propose a general construction for public key encryption schemes that are IND-CCA2 secure in the random oracle model. We show that the scheme proposed in [1, 2] fits our general framework and moreover that our method of analysis leads to a more efficient security reduction....

Evaluación de ancho de banda en transmisiones multicast sparse mode implementadas en redes IPV6

OpenAIRE

Pineda Ancco, Ferdinand; Directora Asociada de Investigación, Universidad Peruana Unión. Lima; Cruz de la Cruz, José; Mamani Pari, David

2017-01-01

En el trabajo de investigación se describió el diseño e implementación del protocolo multicast de tipo Sparsemode con el objetivo de mejorar el tráfico de datos en redes que transporten información unidireccional. Eldiseño se realiza sobre una red que implementa IPV6 como protocolo de capa 3 del modelo de referencia OSI.Para validar el método, la evaluación del tráfico se realizó analizando el ancho de banda, retardos y cantidad debits enviados por el protocolo multicast Sparse mode cursado e...

Joint NC-ARQ and AMC for QoS-Guaranteed Mobile Multicast

DEFF Research Database (Denmark)

Toftegaard, Thomas Skjødeberg; Wang, Haibo; Schwefel, Hans-Peter

2010-01-01

the scalability problem of applying ARQ in multicast. Then we propose two joint NC-ARQ-AMC schemes, namely, the Average PER-based AMC (AvgPER-AMC) with Opt-ARQ and AvgPER-AMC with SubOpt-ARQ in a cross-layer design framework to maximize the average spectral efficiency per receiver under specific QoS constraints...

4 × 10 Gb s−1 wavelength multicasting with tunable NRZ-to-RZ format conversion using nonlinear polarization rotation in an SOA

International Nuclear Information System (INIS)

Liu, S; Fu, S; Tang, M; Shum, P; Liu, D

2013-01-01

We experimentally demonstrate simultaneous 4 × 10 Gb s −1 all-optical wavelength multicasting and non-return-to-zero (NRZ)-on-off-keying (OOK) to return-to-zero (RZ)-OOK format conversion with a tunable duty cycle using nonlinear polarization rotation in a semiconductor optical amplifier (SOA). The experimental results show that the duty cycle of four converted RZ-OOK signals can be tuned by adjusting the orientation of a polarizer placed at the SOA output. Four-channel NRZ-OOK-to-RZ-OOK conversion with a full width at half maximum of 33–67 ps can be simultaneously obtained with an extinction ratio over 10 dB. Moreover, it is experimentally verified that such a wavelength multicasting scheme with simultaneous NRZ-OOK-to-RZ-OOK conversion is insensitive to the wavelength of the input signal, indicating that such a scheme can be operated in the whole C-band with less than 0.18 dB power penalty at a bit error ratio level of 10 −9 . The device can facilitate the cross-connection between optical transmission networks employing different modulation formats. (paper)

Specification and Design of a Fault Recovery Model for the Reliable Multicast Protocol

Science.gov (United States)

Montgomery, Todd; Callahan, John R.; Whetten, Brian

1996-01-01

The Reliable Multicast Protocol (RMP) provides a unique, group-based model for distributed programs that need to handle reconfiguration events at the application layer. This model, called membership views, provides an abstraction in which events such as site failures, network partitions, and normal join-leave events are viewed as group reformations. RMP provides access to this model through an application programming interface (API) that notifies an application when a group is reformed as the result of a some event. RMP provides applications with reliable delivery of messages using an underlying IP Multicast media to other group members in a distributed environment even in the case of reformations. A distributed application can use various Quality of Service (QoS) levels provided by RMP to tolerate group reformations. This paper explores the implementation details of the mechanisms in RMP that provide distributed applications with membership view information and fault recovery capabilities.

Corrections to "Connectivity-Based Reliable Multicast MAC Protocol for IEEE 802.11 Wireless LANs"

Directory of Open Access Journals (Sweden)

Choi Woo-Yong

2010-01-01

Full Text Available We have found the errors in the throughput formulae presented in our paper "Connectivity-based reliable multicast MAC protocol for IEEE 802.11 wireless LANs". We provide the corrected formulae and numerical results.

Password-only authenticated three-party key exchange with provable security in the standard model.

Science.gov (United States)

Nam, Junghyun; Choo, Kim-Kwang Raymond; Kim, Junghwan; Kang, Hyun-Kyu; Kim, Jinsoo; Paik, Juryon; Won, Dongho

2014-01-01

Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model

Directory of Open Access Journals (Sweden)

Junghyun Nam

2014-01-01

Full Text Available Protocols for password-only authenticated key exchange (PAKE in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000, which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

An Efficient and Secure Arbitrary N-Party Quantum Key Agreement Protocol Using Bell States

Science.gov (United States)

Liu, Wen-Jie; Xu, Yong; Yang, Ching-Nung; Gao, Pei-Pei; Yu, Wen-Bin

2018-01-01

Two quantum key agreement protocols using Bell states and Bell measurement were recently proposed by Shukla et al. (Quantum Inf. Process. 13(11), 2391-2405, 2014). However, Zhu et al. pointed out that there are some security flaws and proposed an improved version (Quantum Inf. Process. 14(11), 4245-4254, 2015). In this study, we will show Zhu et al.'s improvement still exists some security problems, and its efficiency is not high enough. For solving these problems, we utilize four Pauli operations { I, Z, X, Y} to encode two bits instead of the original two operations { I, X} to encode one bit, and then propose an efficient and secure arbitrary N-party quantum key agreement protocol. In the protocol, the channel checking with decoy single photons is introduced to avoid the eavesdropper's flip attack, and a post-measurement mechanism is used to prevent against the collusion attack. The security analysis shows the present protocol can guarantee the correctness, security, privacy and fairness of quantum key agreement.

Strategies for Overcoming Key Barriers to Development of a National Security Workforce

Energy Technology Data Exchange (ETDEWEB)

None

2008-06-30

This report documents the strategies for overcoming identified key barriers to development of an adequate national security workforce as part of the National Security Preparedness Project (NSPP) being performed under a Department of Energy (DOE) National Nuclear Security Administration (NNSA) grant. Many barriers currently exist that prevent the development of an adequate number of properly trained national security personnel. The identified strategies to address the barriers will focus on both short-term and long-term efforts, as well as strategies to capture legacy knowledge of retiring national security workforce personnel.

Identifying Regional Key Eco-Space to Maintain Ecological Security Using GIS

Directory of Open Access Journals (Sweden)

Hualin Xie

2014-02-01

Full Text Available Ecological security and environmental sustainability are the foundations of sustainable development. With the acceleration of urbanization, increasing human activities have promoted greater impacts on the eco-spaces that maintain ecological security. Regional key eco-space has become the primary need to maintain environmental sustainability and can offer society with continued ecosystem services. In this paper, considering the security of water resources, biodiversity conservation, disaster avoidance and protection and natural recreation, an integrated index of eco-space importance was established and a method for identifying key eco-space was created using GIS, with Lanzhou City, China as a case study. The results show that the area of core eco-space in the Lanzhou City is approximately 50,908.7 hm2, accounting for 40% of the region’s total area. These areas mainly consist of geological hazard protection zones and the core zones of regional river systems, wetlands, nature reserves, forest parks and scenic spots. The results of this study provide some guidance for the management of ecological security, ecological restoration and environmental sustainability.

Key-Insulated Undetachable Digital Signature Scheme and Solution for Secure Mobile Agents in Electronic Commerce

Directory of Open Access Journals (Sweden)

Yang Shi

2016-01-01

Full Text Available Considering the security of both the customers’ hosts and the eShops’ servers, we introduce the idea of a key-insulated undetachable digital signature, enabling mobile agents to generate undetachable digital signatures on remote hosts with the key-insulated property of the original signer’s signing key. From the theoretical perspective, we provide the formal definition and security notion of a key-insulated undetachable digital signature. From the practical perspective, we propose a concrete scheme to secure mobile agents in electronic commerce. The scheme is mainly focused on protecting the signing key from leakage and preventing the misuse of the signature algorithm on malicious servers. Agents do not carry the signing key when they generate digital signatures on behalf of the original signer, so the key is protected on remote servers. Furthermore, if a hacker gains the signing key of the original signer, the hacker is still unable to forge a signature for any time period other than the key being accessed. In addition, the encrypted function is combined with the original signer’s requirement to prevent the misuse of signing algorithm. The scheme is constructed on gap Diffie–Hellman groups with provable security, and the performance testing indicates that the scheme is efficient.

Network coding for multi-resolution multicast

DEFF Research Database (Denmark)

2013-01-01

A method, apparatus and computer program product for utilizing network coding for multi-resolution multicast is presented. A network source partitions source content into a base layer and one or more refinement layers. The network source receives a respective one or more push-back messages from one...... or more network destination receivers, the push-back messages identifying the one or more refinement layers suited for each one of the one or more network destination receivers. The network source computes a network code involving the base layer and the one or more refinement layers for at least one...... of the one or more network destination receivers, and transmits the network code to the one or more network destination receivers in accordance with the push-back messages....

Semi-quantum communication: protocols for key agreement, controlled secure direct communication and dialogue

Science.gov (United States)

Shukla, Chitra; Thapliyal, Kishore; Pathak, Anirban

2017-12-01

Semi-quantum protocols that allow some of the users to remain classical are proposed for a large class of problems associated with secure communication and secure multiparty computation. Specifically, first-time semi-quantum protocols are proposed for key agreement, controlled deterministic secure communication and dialogue, and it is shown that the semi-quantum protocols for controlled deterministic secure communication and dialogue can be reduced to semi-quantum protocols for e-commerce and private comparison (socialist millionaire problem), respectively. Complementing with the earlier proposed semi-quantum schemes for key distribution, secret sharing and deterministic secure communication, set of schemes proposed here and subsequent discussions have established that almost every secure communication and computation tasks that can be performed using fully quantum protocols can also be performed in semi-quantum manner. Some of the proposed schemes are completely orthogonal-state-based, and thus, fundamentally different from the existing semi-quantum schemes that are conjugate coding-based. Security, efficiency and applicability of the proposed schemes have been discussed with appropriate importance.

A Low-Complexity Subgroup Formation with QoS-Aware for Enhancing Multicast Services in LTE Networks

Science.gov (United States)

Algharem, M.; Omar, M. H.; Rahmat, R. F.; Budiarto, R.

2018-03-01

The high demand of Multimedia services on in Long Term Evolution (LTE) and beyond networks forces the networks operators to find a solution that can handle the huge traffic. Along with this, subgroup formation techniques are introduced to overcome the limitations of the Conventional Multicast Scheme (CMS) by splitting the multicast users into several subgroups based on the users’ channels quality signal. However, finding the best subgroup configuration with low complexity is need more investigations. In this paper, an efficient and simple subgroup formation mechanisms are proposed. The proposed mechanisms take the transmitter MAC queue in account. The effectiveness of the proposed mechanisms is evaluated and compared with CMS in terms of throughput, fairness, delay, Block Error Rate (BLER).

Secure Trust Based Key Management Routing Framework for Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Jugminder Kaur

2016-01-01

Full Text Available Security is always a major concern in wireless sensor networks (WSNs. Several trust based routing protocols are designed that play an important role in enhancing the performance of a wireless network. However they still have some disadvantages like limited energy resources, susceptibility to physical capture, and little protection against various attacks due to insecure wireless communication channels. This paper presents a secure trust based key management (STKF routing framework that establishes a secure trustworthy route depending upon the present and past node to node interactions. This route is then updated by isolating the malicious or compromised nodes from the route, if any, and a dedicated link is created between every pair of nodes in the selected route with the help of “q” composite random key predistribution scheme (RKPS to ensure data delivery from source to destination. The performance of trust aware secure routing framework (TSRF is compared with the proposed routing scheme. The results indicate that STKF provides an effective mechanism for finding out a secure route with better trustworthiness than TSRF which avoids the data dropping, thereby increasing the data delivery ratio. Also the distance required to reach the destination in the proposed protocol is less hence effectively utilizing the resources.

Multi-Objective Resource Allocation Scheme for D2D Multicast with QoS Guarantees in Cellular Networks

Directory of Open Access Journals (Sweden)

Fangmin Li

2016-09-01

Full Text Available Device-to-device (D2D multicast communication can greatly improve the spectrum utilization in a content delivery scenario. However, the co-channel interference and power consumption brought by D2D bring new challenges. All the D2D multicast groups expect to achieve a higher system capacity with less extra energy cost. In this paper, we investigate the uplink resource allocation issue when D2D multicast groups share the resources with other cellular uses (CUs, while guaranteeing a certain level of quality of service (QoS to CUs and D2D users. Firstly we address a flexible tradeoff framework in which the system power consumption and the system capacity (i.e., the number of admitted D2D links are assigned with different weight factors so that these two objectives are jointly considered. Then we propose an efficient resource optimization scheme, which comprises sub-channel allocation and signal-to-interference- plus-noise ratio (SINR assignment. Numerical results validate the effectiveness of the proposed framework, and demonstrate the advantages in dealing with the proposed multi-objective optimization problem.

Optimizing Energy and Modulation Selection in Multi-Resolution Modulation For Wireless Video Broadcast/Multicast

KAUST Repository

She, James

2009-11-01

Emerging technologies in Broadband Wireless Access (BWA) networks and video coding have enabled high-quality wireless video broadcast/multicast services in metropolitan areas. Joint source-channel coded wireless transmission, especially using hierarchical/superposition coded modulation at the channel, is recognized as an effective and scalable approach to increase the system scalability while tackling the multi-user channel diversity problem. The power allocation and modulation selection problem, however, is subject to a high computational complexity due to the nonlinear formulation and huge solution space. This paper introduces a dynamic programming framework with conditioned parsing, which significantly reduces the search space. The optimized result is further verified with experiments using real video content. The proposed approach effectively serves as a generalized and practical optimization framework that can gauge and optimize a scalable wireless video broadcast/multicast based on multi-resolution modulation in any BWA network.

Optimizing Energy and Modulation Selection in Multi-Resolution Modulation For Wireless Video Broadcast/Multicast

KAUST Repository

She, James; Ho, Pin-Han; Shihada, Basem

2009-01-01

Emerging technologies in Broadband Wireless Access (BWA) networks and video coding have enabled high-quality wireless video broadcast/multicast services in metropolitan areas. Joint source-channel coded wireless transmission, especially using hierarchical/superposition coded modulation at the channel, is recognized as an effective and scalable approach to increase the system scalability while tackling the multi-user channel diversity problem. The power allocation and modulation selection problem, however, is subject to a high computational complexity due to the nonlinear formulation and huge solution space. This paper introduces a dynamic programming framework with conditioned parsing, which significantly reduces the search space. The optimized result is further verified with experiments using real video content. The proposed approach effectively serves as a generalized and practical optimization framework that can gauge and optimize a scalable wireless video broadcast/multicast based on multi-resolution modulation in any BWA network.

Resource management in energy-limited, bandwidth-limited, transceiver-limited wireless networks for session-based multicasting

National Research Council Canada - National Science Library

Wieselthier, Jeffrey E; Nguyen, Gam D; Ephremides, Anthony

2001-01-01

In this paper we consider source-initiated multicast session traffic in an ad hoc wireless network, operating under hard constraints on the available transmission energy as well as on bandwidth and transceiver resources...

Information Security Governanceas as Key Performance Indicator for Financial Institutions

OpenAIRE

Krjukovs, D; Strauss, R

2009-01-01

Due to their nature financial institutions and their performance are in constant focus of attention from different stakeholder groups. These groups according to their functions and interests are implementing different sets of key performance indicators for financial institution performance assessment. In the proposed paper authors present a hypothesis of information security governance being a financial institution key performance indicator. Authors provide high level overview of ...

Information-theoretic security proof for quantum-key-distribution protocols

International Nuclear Information System (INIS)

Renner, Renato; Gisin, Nicolas; Kraus, Barbara

2005-01-01

We present a technique for proving the security of quantum-key-distribution (QKD) protocols. It is based on direct information-theoretic arguments and thus also applies if no equivalent entanglement purification scheme can be found. Using this technique, we investigate a general class of QKD protocols with one-way classical post-processing. We show that, in order to analyze the full security of these protocols, it suffices to consider collective attacks. Indeed, we give new lower and upper bounds on the secret-key rate which only involve entropies of two-qubit density operators and which are thus easy to compute. As an illustration of our results, we analyze the Bennett-Brassard 1984, the six-state, and the Bennett 1992 protocols with one-way error correction and privacy amplification. Surprisingly, the performance of these protocols is increased if one of the parties adds noise to the measurement data before the error correction. In particular, this additional noise makes the protocols more robust against noise in the quantum channel

Security by quantum key distribution and IPSEC (SEQKEIP): feasibility

International Nuclear Information System (INIS)

Sfaxi, M.A.; Ghernaouti-Helie, S.; Ribordy, G; Gay, O.

2005-01-01

Full text: Classical cryptography algorithms are based on mathematical functions. The robustness of a given cryptosystem is based essentially on the secrecy of its (private) key and the difficulty with which the inverse of its one-way function(s) can be calculated. Unfortunately, there is no mathematical proof that will establish whether it is not possible to find the inverse of a given one-way function. On the contrary, quantum cryptography is a method for sharing secret keys, whose security can be formally demonstrated. It is based on the laws of physics. The possible applications of quantum cryptography are mainly linked to telecommunication services that require very high level of security. Quantum cryptography could be integrated in various existing concepts and protocols. One of the possible use of quantum cryptography is within IPSEC. The aim of this paper is to analyse the feasibility of using quantum cryptography in IPSEC and to present the estimated performances of this solution. (author)

Information-theoretic security proof for quantum-key-distribution protocols

Science.gov (United States)

Renner, Renato; Gisin, Nicolas; Kraus, Barbara

2005-07-01

We present a technique for proving the security of quantum-key-distribution (QKD) protocols. It is based on direct information-theoretic arguments and thus also applies if no equivalent entanglement purification scheme can be found. Using this technique, we investigate a general class of QKD protocols with one-way classical post-processing. We show that, in order to analyze the full security of these protocols, it suffices to consider collective attacks. Indeed, we give new lower and upper bounds on the secret-key rate which only involve entropies of two-qubit density operators and which are thus easy to compute. As an illustration of our results, we analyze the Bennett-Brassard 1984, the six-state, and the Bennett 1992 protocols with one-way error correction and privacy amplification. Surprisingly, the performance of these protocols is increased if one of the parties adds noise to the measurement data before the error correction. In particular, this additional noise makes the protocols more robust against noise in the quantum channel.

Enhancing LoRaWAN Security through a Lightweight and Authenticated Key Management Approach.

Science.gov (United States)

Sanchez-Iborra, Ramon; Sánchez-Gómez, Jesús; Pérez, Salvador; Fernández, Pedro J; Santa, José; Hernández-Ramos, José L; Skarmeta, Antonio F

2018-06-05

Luckily, new communication technologies and protocols are nowadays designed considering security issues. A clear example of this can be found in the Internet of Things (IoT) field, a quite recent area where communication technologies such as ZigBee or IPv6 over Low power Wireless Personal Area Networks (6LoWPAN) already include security features to guarantee authentication, confidentiality and integrity. More recent technologies are Low-Power Wide-Area Networks (LP-WAN), which also consider security, but present initial approaches that can be further improved. An example of this can be found in Long Range (LoRa) and its layer-two supporter LoRa Wide Area Network (LoRaWAN), which include a security scheme based on pre-shared cryptographic material lacking flexibility when a key update is necessary. Because of this, in this work, we evaluate the security vulnerabilities of LoRaWAN in the area of key management and propose different alternative schemes. Concretely, the application of an approach based on the recently specified Ephemeral Diffie⁻Hellman Over COSE (EDHOC) is found as a convenient solution, given its flexibility in the update of session keys, its low computational cost and the limited message exchanges needed. A comparative conceptual analysis considering the overhead of different security schemes for LoRaWAN is carried out in order to evaluate their benefits in the challenging area of LP-WAN.

On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems.

Science.gov (United States)

Arshad, Hamed; Teymoori, Vahid; Nikooghadam, Morteza; Abbassi, Hassan

2015-08-01

Telecare medicine information systems (TMISs) aim to deliver appropriate healthcare services in an efficient and secure manner to patients. A secure mechanism for authentication and key agreement is required to provide proper security in these systems. Recently, Bin Muhaya demonstrated some security weaknesses of Zhu's authentication and key agreement scheme and proposed a security enhanced authentication and key agreement scheme for TMISs. However, we show that Bin Muhaya's scheme is vulnerable to off-line password guessing attacks and does not provide perfect forward secrecy. Furthermore, in order to overcome the mentioned weaknesses, we propose a new two-factor anonymous authentication and key agreement scheme using the elliptic curve cryptosystem. Security and performance analyses demonstrate that the proposed scheme not only overcomes the weaknesses of Bin Muhaya's scheme, but also is about 2.73 times faster than Bin Muhaya's scheme.

Security bound of continuous-variable quantum key distribution with noisy coherent states and channel

International Nuclear Information System (INIS)

Shen Yong; Yang Jian; Guo Hong

2009-01-01

Security of a continuous-variable quantum key distribution protocol based on noisy coherent states and channel is analysed. Assuming that the noise of coherent states is induced by Fred, a neutral party relative to others, we prove that the prepare-and-measurement scheme (P and M) and entanglement-based scheme (E-B) are equivalent. Then, we show that this protocol is secure against Gaussian collective attacks even if the channel is lossy and noisy, and, further, a lower bound to the secure key rate is derived.

Security bound of continuous-variable quantum key distribution with noisy coherent states and channel

Energy Technology Data Exchange (ETDEWEB)

Shen Yong; Yang Jian; Guo Hong, E-mail: hongguo@pku.edu.c [CREAM Group, State Key Laboratory of Advanced Optical Communication Systems and Networks (Peking University) and Institute of Quantum Electronics, School of Electronics Engineering and Computer Science, Peking University, Beijing 100871 (China)

2009-12-14

Security of a continuous-variable quantum key distribution protocol based on noisy coherent states and channel is analysed. Assuming that the noise of coherent states is induced by Fred, a neutral party relative to others, we prove that the prepare-and-measurement scheme (P and M) and entanglement-based scheme (E-B) are equivalent. Then, we show that this protocol is secure against Gaussian collective attacks even if the channel is lossy and noisy, and, further, a lower bound to the secure key rate is derived.

Continuous-variable quantum authentication of physical unclonable keys: Security against an emulation attack

Science.gov (United States)

Nikolopoulos, Georgios M.

2018-01-01

We consider a recently proposed entity authentication protocol in which a physical unclonable key is interrogated by random coherent states of light, and the quadratures of the scattered light are analyzed by means of a coarse-grained homodyne detection. We derive a sufficient condition for the protocol to be secure against an emulation attack in which an adversary knows the challenge-response properties of the key and moreover, he can access the challenges during the verification. The security analysis relies on Holevo's bound and Fano's inequality, and suggests that the protocol is secure against the emulation attack for a broad range of physical parameters that are within reach of today's technology.

Out-of-Sequence Prevention for Multicast Input-Queuing Space-Memory-Memory Clos-Network

DEFF Research Database (Denmark)

Yu, Hao; Ruepp, Sarah; Berger, Michael Stübert

2011-01-01

This paper proposes two cell dispatching algorithms for the input-queuing space-memory-memory (IQ-SMM) Closnetwork to reduce out-of-sequence (OOS) for multicast traffic. The frequent connection pattern change of DSRR results in a severe OOS problem. Based on the principle of DSRR, MFDSRR is able ...

Quantum-Secure Symmetric-Key Cryptography Based on Hidden Shifts

DEFF Research Database (Denmark)

Alagic, Gorjan; Russell, Alexander

2017-01-01

Recent results of Kaplan et al., building on work by Kuwakado and Morii, have shown that a wide variety of classically-secure symmetric-key cryptosystems can be completely broken by quantum chosen-plaintext attacks (qCPA). In such an attack, the quantum adversary has the ability to query the cryp...

Real-time video streaming system for LHD experiment using IP multicast

International Nuclear Information System (INIS)

Emoto, Masahiko; Yamamoto, Takashi; Yoshida, Masanobu; Nagayama, Yoshio; Hasegawa, Makoto

2009-01-01

In order to accomplish smooth cooperation research, remote participation plays an important role. For this purpose, the authors have been developing various applications for remote participation for the LHD (Large Helical Device) experiments, such as Web interface for visualization of acquired data. The video streaming system is one of them. It is useful to grasp the status of the ongoing experiment remotely, and we provide the video images displayed in the control room to the remote users. However, usual streaming servers cannot send video images without delay. The delay changes depending on how to send the images, but even a little delay might become critical if the researchers use the images to adjust the diagnostic devices. One of the main causes of delay is the procedure of compressing and decompressing the images. Furthermore, commonly used video compression method is lossy; it removes less important information to reduce the size. However, lossy images cannot be used for physical analysis because the original information is lost. Therefore, video images for remote participation should be sent without compression in order to minimize the delay and to supply high quality images durable for physical analysis. However, sending uncompressed video images requires large network bandwidth. For example, sending 5 frames of 16bit color SXGA images a second requires 100Mbps. Furthermore, the video images must be sent to several remote sites simultaneously. It is hard for a server PC to handle such a large data. To cope with this problem, the authors adopted IP multicast to send video images to several remote sites at once. Because IP multicast packets are sent only to the network on which the clients want the data; the load of the server does not depend on the number of clients and the network load is reduced. In this paper, the authors discuss the feasibility of high bandwidth video streaming system using IP multicast. (author)

Security bound of two-basis quantum-key-distribution protocols using qudits

International Nuclear Information System (INIS)

Nikolopoulos, Georgios M.; Alber, Gernot

2005-01-01

We investigate the security bounds of quantum-cryptographic protocols using d-level systems. In particular, we focus on schemes that use two mutually unbiased bases, thus extending the Bennett-Brassard 1984 quantum-key-distribution scheme to higher dimensions. Under the assumption of general coherent attacks, we derive an analytic expression for the ultimate upper security bound of such quantum-cryptography schemes. This bound is well below the predictions of optimal cloning machines. The possibility of extraction of a secret key beyond entanglement distillation is discussed. In the case of qutrits we argue that any eavesdropping strategy is equivalent to a symmetric one. For higher dimensions such an equivalence is generally no longer valid

[Principles and methodology for ecological rehabilitation and security pattern design in key project construction].

