WorldWideScience

Sample records for qos-compliant security protocol

  1. Unconditionally Secure Protocols

    DEFF Research Database (Denmark)

    Meldgaard, Sigurd Torkel

    the secure computation. Especially we look at the communication complexity of protocols in this model, and perfectly secure protocols. We show general protocols for any finite functionality with statistical security and optimal communication complexity (but exponential amount of preprocessing). And for two......This thesis contains research on the theory of secure multi-party computation (MPC). Especially information theoretically (as opposed to computationally) secure protocols. It contains results from two main lines of work. One line on Information Theoretically Secure Oblivious RAMS, and how...... they are used to speed up secure computation. An Oblivious RAM is a construction for a client with a small $O(1)$ internal memory to store $N$ pieces of data on a server while revealing nothing more than the size of the memory $N$, and the number of accesses. This specifically includes hiding the access pattern...

  2. Security Verification of Secure MANET Routing Protocols

    Science.gov (United States)

    2012-03-22

    the destination. The route discovery phase is complete upon receipt of the RREP at the requesting node. The DYMO protocol is a simpler version of AODV ...described in this appendix. The protocols are Secure AODV (SAODV), Secure Efficient Distance Vector (SEAD), and Secure Link State Routing Protocol (SLSP...SECURITY VERIFICATION OF SECURE MANET ROUTING PROTOCOLS THESIS Matthew F. Steele, Captain, USAF AFIT/GCS/ENG/12-03 DEPARTMENT OF THE AIR FORCE AIR

  3. Static Validation of Security Protocols

    DEFF Research Database (Denmark)

    Bodei, Chiara; Buchholtz, Mikael; Degano, P.;

    2005-01-01

    We methodically expand protocol narrations into terms of a process algebra in order to specify some of the checks that need to be made in a protocol. We then apply static analysis technology to develop an automatic validation procedure for protocols. Finally, we demonstrate that these techniques ...... suffice to identify several authentication flaws in symmetric and asymmetric key protocols such as Needham-Schroeder symmetric key, Otway-Rees, Yahalom, Andrew secure RPC, Needham-Schroeder asymmetric key, and Beller-Chang-Yacobi MSR...

  4. Security Protocol Design: A Case Study Using Key Distribution Protocols

    Directory of Open Access Journals (Sweden)

    Reiner Dojen

    2009-10-01

    Full Text Available Nowadays security protocols are a key component in providing security services for fixed and mobile networks. These services include data confidentiality, radio link encryption, message integrity, mobile subscriber authentication, electronic payment, certified e-mail, contract signing and nonrepudiation. This paper is concerned with design of effective security protocols. Security protocols are introduced and some common attacks against security protocols are discussed. The vulnerabilities that lead to theattacks are analyzed and guidelines for effective security protocol design are proposed. The presented guidelines are applied to the Andrew Secure RPC protocol and its adapted versions. It is demonstrated that compliance with the guidelines successfully avoidsfreshness and parallel session attacks.

  5. Heuristic Methods for Security Protocols

    Directory of Open Access Journals (Sweden)

    Qurat ul Ain Nizamani

    2009-10-01

    Full Text Available Model checking is an automatic verification technique to verify hardware and software systems. However it suffers from state-space explosion problem. In this paper we address this problem in the context of cryptographic protocols by proposing a security property-dependent heuristic. The heuristic weights the state space by exploiting the security formulae; the weights may then be used to explore the state space when searching for attacks.

  6. Heuristic Methods for Security Protocols

    OpenAIRE

    Qurat ul Ain Nizamani; Emilio Tuosto

    2009-01-01

    Model checking is an automatic verification technique to verify hardware and software systems. However it suffers from state-space explosion problem. In this paper we address this problem in the context of cryptographic protocols by proposing a security property-dependent heuristic. The heuristic weights the state space by exploiting the security formulae; the weights may then be used to explore the state space when searching for attacks.

  7. Bundle Security Protocol for ION

    Science.gov (United States)

    Burleigh, Scott C.; Birrane, Edward J.; Krupiarz, Christopher

    2011-01-01

    This software implements bundle authentication, conforming to the Delay-Tolerant Networking (DTN) Internet Draft on Bundle Security Protocol (BSP), for the Interplanetary Overlay Network (ION) implementation of DTN. This is the only implementation of BSP that is integrated with ION.

  8. Language, Semantics, and Methods for Security Protocols

    DEFF Research Database (Denmark)

    Crazzolara, Federico

    used to give a formal semantics to security protocols which supports proofs of their correctness. More precisely, we give a compositional event-based semantics to an economical, but expressive, language for describing security protocols (SPL); so the events and dependency of a wide range of protocols......Security protocols help in establishing secure channels between communicating systems. Great care needs therefore to be taken in developing and implementing robust protocols. The complexity of security-protocol interactions can hide, however, security weaknesses that only a formal analysis can...... reveal. The last few years have seen the emergence