Science.gov (United States)

Chen, Li-Ding; Lu, Yi-He; Tian, Hui-Ying; Shi, Qian

2007-03-01

Global ecological security becomes increasingly important with the intensive human activities. The function of ecological security is influenced by human activities, and in return, the efficiency of human activities will also be affected by the patterns of regional ecological security. Since the 1990s, China has initiated the construction of key projects "Yangtze Three Gorges Dam", "Qinghai-Tibet Railway", "West-to-East Gas Pipeline", "West-to-East Electricity Transmission" and "South-to-North Water Transfer" , etc. The interaction between these projects and regional ecological security has particularly attracted the attention of Chinese government. It is not only important for the regional environmental protection, but also of significance for the smoothly implementation of various projects aimed to develop an ecological rehabilitation system and to design a regional ecological security pattern. This paper made a systematic analysis on the types and characteristics of key project construction and their effects on the environment, and on the basis of this, brought forward the basic principles and methodology for ecological rehabilitation and security pattern design in this construction. It was considered that the following issues should be addressed in the implementation of a key project: 1) analysis and evaluation of current regional ecological environment, 2) evaluation of anthropogenic disturbances and their ecological risk, 3) regional ecological rehabilitation and security pattern design, 4) scenario analysis of environmental benefits of regional ecological security pattern, 5) re-optimization of regional ecological system framework, and 6) establishment of regional ecosystem management plan.

Secure combination of XML signature application with message aggregation in multicast settings

DEFF Research Database (Denmark)

Becker, Andreas; Jensen, Meiko

2013-01-01

The similarity-based aggregation of XML documents is a proven method for reducing network traffic. However, when used in conjunction with XML security standards, a lot of pitfalls, but also optimization potentials exist. In this paper, we investigate these issues, showing how to exploit similarity......-based aggregation for rapid distribution of digitally signed XML data. Using our own implementation in two different experimental settings, we provide both a thorough evaluation and a security proof for our approach. By this we prove both feasibility and security, and we illustrate how to achieve a network traffic...

Enhancing LoRaWAN Security through a Lightweight and Authenticated Key Management Approach

Directory of Open Access Journals (Sweden)

Ramon Sanchez-Iborra

2018-06-01

Full Text Available Luckily, new communication technologies and protocols are nowadays designed considering security issues. A clear example of this can be found in the Internet of Things (IoT field, a quite recent area where communication technologies such as ZigBee or IPv6 over Low power Wireless Personal Area Networks (6LoWPAN already include security features to guarantee authentication, confidentiality and integrity. More recent technologies are Low-Power Wide-Area Networks (LP-WAN, which also consider security, but present initial approaches that can be further improved. An example of this can be found in Long Range (LoRa and its layer-two supporter LoRa Wide Area Network (LoRaWAN, which include a security scheme based on pre-shared cryptographic material lacking flexibility when a key update is necessary. Because of this, in this work, we evaluate the security vulnerabilities of LoRaWAN in the area of key management and propose different alternative schemes. Concretely, the application of an approach based on the recently specified Ephemeral Diffie–Hellman Over COSE (EDHOC is found as a convenient solution, given its flexibility in the update of session keys, its low computational cost and the limited message exchanges needed. A comparative conceptual analysis considering the overhead of different security schemes for LoRaWAN is carried out in order to evaluate their benefits in the challenging area of LP-WAN.

MeshTree: A Delay optimised Overlay Multicast Tree Building Protocol

OpenAIRE

Tan, Su-Wei; Waters, A. Gill; Crawford, John

2005-01-01

We study decentralised low delay degree-constrained overlay multicast tree construction for single source real-time applications. This optimisation problem is NP-hard even if computed centrally. We identify two problems in traditional distributed solutions, namely the greedy problem and delay-cost trade-off. By offering solutions to these problems, we propose a new self-organising distributed tree building protocol called MeshTree. The main idea is to embed the delivery tree in a degree-bound...

Adaptive Modulation for a Downlink Multicast Channel in OFDMA Systems

DEFF Research Database (Denmark)

Wang, Haibo; Schwefel, Hans-Peter; Toftegaard, Thomas Skjødeberg

2007-01-01

In this paper we focus on adaptive modulation strategies for multicast service in orthogonal frequency division multiple access systems. A reward function has been defined as the optimization target, which includes both the average user throughput and bit error rate. We also developed an adaptive...... modulation strategy, namely local best reward strategy, to maximize this reward function. The performance of different modulation strategies are compared in different SNR distribution scenarios, and the optimum strategy in each scenario is suggested....

Unconditional security of quantum key distribution and the uncertainty principle

International Nuclear Information System (INIS)

Koashi, Masato

2006-01-01

An approach to the unconditional security of quantum key distribution protocols is presented, which is based on the uncertainty principle. The approach applies to every case that has been treated via the argument by Shor and Preskill, but it is not necessary to find quantum error correcting codes. It can also treat the cases with uncharacterized apparatuses. The proof can be applied to cases where the secret key rate is larger than the distillable entanglement

Symmetric Link Key Management for Secure Neighbor Discovery in a Decentralized Wireless Sensor Network

Science.gov (United States)

2017-09-01

KEY MANAGEMENT FOR SECURE NEIGHBOR DISCOVERY IN A DECENTRALIZED WIRELESS SENSOR NETWORK by Kelvin T. Chew September 2017 Thesis Advisor...and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188) Washington, DC 20503. 1. AGENCY USE ONLY (Leave blank) 2. REPORT...DATE September 2017 3. REPORT TYPE AND DATES COVERED Master’s thesis 4. TITLE AND SUBTITLE SYMMETRIC LINK KEY MANAGEMENT FOR SECURE NEIGHBOR

POPE: Partial Order Preserving Encoding

Science.gov (United States)

2016-09-09

Girao, and M. Acharya. Concealed data aggregation for reverse multicast traffic in sensor networks : Encryption, key distribution, and routing adaptation...are common in “ big data ” applications while still maintain- ing search functionality and achieving stronger security. Specifi- cally, we propose a new...security and performance makes our scheme better suited for today’s insert-heavy databases. 1. INTRODUCTION Range queries over big data . A common

Energy-minimized design in all-optical networks using unicast/multicast traffic grooming

Science.gov (United States)

Puche, William S.; Amaya, Ferney O.; Sierra, Javier E.

2013-09-01

The increased bandwidth required by applications, tends to raise the amount of optical equipment, for this reason, it is essential to maintain a balance between the wavelength allocation, available capacity and number of optical devices to achieve the lowest power consumption. You could say that we propose a model that minimizes energy consumption, using unicast / multicast traffic grooming in optical networks.

Fast and secure key distribution using mesoscopic coherent states of light

International Nuclear Information System (INIS)

Barbosa, Geraldo A.

2003-01-01

This work shows how two parties A and B can securely share unlimited sequences of random bits at optical speeds. A and B possess true-random physical sources and exchange random bits by using a random sequence received to cipher the following one to be sent. A starting shared secret key is used and the method can be described as a one-time-pad unlimited extender. It is demonstrated that the minimum probability of error in signal determination by the eavesdropper can be set arbitrarily close to the pure guessing level. Being based on the M-ry encryption protocol this method also allows for optical amplification without security degradation, offering practical advantages over the Bennett-Brassard 1984 protocol for key distribution

Shared Electronic Health Record Systems: Key Legal and Security Challenges.

Science.gov (United States)

Christiansen, Ellen K; Skipenes, Eva; Hausken, Marie F; Skeie, Svein; Østbye, Truls; Iversen, Marjolein M

2017-11-01

Use of shared electronic health records opens a whole range of new possibilities for flexible and fruitful cooperation among health personnel in different health institutions, to the benefit of the patients. There are, however, unsolved legal and security challenges. The overall aim of this article is to highlight legal and security challenges that should be considered before using shared electronic cooperation platforms and health record systems to avoid legal and security "surprises" subsequent to the implementation. Practical lessons learned from the use of a web-based ulcer record system involving patients, community nurses, GPs, and hospital nurses and doctors in specialist health care are used to illustrate challenges we faced. Discussion of possible legal and security challenges is critical for successful implementation of shared electronic collaboration systems. Key challenges include (1) allocation of responsibility, (2) documentation routines, (3) and integrated or federated access control. We discuss and suggest how challenges of legal and security aspects can be handled. This discussion may be useful for both current and future users, as well as policy makers.

A Dual Key-Based Activation Scheme for Secure LoRaWAN

Directory of Open Access Journals (Sweden)

Jaehyu Kim

2017-01-01

Full Text Available With the advent of the Internet of Things (IoT era, we are experiencing rapid technological progress. Billions of devices are connected to each other, and our homes, cities, hospitals, and schools are getting smarter and smarter. However, to realize the IoT, several challenging issues such as connecting resource-constrained devices to the Internet must be resolved. Recently introduced Low Power Wide Area Network (LPWAN technologies have been devised to resolve this issue. Among many LPWAN candidates, the Long Range (LoRa is one of the most promising technologies. The Long Range Wide Area Network (LoRaWAN is a communication protocol for LoRa that provides basic security mechanisms. However, some security loopholes exist in LoRaWAN’s key update and session key generation. In this paper, we propose a dual key-based activation scheme for LoRaWAN. It resolves the problem of key updates not being fully supported. In addition, our scheme facilitates each layer in generating its own session key directly, which ensures the independence of all layers. Real-world experimental results compared with the original scheme show that the proposed scheme is totally feasible in terms of delay and battery consumption.

Detector-device-independent quantum key distribution: Security analysis and fast implementation

International Nuclear Information System (INIS)

Boaron, Alberto; Korzh, Boris; Boso, Gianluca; Martin, Anthony; Zbinden, Hugo; Houlmann, Raphael; Lim, Charles Ci Wen

2016-01-01

One of the most pressing issues in quantum key distribution (QKD) is the problem of detector side-channel attacks. To overcome this problem, researchers proposed an elegant “time-reversal” QKD protocol called measurement-device-independent QKD (MDI-QKD), which is based on time-reversed entanglement swapping. However, MDI-QKD is more challenging to implement than standard point-to-point QKD. Recently, an intermediary QKD protocol called detector-device-independent QKD (DDI-QKD) has been proposed to overcome the drawbacks of MDI-QKD, with the hope that it would eventually lead to a more efficient detector side-channel-free QKD system. Here, we analyze the security of DDI-QKD and elucidate its security assumptions. We find that DDI-QKD is not equivalent to MDI-QKD, but its security can be demonstrated with reasonable assumptions. On the more practical side, we consider the feasibility of DDI-QKD and present a fast experimental demonstration (clocked at 625 MHz), capable of secret key exchange up to more than 90 km.

Security proof of continuous-variable quantum key distribution using three coherent states

Science.gov (United States)

Brádler, Kamil; Weedbrook, Christian

2018-02-01

We introduce a ternary quantum key distribution (QKD) protocol and asymptotic security proof based on three coherent states and homodyne detection. Previous work had considered the binary case of two coherent states and here we nontrivially extend this to three. Our motivation is to leverage the practical benefits of both discrete and continuous (Gaussian) encoding schemes creating a best-of-both-worlds approach; namely, the postprocessing of discrete encodings and the hardware benefits of continuous ones. We present a thorough and detailed security proof in the limit of infinite signal states which allows us to lower bound the secret key rate. We calculate this is in the context of collective eavesdropping attacks and reverse reconciliation postprocessing. Finally, we compare the ternary coherent state protocol to other well-known QKD schemes (and fundamental repeaterless limits) in terms of secret key rates and loss.

End-to-End Mechanisms for Rate-Adaptive Multicast Streaming over the Internet

OpenAIRE

Rimac, Ivica

2005-01-01

Continuous media applications over packet-switched networks are becoming more and more popular. Radio stations, for example, already use streaming technology to disseminate their content to users on the Internet, and video streaming services are expected to experience similar popularity. In contrast to traditional television and radio broadcast systems, however, prevalent Internet streaming solutions are based on unicast communication and raise scalability and efficiency issues. Multicast com...

Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics.

Science.gov (United States)

Choi, Younsung; Nam, Junghyun; Lee, Donghoon; Kim, Jiye; Jung, Jaewook; Won, Dongho

2014-01-01

An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user's biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen's scheme.

Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics

Directory of Open Access Journals (Sweden)

Younsung Choi

2014-01-01

Full Text Available An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user’s biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen’s scheme.

Improvement of the Response Time in an Open Source Audioconference Architecture Based on SIP Multicast Implemented with JainSIP, JainSDP and JGAP Libraries

Directory of Open Access Journals (Sweden)

Carlos M. Moreno

2014-06-01

Full Text Available Group services like the audioconference require a minimum level of quality of service for multicast sessions. This work proposes a new overlay multicast architecture based on SIP extensions and a genetic algorithm. The architecture consists of a SIP Extender client (SE, a Multicast Gateway Agent (MGA and a Multicast Manager (MM. The SE receives information about the most adequate MGA for it determined by a genetic algorithm inside the MM, then connects the chosen MGA and maintains connection with the MM itself. The genetic algorithm is implemented with JGAP(Java Genetic Algorithm Package libraries. The SE and MGA are programmed with JainSIP and JainSDP libraries which contain Java structures associated with the SIP protocol and session description. Some experiments over UTP wired and WiFi IEEE802.11n network were performed. Partial results with static and dynamic MGA selection show that, if we compare the joining and leaving time measured inside a station containing SE client programmed with JainSIP and JainSDP libraries versus SJphone proprietary client, the software engineering may have more influence than the medium access method in the response time for a potential group member. Even more, the genetic algorithm at the MM minimizes the response time at great scale.

Efficient quantum secure communication with a publicly known key

International Nuclear Information System (INIS)

Li Chunyan; Li Xihan; Deng Fuguo; Zhou Hongyu

2008-01-01

This paper presents a simple way for an eavesdropper to eavesdrop freely the secret message in the experimental realization of quantum communication protocol proposed by Beige et al (2002 Acta Phys. Pol. A 101 357). Moreover, it introduces an efficient quantum secure communication protocol based on a publicly known key with decoy photons and two biased bases by modifying the original protocol. The total efficiency of this new protocol is double that of the original one. With a low noise quantum channel, this protocol can be used for transmitting a secret message. At present, this protocol is good for generating a private key efficiently. (general)

Efficiency Intra-Cluster Device-to-Device Relay Selection for Multicast Services Based on Combinatorial Auction

Directory of Open Access Journals (Sweden)

Yong Zhang

2015-12-01

Full Text Available In Long Term Evolution-Advanced (LTE-A networks, Device-to-device (D2D communications can be utilized to enhance the performance of multicast services by leveraging D2D relays to serve nodes with worse channel conditions within a cluster. For traditional D2D relay schemes, D2D links with poor channel condition may be the bottleneck of system sum data rate. In this paper, to optimize the throughput of D2D communications, we introduce an iterative combinatorial auction algorithm for efficient D2D relay selection. In combinatorial auctions, the User Equipments (UEs that fails to correctly receive multicast data from eNodeB (eNB are viewed as bidders that compete for D2D relays, while the eNB is treated as the auctioneer. We also give properties of convergency and low-complexity and present numerical simulations to verify the efficiency of the proposed algorithm.

Password-only authenticated three-party key exchange proven secure against insider dictionary attacks.

Science.gov (United States)

Nam, Junghyun; Choo, Kim-Kwang Raymond; Paik, Juryon; Won, Dongho

2014-01-01

While a number of protocols for password-only authenticated key exchange (PAKE) in the 3-party setting have been proposed, it still remains a challenging task to prove the security of a 3-party PAKE protocol against insider dictionary attacks. To the best of our knowledge, there is no 3-party PAKE protocol that carries a formal proof, or even definition, of security against insider dictionary attacks. In this paper, we present the first 3-party PAKE protocol proven secure against both online and offline dictionary attacks as well as insider and outsider dictionary attacks. Our construct can be viewed as a protocol compiler that transforms any 2-party PAKE protocol into a 3-party PAKE protocol with 2 additional rounds of communication. We also present a simple and intuitive approach of formally modelling dictionary attacks in the password-only 3-party setting, which significantly reduces the complexity of proving the security of 3-party PAKE protocols against dictionary attacks. In addition, we investigate the security of the well-known 3-party PAKE protocol, called GPAKE, due to Abdalla et al. (2005, 2006), and demonstrate that the security of GPAKE against online dictionary attacks depends heavily on the composition of its two building blocks, namely a 2-party PAKE protocol and a 3-party key distribution protocol.

Error Control Techniques for Efficient Multicast Streaming in UMTS Networks: Proposals andPerformance Evaluation

Directory of Open Access Journals (Sweden)

Michele Rossi

2004-06-01

Full Text Available In this paper we introduce techniques for efficient multicast video streaming in UMTS networks where a video content has to be conveyed to multiple users in the same cell. Efficient multicast data delivery in UMTS is still an open issue. In particular, suitable solutions have to be found to cope with wireless channel errors, while maintaining both an acceptable channel utilization and a controlled delivery delay over the wireless link between the serving base station and the mobile terminals. Here, we first highlight that standard solutions such as unequal error protection (UEP of the video flow are ineffective in the UMTS systems due to its inherent large feedback delay at the link layer (Radio Link Control, RLC. Subsequently, we propose a local approach to solve errors directly at the UMTS link layer while keeping a reasonably high channel efficiency and saving, as much as possible, system resources. The solution that we propose in this paper is based on the usage of the common channel to serve all the interested users in a cell. In this way, we can save resources with respect to the case where multiple dedicated channels are allocated for every user. In addition to that, we present a hybrid ARQ (HARQ proactive protocol that, at the cost of some redundancy (added to the link layer flow, is able to consistently improve the channel efficiency with respect to the plain ARQ case, by therefore making the use of a single common channel for multicast data delivery feasible. In the last part of the paper we give some hints for future research, by envisioning the usage of the aforementioned error control protocols with suitably encoded video streams.

A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity.

Science.gov (United States)

Amin, Ruhul; Biswas, G P

2015-08-01

Telecare medical information system (TMIS) makes an efficient and convenient connection between patient(s)/user(s) and doctor(s) over the insecure internet. Therefore, data security, privacy and user authentication are enormously important for accessing important medical data over insecure communication. Recently, many user authentication protocols for TMIS have been proposed in the literature and it has been observed that most of the protocols cannot achieve complete security requirements. In this paper, we have scrutinized two (Mishra et al., Xu et al.) remote user authentication protocols using smart card and explained that both the protocols are suffering against several security weaknesses. We have then presented three-factor user authentication and key agreement protocol usable for TMIS, which fix the security pitfalls of the above mentioned schemes. The informal cryptanalysis makes certain that the proposed protocol provides well security protection on the relevant security attacks. Furthermore, the simulator AVISPA tool confirms that the protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The security functionalities and performance comparison analysis confirm that our protocol not only provide strong protection on security attacks, but it also achieves better complexities along with efficient login and password change phase as well as session key verification property.

An Improved MOEA/D for QoS Oriented Multimedia Multicasting with Network Coding

Directory of Open Access Journals (Sweden)

Zhaoyuan Wang

2015-08-01

Full Text Available Recent years witness a significant growth in multimedia applications. Among them, a stream of applications is real-time and requires one-to-many fast data transmission with stringent quality-of-service (QoS requirements, where multicast is an important supporting technology. In particular, with more and more mobile end users requesting real-time broadband multimedia applications, it is of vital importance to provide them with satisfied quality of experience. As network coding can offer higher bandwidth to users and accommodate more flows for networks than traditional routing, this paper studies the multicast routing problem with network coding and formulates it as a multi-objective optimization problem. As delay and packet loss ratio (PLR are two important performance indicators for QoS, we consider them as the two objectives for minimization. To address the problem above, we present a multi-objective evolutionary algorithm based on decomposition (MOEA/D, where an all population updating rule is devised to address the problem of lacking feasible solutions in the search space. Experimental results demonstrate the effectiveness of the proposed algorithm and it outperforms a number of state-of-the-art algorithms.

Asynchronous Group Key Distribution on top of the CC2420 Security Mechanisms for Sensor Networks

DEFF Research Database (Denmark)

Hansen, Morten Tranberg

2009-01-01

scheme with no time synchronization requirements. The scheme decreases the number of key updates by providing them on an as needed basis according to the amount of network traffic. We evaluate the CC2420 radio security mechanism and show how to use it as a basis to implement secure group communication......A sensor network is a network consisting of small, inexpensive, low-powered sensor nodes that communicate to complete a common task. Sensor nodes are characterized by having limited communication and computation capabilities, energy, and storage. They often are deployed in hostile environments...... creating a demand for encryption and authentication of the messages sent between them. Due to severe resource constraints on the sensor nodes, efficient key distribution schemes and secure communication protocols with low overhead are desired. In this paper we present an asynchronous group key distribution...

Securing Metering Infrastructure of Smart Grid: A Machine Learning and Localization Based Key Management Approach

Directory of Open Access Journals (Sweden)

Imtiaz Parvez

2016-08-01

Full Text Available In smart cities, advanced metering infrastructure (AMI of the smart grid facilitates automated metering, control and monitoring of power distribution by employing a wireless network. Due to this wireless nature of communication, there exist potential threats to the data privacy in AMI. Decoding the energy consumption reading, injecting false data/command signals and jamming the networks are some hazardous measures against this technology. Since a smart meter possesses limited memory and computational capability, AMI demands a light, but robust security scheme. In this paper, we propose a localization-based key management system for meter data encryption. Data are encrypted by the key associated with the coordinate of the meter and a random key index. The encryption keys are managed and distributed by a trusted third party (TTP. Localization of the meter is proposed by a method based on received signal strength (RSS using the maximum likelihood estimator (MLE. The received packets are decrypted at the control center with the key mapped with the key index and the meter’s coordinates. Additionally, we propose the k-nearest neighbors (kNN algorithm for node/meter authentication, capitalizing further on data transmission security. Finally, we evaluate the security strength of a data packet numerically for our method.

The MIM web gateway to IP multicast e-meetings

Science.gov (United States)

Parviainen, Roland; Parnes, Peter

2003-12-01

As video conferencing and e-meeting systems are used more and more on the Internet and in businesses it becomes increasingly important to be able to participate from any computer at any location. Often this is impossible, since these systems requires often special software that are not available everywhere or impossible to install for administrative reasons. Many locations also lack the necessary network infrastructure such as IP multicast. This paper presents a WWW gateway system that enables users to participate using only a standard web browser. The design and architecture of the system are described and performance tests that show the scalability of the system are also presented.

A Lightweight Protocol for Secure Video Streaming.

Science.gov (United States)

Venčkauskas, Algimantas; Morkevicius, Nerijus; Bagdonas, Kazimieras; Damaševičius, Robertas; Maskeliūnas, Rytis

2018-05-14

The Internet of Things (IoT) introduces many new challenges which cannot be solved using traditional cloud and host computing models. A new architecture known as fog computing is emerging to address these technological and security gaps. Traditional security paradigms focused on providing perimeter-based protections and client/server point to point protocols (e.g., Transport Layer Security (TLS)) are no longer the best choices for addressing new security challenges in fog computing end devices, where energy and computational resources are limited. In this paper, we present a lightweight secure streaming protocol for the fog computing "Fog Node-End Device" layer. This protocol is lightweight, connectionless, supports broadcast and multicast operations, and is able to provide data source authentication, data integrity, and confidentiality. The protocol is based on simple and energy efficient cryptographic methods, such as Hash Message Authentication Codes (HMAC) and symmetrical ciphers, and uses modified User Datagram Protocol (UDP) packets to embed authentication data into streaming data. Data redundancy could be added to improve reliability in lossy networks. The experimental results summarized in this paper confirm that the proposed method efficiently uses energy and computational resources and at the same time provides security properties on par with the Datagram TLS (DTLS) standard.

Security of a practical semi-device-independent quantum key distribution protocol against collective attacks

International Nuclear Information System (INIS)

Wang Yang; Bao Wan-Su; Li Hong-Wei; Zhou Chun; Li Yuan

2014-01-01

Similar to device-independent quantum key distribution (DI-QKD), semi-device-independent quantum key distribution (SDI-QKD) provides secure key distribution without any assumptions about the internal workings of the QKD devices. The only assumption is that the dimension of the Hilbert space is bounded. But SDI-QKD can be implemented in a one-way prepare-and-measure configuration without entanglement compared with DI-QKD. We propose a practical SDI-QKD protocol with four preparation states and three measurement bases by considering the maximal violation of dimension witnesses and specific processes of a QKD protocol. Moreover, we prove the security of the SDI-QKD protocol against collective attacks based on the min-entropy and dimension witnesses. We also show a comparison of the secret key rate between the SDI-QKD protocol and the standard QKD. (general)

A secure effective dynamic group password-based authenticated key agreement scheme for the integrated EPR information system

Directory of Open Access Journals (Sweden)

Vanga Odelu

2016-01-01

Full Text Available With the rapid growth of the Internet, a lot of electronic patient records (EPRs have been developed for e-medicine systems. The security and privacy issues of EPRs are important for the patients in order to understand how the hospitals control the use of their personal information, such as name, address, e-mail, medical records, etc. of a particular patient. Recently, Lee et al. proposed a simple group password-based authenticated key agreement protocol for the integrated EPR information system (SGPAKE. However, in this paper, we show that Lee et al.’s protocol is vulnerable to the off-line weak password guessing attack and as a result, their scheme does not provide users’ privacy. To withstand this security weakness found in Lee et al.’s scheme, we aim to propose an effective dynamic group password-based authenticated key exchange scheme for the integrated EPR information system, which retains the original merits of Lee et al.’s scheme. Through the informal and formal security analysis, we show that our scheme provides users’ privacy, perfect forward security and known-key security, and also protects online and offline password guessing attacks. Furthermore, our scheme efficiently supports the dynamic group password-based authenticated key agreement for the integrated EPR information system. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications tool and show that our scheme is secure against passive and active attacks.

Secure quantum key distribution

Science.gov (United States)

Lo, Hoi-Kwong; Curty, Marcos; Tamaki, Kiyoshi

2014-08-01

Secure communication is crucial in the Internet Age, and quantum mechanics stands poised to revolutionize cryptography as we know it today. In this Review, we introduce the motivation and the current state of the art of research in quantum cryptography. In particular, we discuss the present security model together with its assumptions, strengths and weaknesses. After briefly introducing recent experimental progress and challenges, we survey the latest developments in quantum hacking and countermeasures against it.

Simulation-Based Performance Evaluation of Predictive-Hashing Based Multicast Authentication Protocol

Directory of Open Access Journals (Sweden)

Seonho Choi

2012-12-01

Full Text Available A predictive-hashing based Denial-of-Service (DoS resistant multicast authentication protocol was proposed based upon predictive-hashing, one-way key chain, erasure codes, and distillation codes techniques [4, 5]. It was claimed that this new scheme should be more resistant to various types of DoS attacks, and its worst-case resource requirements were derived in terms of coarse-level system parameters including CPU times for signature verification and erasure/distillation decoding operations, attack levels, etc. To show the effectiveness of our approach and to analyze exact resource requirements in various attack scenarios with different parameter settings, we designed and implemented an attack simulator which is platformindependent. Various attack scenarios may be created with different attack types and parameters against a receiver equipped with the predictive-hashing based protocol. The design of the simulator is explained, and the simulation results are presented with detailed resource usage statistics. In addition, resistance level to various types of DoS attacks is formulated with a newly defined resistance metric. By comparing these results to those from another approach, PRABS [8], we show that the resistance level of our protocol is greatly enhanced even in the presence of many attack streams.

On the security of Y-00 under fast correlation and other attacks on the key

Science.gov (United States)

Yuen, Horace P.; Nair, Ranjith

2007-04-01

The security of the Y-00 direct encryption protocol under correlation attack is addressed. A Y-00 configuration that is more secure than AES under known-plaintext attack is presented. It is shown that under any ciphertext-only attack, full information-theoretic security on the Y-00 seed key is obtained for any encryption box ENC with proper deliberate signal randomization.

On the security of Y-00 under fast correlation and other attacks on the key

International Nuclear Information System (INIS)

Yuen, Horace P.; Nair, Ranjith

2007-01-01

The security of the Y-00 direct encryption protocol under correlation attack is addressed. A Y-00 configuration that is more secure than AES under known-plaintext attack is presented. It is shown that under any ciphertext-only attack, full information-theoretic security on the Y-00 seed key is obtained for any encryption box ENC with proper deliberate signal randomization

Performance Evaluation of Multicast Video Distribution using LTE-A in Vehicular Environments

OpenAIRE

Thota, Jayashree; Bulut, Berna; Doufexi, Angela; Armour, Simon; Nix, Andrew

2017-01-01

Application Layer Forward Error Correction (AL-FEC) based on Raptor codes has been employed in Multimedia Broadcast/Multicast Services (MBMS) to improve reliability. This paper considers a cross-layer system based on the latest Raptor Q codes for transmitting high data rate video. Multiple Input Multiple Output (MIMO) channels in a realistic outdoor environment for a user moving at 50kmph in an LTE-A system is considered. A link adaptation model with optimized cross-layer parameters is propos...

On the security of a novel key agreement protocol based on chaotic maps

International Nuclear Information System (INIS)

Xiang Tao; Wong, K.-W.; Liao Xiaofeng

2009-01-01

Recently, Xiao et al. proposed a novel key agreement protocol based on Chebyshev chaotic map. In this paper, the security of the protocol is analyzed, and two attack methods can be found in different scenarios. The essential principle of Xiao et al.'s scheme is summarized. It is also pointed out with proof that any attempt along this line to improve the security of Chebyshev map is redundant.

Energy-efficient key distribution using electrocardiograph biometric set for secure communications in wireless body healthcare networks.

Science.gov (United States)

Shi, Jinyang; Lam, Kwok-Yan; Gu, Ming; Li, Mingze; Chung, Siu-Leung

2011-10-01

Wireless body sensor network (WBSN) has gained significant interests as an important infrastructure for real-time biomedical healthcare systems, while the security of the sensitive health information becomes one of the main challenges. Due to the constraints of limited power, traditional cryptographic key distribution schemes are not suitable for WBSN. This paper proposes a novel energy-efficient approach, BodyKey, which can distribute the keys using the electrocardiograph biometrics. BodyKey represents the biometric features as ordered set, and deals with the biometric variations using set reconciliation. In this way, only limited necessary information needs to be communicated for key agreement, and the total energy consumption for key distribution can thus be reduced. Experiments on the PhysioBank Database show that BodyKey can perform an energy consumption rate of 0.01 mJ/bit with an equal accuracy rate of 97.28%, allowing the system to be used as an energy-efficient key distribution scheme for secure communications in WBSN.

The Impact of Packet Loss Behavior in 802.11g on the Cooperation Gain in Reliable Multicast

DEFF Research Database (Denmark)

Heide, Janus; Vingelmann, Peter; Pedersen, Morten Videbæk

2012-01-01

In group-oriented applications for wireless networks, reliable multicast strategies are important in order to efficiently distribute data, e.g. in Wireless Mesh Networks (WMNs) and Mobile Ad-hoc NETworks (MANETs). To ensure that developed protocols and systems will operate as expected when deploy...

All-optical multi-wavelength conversion with negative power penalty by a commercial SOA-MZI for WDM wavelength multicast

NARCIS (Netherlands)

Yan, N.; Jung, H.D.; Tafur Monroy, I.; Waardt, de H.; Koonen, A.M.J.

2007-01-01

WDM wavelength multicast is demonstrated by all-optical multi-wavelength conversion at 10 Gb/s using a commercial SOA-MZI. We report for the first time simultaneous one-to-four conversion with negative power penalty of 1.84 dB.

Fluctuations of Internal Transmittance in Security of Measurement-Device-Independent Quantum Key Distribution with an Untrusted Source*

International Nuclear Information System (INIS)

Wang Yang; Bao Wan-Su; Chen Rui-Ke; Zhou Chun; Jiang Mu-Sheng; Li Hong-Wei

2017-01-01

Measurement-device-independent quantum key distribution (MDI-QKD) is immune to detector side channel attacks, which is a crucial security loophole problem in traditional QKD. In order to relax a key assumption that the sources are trusted in MDI-QKD, an MDI-QKD protocol with an untrusted source has been proposed. For the security of MDI-QKD with an untrusted source, imperfections in the practical experiment should also be taken into account. In this paper, we analyze the effects of fluctuations of internal transmittance on the security of a decoy-state MDI-QKD protocol with an untrusted source. Our numerical results show that both the secret key rate and the maximum secure transmission distance decrease when taken fluctuations of internal transmittance into consideration. Especially, they are more sensitive when Charlie’s mean photon number per pulse is smaller. Our results emphasize that the stability of correlative optical devices is important for practical implementations . (paper)

One-time pad, complexity of verification of keys, and practical security of quantum cryptography

Energy Technology Data Exchange (ETDEWEB)

Molotkov, S. N., E-mail: sergei.molotkov@gmail.com [Russian Academy of Sciences, Institute of Solid State Physics (Russian Federation)

2016-11-15

A direct relation between the complexity of the complete verification of keys, which is one of the main criteria of security in classical systems, and a trace distance used in quantum cryptography is demonstrated. Bounds for the minimum and maximum numbers of verification steps required to determine the actual key are obtained.

One-time pad, complexity of verification of keys, and practical security of quantum cryptography

International Nuclear Information System (INIS)

Molotkov, S. N.

2016-01-01

A direct relation between the complexity of the complete verification of keys, which is one of the main criteria of security in classical systems, and a trace distance used in quantum cryptography is demonstrated. Bounds for the minimum and maximum numbers of verification steps required to determine the actual key are obtained.

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks.

Science.gov (United States)

Gehring, Tobias; Händchen, Vitus; Duhme, Jörg; Furrer, Fabian; Franz, Torsten; Pacher, Christoph; Werner, Reinhard F; Schnabel, Roman

2015-10-30

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our implementation is based on the distribution of continuous-variable Einstein-Podolsky-Rosen entangled light. It is one-sided device independent, which means the security of the generated key is independent of any memoryfree attacks on the remote detector. Since continuous-variable encoding is compatible with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components.

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks

Science.gov (United States)

Gehring, Tobias; Händchen, Vitus; Duhme, Jörg; Furrer, Fabian; Franz, Torsten; Pacher, Christoph; Werner, Reinhard F.; Schnabel, Roman

2015-10-01

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our implementation is based on the distribution of continuous-variable Einstein-Podolsky-Rosen entangled light. It is one-sided device independent, which means the security of the generated key is independent of any memoryfree attacks on the remote detector. Since continuous-variable encoding is compatible with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components.

Hybrid monitoring scheme for end-to-end performance enhancement of multicast-based real-time media

Science.gov (United States)

Park, Ju-Won; Kim, JongWon

2004-10-01

As real-time media applications based on IP multicast networks spread widely, end-to-end QoS (quality of service) provisioning for these applications have become very important. To guarantee the end-to-end QoS of multi-party media applications, it is essential to monitor the time-varying status of both network metrics (i.e., delay, jitter and loss) and system metrics (i.e., CPU and memory utilization). In this paper, targeting the multicast-enabled AG (Access Grid) a next-generation group collaboration tool based on multi-party media services, the applicability of hybrid monitoring scheme that combines active and passive monitoring is investigated. The active monitoring measures network-layer metrics (i.e., network condition) with probe packets while the passive monitoring checks both application-layer metrics (i.e., user traffic condition by analyzing RTCP packets) and system metrics. By comparing these hybrid results, we attempt to pinpoint the causes of performance degradation and explore corresponding reactions to improve the end-to-end performance. The experimental results show that the proposed hybrid monitoring can provide useful information to coordinate the performance improvement of multi-party real-time media applications.

Meta-Key: A Secure Data-Sharing Protocol under Blockchain-Based Decentralised Storage Architecture

OpenAIRE

Fu, Yue

2017-01-01

In this paper a secure data-sharing protocol under blockchain-based decentralised storage architecture is proposed, which fulfils users who need to share their encrypted data on-cloud. It implements a remote data-sharing mechanism that enables data owners to share their encrypted data to other users without revealing the original key. Nor do they have to download on-cloud data with re-encryption and re-uploading. Data security as well as efficiency are ensured by symmetric encryption, whose k...

Building Secure Public Key Encryption Scheme from Hidden Field Equations

Directory of Open Access Journals (Sweden)

Yuan Ping

2017-01-01

Full Text Available Multivariate public key cryptography is a set of cryptographic schemes built from the NP-hardness of solving quadratic equations over finite fields, amongst which the hidden field equations (HFE family of schemes remain the most famous. However, the original HFE scheme was insecure, and the follow-up modifications were shown to be still vulnerable to attacks. In this paper, we propose a new variant of the HFE scheme by considering the special equation x2=x defined over the finite field F3 when x=0,1. We observe that the equation can be used to further destroy the special structure of the underlying central map of the HFE scheme. It is shown that the proposed public key encryption scheme is secure against known attacks including the MinRank attack, the algebraic attacks, and the linearization equations attacks. The proposal gains some advantages over the original HFE scheme with respect to the encryption speed and public key size.

Security analysis of the decoy method with the Bennett–Brassard 1984 protocol for finite key lengths

International Nuclear Information System (INIS)

Hayashi, Masahito; Nakayama, Ryota

2014-01-01

This paper provides a formula for the sacrifice bit-length for privacy amplification with the Bennett–Brassard 1984 protocol for finite key lengths, when we employ the decoy method. Using the formula, we can guarantee the security parameter for a realizable quantum key distribution system. The key generation rates with finite key lengths are numerically evaluated. The proposed method improves the existing key generation rate even in the asymptotic setting. (paper)

Securing Body Sensor Networks with Biometric Methods: A New Key Negotiation Method and a Key Sampling Method for Linear Interpolation Encryption

OpenAIRE

Zhao, Huawei; Chen, Chi; Hu, Jiankun; Qin, Jing

2015-01-01

We present two approaches that exploit biometric data to address security problems in the body sensor networks: a new key negotiation scheme based on the fuzzy extractor technology and an improved linear interpolation encryption method. The first approach designs two attack games to give the formal definition of fuzzy negotiation that forms a new key negotiation scheme based on fuzzy extractor technology. According to the definition, we further define a concrete structure of fuzzy negotiation...

Integer-linear-programing optimization in scalable video multicast with adaptive modulation and coding in wireless networks.

Science.gov (United States)

Lee, Dongyul; Lee, Chaewoo

2014-01-01

The advancement in wideband wireless network supports real time services such as IPTV and live video streaming. However, because of the sharing nature of the wireless medium, efficient resource allocation has been studied to achieve a high level of acceptability and proliferation of wireless multimedia. Scalable video coding (SVC) with adaptive modulation and coding (AMC) provides an excellent solution for wireless video streaming. By assigning different modulation and coding schemes (MCSs) to video layers, SVC can provide good video quality to users in good channel conditions and also basic video quality to users in bad channel conditions. For optimal resource allocation, a key issue in applying SVC in the wireless multicast service is how to assign MCSs and the time resources to each SVC layer in the heterogeneous channel condition. We formulate this problem with integer linear programming (ILP) and provide numerical results to show the performance under 802.16 m environment. The result shows that our methodology enhances the overall system throughput compared to an existing algorithm.

Integer-Linear-Programing Optimization in Scalable Video Multicast with Adaptive Modulation and Coding in Wireless Networks

Directory of Open Access Journals (Sweden)

Dongyul Lee

2014-01-01

Full Text Available The advancement in wideband wireless network supports real time services such as IPTV and live video streaming. However, because of the sharing nature of the wireless medium, efficient resource allocation has been studied to achieve a high level of acceptability and proliferation of wireless multimedia. Scalable video coding (SVC with adaptive modulation and coding (AMC provides an excellent solution for wireless video streaming. By assigning different modulation and coding schemes (MCSs to video layers, SVC can provide good video quality to users in good channel conditions and also basic video quality to users in bad channel conditions. For optimal resource allocation, a key issue in applying SVC in the wireless multicast service is how to assign MCSs and the time resources to each SVC layer in the heterogeneous channel condition. We formulate this problem with integer linear programming (ILP and provide numerical results to show the performance under 802.16 m environment. The result shows that our methodology enhances the overall system throughput compared to an existing algorithm.

Public Key Infrastructure (PKI) Interoperability: A Security Services Approach to Support Transfer of Trust

National Research Council Canada - National Science Library

Hansen, Anthony

1999-01-01

Public key infrastructure (PKI) technology is at a primitive stage characterized by deployment of PKIs that are engineered to support the provision of security services within individual enterprises, and are not able to support...

Information theoretically secure, enhanced Johnson noise based key distribution over the smart grid with switched filters.

Science.gov (United States)

Gonzalez, Elias; Kish, Laszlo B; Balog, Robert S; Enjeti, Prasad

2013-01-01

We introduce a protocol with a reconfigurable filter system to create non-overlapping single loops in the smart power grid for the realization of the Kirchhoff-Law-Johnson-(like)-Noise secure key distribution system. The protocol is valid for one-dimensional radial networks (chain-like power line) which are typical of the electricity distribution network between the utility and the customer. The speed of the protocol (the number of steps needed) versus grid size is analyzed. When properly generalized, such a system has the potential to achieve unconditionally secure key distribution over the smart power grid of arbitrary geometrical dimensions.

On distributed key distribution centers and unconditionally secure proactive verifiable secret sharing schemes based on general access structure

NARCIS (Netherlands)

Nikov, V.S.; Nikova, S.I.; Preneel, B.; Vandewalle, J.; Menezes, A.; Sarkar, P.

2002-01-01

A Key Distribution Center of a network is a server enabling private communications within groups of users. A Distributed Key Distribution Center is a set of servers that jointly realizes a Key Distribution Center. In this paper we build a robust Distributed Key Distribution Center Scheme secure

Hybrid ARQ Scheme with Autonomous Retransmission for Multicasting in Wireless Sensor Networks.

Science.gov (United States)

Jung, Young-Ho; Choi, Jihoon

2017-02-25

A new hybrid automatic repeat request (HARQ) scheme for multicast service for wireless sensor networks is proposed in this study. In the proposed algorithm, the HARQ operation is combined with an autonomous retransmission method that ensure a data packet is transmitted irrespective of whether or not the packet is successfully decoded at the receivers. The optimal number of autonomous retransmissions is determined to ensure maximum spectral efficiency, and a practical method that adjusts the number of autonomous retransmissions for realistic conditions is developed. Simulation results show that the proposed method achieves higher spectral efficiency than existing HARQ techniques.

Hybrid ARQ Scheme with Autonomous Retransmission for Multicasting in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Young-Ho Jung

2017-02-01

Full Text Available A new hybrid automatic repeat request (HARQ scheme for multicast service for wireless sensor networks is proposed in this study. In the proposed algorithm, the HARQ operation is combined with an autonomous retransmission method that ensure a data packet is transmitted irrespective of whether or not the packet is successfully decoded at the receivers. The optimal number of autonomous retransmissions is determined to ensure maximum spectral efficiency, and a practical method that adjusts the number of autonomous retransmissions for realistic conditions is developed. Simulation results show that the proposed method achieves higher spectral efficiency than existing HARQ techniques.

An efficient mechanism for dynamic multicast traffic grooming in overlay IP/MPLS over WDM networks

Science.gov (United States)

Yu, Xiaojun; Xiao, Gaoxi; Cheng, Tee Hiang

2014-08-01

This paper proposes an efficient overlay multicast provisioning (OMP) mechanism for dynamic multicast traffic grooming in overlay IP/MPLS over WDM networks. To facilitate request provisioning, OMP jointly utilizes a data learning (DL) scheme on the IP/MPLS layer for logical link cost estimation, and a lightpath fragmentation (LPF) based method on the WDM layer for improving resource sharing in grooming process. Extensive simulations are carried out to evaluate the performance of OMP mechanism under different traffic loads, with either limited or unlimited port resources. Simulation results demonstrate that OMP significantly outperforms the existing methods. To evaluate the respective influences of the DL scheme and the LPF method on OMP performance, provisioning mechanisms only utilizing either the IP/MPLS layer DL scheme or the WDM layer LPF method are also devised. Comparison results show that both DL and LPF methods help improve OMP blocking performance, and contribution from the DL scheme is more significant when the fixed routing and first-fit wavelength assignment (RWA) strategy is adopted on the WDM layer. Effects of a few other factors, including definition of connection cost to be reported by the WDM layer to the IP/MPLS layer and WDM-layer routing method, on OMP performance are also evaluated.

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks

DEFF Research Database (Denmark)

Gehring, Tobias; Haendchen, Vitus; Duhme, Joerg

2015-01-01

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State......-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our...... with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components....

An Enhanced Secure Identity-Based Certificateless Public Key Authentication Scheme for Vehicular Sensor Networks.

Science.gov (United States)

Li, Congcong; Zhang, Xi; Wang, Haiping; Li, Dongfeng

2018-01-11

Vehicular sensor networks have been widely applied in intelligent traffic systems in recent years. Because of the specificity of vehicular sensor networks, they require an enhanced, secure and efficient authentication scheme. Existing authentication protocols are vulnerable to some problems, such as a high computational overhead with certificate distribution and revocation, strong reliance on tamper-proof devices, limited scalability when building many secure channels, and an inability to detect hardware tampering attacks. In this paper, an improved authentication scheme using certificateless public key cryptography is proposed to address these problems. A security analysis of our scheme shows that our protocol provides an enhanced secure anonymous authentication, which is resilient against major security threats. Furthermore, the proposed scheme reduces the incidence of node compromise and replication attacks. The scheme also provides a malicious-node detection and warning mechanism, which can quickly identify compromised static nodes and immediately alert the administrative department. With performance evaluations, the scheme can obtain better trade-offs between security and efficiency than the well-known available schemes.

An Enhanced Secure Identity-Based Certificateless Public Key Authentication Scheme for Vehicular Sensor Networks

Science.gov (United States)

Li, Congcong; Zhang, Xi; Wang, Haiping; Li, Dongfeng

2018-01-01

Vehicular sensor networks have been widely applied in intelligent traffic systems in recent years. Because of the specificity of vehicular sensor networks, they require an enhanced, secure and efficient authentication scheme. Existing authentication protocols are vulnerable to some problems, such as a high computational overhead with certificate distribution and revocation, strong reliance on tamper-proof devices, limited scalability when building many secure channels, and an inability to detect hardware tampering attacks. In this paper, an improved authentication scheme using certificateless public key cryptography is proposed to address these problems. A security analysis of our scheme shows that our protocol provides an enhanced secure anonymous authentication, which is resilient against major security threats. Furthermore, the proposed scheme reduces the incidence of node compromise and replication attacks. The scheme also provides a malicious-node detection and warning mechanism, which can quickly identify compromised static nodes and immediately alert the administrative department. With performance evaluations, the scheme can obtain better trade-offs between security and efficiency than the well-known available schemes. PMID:29324719

Device independent quantum key distribution secure against coherent attacks with memoryless measurement devices

International Nuclear Information System (INIS)

McKague, Matthew

2009-01-01

Device independent quantum key distribution (QKD) aims to provide a higher degree of security than traditional QKD schemes by reducing the number of assumptions that need to be made about the physical devices used. The previous proof of security by Pironio et al (2009 New J. Phys. 11 045021) applies only to collective attacks where the state is identical and independent and the measurement devices operate identically for each trial in the protocol. We extend this result to a more general class of attacks where the state is arbitrary and the measurement devices have no memory. We accomplish this by a reduction of arbitrary adversary strategies to qubit strategies and a proof of security for qubit strategies based on the previous proof by Pironio et al and techniques adapted from Renner.

Biometric Methods for Secure Communications in Body Sensor Networks: Resource-Efficient Key Management and Signal-Level Data Scrambling

Science.gov (United States)

Bui, Francis Minhthang; Hatzinakos, Dimitrios

2007-12-01

As electronic communications become more prevalent, mobile and universal, the threats of data compromises also accordingly loom larger. In the context of a body sensor network (BSN), which permits pervasive monitoring of potentially sensitive medical data, security and privacy concerns are particularly important. It is a challenge to implement traditional security infrastructures in these types of lightweight networks since they are by design limited in both computational and communication resources. A key enabling technology for secure communications in BSN's has emerged to be biometrics. In this work, we present two complementary approaches which exploit physiological signals to address security issues: (1) a resource-efficient key management system for generating and distributing cryptographic keys to constituent sensors in a BSN; (2) a novel data scrambling method, based on interpolation and random sampling, that is envisioned as a potential alternative to conventional symmetric encryption algorithms for certain types of data. The former targets the resource constraints in BSN's, while the latter addresses the fuzzy variability of biometric signals, which has largely precluded the direct application of conventional encryption. Using electrocardiogram (ECG) signals as biometrics, the resulting computer simulations demonstrate the feasibility and efficacy of these methods for delivering secure communications in BSN's.

Biometric Methods for Secure Communications in Body Sensor Networks: Resource-Efficient Key Management and Signal-Level Data Scrambling

Directory of Open Access Journals (Sweden)

Dimitrios Hatzinakos

2008-03-01

Full Text Available As electronic communications become more prevalent, mobile and universal, the threats of data compromises also accordingly loom larger. In the context of a body sensor network (BSN, which permits pervasive monitoring of potentially sensitive medical data, security and privacy concerns are particularly important. It is a challenge to implement traditional security infrastructures in these types of lightweight networks since they are by design limited in both computational and communication resources. A key enabling technology for secure communications in BSN's has emerged to be biometrics. In this work, we present two complementary approaches which exploit physiological signals to address security issues: (1 a resource-efficient key management system for generating and distributing cryptographic keys to constituent sensors in a BSN; (2 a novel data scrambling method, based on interpolation and random sampling, that is envisioned as a potential alternative to conventional symmetric encryption algorithms for certain types of data. The former targets the resource constraints in BSN's, while the latter addresses the fuzzy variability of biometric signals, which has largely precluded the direct application of conventional encryption. Using electrocardiogram (ECG signals as biometrics, the resulting computer simulations demonstrate the feasibility and efficacy of these methods for delivering secure communications in BSN's.

Efficient secure-channel free public key encryption with keyword search for EMRs in cloud storage.

Science.gov (United States)

Guo, Lifeng; Yau, Wei-Chuen

2015-02-01

Searchable encryption is an important cryptographic primitive that enables privacy-preserving keyword search on encrypted electronic medical records (EMRs) in cloud storage. Efficiency of such searchable encryption in a medical cloud storage system is very crucial as it involves client platforms such as smartphones or tablets that only have constrained computing power and resources. In this paper, we propose an efficient secure-channel free public key encryption with keyword search (SCF-PEKS) scheme that is proven secure in the standard model. We show that our SCF-PEKS scheme is not only secure against chosen keyword and ciphertext attacks (IND-SCF-CKCA), but also secure against keyword guessing attacks (IND-KGA). Furthermore, our proposed scheme is more efficient than other recent SCF-PEKS schemes in the literature.

An Energy-Efficient Secure Routing and Key Management Scheme for Mobile Sinks in Wireless Sensor Networks Using Deployment Knowledge

Directory of Open Access Journals (Sweden)

Le Xuan Hung

2008-12-01

Full Text Available For many sensor network applications such as military or homeland security, it is essential for users (sinks to access the sensor network while they are moving. Sink mobility brings new challenges to secure routing in large-scale sensor networks. Previous studies on sink mobility have mainly focused on efficiency and effectiveness of data dissemination without security consideration. Also, studies and experiences have shown that considering security during design time is the best way to provide security for sensor network routing. This paper presents an energy-efficient secure routing and key management for mobile sinks in sensor networks, called SCODEplus. It is a significant extension of our previous study in five aspects: (1 Key management scheme and routing protocol are considered during design time to increase security and efficiency; (2 The network topology is organized in a hexagonal plane which supports more efficiency than previous square-grid topology; (3 The key management scheme can eliminate the impacts of node compromise attacks on links between non-compromised nodes; (4 Sensor node deployment is based on Gaussian distribution which is more realistic than uniform distribution; (5 No GPS or like is required to provide sensor node location information. Our security analysis demonstrates that the proposed scheme can defend against common attacks in sensor networks including node compromise attacks, replay attacks, selective forwarding attacks, sinkhole and wormhole, Sybil attacks, HELLO flood attacks. Both mathematical and simulation-based performance evaluation show that the SCODEplus significantly reduces the communication overhead, energy consumption, packet delivery latency while it always delivers more than 97 percent of packets successfully.

Wavelength conversion, time demultiplexing and multicasting based on cross-phase modulation and four-wave mixing in dispersion-flattened highly nonlinear photonic crystal fiber

International Nuclear Information System (INIS)

Hui, Zhan-Qiang; Zhang, Jian-Guo

2012-01-01

We propose the use of cross-phase modulation (XPM) and four-wave mixing (FWM) in dispersion-flattened highly nonlinear photonic crystal fibers (HNL-PCFs) to implement the functionalities of wavelength conversion, simultaneous time demultiplexing and wavelength multicasting in optical time-division multiplexing (OTDM) systems. The experiments on wavelength conversion at 80 Gbit s −1 and OTDM demultiplexing from 80 to 10 Gbit s −1 with wavelength multicasting of two channels are successfully demonstrated to validate the proposed scheme, which are carried out by using two segments of dispersion-flattened HNL-PCFs with lengths of 100 and 50 m, respectively. Moreover, the bit error rate (BER) performance is also measured. The results show that our designed system can achieve a power penalty of less than 4.6 dB for two multicasting channels with a 24 nm wavelength span at the BER of 10 −9 when compared with the 10 Gbit/s back-to-back measurement. The proposed system is transparent to bit rate since only an ultrafast third-order nonlinear effect is used. The resulting configuration is compact, robust and reliable, benefiting from the use of dispersion-flattened HNL-PCFs with short lengths. This also makes the proposed system more flexible in the operational wavelengths than those based on dispersion-shifted fibers and traditional highly nonlinear fibers. (paper)

Security Analysis of Measurement-Device-Independent Quantum Key Distribution in Collective-Rotation Noisy Environment

Science.gov (United States)

Li, Na; Zhang, Yu; Wen, Shuang; Li, Lei-lei; Li, Jian

2018-01-01

Noise is a problem that communication channels cannot avoid. It is, thus, beneficial to analyze the security of MDI-QKD in noisy environment. An analysis model for collective-rotation noise is introduced, and the information theory methods are used to analyze the security of the protocol. The maximum amount of information that Eve can eavesdrop is 50%, and the eavesdropping can always be detected if the noise level ɛ ≤ 0.68. Therefore, MDI-QKD protocol is secure as quantum key distribution protocol. The maximum probability that the relay outputs successful results is 16% when existing eavesdropping. Moreover, the probability that the relay outputs successful results when existing eavesdropping is higher than the situation without eavesdropping. The paper validates that MDI-QKD protocol has better robustness.

Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks.

Science.gov (United States)

Kim, Jiye; Lee, Donghoon; Jeon, Woongryul; Lee, Youngsook; Won, Dongho

2014-04-09

User authentication and key management are two important security issues in WSNs (Wireless Sensor Networks). In WSNs, for some applications, the user needs to obtain real-time data directly from sensors and several user authentication schemes have been recently proposed for this case. We found that a two-factor mutual authentication scheme with key agreement in WSNs is vulnerable to gateway node bypassing attacks and user impersonation attacks using secret data stored in sensor nodes or an attacker's own smart card. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in unique ciphertext form in each node. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in a WSN operate with resource constraints such as limited power, computation, and storage space. Therefore, we also analyze the performance of the proposed scheme by comparing its computation and communication costs with those of other schemes.

Security Analysis and Improvements of Two-Factor Mutual Authentication with Key Agreement in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Jiye Kim

2014-04-01

Full Text Available User authentication and key management are two important security issues in WSNs (Wireless Sensor Networks. In WSNs, for some applications, the user needs to obtain real-time data directly from sensors and several user authentication schemes have been recently proposed for this case. We found that a two-factor mutual authentication scheme with key agreement in WSNs is vulnerable to gateway node bypassing attacks and user impersonation attacks using secret data stored in sensor nodes or an attacker’s own smart card. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in unique ciphertext form in each node. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in a WSN operate with resource constraints such as limited power, computation, and storage space. Therefore, we also analyze the performance of the proposed scheme by comparing its computation and communication costs with those of other schemes.

A Secure and Robust User Authenticated Key Agreement Scheme for Hierarchical Multi-medical Server Environment in TMIS.

Science.gov (United States)

Das, Ashok Kumar; Odelu, Vanga; Goswami, Adrijit

2015-09-01

The telecare medicine information system (TMIS) helps the patients to gain the health monitoring facility at home and access medical services over the Internet of mobile networks. Recently, Amin and Biswas presented a smart card based user authentication and key agreement security protocol usable for TMIS system using the cryptographic one-way hash function and biohashing function, and claimed that their scheme is secure against all possible attacks. Though their scheme is efficient due to usage of one-way hash function, we show that their scheme has several security pitfalls and design flaws, such as (1) it fails to protect privileged-insider attack, (2) it fails to protect strong replay attack, (3) it fails to protect strong man-in-the-middle attack, (4) it has design flaw in user registration phase, (5) it has design flaw in login phase, (6) it has design flaw in password change phase, (7) it lacks of supporting biometric update phase, and (8) it has flaws in formal security analysis. In order to withstand these security pitfalls and design flaws, we aim to propose a secure and robust user authenticated key agreement scheme for the hierarchical multi-server environment suitable in TMIS using the cryptographic one-way hash function and fuzzy extractor. Through the rigorous security analysis including the formal security analysis using the widely-accepted Burrows-Abadi-Needham (BAN) logic, the formal security analysis under the random oracle model and the informal security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The simulation results show that our scheme is also secure. Our scheme is more efficient in computation and communication as compared to Amin-Biswas's scheme and other related schemes. In addition, our scheme supports extra functionality features as compared to

Backup key generation model for one-time password security protocol

Science.gov (United States)

Jeyanthi, N.; Kundu, Sourav

2017-11-01

The use of one-time password (OTP) has ushered new life into the existing authentication protocols used by the software industry. It introduced a second layer of security to the traditional username-password authentication, thus coining the term, two-factor authentication. One of the drawbacks of this protocol is the unreliability of the hardware token at the time of authentication. This paper proposes a simple backup key model that can be associated with the real world applications’user database, which would allow a user to circumvent the second authentication stage, in the event of unavailability of the hardware token.

Security of Continuous-Variable Quantum Key Distribution via a Gaussian de Finetti Reduction

Science.gov (United States)

Leverrier, Anthony

2017-05-01

Establishing the security of continuous-variable quantum key distribution against general attacks in a realistic finite-size regime is an outstanding open problem in the field of theoretical quantum cryptography if we restrict our attention to protocols that rely on the exchange of coherent states. Indeed, techniques based on the uncertainty principle are not known to work for such protocols, and the usual tools based on de Finetti reductions only provide security for unrealistically large block lengths. We address this problem here by considering a new type of Gaussian de Finetti reduction, that exploits the invariance of some continuous-variable protocols under the action of the unitary group U (n ) (instead of the symmetric group Sn as in usual de Finetti theorems), and by introducing generalized S U (2 ,2 ) coherent states. Crucially, combined with an energy test, this allows us to truncate the Hilbert space globally instead as at the single-mode level as in previous approaches that failed to provide security in realistic conditions. Our reduction shows that it is sufficient to prove the security of these protocols against Gaussian collective attacks in order to obtain security against general attacks, thereby confirming rigorously the widely held belief that Gaussian attacks are indeed optimal against such protocols.

Practical security analysis of continuous-variable quantum key distribution with jitter in clock synchronization

Science.gov (United States)

Xie, Cailang; Guo, Ying; Liao, Qin; Zhao, Wei; Huang, Duan; Zhang, Ling; Zeng, Guihua

2018-03-01

How to narrow the gap of security between theory and practice has been a notoriously urgent problem in quantum cryptography. Here, we analyze and provide experimental evidence of the clock jitter effect on the practical continuous-variable quantum key distribution (CV-QKD) system. The clock jitter is a random noise which exists permanently in the clock synchronization in the practical CV-QKD system, it may compromise the system security because of its impact on data sampling and parameters estimation. In particular, the practical security of CV-QKD with different clock jitter against collective attack is analyzed theoretically based on different repetition frequencies, the numerical simulations indicate that the clock jitter has more impact on a high-speed scenario. Furthermore, a simplified experiment is designed to investigate the influence of the clock jitter.

Simple proof of the unconditional security of the Bennett 1992 quantum key distribution protocol

International Nuclear Information System (INIS)

Zhang Quan; Tang Chaojing

2002-01-01

It is generally accepted that quantum key distribution (QKD) could supply legitimate users with unconditional security during their communication. Quite a lot of satisfactory efforts have been achieved on experimentations with quantum cryptography. However, when the eavesdropper has extra-powerful computational ability, has access to a quantum computer, for example, and can carry into execution any eavesdropping measurement that is allowed by the laws of physics, the security against such attacks has not been widely studied and rigorously proved for most QKD protocols. Quite recently, Shor and Preskill proved concisely the unconditional security of the Bennett-Brassard 1984 (BB84) protocol. Their method is highly valued for its clarity of concept and concision of form. In order to take advantage of the Shor-Preskill technique in their proof of the unconditional security of the BB84 QKD protocol, we introduced in this paper a transformation that can translate the Bennett 1992 (B92) protocol into the BB84 protocol. By proving that the transformation leaks no more information to the eavesdropper, we proved the unconditional security of the B92 protocol. We also settled the problem proposed by Lo about how to prove the unconditional security of the B92 protocol with the Shor-Preskill method

Design alternatives for process group membership and multicast

Science.gov (United States)

Birman, Kenneth P.; Cooper, Robert; Gleeson, Barry

1991-01-01

Process groups are a natural tool for distributed programming, and are increasingly important in distributed computing environments. However, there is little agreement on the most appropriate semantics for process group membership and group communication. These issues are of special importance in the Isis system, a toolkit for distributed programming. Isis supports several styles of process group, and a collection of group communication protocols spanning a range of atomicity and ordering properties. This flexibility makes Isis adaptable to a variety of applications, but is also a source of complexity that limits performance. This paper reports on a new architecture that arose from an effort to simplify Isis process group semantics. Our findings include a refined notion of how the clients of a group should be treated, what the properties of a multicast primitive should be when systems contain large numbers of overlapping groups, and a new construct called the casuality domain. As an illustration, we apply the architecture to the problem of converting processes into fault-tolerant process groups in a manner that is 'transparent' to other processes in the system.

Cross-Layer Design for Energy-Efficient Secure Multicast Communications in Ad Hoc Networks

National Research Council Canada - National Science Library

Lazos, Loukas; Poovendran, Radha

2004-01-01

.... They present an analytical formulation of the energy expenditure associated with the communication overhead of key management, and highlight its dependence on network topology and key distribution method...

Symmetric Stream Cipher using Triple Transposition Key Method and Base64 Algorithm for Security Improvement

Science.gov (United States)

Nurdiyanto, Heri; Rahim, Robbi; Wulan, Nur

2017-12-01

Symmetric type cryptography algorithm is known many weaknesses in encryption process compared with asymmetric type algorithm, symmetric stream cipher are algorithm that works on XOR process between plaintext and key, to improve the security of symmetric stream cipher algorithm done improvisation by using Triple Transposition Key which developed from Transposition Cipher and also use Base64 algorithm for encryption ending process, and from experiment the ciphertext that produced good enough and very random.

Reliability of Calderbank-Shor-Steane codes and security of quantum key distribution

International Nuclear Information System (INIS)

Hamada, Mitsuru

2004-01-01

After Mayers (1996 Advances in Cryptography: Proc. Crypto'96 pp 343-57; 2001 J. Assoc. Comput. Mach. 48 351-406) gave a proof of the security of the Bennett-Brassard (1984 Proc. IEEE Int. Conf. on Computers, Systems and Signal Processing (Bangalore, India) pp 175-9) (BB84) quantum key distribution protocol, Shor and Preskill (2000 Phys. Rev. Lett. 85 441-4) made a remarkable observation that a Calderbank-Shor-Steane (CSS) code had been implicitly used in the BB84 protocol, and suggested its security could be proved by bounding the fidelity, say F n , of the incorporated CSS code of length n in the form 1-F n ≤ exp[-nE + o(n)] for some positive number E. This work presents such a number E = E(R) as a function of the rate of codes R, and a threshold R 0 such that E(R) > 0 whenever R 0 , which is larger than the achievable rate based on the Gilbert-Varshamov bound that is essentially given by Shor and Preskill. The codes in the present work are robust against fluctuations of channel parameters, which fact is needed to establish the security rigorously and was not proved for rates above the Gilbert-Varshamov rate before in the literature. As a byproduct, the security of a modified BB84 protocol against any joint (coherent) attacks is proved quantitatively

Multicast in Femtocell Networks: A Successive Interference Cancellation Approach

Directory of Open Access Journals (Sweden)

Donglin Hu

2014-09-01

Full Text Available A femtocell is a small cellular base station (BS, typically used for serving approved users within a small coverage. In this paper, we investigate the problem of data multicast in femtocell networks that incorporates superposition coding (SC and successive interference cancellation (SIC. The problem is to decide the transmission schedule for each BS, as well as the power allocation for the SC layers, to achieve a sufficiently large SNR for each layer to be decodable with SIC at each user. Minimizing the total BS power consumption achieves the goal of “green” communications. We formulate a Mixed Integer Nonlinear Programming (MINLP problem, and then reformulate the problem into a simpler form. Upper and lower performance bounds on the total BS power consumption are derived. Finally, we consider three typical connection scenarios, and develop optimal and nearoptimal algorithms for the three scenarios. The proposed algorithms have low computational complexity, and outperform a heuristic scheme with considerable gains in our simulation study.

Security analysis of an untrusted source for quantum key distribution: passive approach

International Nuclear Information System (INIS)

Zhao Yi; Qi Bing; Lo, H-K; Qian Li

2010-01-01

We present a passive approach to the security analysis of quantum key distribution (QKD) with an untrusted source. A complete proof of its unconditional security is also presented. This scheme has significant advantages in real-life implementations as it does not require fast optical switching or a quantum random number generator. The essential idea is to use a beam splitter to split each input pulse. We show that we can characterize the source using a cross-estimate technique without active routing of each pulse. We have derived analytical expressions for the passive estimation scheme. Moreover, using simulations, we have considered four real-life imperfections: additional loss introduced by the 'plug and play' structure, inefficiency of the intensity monitor noise of the intensity monitor, and statistical fluctuation introduced by finite data size. Our simulation results show that the passive estimate of an untrusted source remains useful in practice, despite these four imperfections. Also, we have performed preliminary experiments, confirming the utility of our proposal in real-life applications. Our proposal makes it possible to implement the 'plug and play' QKD with the security guaranteed, while keeping the implementation practical.

Improving the security of a parallel keyed hash function based on chaotic maps

Energy Technology Data Exchange (ETDEWEB)

Xiao Di, E-mail: xiaodi_cqu@hotmail.co [College of Computer Science and Engineering, Chongqing University, Chongqing 400044 (China); Liao Xiaofeng [College of Computer Science and Engineering, Chongqing University, Chongqing 400044 (China); Wang Yong [College of Computer Science and Engineering, Chongqing University, Chongqing 400044 (China)] [College of Economy and Management, Chongqing University of Posts and Telecommunications, Chongqing 400065 (China)

2009-11-23

In this Letter, we analyze the cause of vulnerability of the original parallel keyed hash function based on chaotic maps in detail, and then propose the corresponding enhancement measures. Theoretical analysis and computer simulation indicate that the modified hash function is more secure than the original one. At the same time, it can keep the parallel merit and satisfy the other performance requirements of hash function.

Improving the security of a parallel keyed hash function based on chaotic maps

International Nuclear Information System (INIS)

Xiao Di; Liao Xiaofeng; Wang Yong

2009-01-01

In this Letter, we analyze the cause of vulnerability of the original parallel keyed hash function based on chaotic maps in detail, and then propose the corresponding enhancement measures. Theoretical analysis and computer simulation indicate that the modified hash function is more secure than the original one. At the same time, it can keep the parallel merit and satisfy the other performance requirements of hash function.

Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems.

Science.gov (United States)

Sutrala, Anil Kumar; Das, Ashok Kumar; Odelu, Vanga; Wazid, Mohammad; Kumari, Saru

2016-10-01

Information and communication and technology (ICT) has changed the entire paradigm of society. ICT facilitates people to use medical services over the Internet, thereby reducing the travel cost, hospitalization cost and time to a greater extent. Recent advancements in Telecare Medicine Information System (TMIS) facilitate users/patients to access medical services over the Internet by gaining health monitoring facilities at home. Amin and Biswas recently proposed a RSA-based user authentication and session key agreement protocol usable for TMIS, which is an improvement over Giri et al.'s RSA-based user authentication scheme for TMIS. In this paper, we show that though Amin-Biswas's scheme considerably improves the security drawbacks of Giri et al.'s scheme, their scheme has security weaknesses as it suffers from attacks such as privileged insider attack, user impersonation attack, replay attack and also offline password guessing attack. A new RSA-based user authentication scheme for TMIS is proposed, which overcomes the security pitfalls of Amin-Biswas's scheme and also preserves user anonymity property. The careful formal security analysis using the two widely accepted Burrows-Abadi-Needham (BAN) logic and the random oracle models is done. Moreover, the informal security analysis of the scheme is also done. These security analyses show the robustness of our new scheme against the various known attacks as well as attacks found in Amin-Biswas's scheme. The simulation of the proposed scheme using the widely accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is also done. We present a new user authentication and session key agreement scheme for TMIS, which fixes the mentioned security pitfalls found in Amin-Biswas's scheme, and we also show that the proposed scheme provides better security than other existing schemes through the rigorous security analysis and verification tool. Furthermore, we present the formal security

Design of a Secure Authentication and Key Agreement Scheme Preserving User Privacy Usable in Telecare Medicine Information Systems.

Science.gov (United States)

Arshad, Hamed; Rasoolzadegan, Abbas

2016-11-01

Authentication and key agreement schemes play a very important role in enhancing the level of security of telecare medicine information systems (TMISs). Recently, Amin and Biswas demonstrated that the authentication scheme proposed by Giri et al. is vulnerable to off-line password guessing attacks and privileged insider attacks and also does not provide user anonymity. They also proposed an improved authentication scheme, claiming that it resists various security attacks. However, this paper demonstrates that Amin and Biswas's scheme is defenseless against off-line password guessing attacks and replay attacks and also does not provide perfect forward secrecy. This paper also shows that Giri et al.'s scheme not only suffers from the weaknesses pointed out by Amin and Biswas, but it also is vulnerable to replay attacks and does not provide perfect forward secrecy. Moreover, this paper proposes a novel authentication and key agreement scheme to overcome the mentioned weaknesses. Security and performance analyses show that the proposed scheme not only overcomes the mentioned security weaknesses, but also is more efficient than the previous schemes.

Shor-Preskill-type security proof for concatenated Bennett-Brassard 1984 quantum-key-distribution protocol

International Nuclear Information System (INIS)

Hwang, Won-Young; Matsumoto, Keiji; Imai, Hiroshi; Kim, Jaewan; Lee, Hai-Woong

2003-01-01

We discuss a long code problem in the Bennett-Brassard 1984 (BB84) quantum-key-distribution protocol and describe how it can be overcome by concatenation of the protocol. Observing that concatenated modified Lo-Chau protocol finally reduces to the concatenated BB84 protocol, we give the unconditional security of the concatenated BB84 protocol

Training on Transport Security of Nuclear/Radioactive Materials for Key Audiences

Energy Technology Data Exchange (ETDEWEB)

Pope, Ronald; Liu, Yung; Shuler, J.M.

2016-01-01

development of the relevant teaching materials for the course have largely been completed, tailoring the course for targeted audiences becomes a relatively easy task, requiring less effort and providing more flexibility for both the lecturers and future participants. One-day or two-day courses with focus specifically on the U.S. transport security requirements can be delivered, at locations away from Argonne, by one or two principal lecturers to targeted audiences such as regulators, shippers, carriers, state and local law enforcement personnel, and emergency responders. This paper will highlight the lessons learned in hosting previous one-week courses and discuss the development of options for detailed and/or customized courses/workshops for targeted key audiences.

Towards Comprehensive Food Security Measures: Comparing Key ...

African Journals Online (AJOL)

Food security is a multi-dimensional issue that has been difficult to measure comprehensively, given the one-dimensional focus of existing indicators. Three indicators dominate the food security measurement debate: Household Food Insecurity Access Scale (HFIAS), Dietary Diversity Score (DDS) and Coping Strategies ...

Decentralized Cloud Method For Multicasting Media Stream

Directory of Open Access Journals (Sweden)

D M B N Bandara

2015-08-01

Full Text Available With the advancement of Information technology the concept of idea sharing has advanced. Mostly on presentations personal computer and projector have become essentials. But on most occasions for connecting these equipment cables and physical devices are used. This is inefficient and time consuming. If a problem occurs someone with technical knowledge is necessary to solve the situation. The objective of this research is to use the wireless technology to reduce the manual configuration and build up a platform where one can easily share files a visuals media and feedback. A system has been developed to detect all the devices over a network and upon granted permission will share video audio and access controls. Final outcome of the research was a collaborative software bundle which work together on a network. One part of the system is a Desktop Network Software. And other is a Mobile Application. Desktop application can detect all other devices in the network which provides the same facility and if required can allocate a group and share its screen files and have a message stream to each device using multicasting. Mobile application can act as a mobile remote to the host computer of the group which can detect any input from user and pass it to the system.

Dynamic Programming Optimization of Multi-rate Multicast Video-Streaming Services

Directory of Open Access Journals (Sweden)

Nestor Michael Caños Tiglao

2010-06-01

Full Text Available In large scale IP Television (IPTV and Mobile TV distributions, the video signal is typically encoded and transmitted using several quality streams, over IP Multicast channels, to several groups of receivers, which are classified in terms of their reception rate. As the number of video streams is usually constrained by both the number of TV channels and the maximum capacity of the content distribution network, it is necessary to find the selection of video stream transmission rates that maximizes the overall user satisfaction. In order to efficiently solve this problem, this paper proposes the Dynamic Programming Multi-rate Optimization (DPMO algorithm. The latter was comparatively evaluated considering several user distributions, featuring different access rate patterns. The experimental results reveal that DPMO is significantly more efficient than exhaustive search, while presenting slightly higher execution times than the non-optimal Multi-rate Step Search (MSS algorithm.

A Comparative Evaluation of Algorithms in the Implementation of an Ultra-Secure Router-to-Router Key Exchange System

Directory of Open Access Journals (Sweden)

Nishaal J. Parmar

2017-01-01

Full Text Available This paper presents a comparative evaluation of possible encryption algorithms for use in a self-contained, ultra-secure router-to-router communication system, first proposed by El Rifai and Verma. The original proposal utilizes a discrete logarithm-based encryption solution, which will be compared in this paper to RSA, AES, and ECC encryption algorithms. RSA certificates are widely used within the industry but require a trusted key generation and distribution architecture. AES and ECC provide advantages in key length, processing requirements, and storage space, also maintaining an arbitrarily high level of security. This paper modifies each of the four algorithms for use within the self-contained router-to-router environment system and then compares them in terms of features offered, storage space and data transmission needed, encryption/decryption efficiency, and key generation requirements.

Evaluación del punto de conmutación unicast- multicast para ahorro de potencia de transmisión en redes MBMS

Directory of Open Access Journals (Sweden)

Raúl Tamayo Fernández

2014-01-01

Full Text Available La oferta de aplicaciones y servicios multimedia para terminales móviles se hace principalmente a través de las redes celulares de tercera y cuarta generación (3G/4G existentes. El envío de los datos en este tipo de redes se realiza en modo unicast, es decir, a cada usuario se le dedican recursos de radio (ancho de banda y potencia de transmisión durante toda la sesión. Esto presenta algunos inconvenientes, tales como agotamiento rápido del ancho de banda del operador móvil, alto consumo de potencia de transmisión, incremento de la interferencia, y costos altos del servicio. Los operadores móviles requieren de nuevas tecnologías que optimicen el uso de sus recursos de radio y así lograr un mayor índice de penetración de los servicios. De ahí la necesidad de cambiar de paradigma hacia un modo de transmisión en multicast o broadcast, en el que una misma señal pueda recibirse por varios usuarios simultáneamente, de tal forma que los recursos de radio se puedan compartir. Para ello, la solución técnica sobre redes celulares LTE (Long Term Evolution se dio en la especificación 3GPP Release 6, llamada Servicio Multimedia por Broadcast/Multicast (MBMS, Multimedia Broadcast Multicast Service. La especificación de MBMS permite que una transmisión cambie de modo unicast a modo multicast a partir de un “punto de conmutación”, que determina el momento de hacer el cambio para obtener un ahorro tanto en ancho de banda como en potencia de transmisión. Este artículo presenta una evaluación para determinar los puntos de conmutación de modo de transmisión óptimos en el estándar MBMS para diferentes ambientes de propagación inalámbrica. Además, dado que MBMS se puede utilizar en topologías de Red de Frecuencia Única (SFN, Single Frequency Networks, que tienen la propiedad de “ganancia de red”, también se determina el ahorro de potencia de transmisión adicional que se obtiene en esta configuración.

An adaptive secret key-directed cryptographic scheme for secure transmission in wireless sensor networks

International Nuclear Information System (INIS)

Muhammad, K.; Jan, Z.; Khan, Z

2015-01-01

Wireless Sensor Networks (WSNs) are memory and bandwidth limited networks whose main goals are to maximize the network lifetime and minimize the energy consumption and transmission cost. To achieve these goals, different techniques of compression and clustering have been used. However, security is an open and major issue in WSNs for which different approaches are used, both in centralized and distributed WSNs' environments. This paper presents an adaptive cryptographic scheme for secure transmission of various sensitive parameters, sensed by wireless sensors to the fusion center for further processing in WSNs such as military networks. The proposed method encrypts the sensitive captured data of sensor nodes using various encryption procedures (bitxor operation, bits shuffling, and secret key based encryption) and then sends it to the fusion center. At the fusion center, the received encrypted data is decrypted for taking further necessary actions. The experimental results with complexity analysis, validate the effectiveness and feasibility of the proposed method in terms of security in WSNs. (author)

User-Centric Key Entropy: Study of Biometric Key Derivation Subject to Spoofing Attacks

Directory of Open Access Journals (Sweden)

Lavinia Mihaela Dinca

2017-02-01

Full Text Available Biometric data can be used as input for PKI key pair generation. The concept of not saving the private key is very appealing, but the implementation of such a system shouldn’t be rushed because it might prove less secure then current PKI infrastructure. One biometric characteristic can be easily spoofed, so it was believed that multi-modal biometrics would offer more security, because spoofing two or more biometrics would be very hard. This notion, of increased security of multi-modal biometric systems, was disproved for authentication and matching, studies showing that not only multi-modal biometric systems are not more secure, but they introduce additional vulnerabilities. This paper is a study on the implications of spoofing biometric data for retrieving the derived key. We demonstrate that spoofed biometrics can yield the same key, which in turn will lead an attacker to obtain the private key. A practical implementation is proposed using fingerprint and iris as biometrics and the fuzzy extractor for biometric key extraction. Our experiments show what happens when the biometric data is spoofed for both uni-modal systems and multi-modal. In case of multi-modal system tests were performed when spoofing one biometric or both. We provide detailed analysis of every scenario in regard to successful tests and overall key entropy. Our paper defines a biometric PKI scenario and an in depth security analysis for it. The analysis can be viewed as a blueprint for implementations of future similar systems, because it highlights the main security vulnerabilities for bioPKI. The analysis is not constrained to the biometric part of the system, but covers CA security, sensor security, communication interception, RSA encryption vulnerabilities regarding key entropy, and much more.

Identifying the Key Weaknesses in Network Security at Colleges.

Science.gov (United States)

Olsen, Florence

2000-01-01

A new study identifies and ranks the 10 security gaps responsible for most outsider attacks on college computer networks. The list is intended to help campus system administrators establish priorities as they work to increase security. One network security expert urges that institutions utilize multiple security layers. (DB)

A Security Solution for IEEE 802.11's Ad-hoc Mode:Password-Authentication and Group Diffie-Hellman Key Exchange

Energy Technology Data Exchange (ETDEWEB)

Emmanuel, Bresson; Olivier, Chevassut; David, Pointcheval

2005-10-01

The IEEE 802 standards ease the deployment of networkinginfrastructures and enable employers to accesscorporate networks whiletraveling. These standards provide two modes of communication calledinfrastructure and ad-hoc modes. A security solution for the IEEE802.11's infrastructure mode took several years to reach maturity andfirmware are still been upgraded, yet a solution for the ad-hoc modeneeds to be specified. The present paper is a first attempt in thisdirection. It leverages the latest developments in the area ofpassword-based authentication and (group) Diffie-Hellman key exchange todevelop a provably-secure key-exchange protocol for IEEE 802.11's ad-hocmode. The protocol allows users to securely join and leave the wirelessgroup at time, accommodates either a single-shared password orpairwise-shared passwords among the group members, or at least with acentral server; achieves security against dictionary attacks in theideal-hash model (i.e. random-oracles). This is, to the best of ourknowledge, the first such protocol to appear in the cryptographicliterature.

Shor-Preskill-type security proof for quantum key distribution without public announcement of bases

International Nuclear Information System (INIS)

Hwang, Won-Young; Wang Xiangbin; Matsumoto, Keiji; Kim, Jaewan; Lee, Hai-Woong

2003-01-01

We give a Shor-Preskill-type security proof to quantum key distribution without public announcement of bases [W.Y. Hwang et al., Phys. Lett. A 244, 489 (1998)]. First, we modify the Lo-Chau protocol once more so that it finally reduces to the quantum key distribution without public announcement of bases. Then we show how we can estimate the error rate in the code bits based on that in the checked bits in the proposed protocol, which is the central point of the proof. We discuss the problem of imperfect sources and that of large deviation in the error rate distributions. We discuss when the bases sequence must be discarded

Quantum-to-the-Home: Achieving Gbits/s Secure Key Rates via Commercial Off-the-Shelf Telecommunication Equipment

Directory of Open Access Journals (Sweden)

Rameez Asif

2017-01-01

Full Text Available There is current significant interest in Fiber-to-the-Home (FTTH networks, that is, end-to-end optical connectivity. Currently, it may be limited due to the presence of last-mile copper wire connections. However, in near future, it is envisaged that FTTH connections will exist, and a key offering would be the possibility of optical encryption that can best be implemented using Quantum Key Distribution (QKD. However, it is very important that the QKD infrastructure is compatible with the already existing networks for a smooth transition and integration with the classical data traffic. In this paper, we report the feasibility of using off-the-shelf telecommunication components to enable high performance Continuous Variable-Quantum Key Distribution (CV-QKD systems that can yield secure key rates in the range of 100 Mbits/s under practical operating conditions. Multilevel phase modulated signals (m-PSK are evaluated in terms of secure key rates and transmission distances. The traditional receiver is discussed, aided by the phase noise cancellation based digital signal processing module for detecting the complex quantum signals. Furthermore, we have discussed the compatibility of multiplexers and demultiplexers for wavelength division multiplexed Quantum-to-the-Home (QTTH network and the impact of splitting ratio is analyzed. The results are thoroughly compared with the commercially available high-cost encryption modules.

Security analysis on some experimental quantum key distribution systems with imperfect optical and electrical devices

Science.gov (United States)

Liang, Lin-Mei; Sun, Shi-Hai; Jiang, Mu-Sheng; Li, Chun-Yan

2014-10-01

In general, quantum key distribution (QKD) has been proved unconditionally secure for perfect devices due to quantum uncertainty principle, quantum noncloning theorem and quantum nondividing principle which means that a quantum cannot be divided further. However, the practical optical and electrical devices used in the system are imperfect, which can be exploited by the eavesdropper to partially or totally spy the secret key between the legitimate parties. In this article, we first briefly review the recent work on quantum hacking on some experimental QKD systems with respect to imperfect devices carried out internationally, then we will present our recent hacking works in details, including passive faraday mirror attack, partially random phase attack, wavelength-selected photon-number-splitting attack, frequency shift attack, and single-photon-detector attack. Those quantum attack reminds people to improve the security existed in practical QKD systems due to imperfect devices by simply adding countermeasure or adopting a totally different protocol such as measurement-device independent protocol to avoid quantum hacking on the imperfection of measurement devices [Lo, et al., Phys. Rev. Lett., 2012, 108: 130503].

Infrared: A Key Technology for Security Systems

OpenAIRE

Corsi, Carlo

2012-01-01

Infrared science and technology has been, since the first applications, mainly dedicated to security and surveillance especially in military field, besides specialized techniques in thermal imaging for medical diagnostic and building structures and recently in energy savings and aerospace context. Till recently the security applications were mainly based on thermal imaging as surveillance and warning military systems. In all these applications the advent of room temperature, more reliable due...

Utilizing joint routing and capacity assignment algorithms to achieve inter- and intra-group delay fairness in multi-rate multicast wireless sensor networks.

Science.gov (United States)

Lin, Frank Yeong-Sung; Hsiao, Chiu-Han; Lin, Leo Shih-Chang; Wen, Yean-Fu

2013-03-14

Recent advance in wireless sensor network (WSN) applications such as the Internet of Things (IoT) have attracted a lot of attention. Sensor nodes have to monitor and cooperatively pass their data, such as temperature, sound, pressure, etc. through the network under constrained physical or environmental conditions. The Quality of Service (QoS) is very sensitive to network delays. When resources are constrained and when the number of receivers increases rapidly, how the sensor network can provide good QoS (measured as end-to-end delay) becomes a very critical problem. In this paper; a solution to the wireless sensor network multicasting problem is proposed in which a mathematical model that provides services to accommodate delay fairness for each subscriber is constructed. Granting equal consideration to both network link capacity assignment and routing strategies for each multicast group guarantees the intra-group and inter-group delay fairness of end-to-end delay. Minimizing delay and achieving fairness is ultimately achieved through the Lagrangean Relaxation method and Subgradient Optimization Technique. Test results indicate that the new system runs with greater effectiveness and efficiency.

Critical analysis of the Bennett-Riedel attack on secure cryptographic key distributions via the Kirchhoff-Law-Johnson-noise scheme.

Science.gov (United States)

Kish, Laszlo B; Abbott, Derek; Granqvist, Claes G

2013-01-01

Recently, Bennett and Riedel (BR) (http://arxiv.org/abs/1303.7435v1) argued that thermodynamics is not essential in the Kirchhoff-law-Johnson-noise (KLJN) classical physical cryptographic exchange method in an effort to disprove the security of the KLJN scheme. They attempted to demonstrate this by introducing a dissipation-free deterministic key exchange method with two batteries and two switches. In the present paper, we first show that BR's scheme is unphysical and that some elements of its assumptions violate basic protocols of secure communication. All our analyses are based on a technically unlimited Eve with infinitely accurate and fast measurements limited only by the laws of physics and statistics. For non-ideal situations and at active (invasive) attacks, the uncertainly principle between measurement duration and statistical errors makes it impossible for Eve to extract the key regardless of the accuracy or speed of her measurements. To show that thermodynamics and noise are essential for the security, we crack the BR system with 100% success via passive attacks, in ten different ways, and demonstrate that the same cracking methods do not function for the KLJN scheme that employs Johnson noise to provide security underpinned by the Second Law of Thermodynamics. We also present a critical analysis of some other claims by BR; for example, we prove that their equations for describing zero security do not apply to the KLJN scheme. Finally we give mathematical security proofs for each BR-attack against the KLJN scheme and conclude that the information theoretic (unconditional) security of the KLJN method has not been successfully challenged.

Secure PVM

Energy Technology Data Exchange (ETDEWEB)

Dunigan, T.H.; Venugopal, N.

1996-09-01

This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

Alcatel-Lucent Service Routing Architect (SRA) self-study guide preparing for the BGP, VPRN and Multicast exams

CERN Document Server

Warnock, Glenn; Shaheen, Ghassan

2015-01-01

A comprehensive resource for professionals preparing for Alcatel-Lucent Service Routing Architect (SRA) certification Networking professionals are taking note of Alcatel-Lucent and its quick ascent in the networking and telecom industries. IP networking professionals looking for a comprehensive guide to obtaining the Alcatel-Lucent Service Routing Architect (SRA) certification will be pleased to learn of this new publication, Alcatel-Lucent Service Routing Architect (SRA) Self-Study Guide: Preparing for the BGP, VPRN and Multicast Exams. The book comprises approximately 2,600 pages of print a

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System.

Science.gov (United States)

Jung, Jaewook; Kang, Dongwoo; Lee, Donghoon; Won, Dongho

2017-01-01

Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System.

Directory of Open Access Journals (Sweden)

Jaewook Jung

Full Text Available Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System

Science.gov (United States)

Kang, Dongwoo; Lee, Donghoon; Won, Dongho

2017-01-01

Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency. PMID:28046075

Common Criteria for Information Technology Security Evaluation: Department of Defense Public Key Infrastructure and Key Management Infrastructure Token Protection Profile (Medium Robustness)

Science.gov (United States)

2002-03-22

may be derived from detailed inspection of the IC itself or from illicit appropriation of design information. Counterfeit smart cards can be mass...Infrastructure (PKI) as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair...interference devices (SQDIS), electrical testing, and electron beam testing. • Other attacks, such as UV or X-rays or high temperatures, could cause erasure

Energy Effective Congestion Control for Multicast with Network Coding in Wireless Ad Hoc Network

Directory of Open Access Journals (Sweden)

Chuanxin Zhao

2014-01-01

Full Text Available In order to improve network throughput and reduce energy consumption, we propose in this paper a cross-layer optimization design that is able to achieve multicast utility maximization and energy consumption minimization. The joint optimization of congestion control and power allocation is formulated to be a nonlinear nonconvex problem. Using dual decomposition, a distributed optimization algorithm is proposed to avoid the congestion by control flow rate at the source node and eliminate the bottleneck by allocating the power at the intermediate node. Simulation results show that the cross-layer algorithm can increase network performance, reduce the energy consumption of wireless nodes and prolong the network lifetime, while keeping network throughput basically unchanged.

Enhancing On-Demand Multicast Routing Protocols using Mobility Prediction in Mobile Ad-hoc Network

Directory of Open Access Journals (Sweden)

Nermin Makhlouf

2014-08-01

Full Text Available A Mobile Ad hoc Network (MANET is a self-organizing wireless communication network in which mobile devices are based on no infrastructure like base stations or access points. Minimal configuration and quick deployment make ad hoc networks suitable for emergency situations like disaster recovery or military conflict. Since node mobility may cause links to be broken frequently, a very important issue for routing in MANETs is how to set reliable paths which can last as long as possible. To solve this problem, non-random behaviors for the mobility patterns that mobile users exhibit are exploited. This paper introduces a scheme to improve On-Demand Multicast Routing Protocol (ODMRP performances by using mobility prediction. 

INFORMATION SYSTEM SECURITY (CYBER SECURITY

Directory of Open Access Journals (Sweden)

Muhammad Siddique Ansari

2016-03-01

Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

Critical analysis of the Bennett-Riedel attack on secure cryptographic key distributions via the Kirchhoff-Law-Johnson-noise scheme.

Directory of Open Access Journals (Sweden)

Laszlo B Kish

Full Text Available Recently, Bennett and Riedel (BR (http://arxiv.org/abs/1303.7435v1 argued that thermodynamics is not essential in the Kirchhoff-law-Johnson-noise (KLJN classical physical cryptographic exchange method in an effort to disprove the security of the KLJN scheme. They attempted to demonstrate this by introducing a dissipation-free deterministic key exchange method with two batteries and two switches. In the present paper, we first show that BR's scheme is unphysical and that some elements of its assumptions violate basic protocols of secure communication. All our analyses are based on a technically unlimited Eve with infinitely accurate and fast measurements limited only by the laws of physics and statistics. For non-ideal situations and at active (invasive attacks, the uncertainly principle between measurement duration and statistical errors makes it impossible for Eve to extract the key regardless of the accuracy or speed of her measurements. To show that thermodynamics and noise are essential for the security, we crack the BR system with 100% success via passive attacks, in ten different ways, and demonstrate that the same cracking methods do not function for the KLJN scheme that employs Johnson noise to provide security underpinned by the Second Law of Thermodynamics. We also present a critical analysis of some other claims by BR; for example, we prove that their equations for describing zero security do not apply to the KLJN scheme. Finally we give mathematical security proofs for each BR-attack against the KLJN scheme and conclude that the information theoretic (unconditional security of the KLJN method has not been successfully challenged.

Joint Power Allocation for Multicast Systems with Physical-Layer Network Coding

Directory of Open Access Journals (Sweden)

Zhu Wei-Ping

2010-01-01

Full Text Available This paper addresses the joint power allocation issue in physical-layer network coding (PLNC of multicast systems with two sources and two destinations communicating via a large number of distributed relays. By maximizing the achievable system rate, a constrained optimization problem is first formulated to jointly allocate powers for the source and relay terminals. Due to the nonconvex nature of the cost function, an iterative algorithm with guaranteed convergence is developed to solve the joint power allocation problem. As an alternative, an upper bound of the achievable rate is also derived to modify the original cost function in order to obtain a convex optimization solution. This approximation is shown to be asymptotically optimal in the sense of maximizing the achievable rate. It is confirmed through Monte Carlo simulations that the proposed joint power allocation schemes are superior to the existing schemes in terms of achievable rate and cumulative distribution function (CDF.

Security and Efficiency Concerns With Distributed Collaborative Networking Environments

National Research Council Canada - National Science Library

Felker, Keith

2003-01-01

... exception. Recent technology advancements in the areas of multicast, firewalls, encryption techniques, and bandwidth availability have made the next level of interpersonal communication possible...

Quantum key management

Energy Technology Data Exchange (ETDEWEB)

Hughes, Richard John; Thrasher, James Thomas; Nordholt, Jane Elizabeth

2016-11-29

Innovations for quantum key management harness quantum communications to form a cryptography system within a public key infrastructure framework. In example implementations, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a Merkle signature scheme (using Winternitz one-time digital signatures or other one-time digital signatures, and Merkle hash trees) to constitute a cryptography system. More generally, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a hash-based signature scheme. This provides a secure way to identify, authenticate, verify, and exchange secret cryptographic keys. Features of the quantum key management innovations further include secure enrollment of users with a registration authority, as well as credential checking and revocation with a certificate authority, where the registration authority and/or certificate authority can be part of the same system as a trusted authority for quantum key distribution.

Utilizing Joint Routing and Capacity Assignment Algorithms to Achieve Inter- and Intra-Group Delay Fairness in Multi-Rate Multicast Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Yean-Fu Wen

2013-03-01

Full Text Available Recent advance in wireless sensor network (WSN applications such as the Internet of Things (IoT have attracted a lot of attention. Sensor nodes have to monitor and cooperatively pass their data, such as temperature, sound, pressure, etc. through the network under constrained physical or environmental conditions. The Quality of Service (QoS is very sensitive to network delays. When resources are constrained and when the number of receivers increases rapidly, how the sensor network can provide good QoS (measured as end-to-end delay becomes a very critical problem. In this paper; a solution to the wireless sensor network multicasting problem is proposed in which a mathematical model that provides services to accommodate delay fairness for each subscriber is constructed. Granting equal consideration to both network link capacity assignment and routing strategies for each multicast group guarantees the intra-group and inter-group delay fairness of end-to-end delay. Minimizing delay and achieving fairness is ultimately achieved through the Lagrangean Relaxation method and Subgradient Optimization Technique. Test results indicate that the new system runs with greater effectiveness and efficiency.

Security infrastructures: towards the INDECT system security

OpenAIRE

Stoianov, Nikolai; Urueña, Manuel; Niemiec, Marcin; Machník, Petr; Maestro, Gema

2012-01-01

This paper provides an overview of the security infrastructures being deployed inside the INDECT project. These security infrastructures can be organized in five main areas: Public Key Infrastructure, Communication security, Cryptography security, Application security and Access control, based on certificates and smartcards. This paper presents the new ideas and deployed testbeds for these five areas. In particular, it explains the hierarchical architecture of the INDECT PKI...

Computer Security: Your iPhone as a key-logger

CERN Multimedia

Computer Security Team

2014-01-01

In the past, we have repeatedly elaborated on the computer security risk of using smartphones. Today, something new for the paranoid: did you know your smart phone can be used to spy on your PC’s keyboard?!    In fact, the tiny accelerometer, gyroscope and orientation sensors that your smartphone uses to determine its tilt and movements can also determine the letters you type on your computer. Thus, it acts as a hardware “key-logger”! It only requires your smartphone to be put close to your computer keyboard and to run a corresponding, malicious app. The rest is done by the highly precise sensors which can record keyboard vibrations and subsequently the letters you type. In a dedicated study, students of the Georgia Tech College of Computing were able to decipher complete sentences with up to 80 percent accuracy using an iPhone*. In a nice twist, the same feature can also be used to “to infer the occurrence of tap events on the touchscreen as w...

Optimizing Key Updates in Sensor Networks

DEFF Research Database (Denmark)

Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

2011-01-01

Sensor networks offer the advantages of simple and low–resource communication. Nevertheless, security is of particular importance in many cases such as when sensitive data is communicated or tamper-resistance is required. Updating the security keys is one of the key points in security, which...

Security of subcarrier wave quantum key distribution against the collective beam-splitting attack.

Science.gov (United States)

Miroshnichenko, G P; Kozubov, A V; Gaidash, A A; Gleim, A V; Horoshko, D B

2018-04-30

We consider a subcarrier wave quantum key distribution (QKD) system, where quantum encoding is carried out at weak sidebands generated around a coherent optical beam as a result of electro-optical phase modulation. We study security of two protocols, B92 and BB84, against one of the most powerful attacks for this class of systems, the collective beam-splitting attack. Our analysis includes the case of high modulation index, where the sidebands are essentially multimode. We demonstrate numerically and experimentally that a subcarrier wave QKD system with realistic parameters is capable of distributing cryptographic keys over large distances in presence of collective attacks. We also show that BB84 protocol modification with discrimination of only one state in each basis performs not worse than the original BB84 protocol in this class of QKD systems, thus significantly simplifying the development of cryptographic networks using the considered QKD technique.

Robust Public Key Cryptography — A New Cryptosystem Surviving Private Key Compromise

Science.gov (United States)

Shaik, Cheman

A weakness of the present-day public key cryptosystems is that these cryptosystems do not survive private-key compromise attacks resulting from an internal breach of trust. In a competitive business environment, private key compromise is a common incident that voids the strength of public key cryptosystems such as RSA and ECC. Bribing corporate employees to disclose their secret keys and inadvertently disclosing secret information are among a plethora of practical attacks that occur at the implementation level. Once a breach of trust takes place and subsequently the private key is revealed, any public key cryptosystem fails to secure electronic data in Internet communications. The revealed key may be used by an attacker to decipher the intercepted data at an intermediary router. This weakness of public key cryptography calls for an additional security measure that enables encryptions to survive private key compromise attacks.

Admission and Preventive Load Control for Delivery of Multicast and Broadcast Services via S-UMTS

Science.gov (United States)

Angelou, E.; Koutsokeras, N.; Andrikopoulos, I.; Mertzanis, I.; Karaliopoulos, M.; Henrio, P.

2003-07-01

An Admission Control strategy is proposed for unidirectional satellite systems delivering multicast and broadcast services to mobile users. In such systems, both the radio interface and the targeted services impose particular requirements on the RRM task. We briefly discuss the RRM requirements that stem from the services point of view and from the features of the SATIN access scheme that differentiate it from the conventional T-UMTS radio interface. The main functional entities of RRM and the alternative modes of operation are outlined and the proposed Admission Control algorithm is described in detail. The results from the simulation study that demonstrate its performance for a number of different scenarios are finally presented and conclusions derived.

A secure smart-card based authentication and key agreement scheme for telecare medicine information systems.

Science.gov (United States)

Lee, Tian-Fu; Liu, Chuan-Ming

2013-06-01

A smart-card based authentication scheme for telecare medicine information systems enables patients, doctors, nurses, health visitors and the medicine information systems to establish a secure communication platform through public networks. Zhu recently presented an improved authentication scheme in order to solve the weakness of the authentication scheme of Wei et al., where the off-line password guessing attacks cannot be resisted. This investigation indicates that the improved scheme of Zhu has some faults such that the authentication scheme cannot execute correctly and is vulnerable to the attack of parallel sessions. Additionally, an enhanced authentication scheme based on the scheme of Zhu is proposed. The enhanced scheme not only avoids the weakness in the original scheme, but also provides users' anonymity and authenticated key agreements for secure data communications.

Analysis of the differential-phase-shift-keying protocol in the quantum-key-distribution system

International Nuclear Information System (INIS)

Rong-Zhen, Jiao; Chen-Xu, Feng; Hai-Qiang, Ma

2009-01-01

The analysis is based on the error rate and the secure communication rate as functions of distance for three quantum-key-distribution (QKD) protocols: the Bennett–Brassard 1984, the Bennett–Brassard–Mermin 1992, and the coherent differential-phase-shift keying (DPSK) protocols. We consider the secure communication rate of the DPSK protocol against an arbitrary individual attack, including the most commonly considered intercept-resend and photon-number splitting attacks, and concluded that the simple and efficient differential-phase-shift-keying protocol allows for more than 200 km of secure communication distance with high communication rates. (general)

Multicast Services of QoS-Aware Active Queue Management over IP Multimedia Applications

Science.gov (United States)

Hwang, I.-Shyan; Hwang, Bor-Jiunn; Chang, Pen-Ming

2010-10-01

Recently, the multimedia services such as IPTV, video conference emerges to be the main traffic source. When UDP coexists with TCP, it induces not only congestion collapse but also unfairness problem. In this paper, a new Active Queue Management (AQM) algorithm, called Traffic Sensitive Active Queue Management (TSAQM), is proposed for providing multimedia services. The TSAQM comprise Dynamic Weight Allocate Scheme (DWAS) and Service Guarantee Scheme (SGS), the purpose of DWAS is to allocate resource with fairness and high end-user utility, and the purpose of SGS is to determine the satisfactory threshold (TH) and threshold region (TR). Several objectives of this proposed scheme include achieving high end-user utility for video service, considering the multicast as well as unicast proprieties to meet inter-class fairness and achieving the QoS requirement by adjusting the thresholds adaptively based on traffic situations.

Key handling in wireless sensor networks

International Nuclear Information System (INIS)

Li, Y; Newe, T

2007-01-01

With the rapid growth of Wireless Sensor Networks (WSNs), many advanced application areas have received significant attention. However, security will be an important factor for their full adoption. Wireless sensor nodes pose unique challenges and as such traditional security protocols, used in traditional networks cannot be applied directly. Some new protocols have been published recently with the goal of providing both privacy of data and authentication of sensor nodes for WSNs. Such protocols can employ private-key and/or public key cryptographic algorithms. Public key algorithms hold the promise of simplifying the network infrastructure required to provide security services such as: privacy, authentication and non-repudiation, while symmetric algorithms require less processing power on the lower power wireless node. In this paper a selection of key establishment/agreement protocols are reviewed and they are broadly divided into two categories: group key agreement protocols and pair-wise key establishment protocols. A summary of the capabilities and security related services provided by each protocol is provided

Key handling in wireless sensor networks

Energy Technology Data Exchange (ETDEWEB)

Li, Y; Newe, T [Optical Fibre Sensors Research Centre, Department of Electronic and Computer Engineering, University of Limerick, Limerick (Ireland)

2007-07-15

With the rapid growth of Wireless Sensor Networks (WSNs), many advanced application areas have received significant attention. However, security will be an important factor for their full adoption. Wireless sensor nodes pose unique challenges and as such traditional security protocols, used in traditional networks cannot be applied directly. Some new protocols have been published recently with the goal of providing both privacy of data and authentication of sensor nodes for WSNs. Such protocols can employ private-key and/or public key cryptographic algorithms. Public key algorithms hold the promise of simplifying the network infrastructure required to provide security services such as: privacy, authentication and non-repudiation, while symmetric algorithms require less processing power on the lower power wireless node. In this paper a selection of key establishment/agreement protocols are reviewed and they are broadly divided into two categories: group key agreement protocols and pair-wise key establishment protocols. A summary of the capabilities and security related services provided by each protocol is provided.

Secret-key expansion from covert communication

Science.gov (United States)

Arrazola, Juan Miguel; Amiri, Ryan

2018-02-01

Covert communication allows the transmission of messages in such a way that it is not possible for adversaries to detect that the communication is occurring. This provides protection in situations where knowledge that two parties are talking to each other may be incriminating to them. In this work, we study how covert communication can be used for a different purpose: secret key expansion. First, we show that any message transmitted in a secure covert protocol is also secret and therefore unknown to an adversary. We then propose a covert communication protocol where the amount of key consumed in the protocol is smaller than the transmitted key, thus leading to secure secret key expansion. We derive precise conditions for secret key expansion to occur, showing that it is possible when there are sufficiently low levels of noise for a given security level. We conclude by examining how secret key expansion from covert communication can be performed in a computational security model.

Secure and Efficient Key Coordination Algorithm for Line Topology Network Maintenance for Use in Maritime Wireless Sensor Networks.

Science.gov (United States)

Elgenaidi, Walid; Newe, Thomas; O'Connell, Eoin; Toal, Daniel; Dooly, Gerard

2016-12-21

There has been a significant increase in the proliferation and implementation of Wireless Sensor Networks (WSNs) in different disciplines, including the monitoring of maritime environments, healthcare systems, and industrial sectors. It has now become critical to address the security issues of data communication while considering sensor node constraints. There are many proposed schemes, including the scheme being proposed in this paper, to ensure that there is a high level of security in WSNs. This paper presents a symmetric security scheme for a maritime coastal environment monitoring WSN. The scheme provides security for travelling packets via individually encrypted links between authenticated neighbors, thus avoiding a reiteration of a global rekeying process. Furthermore, this scheme proposes a dynamic update key based on a trusted node configuration, called a leader node, which works as a trusted third party. The technique has been implemented in real time on a Waspmote test bed sensor platform and the results from both field testing and indoor bench testing environments are discussed in this paper.

Key Management Laboratory

Data.gov (United States)

Federal Laboratory Consortium — FUNCTION: Provides a secure environment to research and develop advanced electronic key management and networked key distribution technologies for the Navy and DoD....

Quantum key distribution network for multiple applications

Science.gov (United States)

Tajima, A.; Kondoh, T.; Ochi, T.; Fujiwara, M.; Yoshino, K.; Iizuka, H.; Sakamoto, T.; Tomita, A.; Shimamura, E.; Asami, S.; Sasaki, M.

2017-09-01

The fundamental architecture and functions of secure key management in a quantum key distribution (QKD) network with enhanced universal interfaces for smooth key sharing between arbitrary two nodes and enabling multiple secure communication applications are proposed. The proposed architecture consists of three layers: a quantum layer, key management layer and key supply layer. We explain the functions of each layer, the key formats in each layer and the key lifecycle for enabling a practical QKD network. A quantum key distribution-advanced encryption standard (QKD-AES) hybrid system and an encrypted smartphone system were developed as secure communication applications on our QKD network. The validity and usefulness of these systems were demonstrated on the Tokyo QKD Network testbed.

Center for computer security: Computer Security Group conference. Summary

Energy Technology Data Exchange (ETDEWEB)

None

1982-06-01

Topics covered include: computer security management; detection and prevention of computer misuse; certification and accreditation; protection of computer security, perspective from a program office; risk analysis; secure accreditation systems; data base security; implementing R and D; key notarization system; DOD computer security center; the Sandia experience; inspector general's report; and backup and contingency planning. (GHT)

Best-Practice Criteria for Practical Security of Self-Differencing Avalanche Photodiode Detectors in Quantum Key Distribution

Science.gov (United States)

Koehler-Sidki, A.; Dynes, J. F.; Lucamarini, M.; Roberts, G. L.; Sharpe, A. W.; Yuan, Z. L.; Shields, A. J.

2018-04-01

Fast-gated avalanche photodiodes (APDs) are the most commonly used single photon detectors for high-bit-rate quantum key distribution (QKD). Their robustness against external attacks is crucial to the overall security of a QKD system, or even an entire QKD network. We investigate the behavior of a gigahertz-gated, self-differencing (In,Ga)As APD under strong illumination, a tactic Eve often uses to bring detectors under her control. Our experiment and modeling reveal that the negative feedback by the photocurrent safeguards the detector from being blinded through reducing its avalanche probability and/or strengthening the capacitive response. Based on this finding, we propose a set of best-practice criteria for designing and operating fast-gated APD detectors to ensure their practical security in QKD.

An advanced temporal credential-based security scheme with mutual authentication and key agreement for wireless sensor networks.

Science.gov (United States)

Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

2013-07-24

Wireless sensor networks (WSNs) can be quickly and randomly deployed in any harsh and unattended environment and only authorized users are allowed to access reliable sensor nodes in WSNs with the aid of gateways (GWNs). Secure authentication models among the users, the sensor nodes and GWN are important research issues for ensuring communication security and data privacy in WSNs. In 2013, Xue et al. proposed a temporal-credential-based mutual authentication and key agreement scheme for WSNs. However, in this paper, we point out that Xue et al.'s scheme cannot resist stolen-verifier, insider, off-line password guessing, smart card lost problem and many logged-in users' attacks and these security weaknesses make the scheme inapplicable to practical WSN applications. To tackle these problems, we suggest a simple countermeasure to prevent proposed attacks while the other merits of Xue et al.'s authentication scheme are left unchanged.

Multiparty quantum key agreement with single particles

Science.gov (United States)

Liu, Bin; Gao, Fei; Huang, Wei; Wen, Qiao-yan

2013-04-01

Two conditions must be satisfied in a secure quantum key agreement (QKA) protocol: (1) outside eavesdroppers cannot gain the generated key without introducing any error; (2) the generated key cannot be determined by any non-trivial subset of the participants. That is, a secure QKA protocol can not only prevent the outside attackers from stealing the key, but also resist the attack from inside participants, i.e. some dishonest participants determine the key alone by illegal means. How to resist participant attack is an aporia in the design of QKA protocols, especially the multi-party ones. In this paper we present the first secure multiparty QKA protocol against both outside and participant attacks. Further more, we have proved its security in detail.

Three state quantum key distribution for small keys

International Nuclear Information System (INIS)

Batuwantudawe, J.; Boileau, J.-C.

2005-01-01

Full text: Quantum key distribution (QKD) protocols allow two parties, Alice and Bob, to establish secure keys. The most well-known protocol is BB84, using four distinct states. Recently, Phoenix et al. proposed a three state protocol. We explain the protocol and discuss its security proof. The three state protocol also has an interesting structure that allows for errors estimation from the inconclusive results (i.e.. where Alice and Bob choose different bases). This eliminates the need for sampling, potentially useful when qubits are limited. We discuss the effectiveness of this approach compared to BB84 for the case where a good error estimate is required. (author)

An improved chaos-based secure communication technique using a novel encryption function with an embedded cipher key

Energy Technology Data Exchange (ETDEWEB)

Zaher, Ashraf A. [Physics Department, Science College, Kuwait University, P.O. Box 5969, Safat 13060 (Kuwait)], E-mail: ashraf.zaher@ku.edu.kw

2009-12-15

In this paper, a secure communication technique, using a chaotic system with a single adjustable parameter and a single observable time series, is proposed. The chosen chaotic system, which is a variant of the famous Rikitake model, has a special structure for which the adjustable parameter appears in the dynamic equation of the observable time series. This particular structure is used to build a synchronization-based state observer that is decoupled from the adaptive parameter identifier. A local Lyapunov function is used to design the parameter identifier, with an adjustable convergence rate that guarantees the stability of the overall system. A two-channel transmission method is used to exemplify the suggested technique where the secret message is encoded using a nonlinear function of both the chaotic states and the adjustable parameter of the chaotic system that acts as a secret key. Simulations show that, at the receiver, the signal can be efficiently retrieved only if the secret key is known, even when both the receiver and the transmitter are in perfect synchronization. The proposed technique is demonstrated to have improved security and privacy against intruders, when compared to other techniques reported in the literature, while being simple to implement using both analog and digital hardware. In addition, the chosen chaotic system is shown to be flexible in accommodating the transmission of signals with variable bandwidths, which promotes the superiority and versatility of the suggested secure communication technique.

An improved chaos-based secure communication technique using a novel encryption function with an embedded cipher key

International Nuclear Information System (INIS)

Zaher, Ashraf A.

2009-01-01

In this paper, a secure communication technique, using a chaotic system with a single adjustable parameter and a single observable time series, is proposed. The chosen chaotic system, which is a variant of the famous Rikitake model, has a special structure for which the adjustable parameter appears in the dynamic equation of the observable time series. This particular structure is used to build a synchronization-based state observer that is decoupled from the adaptive parameter identifier. A local Lyapunov function is used to design the parameter identifier, with an adjustable convergence rate that guarantees the stability of the overall system. A two-channel transmission method is used to exemplify the suggested technique where the secret message is encoded using a nonlinear function of both the chaotic states and the adjustable parameter of the chaotic system that acts as a secret key. Simulations show that, at the receiver, the signal can be efficiently retrieved only if the secret key is known, even when both the receiver and the transmitter are in perfect synchronization. The proposed technique is demonstrated to have improved security and privacy against intruders, when compared to other techniques reported in the literature, while being simple to implement using both analog and digital hardware. In addition, the chosen chaotic system is shown to be flexible in accommodating the transmission of signals with variable bandwidths, which promotes the superiority and versatility of the suggested secure communication technique.

Securing information using optically generated biometric keys

Science.gov (United States)

Verma, Gaurav; Sinha, Aloka

2016-11-01

In this paper, we present a new technique to obtain biometric keys by using the fingerprint of a person for an optical image encryption system. The key generation scheme uses the fingerprint biometric information in terms of the amplitude mask (AM) and the phase mask (PM) of the reconstructed fingerprint image that is implemented using the digital holographic technique. Statistical tests have been conducted to check the randomness of the fingerprint PM key that enables its usage as an image encryption key. To explore the utility of the generated biometric keys, an optical image encryption system has been further demonstrated based on the phase retrieval algorithm and the double random phase encoding scheme in which keys for the encryption are used as the AM and the PM key. The advantage associated with the proposed scheme is that the biometric keys’ retrieval requires the simultaneous presence of the fingerprint hologram and the correct knowledge of the reconstruction parameters at the decryption stage, which not only verifies the authenticity of the person but also protects the valuable fingerprint biometric features of the keys. Numerical results are carried out to prove the feasibility and the effectiveness of the proposed encryption system.

Cyber security awareness toolkit for national security: an approach to South Africa's cyber security policy implementation

CSIR Research Space (South Africa)

Phahlamohlaka, LJ

2011-05-01

Full Text Available The aim of this paper is to propose an approach that South Africa could follow in implementing its proposed cyber security policy. The paper proposes a Cyber Security Awareness Toolkit that is underpinned by key National Security imperatives...

Digital security technology simplified.

Science.gov (United States)

Scaglione, Bernard J

2007-01-01

Digital security technology is making great strides in replacing analog and other traditional security systems including CCTV card access, personal identification and alarm monitoring applications. Like any new technology, the author says, it is important to understand its benefits and limitations before purchasing and installing, to ensure its proper operation and effectiveness. This article is a primer for security directors on how digital technology works. It provides an understanding of the key components which make up the foundation for digital security systems, focusing on three key aspects of the digital security world: the security network, IP cameras and IP recorders.

An Advanced Temporal Credential-Based Security Scheme with Mutual Authentication and Key Agreement for Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Chun-Ta Li

2013-07-01

Full Text Available Wireless sensor networks (WSNs can be quickly and randomly deployed in any harsh and unattended environment and only authorized users are allowed to access reliable sensor nodes in WSNs with the aid of gateways (GWNs. Secure authentication models among the users, the sensor nodes and GWN are important research issues for ensuring communication security and data privacy in WSNs. In 2013, Xue et al. proposed a temporal-credential-based mutual authentication and key agreement scheme for WSNs. However, in this paper, we point out that Xue et al.’s scheme cannot resist stolen-verifier, insider, off-line password guessing, smart card lost problem and many logged-in users’ attacks and these security weaknesses make the scheme inapplicable to practical WSN applications. To tackle these problems, we suggest a simple countermeasure to prevent proposed attacks while the other merits of Xue et al.’s authentication scheme are left unchanged.

New Secure E-mail System Based on Bio-Chaos Key Generation and Modified AES Algorithm

Science.gov (United States)

Hoomod, Haider K.; Radi, A. M.

2018-05-01

The E-mail messages exchanged between sender’s Mailbox and recipient’s Mailbox over the open systems and insecure Networks. These messages may be vulnerable to eavesdropping and itself poses a real threat to the privacy and data integrity from unauthorized persons. The E-mail Security includes the following properties (Confidentiality, Authentication, Message integrity). We need a safe encryption algorithm to encrypt Email messages such as the algorithm Advanced Encryption Standard (AES) or Data Encryption Standard DES, as well as biometric recognition and chaotic system. The proposed E-mail system security uses modified AES algorithm and uses secret key-bio-chaos that consist of biometric (Fingerprint) and chaotic system (Lu and Lorenz). This modification makes the proposed system more sensitive and random. The execution time for both encryption and decryption of the proposed system is much less from original AES, in addition to being compatible with all Mail Servers.

Symmetric cryptographic protocols

CERN Document Server

Ramkumar, Mahalingam

2014-01-01

This book focuses on protocols and constructions that make good use of symmetric pseudo random functions (PRF) like block ciphers and hash functions - the building blocks for symmetric cryptography. Readers will benefit from detailed discussion of several strategies for utilizing symmetric PRFs. Coverage includes various key distribution strategies for unicast, broadcast and multicast security, and strategies for constructing efficient digests of dynamic databases using binary hash trees.   •        Provides detailed coverage of symmetric key protocols •        Describes various applications of symmetric building blocks •        Includes strategies for constructing compact and efficient digests of dynamic databases

Security of supply in liberated electricity markets - key issues and experiences in OECD countries (work in progress)

International Nuclear Information System (INIS)

Stridbaek, Ulrik

2005-06-01

Security of supply of electricity could in principle refer to any parts of the value chain from fuel input to delivery of electricity to the final costumer with the expected quality. Concerns about security of supply are usually focused on three aspects: Timely and adequate supply of the input fuel for electricity generation is a prerequisite - security of energy supply. There has to be timely and adequate infrastructure in place to transform the input fuel into electricity and transport it to the final costumer - adequacy of generation and transmission capacity. Finally, it is an operational challenge to make the electricity system work and deliver at the expected quality - secure operation of the electricity system. Security of supply becomes relevant in a policy context from concerns about market failures in any parts of the value chain or, indeed, from the perspective that policy will set the framework for markets to serve as an instrument to secure the supply. This paper discusses some of the experiences with security of supply concerns and market failures in these three basic segments of the value chain; fuel input, adequate generation and transmission capacity and secure operation of the system, with an emphasis on the role of the market to serve as an efficient instrument. In the aftermath of the large black outs of electricity systems in North America, Italy and Sweden/Denmark IEA initiated a project on 'Transmission Reliability and Power System Security in Competitive Electricity Markets'. The results of this work will be published towards the end of 2005. After a decade with liberalised electricity markets in some pioneer regions, IEA now also finds it timely to analyse some of the lessons in a forthcoming publication. Recent and ongoing IEA-work thereby covers all the main aspects of security of supply. This paper summarises the key findings and messages, with a focus on the work in progress on lessons from liberalisation

Common-signal-induced synchronization in photonic integrated circuits and its application to secure key distribution.

Science.gov (United States)

Sasaki, Takuma; Kakesu, Izumi; Mitsui, Yusuke; Rontani, Damien; Uchida, Atsushi; Sunada, Satoshi; Yoshimura, Kazuyuki; Inubushi, Masanobu

2017-10-16

We experimentally achieve common-signal-induced synchronization in two photonic integrated circuits with short external cavities driven by a constant-amplitude random-phase light. The degree of synchronization can be controlled by changing the optical feedback phase of the two photonic integrated circuits. The change in the optical feedback phase leads to a significant redistribution of the spectral energy of optical and RF spectra, which is a unique characteristic of PICs with the short external cavity. The matching of the RF and optical spectra is necessary to achieve synchronization between the two PICs, and stable synchronization can be obtained over an hour in the presence of optical feedback. We succeed in generating information-theoretic secure keys and achieving the final key generation rate of 184 kb/s using the PICs.

An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system.

Science.gov (United States)

Das, Ashok Kumar; Bruhadeshwar, Bezawada

2013-10-01

Recently Lee and Liu proposed an efficient password based authentication and key agreement scheme using smart card for the telecare medicine information system [J. Med. Syst. (2013) 37:9933]. In this paper, we show that though their scheme is efficient, their scheme still has two security weaknesses such as (1) it has design flaws in authentication phase and (2) it has design flaws in password change phase. In order to withstand these flaws found in Lee-Liu's scheme, we propose an improvement of their scheme. Our improved scheme keeps also the original merits of Lee-Liu's scheme. We show that our scheme is efficient as compared to Lee-Liu's scheme. Further, through the security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our scheme is secure against passive and active attacks.

Evaluation of 90nm 6T-SRAM as physical unclonable function for secure key generation in wireless sensor nodes

NARCIS (Netherlands)

Selimis, G.; Konijnenburg, M.; Ashouei, M.; Huisken, J.; de Groot, H.; van der Leest, V.; Schrijen, G.-J.; van Hulst, M.; Tuyls, P.

2011-01-01

Due to the unattended nature of WSN (Wireless Sensor Network) deployment, each sensor can be subject to physical capture, cloning and unauthorized device alteration. In this paper, we use the embedded SRAM, often available on a wireless sensor node, for secure data (cryptographic keys, IDs)

Secure and Efficient Key Coordination Algorithm for Line Topology Network Maintenance for Use in Maritime Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Walid Elgenaidi

2016-12-01

Full Text Available There has been a significant increase in the proliferation and implementation of Wireless Sensor Networks (WSNs in different disciplines, including the monitoring of maritime environments, healthcare systems, and industrial sectors. It has now become critical to address the security issues of data communication while considering sensor node constraints. There are many proposed schemes, including the scheme being proposed in this paper, to ensure that there is a high level of security in WSNs. This paper presents a symmetric security scheme for a maritime coastal environment monitoring WSN. The scheme provides security for travelling packets via individually encrypted links between authenticated neighbors, thus avoiding a reiteration of a global rekeying process. Furthermore, this scheme proposes a dynamic update key based on a trusted node configuration, called a leader node, which works as a trusted third party. The technique has been implemented in real time on a Waspmote test bed sensor platform and the results from both field testing and indoor bench testing environments are discussed in this paper.

Security analysis of orthogonal-frequency-division-multiplexing-based continuous-variable quantum key distribution with imperfect modulation

Science.gov (United States)

Zhang, Hang; Mao, Yu; Huang, Duan; Li, Jiawei; Zhang, Ling; Guo, Ying

2018-05-01

We introduce a reliable scheme for continuous-variable quantum key distribution (CV-QKD) by using orthogonal frequency division multiplexing (OFDM). As a spectrally efficient multiplexing technique, OFDM allows a large number of closely spaced orthogonal subcarrier signals used to carry data on several parallel data streams or channels. We place emphasis on modulator impairments which would inevitably arise in the OFDM system and analyze how these impairments affect the OFDM-based CV-QKD system. Moreover, we also evaluate the security in the asymptotic limit and the Pirandola-Laurenza-Ottaviani-Banchi upper bound. Results indicate that although the emergence of imperfect modulation would bring about a slight decrease in the secret key bit rate of each subcarrier, the multiplexing technique combined with CV-QKD results in a desirable improvement on the total secret key bit rate which can raise the numerical value about an order of magnitude.

Wavelength Tuning Free Transceiver Module in OLT Downstream Multicasting 4λ × 10 Gb/s TWDM-PON System

OpenAIRE

M. S. Salleh; A. S. M. Supa’at; S. M. Idrus; S. Yaakob; Z. M. Yusof

2014-01-01

We propose a new architecture of dynamic time-wavelength division multiplexing-passive optical network (TWDM-PON) system that employs integrated all-optical packet routing (AOPR) module using 4λ×10 Gbps downstream signal to support 20 km fiber transmission. This module has been designed to support high speed L2 aggregation and routing in the physical layer PON system by using multicasting cross-gain modulation (XGM) to route packet from any PON port to multiple PON links. Meanwhile, the fixed...

Two-Dimensional Key Table-Based Group Key Distribution in Advanced Metering Infrastructure

Directory of Open Access Journals (Sweden)

Woong Go

2014-01-01

Full Text Available A smart grid provides two-way communication by using the information and communication technology. In order to establish two-way communication, the advanced metering infrastructure (AMI is used in the smart grid as the core infrastructure. This infrastructure consists of smart meters, data collection units, maintenance data management systems, and so on. However, potential security problems of the AMI increase owing to the application of the public network. This is because the transmitted information is electricity consumption data for charging. Thus, in order to establish a secure connection to transmit electricity consumption data, encryption is necessary, for which key distribution is required. Further, a group key is more efficient than a pairwise key in the hierarchical structure of the AMI. Therefore, we propose a group key distribution scheme using a two-dimensional key table through the analysis result of the sensor network group key distribution scheme. The proposed scheme has three phases: group key predistribution, selection of group key generation element, and generation of group key.

Security and gain improvement of a practical quantum key distribution using a gated single-photon source and probabilistic photon-number resolution

International Nuclear Information System (INIS)

Horikiri, Tomoyuki; Sasaki, Hideki; Wang, Haibo; Kobayashi, Takayoshi

2005-01-01

We propose a high security quantum key distribution (QKD) scheme utilizing one mode of spontaneous parametric downconversion gated by a photon number resolving detector. This photon number measurement is possible by using single-photon detectors operating at room temperature and optical fibers. By post selection, the multiphoton probability in this scheme can be reduced to lower than that of a scheme using an attenuated coherent light resulting in improvement of security. Furthermore, if distillation protocol (error correction and privacy amplification) is performed, the gain will be increased. Hence a QKD system with higher security and bit rate than the laser-based QKD system can be attained using present available technologies

Notes on recent approaches concerning the Kirchhoff-law-Johnson-noise-based secure key exchange

Science.gov (United States)

Kish, Laszlo B.; Horvath, Tamas

2009-08-01

We critically analyze the results and claims in [P.-L. Liu, Phys. Lett. A 373 (2009) 901]. We show that the strong security leak appeared in the simulations is only an artifact and not caused by “multiple reflections”. Since no wave modes exist at cable length of 5% of the shortest wavelength of the signal, no wave is present to reflect it. In the high wave impedance limit, the conditions used in the simulations are heavily unphysical (requiring cable diameters up to 28000 times greater than the measured size of the known universe) and the results are modeling artifacts due to the unphysical values. At the low cable impedance limit, the observed artifacts are due to violating the recommended (and tested) conditions by neglecting the cable capacitance restrictions and using about 100 times longer cable than recommended without cable capacitance compensation arrangement. We implement and analyze the general circuitry of Liu's circulator [P.-L. Liu, Phys. Lett. A 373 (2009) 901] and confirm that they are conceptually secure against passive attacks. We introduce an asymmetric, more robust version without feedback loop. Then we crack all these systems by an active attack: a circulator-based man-in-the middle attack. Finally, we analyze the proposed method to increase security by dropping only high-risk bits. We point out the differences between different types of high-risk bits and show the shortage of this strategy for some simple key exchange protocols.

Notes on recent approaches concerning the Kirchhoff-law-Johnson-noise-based secure key exchange

International Nuclear Information System (INIS)

Kish, Laszlo B.; Horvath, Tamas

2009-01-01

We critically analyze the results and claims in [P.-L. Liu, Phys. Lett. A 373 (2009) 901]. We show that the strong security leak appeared in the simulations is only an artifact and not caused by 'multiple reflections'. Since no wave modes exist at cable length of 5% of the shortest wavelength of the signal, no wave is present to reflect it. In the high wave impedance limit, the conditions used in the simulations are heavily unphysical (requiring cable diameters up to 28000 times greater than the measured size of the known universe) and the results are modeling artifacts due to the unphysical values. At the low cable impedance limit, the observed artifacts are due to violating the recommended (and tested) conditions by neglecting the cable capacitance restrictions and using about 100 times longer cable than recommended without cable capacitance compensation arrangement. We implement and analyze the general circuitry of Liu's circulator [P.-L. Liu, Phys. Lett. A 373 (2009) 901] and confirm that they are conceptually secure against passive attacks. We introduce an asymmetric, more robust version without feedback loop. Then we crack all these systems by an active attack: a circulator-based man-in-the middle attack. Finally, we analyze the proposed method to increase security by dropping only high-risk bits. We point out the differences between different types of high-risk bits and show the shortage of this strategy for some simple key exchange protocols.

Notes on recent approaches concerning the Kirchhoff-law-Johnson-noise-based secure key exchange

Energy Technology Data Exchange (ETDEWEB)

Kish, Laszlo B., E-mail: Laszlo.Kish@ece.tamu.ed [Department of Electrical and Computer Engineering, Texas A and M University, College Station, TX 77843-3128 (United States); Horvath, Tamas, E-mail: tamas.horvath@iais.fraunhofer.d [Department of Computer Science, University of Bonn (Germany); Fraunhofer IAIS, Schloss Birlinghoven, D-53754 Sankt Augustin (Germany)

2009-08-03

We critically analyze the results and claims in [P.-L. Liu, Phys. Lett. A 373 (2009) 901]. We show that the strong security leak appeared in the simulations is only an artifact and not caused by 'multiple reflections'. Since no wave modes exist at cable length of 5% of the shortest wavelength of the signal, no wave is present to reflect it. In the high wave impedance limit, the conditions used in the simulations are heavily unphysical (requiring cable diameters up to 28000 times greater than the measured size of the known universe) and the results are modeling artifacts due to the unphysical values. At the low cable impedance limit, the observed artifacts are due to violating the recommended (and tested) conditions by neglecting the cable capacitance restrictions and using about 100 times longer cable than recommended without cable capacitance compensation arrangement. We implement and analyze the general circuitry of Liu's circulator [P.-L. Liu, Phys. Lett. A 373 (2009) 901] and confirm that they are conceptually secure against passive attacks. We introduce an asymmetric, more robust version without feedback loop. Then we crack all these systems by an active attack: a circulator-based man-in-the middle attack. Finally, we analyze the proposed method to increase security by dropping only high-risk bits. We point out the differences between different types of high-risk bits and show the shortage of this strategy for some simple key exchange protocols.

Key Management in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Ismail Mansour

2015-09-01

Full Text Available Wireless sensor networks are a challenging field of research when it comes to security issues. Using low cost sensor nodes with limited resources makes it difficult for cryptographic algorithms to function without impacting energy consumption and latency. In this paper, we focus on key management issues in multi-hop wireless sensor networks. These networks are easy to attack due to the open nature of the wireless medium. Intruders could try to penetrate the network, capture nodes or take control over particular nodes. In this context, it is important to revoke and renew keys that might be learned by malicious nodes. We propose several secure protocols for key revocation and key renewal based on symmetric encryption and elliptic curve cryptography. All protocols are secure, but have different security levels. Each proposed protocol is formally proven and analyzed using Scyther, an automatic verification tool for cryptographic protocols. For efficiency comparison sake, we implemented all protocols on real testbeds using TelosB motes and discussed their performances.

A Family of Key Agreement Mechanisms for Mission Critical Communications for Secure Mobile Ad Hoc and Wireless Mesh Internetworking

Directory of Open Access Journals (Sweden)

Tryfonas Theo

2011-01-01

Full Text Available Future wireless networks like mobile ad hoc networks and wireless mesh networks are expected to play important role in demanding communications such as mission critical communications. MANETs are ideal for emergency cases where the communication infrastructure has been completely destroyed and there is a need for quick set up of communications among the rescue/emergency workers. In such emergency scenarios wireless mesh networks may be employed in a later phase for providing advanced communications and services acting as a backbone network in the affected area. Internetworking of both types of future networks will provide a broad range of mission critical applications. While offering many advantages, such as flexibility, easy of deployment and low cost, MANETs and mesh networks face important security and resilience threats, especially for such demanding applications. We introduce a family of key agreement methods based on weak to strong authentication associated with several multiparty contributory key establishment methods. We examine the attributes of each key establishment method and how each method can be better applied in different scenarios. The proposed protocols support seamlessly both types of networks and consider system and application requirements such as efficient and secure internetworking, dynamicity of network topologies and support of thin clients.

Secure Wireless Sensor Networks: Problems and Solutions

Directory of Open Access Journals (Sweden)

Fei Hu

2003-08-01

Full Text Available As sensor networks edge closer towards wide-spread deployment, security issues become a central concern. So far, the main research focus has been on making sensor networks feasible and useful, and less emphasis was placed on security. This paper analyzes security challenges in wireless sensor networks and summarizes key issues that should be solved for achieving the ad hoc security. It gives an overview of the current state of solutions on such key issues as secure routing, prevention of denial-of-service and key management service. We also present some secure methods to achieve security in wireless sensor networks. Finally we present our integrated approach to securing sensor networks.

Database and applications security integrating information security and data management

CERN Document Server

Thuraisingham, Bhavani

2005-01-01

This is the first book to provide an in-depth coverage of all the developments, issues and challenges in secure databases and applications. It provides directions for data and application security, including securing emerging applications such as bioinformatics, stream information processing and peer-to-peer computing. Divided into eight sections, each of which focuses on a key concept of secure databases and applications, this book deals with all aspects of technology, including secure relational databases, inference problems, secure object databases, secure distributed databases and emerging

A fast and versatile quantum key distribution system with hardware key distillation and wavelength multiplexing

International Nuclear Information System (INIS)

Walenta, N; Gisin, N; Guinnard, O; Houlmann, R; Korzh, B; Lim, C W; Lunghi, T; Portmann, C; Thew, R T; Burg, A; Constantin, J; Caselunghe, D; Kulesza, N; Legré, M; Monat, L; Soucarros, M; Trinkler, P; Junod, P; Trolliet, G; Vannel, F

2014-01-01

We present a compactly integrated, 625 MHz clocked coherent one-way quantum key distribution system which continuously distributes secret keys over an optical fibre link. To support high secret key rates, we implemented a fast hardware key distillation engine which allows for key distillation rates up to 4 Mbps in real time. The system employs wavelength multiplexing in order to run over only a single optical fibre. Using fast gated InGaAs single photon detectors, we reliably distribute secret keys with a rate above 21 kbps over 25 km of optical fibre. We optimized the system considering a security analysis that respects finite-key-size effects, authentication costs and system errors for a security parameter of ε QKD  = 4 × 10 −9 . (paper)

A Key Generation Model for Improving the Security of Cryptographic ...

African Journals Online (AJOL)

Cryptography is a mathematical technique that plays an important role in information security techniques for addressing authentication, interactive proofs, data origination, sender/receiver identity, non-repudiation, secure computation, data integrity and confidentiality, message integrity checking and digital signatures.

Optical code division multiple access secure communications systems with rapid reconfigurable polarization shift key user code

Science.gov (United States)

Gao, Kaiqiang; Wu, Chongqing; Sheng, Xinzhi; Shang, Chao; Liu, Lanlan; Wang, Jian

2015-09-01

An optical code division multiple access (OCDMA) secure communications system scheme with rapid reconfigurable polarization shift key (Pol-SK) bipolar user code is proposed and demonstrated. Compared to fix code OCDMA, by constantly changing the user code, the performance of anti-eavesdropping is greatly improved. The Pol-SK OCDMA experiment with a 10 Gchip/s user code and a 1.25 Gb/s user data of payload has been realized, which means this scheme has better tolerance and could be easily realized.

Modelo de asignación predictivo de longitudes de ondas en redes WDM teniendo en cuenta dispersión residual y tráficos unicast/multicast con QoS

Directory of Open Access Journals (Sweden)

Javier Sierra

2009-01-01

Full Text Available El tráfico de Internet está en constante crecimiento y con él las aplicaciones del tipo unicast/multicast con diferentes requerimientos de Calidad de Servicio (QoS. Esto es motivo para que las Redes de Transporte Ópticas (OTN deban continuar su evolución hacia redes completamente ópticas (sin conversiones Óptico-Electrónico-Óptico: OEO. S/G Light-tree es una arquitectura de los nodos de las redes all-OTN que permite el optimo enrutamiento y/o manejo de tráficos unicast/multicast empleando el concepto de Traffic Grooming (TG, granularidad de tráfico en un ambiente óptico. Las técnicas de grooming así como los algoritmos de asignación y enrutamiento propuestos hasta el momento no tienen en cuenta los fenómenos que se pueden prestar en la fibra óptica, los cuales atenúan o alteran las diferentes longitudes de onda en las redes WDM (Wavelength Division Multiplexing. La dispersión cromática es un fenómeno que deforma los pulsos transmitidos en una fibra óptica y el efecto depende de la longitud de onda empleada en la transmisión. En este artículo, se propone un modelo predictivo de asignación de longitudes de ondas basado en cadenas de Markov que tiene en cuenta la dispersión residual en redes WDM que soportan traffic grooming y tráficos unicast/multicast con requerimientos de QoS. Los resultados de las simulaciones realizadas muestran que el modelo propuesto mejora la probabilidad de bloqueo de tráficos con requerimientos de QoS.

Secure key distribution by swapping quantum entanglement

International Nuclear Information System (INIS)

Song, Daegene

2004-01-01

We report two key distribution schemes achieved by swapping quantum entanglement. Using two Bell states, two bits of secret key can be shared between two distant parties that play symmetric and equal roles. We also address eavesdropping attacks against the schemes

A no-key-exchange secure image sharing scheme based on Shamir's three-pass cryptography protocol and the multiple-parameter fractional Fourier transform.

Science.gov (United States)

Lang, Jun

2012-01-30

In this paper, we propose a novel secure image sharing scheme based on Shamir's three-pass protocol and the multiple-parameter fractional Fourier transform (MPFRFT), which can safely exchange information with no advance distribution of either secret keys or public keys between users. The image is encrypted directly by the MPFRFT spectrum without the use of phase keys, and information can be shared by transmitting the encrypted image (or message) three times between users. Numerical simulation results are given to verify the performance of the proposed algorithm.

Entangled quantum key distribution with a biased basis choice

International Nuclear Information System (INIS)

Erven, Chris; Ma Xiongfeng; Laflamme, Raymond; Weihs, Gregor

2009-01-01

We investigate a quantum key distribution (QKD) scheme that utilizes a biased basis choice in order to increase the efficiency of the scheme. The optimal bias between the two measurement bases, a more refined error analysis and finite key size effects are all studied in order to assure the security of the final key generated with the system. We then implement the scheme in a local entangled QKD system that uses polarization entangled photon pairs to securely distribute the key. A 50/50 non-polarizing beamsplitter (BS) with different optical attenuators is used to simulate a variable BS in order to allow us to study the operation of the system for different biases. Over 6 h of continuous operation with a total bias of 0.9837/0.0163 (Z/X), we were able to generate 0.4567 secure key bits per raw key bit as compared to 0.2550 secure key bits per raw key bit for the unbiased case. This represents an increase in the efficiency of the key generation rate by 79%.

New directions for African security

NARCIS (Netherlands)

Haastrup, Toni; Dijkstra, Hylke

2017-01-01

African security, particularly conflict-related political violence, is a key concern in international relations. This forum seeks to advance existing research agendas by addressing four key themes: domestic politics and peacekeeping; security sector reform programs; peace enforcement; and the

Receiver Heterogeneity Helps

DEFF Research Database (Denmark)

Kovács, Erika R.; Pedersen, Morten Videbæk; Roetter, Daniel Enrique Lucani

2014-01-01

Heterogeneity amongst devices and desired service are commonly seen as a source of additional challenges for setting up an efficient multi-layer multicast service. In particular, devices requiring only the base layer can become a key bottleneck to the performance for other devices. This paper...... studies the case of a wireless multi-layer multicast setting and shows that the judicious use of network coding allows devices with different computational capabilities to trade-off processing complexity for an improved quality of service. As a consequence, individual devices can determine their required...... effort, while bringing significant advantages to the system as a whole. Network coding is used as a key element to reduce signaling in order to deliver the multicast service. More importantly, our proposed approach focuses on creating some structure in the transmitted stream by allowing inter-layer...

Finite-key-size effect in a commercial plug-and-play QKD system

Science.gov (United States)

Chaiwongkhot, Poompong; Sajeed, Shihan; Lydersen, Lars; Makarov, Vadim

2017-12-01

A security evaluation against the finite-key-size effect was performed for a commercial plug-and-play quantum key distribution (QKD) system. We demonstrate the ability of an eavesdropper to force the system to distill key from a smaller length of sifted-key. We also derive a key-rate equation that is specific for this system. This equation provides bounds above the upper bound of secure key under finite-key-size analysis. From this equation and our experimental data, we show that the keys that have been distilled from the smaller sifted-key size fall above our bound. Thus, their security is not covered by finite-key-size analysis. Experimentally, we could consistently force the system to generate the key outside of the bound. We also test manufacturer’s software update. Although all the keys after the patch fall under our bound, their security cannot be guaranteed under this analysis. Our methodology can be used for security certification and standardization of QKD systems.

Biometry, the safe key

Directory of Open Access Journals (Sweden)

María Fraile-Hurtado

2010-12-01

Full Text Available Biometry is the next step in authentication, why do not we take this stepforward in our communication security systems? Keys are the main disadvantage in the cryptography, what if we were our own key?

A Secure Dynamic Identity and Chaotic Maps Based User Authentication and Key Agreement Scheme for e-Healthcare Systems.

Science.gov (United States)

Li, Chun-Ta; Lee, Cheng-Chi; Weng, Chi-Yao; Chen, Song-Jhih

2016-11-01

Secure user authentication schemes in many e-Healthcare applications try to prevent unauthorized users from intruding the e-Healthcare systems and a remote user and a medical server can establish session keys for securing the subsequent communications. However, many schemes does not mask the users' identity information while constructing a login session between two or more parties, even though personal privacy of users is a significant topic for e-Healthcare systems. In order to preserve personal privacy of users, dynamic identity based authentication schemes are hiding user's real identity during the process of network communications and only the medical server knows login user's identity. In addition, most of the existing dynamic identity based authentication schemes ignore the inputs verification during login condition and this flaw may subject to inefficiency in the case of incorrect inputs in the login phase. Regarding the use of secure authentication mechanisms for e-Healthcare systems, this paper presents a new dynamic identity and chaotic maps based authentication scheme and a secure data protection approach is employed in every session to prevent illegal intrusions. The proposed scheme can not only quickly detect incorrect inputs during the phases of login and password change but also can invalidate the future use of a lost/stolen smart card. Compared the functionality and efficiency with other authentication schemes recently, the proposed scheme satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for e-Healthcare systems.

Information security architecture an integrated approach to security in the organization

CERN Document Server

Killmeyer, Jan

2000-01-01

An information security architecture is made up of several components. Each component in the architecture focuses on establishing acceptable levels of control. These controls are then applied to the operating environment of an organization. Functionally, information security architecture combines technical, practical, and cost-effective solutions to provide an adequate and appropriate level of security.Information Security Architecture: An Integrated Approach to Security in the Organization details the five key components of an information security architecture. It provides C-level executives

Dynamic secrets in communication security

CERN Document Server

Xiao, Sheng; Towsley, Donald

2013-01-01

Dynamic secrets are constantly generated and updated from messages exchanged between two communication users. When dynamic secrets are used as a complement to existing secure communication systems, a stolen key or password can be quickly and automatically reverted to its secret status without disrupting communication. 'Dynamic Secrets in Communication Security' presents unique security properties and application studies for this technology. Password theft and key theft no longer pose serious security threats when parties frequently use dynamic secrets. This book also illustrates that a dynamic

DNA based random key generation and management for OTP encryption.

Science.gov (United States)

Zhang, Yunpeng; Liu, Xin; Sun, Manhui

2017-09-01

One-time pad (OTP) is a principle of key generation applied to the stream ciphering method which offers total privacy. The OTP encryption scheme has proved to be unbreakable in theory, but difficult to realize in practical applications. Because OTP encryption specially requires the absolute randomness of the key, its development has suffered from dense constraints. DNA cryptography is a new and promising technology in the field of information security. DNA chromosomes storing capabilities can be used as one-time pad structures with pseudo-random number generation and indexing in order to encrypt the plaintext messages. In this paper, we present a feasible solution to the OTP symmetric key generation and transmission problem with DNA at the molecular level. Through recombinant DNA technology, by using only sender-receiver known restriction enzymes to combine the secure key represented by DNA sequence and the T vector, we generate the DNA bio-hiding secure key and then place the recombinant plasmid in implanted bacteria for secure key transmission. The designed bio experiments and simulation results show that the security of the transmission of the key is further improved and the environmental requirements of key transmission are reduced. Analysis has demonstrated that the proposed DNA-based random key generation and management solutions are marked by high security and usability. Published by Elsevier B.V.

Key Distribution and Changing Key Cryptosystem Based on Phase Retrieval Algorithm and RSA Public-Key Algorithm

Directory of Open Access Journals (Sweden)

Tieyu Zhao

2015-01-01

Full Text Available The optical image encryption has attracted more and more researchers’ attention, and the various encryption schemes have been proposed. In existing optical cryptosystem, the phase functions or images are usually used as the encryption keys, and it is difficult that the traditional public-key algorithm (such as RSA, ECC, etc. is used to complete large numerical key transfer. In this paper, we propose a key distribution scheme based on the phase retrieval algorithm and the RSA public-key algorithm, which solves the problem for the key distribution in optical image encryption system. Furthermore, we also propose a novel image encryption system based on the key distribution principle. In the system, the different keys can be used in every encryption process, which greatly improves the security of the system.

A Security Architecture for Fault-Tolerant Systems

Science.gov (United States)

1993-06-03

aspect of our effort to achieve better performance is integrating the system into microkernel -based operating systems. 4 Summary and discussion In...135-171, June 1983. [vRBC+92] R. van Renesse, K. Birman, R. Cooper, B. Glade, and P. Stephenson. Reliable multicast between microkernels . In...Proceedings of the USENIX Microkernels and Other Kernel Architectures Workshop, April 1992. 29

Diffie-Hellman Key Exchange through Steganographied Images

Directory of Open Access Journals (Sweden)

Amine Khaldi

2018-05-01

Full Text Available Purpose – In a private key system, the major problem is the exchange of the key between the two parties. Diffie and Hellman have set up a way to share the key. However, this technique is not protected against a man-in-the-middle attack as the settings are not authenticated. The Diffie-Hellman key exchange requires the use of digital signature or creating a secure channel for data exchanging to avoid the man-in-the-middle attack. Methodology/approach/design – We present a Diffie-Hellman key exchange implementation using steganographied images. Using steganography made invisible the data exchange to a potential attacker. So, we will not need a digital signature or creating a secure channel to do our key exchange since only the two concerned parts are aware of this exchange. Findings – We generate a symmetric 128-bit key between two users without use of digital signature or secure channel. However, it works only on bitmap images, heavy images and sensitive to compression.

Interferometric key readable security holograms with secrete-codes

Indian Academy of Sciences (India)

A new method is described to create secrete-codes in the security holograms for enhancing their anti-counterfeiting characteristics. ... Scientific Instruments Organisation, Sector 30, Chandigarh 160 030, India; Department of Applied Physics, Guru Jambheshwar University of Science & Technology, Hisar 125 001, India ...

Algorithms for Lightweight Key Exchange.

Science.gov (United States)

Alvarez, Rafael; Caballero-Gil, Cándido; Santonja, Juan; Zamora, Antonio

2017-06-27

Public-key cryptography is too slow for general purpose encryption, with most applications limiting its use as much as possible. Some secure protocols, especially those that enable forward secrecy, make a much heavier use of public-key cryptography, increasing the demand for lightweight cryptosystems that can be implemented in low powered or mobile devices. This performance requirements are even more significant in critical infrastructure and emergency scenarios where peer-to-peer networks are deployed for increased availability and resiliency. We benchmark several public-key key-exchange algorithms, determining those that are better for the requirements of critical infrastructure and emergency applications and propose a security framework based on these algorithms and study its application to decentralized node or sensor networks.

On the security of SSL/TLS-enabled applications

OpenAIRE

Das, Manik Lal; Samdaria, Navkar

2014-01-01

SSL/TLS (Secure Socket Layer/Transport Layer Security)-enabled web applications aim to provide public key certificate based authentication, secure session key establishment, and symmetric key based traffic confidentiality. A large number of electronic commerce applications, such as stock trading, banking, shopping, and gaming rely on the security strength of the SSL/TLS protocol. In recent times, a potential threat, known as main-in-the-middle (MITM) attack, has been exploited by attackers of...

Evaluation of Key Dependent S-Box Based Data Security Algorithm using Hamming Distance and Balanced Output

Directory of Open Access Journals (Sweden)

Balajee Maram K.

2016-02-01

Full Text Available Data security is a major issue because of rapid evolution of data communication over unsecured internetwork. Here the proposed system is concerned with the problem of randomly generated S-box. The generation of S-box depends on Pseudo-Random-Number-Generators and shared-secret-key. The process of Pseudo-Random-Number-Generator depends on large prime numbers. All Pseudo-Random-Numbers are scrambled according to shared-secret-key. After scrambling, the S-box is generated. In this research, large prime numbers are the inputs to the Pseudo-Random-Number-Generator. The proposed S-box will reduce the complexity of S-box generation. Based on S-box parameters, it experimentally investigates the quality and robustness of the proposed algorithm which was tested. It yields better results with the S-box parameters like Hamming Distance, Balanced Output and Avalanche Effect and can be embedded to popular cryptography algorithms

Efficient and Provable Secure Pairing-Free Security-Mediated Identity-Based Identification Schemes

Directory of Open Access Journals (Sweden)

Ji-Jian Chin

2014-01-01

Full Text Available Security-mediated cryptography was first introduced by Boneh et al. in 2001. The main motivation behind security-mediated cryptography was the capability to allow instant revocation of a user’s secret key by necessitating the cooperation of a security mediator in any given transaction. Subsequently in 2003, Boneh et al. showed how to convert a RSA-based security-mediated encryption scheme from a traditional public key setting to an identity-based one, where certificates would no longer be required. Following these two pioneering papers, other cryptographic primitives that utilize a security-mediated approach began to surface. However, the security-mediated identity-based identification scheme (SM-IBI was not introduced until Chin et al. in 2013 with a scheme built on bilinear pairings. In this paper, we improve on the efficiency results for SM-IBI schemes by proposing two schemes that are pairing-free and are based on well-studied complexity assumptions: the RSA and discrete logarithm assumptions.

Efficient and provable secure pairing-free security-mediated identity-based identification schemes.

Science.gov (United States)

Chin, Ji-Jian; Tan, Syh-Yuan; Heng, Swee-Huay; Phan, Raphael C-W

2014-01-01

Security-mediated cryptography was first introduced by Boneh et al. in 2001. The main motivation behind security-mediated cryptography was the capability to allow instant revocation of a user's secret key by necessitating the cooperation of a security mediator in any given transaction. Subsequently in 2003, Boneh et al. showed how to convert a RSA-based security-mediated encryption scheme from a traditional public key setting to an identity-based one, where certificates would no longer be required. Following these two pioneering papers, other cryptographic primitives that utilize a security-mediated approach began to surface. However, the security-mediated identity-based identification scheme (SM-IBI) was not introduced until Chin et al. in 2013 with a scheme built on bilinear pairings. In this paper, we improve on the efficiency results for SM-IBI schemes by proposing two schemes that are pairing-free and are based on well-studied complexity assumptions: the RSA and discrete logarithm assumptions.

A Review of RSA and Public-Key Cryptosystems | Rabah | Botswana ...

African Journals Online (AJOL)

... study and analyze the RSA cryptosystems – a public-key cryptographic algorithm - a system that uses two sets of keys; one for encryption and the other for decryption. Key Words: Public-key cryptography, DH, RSA, Internet Security and attacks, Digital Signature, Message digest, Authentication, Secure Socket Layer (SSL)

Key Management Strategies for Safeguards Authentication and Encryption

International Nuclear Information System (INIS)

Coram, M.; Hymel, R.; McDaniel, M.; Brotz, J.

2015-01-01

Management of cryptographic keys for the authentication and encryption of safeguards data can be the critical weak link in the practical implementation of information security. Within the safeguards community, there is the need to validate that data has not been modified at any point since generation and that it was generated by the monitoring node and not an imposter. In addition, there is the need for that data to be transmitted securely between the monitoring node and the monitoring party such that it cannot be intercepted and read while in transit. Encryption and digital signatures support the required confidentiality and authenticity but challenges exist in managing the cryptographic keys they require. Technologies developed at Sandia National Laboratories have evolved in their use of an associated key management strategy. The first generation system utilized a shared secret key for digital signatures. While fast and efficient, it required that a list of keys be maintained and protected. If control of the key was lost, fraudulent data could be made to look authentic. The second generation changed to support public key / private key cryptography. The key pair is generated by the system, the public key shared, and the private key held internally. This approach eliminated the need to maintain the list of keys. It also allows the public key to be provided to anyone needing to authenticate the data without allowing them to spoof data. A third generation system, currently under development, improves upon the public key / private key approach to address a potential man-in-the-middle attack related to the sharing of the public key. In a planned fourth generation system, secure key exchange protocols will distribute session keys for encryption, eliminating another fixed set of keys utilized by the technology and allowing for periodic renegotiation of keys for enhanced security. (author)

Securing Hadoop

CERN Document Server

Narayanan, Sudheesh

2013-01-01

This book is a step-by-step tutorial filled with practical examples which will focus mainly on the key security tools and implementation techniques of Hadoop security.This book is great for Hadoop practitioners (solution architects, Hadoop administrators, developers, and Hadoop project managers) who are looking to get a good grounding in what Kerberos is all about and who wish to learn how to implement end-to-end Hadoop security within an enterprise setup. It's assumed that you will have some basic understanding of Hadoop as well as be familiar with some basic security concepts.

Information security foundations, technologies and applications

CERN Document Server

Awad, Ali Ismail; Fairhurst, Michael

2018-01-01

This book outlines key emerging trends in information security from the foundations and technologies in biometrics, cybersecurity, and big data security to applications in hardware and embedded systems security, computer forensics, the Internet of Things security, and network security.

Pro Spring security

CERN Document Server

Scarioni, Carlo

2013-01-01

Security is a key element in the development of any non-trivial application. The Spring Security Framework provides a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security will be a reference and advanced tutorial that will do the following: Guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground-up. Demonstrates the different authentication and authorization methods to secure enterprise-level applications

Security of quantum cryptography with realistic sources

International Nuclear Information System (INIS)

Lutkenhaus, N.

1999-01-01

The interest in practical implementations of quantum key distribution is steadily growing. However, there is still a need to give a precise security statement which adapts to realistic implementation. In this paper I give the effective key rate we can obtain in a practical setting within scenario of security against individual attacks by an eavesdropper. It illustrates previous results that high losses together with detector dark counts can make secure quantum key distribution impossible. (Author)

Security of quantum cryptography with realistic sources

Energy Technology Data Exchange (ETDEWEB)

Lutkenhaus, N [Helsinki Institute of Physics, P.O. Box 9, 00014 Helsingin yliopisto (Finland)

1999-08-01

The interest in practical implementations of quantum key distribution is steadily growing. However, there is still a need to give a precise security statement which adapts to realistic implementation. In this paper I give the effective key rate we can obtain in a practical setting within scenario of security against individual attacks by an eavesdropper. It illustrates previous results that high losses together with detector dark counts can make secure quantum key distribution impossible. (Author)

Interferometric key readable security holograms with secrete-codes

Indian Academy of Sciences (India)

2Department of Applied Physics, Guru Jambheshwar University of Science & Technology,. Hisar 125 001, India. *E-mail: aka1945@rediffmail.com. MS received 21 ... A new method is described to create secrete-codes in the security holograms for enhancing ... ing, or falsification of the valuable products and documents.

Design and realization of a network security model

OpenAIRE

WANG, Jiahai; HAN, Fangxi; Tang, Zheng; TAMURA, Hiroki; Ishii, Masahiro

2002-01-01

The security of information is a key problem in the development of network technology. The basic requirements of security of information clearly include confidentiality, integrity, authentication and non-repudiation. This paper proposes a network security model that is composed of security system, security connection and communication, and key management. The model carries out encrypting, decrypting, signature and ensures confidentiality, integrity, authentication and non-repudiation. Finally...

Security of continuous-variable quantum key distribution: towards a de Finetti theorem for rotation symmetry in phase space

International Nuclear Information System (INIS)

Leverrier, A; Karpov, E; Cerf, N J; Grangier, P

2009-01-01

Proving the unconditional security of quantum key distribution (QKD) is a highly challenging task as one needs to determine the most efficient attack compatible with experimental data. This task is even more demanding for continuous-variable QKD as the Hilbert space where the protocol is described is infinite dimensional. A possible strategy to address this problem is to make an extensive use of the symmetries of the protocol. In this paper, we investigate a rotation symmetry in phase space that is particularly relevant to continuous-variable QKD, and explore the way towards a new quantum de Finetti theorem that would exploit this symmetry and provide a powerful tool to assess the security of continuous-variable protocols. As a first step, a single-party asymptotic version of this quantum de Finetti theorem in phase space is derived.

Improved two-way six-state protocol for quantum key distribution

International Nuclear Information System (INIS)

Shaari, J.S.; Bahari, Asma' Ahmad

2012-01-01

A generalized version for a qubit based two-way quantum key distribution scheme was first proposed in the paper [Phys. Lett. A 358 (2006) 85] capitalizing on the six quantum states derived from three mutually unbiased bases. While boasting of a higher level of security, the protocol was not designed for ease of practical implementation. In this work, we propose modifications to the protocol, resulting not only in improved security but also in a more efficient and practical setup. We provide comparisons for calculated secure key rates for the protocols in noisy and lossy channels. -- Highlights: ► Modification for efficient generalized two-way QKD is proposed. ► Calculations include secure key rates in noisy and lossy channels for selected attack scenario. ► Resulting proposal provides for higher secure key rate in selected attack scheme.

Improved two-way six-state protocol for quantum key distribution

Energy Technology Data Exchange (ETDEWEB)

Shaari, J.S., E-mail: jesni_shamsul@yahoo.com [Faculty of Science, International Islamic University Malaysia (IIUM), Jalan Sultan Ahmad Shah, Bandar Indera Mahkota, 25200 Kuantan, Pahang (Malaysia); Bahari, Asma' Ahmad [Faculty of Science, International Islamic University Malaysia (IIUM), Jalan Sultan Ahmad Shah, Bandar Indera Mahkota, 25200 Kuantan, Pahang (Malaysia)

2012-10-01

A generalized version for a qubit based two-way quantum key distribution scheme was first proposed in the paper [Phys. Lett. A 358 (2006) 85] capitalizing on the six quantum states derived from three mutually unbiased bases. While boasting of a higher level of security, the protocol was not designed for ease of practical implementation. In this work, we propose modifications to the protocol, resulting not only in improved security but also in a more efficient and practical setup. We provide comparisons for calculated secure key rates for the protocols in noisy and lossy channels. -- Highlights: ► Modification for efficient generalized two-way QKD is proposed. ► Calculations include secure key rates in noisy and lossy channels for selected attack scenario. ► Resulting proposal provides for higher secure key rate in selected attack scheme.

Experimental aspects of deterministic secure quantum key distribution

Energy Technology Data Exchange (ETDEWEB)

Walenta, Nino; Korn, Dietmar; Puhlmann, Dirk; Felbinger, Timo; Hoffmann, Holger; Ostermeyer, Martin [Universitaet Potsdam (Germany). Institut fuer Physik; Bostroem, Kim [Universitaet Muenster (Germany)

2008-07-01

Most common protocols for quantum key distribution (QKD) use non-deterministic algorithms to establish a shared key. But deterministic implementations can allow for higher net key transfer rates and eavesdropping detection rates. The Ping-Pong coding scheme by Bostroem and Felbinger[1] employs deterministic information encoding in entangled states with its characteristic quantum channel from Bob to Alice and back to Bob. Based on a table-top implementation of this protocol with polarization-entangled photons fundamental advantages as well as practical issues like transmission losses, photon storage and requirements for progress towards longer transmission distances are discussed and compared to non-deterministic protocols. Modifications of common protocols towards a deterministic quantum key distribution are addressed.

Opportunistic Relay Selection in Multicast Relay Networks using Compressive Sensing

KAUST Repository

Elkhalil, Khalil

2014-12-01

Relay selection is a simple technique that achieves spatial diversity in cooperative relay networks. However, for relay selection algorithms to make a selection decision, channel state information (CSI) from all cooperating relays is usually required at a central node. This requirement poses two important challenges. Firstly, CSI acquisition generates a great deal of feedback overhead (air-time) that could result in significant transmission delays. Secondly, the fed back channel information is usually corrupted by additive noise. This could lead to transmission outages if the central node selects the set of cooperating relays based on inaccurate feedback information. In this paper, we introduce a limited feedback relay selection algorithm for a multicast relay network. The proposed algorithm exploits the theory of compressive sensing to first obtain the identity of the “strong” relays with limited feedback. Following that, the CSI of the selected relays is estimated using linear minimum mean square error estimation. To minimize the effect of noise on the fed back CSI, we introduce a back-off strategy that optimally backs-off on the noisy estimated CSI. For a fixed group size, we provide closed form expressions for the scaling law of the maximum equivalent SNR for both Decode and Forward (DF) and Amplify and Forward (AF) cases. Numerical results show that the proposed algorithm drastically reduces the feedback air-time and achieves a rate close to that obtained by selection algorithms with dedicated error-free feedback channels.

High-Speed Large-Alphabet Quantum Key Distribution Using Photonic Integrated Circuits

Science.gov (United States)

2014-01-28

polarizing beam splitter, TDC: time-to-digital converter. Extra&loss& photon/bin frame size QSER secure bpp ECC secure&key&rate& none& 0.0031 64 14...to-digital converter. photon/frame frame size QSER secure bpp ECC secure&key& rate& 1.3 16 9.5 % 2.9 layered LDPC 7.3&Mbps& Figure 24: Operating

Key management issue in SCADA networks: A review

Directory of Open Access Journals (Sweden)

Abdalhossein Rezai

2017-02-01

Full Text Available Supervisory Control And Data Acquisition (SCADA networks have a vital role in Critical Infrastructures (CIs such as public transports, power generation systems, gas, water and oil industries, so that there are concerns on security issues in these networks. The utilized Remote Terminal Units (RTUs and Intelligence Electronic Devices (IEDs in these networks have resource limitations, which make security applications a challenging issue. Efficient key management schemes are required besides lightweight ciphers for securing the SCADA communications. Many key management schemes have been developed to address the tradeoff between SCADA constrain and security, but which scheme is the most effective is still debatable. This paper presents a review of the existing key management schemes in SCADA networks, which provides directions for further researches in this field.

Quantum deterministic key distribution protocols based on the authenticated entanglement channel

International Nuclear Information System (INIS)

Zhou Nanrun; Wang Lijun; Ding Jie; Gong Lihua

2010-01-01

Based on the quantum entanglement channel, two secure quantum deterministic key distribution (QDKD) protocols are proposed. Unlike quantum random key distribution (QRKD) protocols, the proposed QDKD protocols can distribute the deterministic key securely, which is of significant importance in the field of key management. The security of the proposed QDKD protocols is analyzed in detail using information theory. It is shown that the proposed QDKD protocols can safely and effectively hand over the deterministic key to the specific receiver and their physical implementation is feasible with current technology.

Quantum deterministic key distribution protocols based on the authenticated entanglement channel

Energy Technology Data Exchange (ETDEWEB)

Zhou Nanrun; Wang Lijun; Ding Jie; Gong Lihua [Department of Electronic Information Engineering, Nanchang University, Nanchang 330031 (China)], E-mail: znr21@163.com, E-mail: znr21@hotmail.com

2010-04-15

Based on the quantum entanglement channel, two secure quantum deterministic key distribution (QDKD) protocols are proposed. Unlike quantum random key distribution (QRKD) protocols, the proposed QDKD protocols can distribute the deterministic key securely, which is of significant importance in the field of key management. The security of the proposed QDKD protocols is analyzed in detail using information theory. It is shown that the proposed QDKD protocols can safely and effectively hand over the deterministic key to the specific receiver and their physical implementation is feasible with current technology.

Quantum dense key distribution

International Nuclear Information System (INIS)

Degiovanni, I.P.; Ruo Berchera, I.; Castelletto, S.; Rastello, M.L.; Bovino, F.A.; Colla, A.M.; Castagnoli, G.

2004-01-01

This paper proposes a protocol for quantum dense key distribution. This protocol embeds the benefits of a quantum dense coding and a quantum key distribution and is able to generate shared secret keys four times more efficiently than the Bennet-Brassard 1984 protocol. We hereinafter prove the security of this scheme against individual eavesdropping attacks, and we present preliminary experimental results, showing its feasibility

Characteristics of Key Update Strategies for Wireless Sensor Networks

DEFF Research Database (Denmark)

Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

2011-01-01

Wireless sensor networks offer the advantages of simple and low-resource communication. Challenged by this simplicity and low-resources, security is of particular importance in many cases such as transmission of sensitive data or strict requirements of tamper-resistance. Updating the security keys...... is one of the essential points in security, which restrict the amount of data that may be exposed when a key is compromised. In this paper, we investigate key update methods that may be used in wireless sensor networks, and benefiting from stochastic model checking we derive characteristics...

Layered Location-Based Security Mechanism for Mobile Sensor Networks: Moving Security Areas

Directory of Open Access Journals (Sweden)

Ze Wang

2015-09-01

Full Text Available Network security is one of the most important issues in mobile sensor networks (MSNs. Networks are particularly vulnerable in hostile environments because of many factors, such as uncertain mobility, limitations on computation, and the need for storage in mobile nodes. Though some location-based security mechanisms can resist some malicious attacks, they are only suitable for static networks and may sometimes require large amounts of storage. To solve these problems, using location information, which is one of the most important properties in outdoor wireless networks, a security mechanism called a moving security area (MSA is proposed to resist malicious attacks by using mobile nodes’ dynamic location-based keys. The security mechanism is layered by performing different detection schemes inside or outside the MSA. The location-based private keys will be updated only at the appropriate moments, considering the balance of cost and security performance. By transferring parts of the detection tasks from ordinary nodes to the sink node, the memory requirements are distributed to different entities to save limited energy.

Layered Location-Based Security Mechanism for Mobile Sensor Networks: Moving Security Areas.

Science.gov (United States)

Wang, Ze; Zhang, Haijuan; Wu, Luqiang; Zhou, Chang

2015-09-25

Network security is one of the most important issues in mobile sensor networks (MSNs). Networks are particularly vulnerable in hostile environments because of many factors, such as uncertain mobility, limitations on computation, and the need for storage in mobile nodes. Though some location-based security mechanisms can resist some malicious attacks, they are only suitable for static networks and may sometimes require large amounts of storage. To solve these problems, using location information, which is one of the most important properties in outdoor wireless networks, a security mechanism called a moving security area (MSA) is proposed to resist malicious attacks by using mobile nodes' dynamic location-based keys. The security mechanism is layered by performing different detection schemes inside or outside the MSA. The location-based private keys will be updated only at the appropriate moments, considering the balance of cost and security performance. By transferring parts of the detection tasks from ordinary nodes to the sink node, the memory requirements are distributed to different entities to save limited energy.

Certificateless Key-Insulated Generalized Signcryption Scheme without Bilinear Pairings

Directory of Open Access Journals (Sweden)

Caixue Zhou

2017-01-01

Full Text Available Generalized signcryption (GSC can be applied as an encryption scheme, a signature scheme, or a signcryption scheme with only one algorithm and one key pair. A key-insulated mechanism can resolve the private key exposure problem. To ensure the security of cloud storage, we introduce the key-insulated mechanism into GSC and propose a concrete scheme without bilinear pairings in the certificateless cryptosystem setting. We provide a formal definition and a security model of certificateless key-insulated GSC. Then, we prove that our scheme is confidential under the computational Diffie-Hellman (CDH assumption and unforgeable under the elliptic curve discrete logarithm (EC-DL assumption. Our scheme also supports both random-access key update and secure key update. Finally, we evaluate the efficiency of our scheme and demonstrate that it is highly efficient. Thus, our scheme is more suitable for users who communicate with the cloud using mobile devices.

Decoy State Quantum Key Distribution

Science.gov (United States)

Lo, Hoi-Kwong

2005-10-01

Quantum key distribution (QKD) allows two parties to communicate in absolute security based on the fundamental laws of physics. Up till now, it is widely believed that unconditionally secure QKD based on standard Bennett-Brassard (BB84) protocol is limited in both key generation rate and distance because of imperfect devices. Here, we solve these two problems directly by presenting new protocols that are feasible with only current technology. Surprisingly, our new protocols can make fiber-based QKD unconditionally secure at distances over 100km (for some experiments, such as GYS) and increase the key generation rate from O(η2) in prior art to O(η) where η is the overall transmittance. Our method is to develop the decoy state idea (first proposed by W.-Y. Hwang in "Quantum Key Distribution with High Loss: Toward Global Secure Communication", Phys. Rev. Lett. 91, 057901 (2003)) and consider simple extensions of the BB84 protocol. This part of work is published in "Decoy State Quantum Key Distribution", . We present a general theory of the decoy state protocol and propose a decoy method based on only one signal state and two decoy states. We perform optimization on the choice of intensities of the signal state and the two decoy states. Our result shows that a decoy state protocol with only two types of decoy states--a vacuum and a weak decoy state--asymptotically approaches the theoretical limit of the most general type of decoy state protocols (with an infinite number of decoy states). We also present a one-decoy-state protocol as a special case of Vacuum+Weak decoy method. Moreover, we provide estimations on the effects of statistical fluctuations and suggest that, even for long distance (larger than 100km) QKD, our two-decoy-state protocol can be implemented with only a few hours of experimental data. In conclusion, decoy state quantum key distribution is highly practical. This part of work is published in "Practical Decoy State for Quantum Key Distribution

Breaking a chaos-noise-based secure communication scheme

Science.gov (United States)

Li, Shujun; Álvarez, Gonzalo; Chen, Guanrong; Mou, Xuanqin

2005-03-01

This paper studies the security of a secure communication scheme based on two discrete-time intermittently chaotic systems synchronized via a common random driving signal. Some security defects of the scheme are revealed: 1) The key space can be remarkably reduced; 2) the decryption is insensitive to the mismatch of the secret key; 3) the key-generation process is insecure against known/chosen-plaintext attacks. The first two defects mean that the scheme is not secure enough against brute-force attacks, and the third one means that an attacker can easily break the cryptosystem by approximately estimating the secret key once he has a chance to access a fragment of the generated keystream. Yet it remains to be clarified if intermittent chaos could be used for designing secure chaotic cryptosystems.

Breaking chaotic shift key communication via adaptive key identification

International Nuclear Information System (INIS)

Ren Haipeng; Han Chongzhao; Liu Ding

2008-01-01

This paper proposes an adaptive parameter identification method for breaking chaotic shift key communication from the transmitted signal in public channel. The sensitive dependence property of chaos on parameter mismatch is used for chaos adaptive synchronization and parameter identification. An index function about the synchronization error is defined and conjugate gradient method is used to minimize the index function and to search the transmitter's parameter (key). By using proposed method, secure key is recovered from transmitted signal generated by low dimensional chaos and hyper chaos switching communication. Multi-parameters can also be identified from the transmitted signal with noise

Simple group password-based authenticated key agreements for the integrated EPR information system.

Science.gov (United States)

Lee, Tian-Fu; Chang, I-Pin; Wang, Ching-Cheng

2013-04-01

The security and privacy are important issues for electronic patient records (EPRs). The goal of EPRs is sharing the patients' medical histories such as the diagnosis records, reports and diagnosis image files among hospitals by the Internet. So the security issue for the integrated EPR information system is essential. That is, to ensure the information during transmission through by the Internet is secure and private. The group password-based authenticated key agreement (GPAKE) allows a group of users like doctors, nurses and patients to establish a common session key by using password authentication. Then the group of users can securely communicate by using this session key. Many approaches about GAPKE employ the public key infrastructure (PKI) in order to have higher security. However, it not only increases users' overheads and requires keeping an extra equipment for storing long-term secret keys, but also requires maintaining the public key system. This investigation presents a simple group password-based authenticated key agreement (SGPAKE) protocol for the integrated EPR information system. The proposed SGPAKE protocol does not require using the server or users' public keys. Each user only remembers his weak password shared with a trusted server, and then can obtain a common session key. Then all users can securely communicate by using this session key. The proposed SGPAKE protocol not only provides users with convince, but also has higher security.

Secret Key Agreement: Fundamental Limits and Practical Challenges

KAUST Repository

Rezki, Zouheir

2017-02-15

Despite the tremendous progress made toward establishing PLS as a new paradigm to guarantee security of communication systems at the physical layerthere is a common belief among researchers and industrials that there are many practical challenges that prevent PLS from flourishing at the industrial scale. Most secure message transmission constructions available to date are tied to strong assumptions on CSI, consider simple channel models and undermine eavesdropping capabilities; thus compromising their practical interest to a big extent. Perhaps arguably, the most likely reasonable way to leverage PLS potential in securing modern wireless communication systems is via secret-key agreement. In the latter setting, the legitimate parties try to agree on a key exploiting availability of a public channel with high capacity which is also accessible to the eavesdropper. Once a key is shared by the legitimate parties, they may use it in a one-time pad encryption, for instance. In this article, we investigate two performance limits of secret-key agreement communications; namely, the secret-key diversity-multiplexing trade-off and the effect of transmit correlation on the secretkey capacity. We show via examples how secretkey agreement offers more flexibility than secure message transmissions. Finally, we explore a few challenges of secret-key agreement concept and propose a few guidelines to overturn them.

Security Mechanism Based on Hospital Authentication Server for Secure Application of Implantable Medical Devices

Science.gov (United States)

2014-01-01

After two recent security attacks against implantable medical devices (IMDs) have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient's life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician's treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance. PMID:25276797

Security mechanism based on Hospital Authentication Server for secure application of implantable medical devices.

Science.gov (United States)

Park, Chang-Seop

2014-01-01

After two recent security attacks against implantable medical devices (IMDs) have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient's life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician's treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance.

Security Analysis of Yeh-Tsai Security Mechanism

Science.gov (United States)

Yum, Dae Hyun; Shin, Jong Hoon; Lee, Pil Joong

Yeh and Tsai recently proposed an enhanced mobile commerce security mechanism. They modified the lightweight security mechanism due to Lam, Chung, Gu, and Sun to relieve the burden of mobile clients. However, this article shows that a malicious WAP gateway can successfully obtain the mobile client's PIN by sending a fake public key of a mobile commerce server and exploiting information leakage caused by addition operation. We also present a countermeasure against the proposed attack.

Key Management Schemes for Peer-to-Peer Multimedia Streaming Overlay Networks

Science.gov (United States)

Naranjo, J. A. M.; López-Ramos, J. A.; Casado, L. G.

Key distribution for multimedia live streaming peer-to-peer overlay networks is a field still in its childhood stage. A scheme designed for networks of this kind must seek security and efficiency while keeping in mind the following restrictions: limited bandwidth, continuous playing, great audience size and clients churn. This paper introduces two novel schemes that allow a trade-off between security and efficiency by allowing to dynamically vary the number of levels used in the key hierarchy. These changes are motivated by great variations in audience size, and initiated by decision of the Key Server. Additionally, a comparative study of both is presented, focusing on security and audience size. Results show that larger key hierarchies can supply bigger audiences, but offer less security against statistical attacks. The opposite happens for shorter key hierarchies.

Key Based Mutual Authentication (KBMA Mechanism for Secured Access in MobiCloud Environment

Directory of Open Access Journals (Sweden)

Donald A. Cecil

2016-01-01

Full Text Available Mobile Cloud Computing (MCC fuels innovation in Mobile Computing and opens new pathways between mobile devices and infrastructures. There are several issues in MCC environment as it integrates various technologies. Among all issues, security lies on the top where many users are not willing to adopt the cloud services. This paper focuses on the authentication. The objective of this paper is to provide a mechanism for authenticating all the entities involved in accessing the cloud services. A mechanism called Key Based Mutual Authentication (KBMA is proposed which is divided into two processes namely registration and authentication. Registration is a one-time process where the users are registered for accessing the cloud services by giving the desired unique information. Authentication process is carried out mutually to verify the identities of Device and Cloud Service Provider (CSP. Scyther tool is used for analysing the vulnerability in terms of attacks. The result claims show that the proposed mechanism is resilient against various attacks.

ZigBee-2007 Security Essentials

DEFF Research Database (Denmark)

Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

2008-01-01

ZigBee is a fairly new but promising standard for wireless networks due to its low resource requirements. As in other wireless network standards, security is an important issue and each new version of the ZigBee Specification enhances the level of the ZigBee security. In this paper, we present...... the security essentials of the latest ZigBee Specification, ZigBee-2007. We explain the key concepts, protocols, and computations. In addition, we formulate the protocols using standard protocol narrations. Finally, we identify the key challenges to be considered for consolidating ZigBee....

Security management

International Nuclear Information System (INIS)

Adams, H.W.

1990-01-01

Technical progress is moving more and more quickly and the systems thus produced are so complex and have become so unclear to the individual that he can no longer estimate the consequences: Faith in progress has given way to deep mistrust. Companies have adjusted to this change in consciousness. An interesting tendency can be identified: technical security is already available - now the organization of security has become an important objective for companies. The key message of the book is: If outworn technical systems are no longer adequate, the organization must be thoroughly overhauled. Five chapters deal with the following themes: organization as an aspect of society; risk control; aspects of security; is there security in ADP; the broader concept of security. (orig./HP) [de

Signature Schemes Secure against Hard-to-Invert Leakage

DEFF Research Database (Denmark)

Faust, Sebastian; Hazay, Carmit; Nielsen, Jesper Buus

2012-01-01

of the secret key. As a second contribution, we construct a signature scheme that achieves security for random messages assuming that the adversary is given a polynomial-time hard to invert function. Here, polynomial-hardness is required even when given the entire public-key – so called weak auxiliary input......-theoretically reveal the entire secret key. In this work, we propose the first constructions of digital signature schemes that are secure in the auxiliary input model. Our main contribution is a digital signature scheme that is secure against chosen message attacks when given an exponentially hard-to-invert function...... security. We show that such signature schemes readily give us auxiliary input secure identification schemes...

Tight finite-key analysis for quantum cryptography.

Science.gov (United States)

Tomamichel, Marco; Lim, Charles Ci Wen; Gisin, Nicolas; Renner, Renato

2012-01-17

Despite enormous theoretical and experimental progress in quantum cryptography, the security of most current implementations of quantum key distribution is still not rigorously established. One significant problem is that the security of the final key strongly depends on the number, M, of signals exchanged between the legitimate parties. Yet, existing security proofs are often only valid asymptotically, for unrealistically large values of M. Another challenge is that most security proofs are very sensitive to small differences between the physical devices used by the protocol and the theoretical model used to describe them. Here we show that these gaps between theory and experiment can be simultaneously overcome by using a recently developed proof technique based on the uncertainty relation for smooth entropies.

Designing key-dependent chaotic S-box with larger key space

International Nuclear Information System (INIS)

Yin Ruming; Yuan Jian; Wang Jian; Shan Xiuming; Wang Xiqin

2009-01-01

The construction of cryptographically strong substitution boxes (S-boxes) is an important concern in designing secure cryptosystems. The key-dependent S-boxes designed using chaotic maps have received increasing attention in recent years. However, the key space of such S-boxes does not seem to be sufficiently large due to the limited parameter range of discretized chaotic maps. In this paper, we propose a new key-dependent S-box based on the iteration of continuous chaotic maps. We explore the continuous-valued state space of chaotic systems, and devise the discrete mapping between the input and the output of the S-box. A key-dependent S-box is constructed with the logistic map in this paper. We show that its key space could be much larger than the current key-dependent chaotic S-boxes.

A study of the security technology and a new security model for WiFi network

Science.gov (United States)

Huang, Jing

2013-07-01

The WiFi network is one of the most rapidly developing wireless communication networks, which makes wireless office and wireless life possible and greatly expands the application form and scope of the internet. At the same time, the WiFi network security has received wide attention, and this is also the key factor of WiFi network development. This paper makes a systematic introduction to the WiFi network and WiFi network security problems, and the WiFi network security technology are reviewed and compared. In order to solve the security problems in WiFi network, this paper presents a new WiFi network security model and the key exchange algorithm. Experiments are performed to test the performance of the model, the results show that the new security model can withstand external network attack and ensure stable and safe operation of WiFi network.

Novel secret key generation techniques using memristor devices

Science.gov (United States)

Abunahla, Heba; Shehada, Dina; Yeun, Chan Yeob; Mohammad, Baker; Jaoude, Maguy Abi

2016-02-01

This paper proposes novel secret key generation techniques using memristor devices. The approach depends on using the initial profile of a memristor as a master key. In addition, session keys are generated using the master key and other specified parameters. In contrast to existing memristor-based security approaches, the proposed development is cost effective and power efficient since the operation can be achieved with a single device rather than a crossbar structure. An algorithm is suggested and demonstrated using physics based Matlab model. It is shown that the generated keys can have dynamic size which provides perfect security. Moreover, the proposed encryption and decryption technique using the memristor based generated keys outperforms Triple Data Encryption Standard (3DES) and Advanced Encryption Standard (AES) in terms of processing time. This paper is enriched by providing characterization results of a fabricated microscale Al/TiO2/Al memristor prototype in order to prove the concept of the proposed approach and study the impacts of process variations. The work proposed in this paper is a milestone towards System On Chip (SOC) memristor based security.

Wireless Physical Layer Security: On the Performance Limit of Secret-Key Agreement

KAUST Repository

Zorgui, Marwen

2015-01-01

Physical layer security (PLS) is a new paradigm aiming at securing communications between legitimate parties at the physical layer. Conventionally, achieving confidentiality in communication networks relies on cryptographic techniques such as public

Understanding and applying cryptography and data security

CERN Document Server

Elbirt, Adam J

2009-01-01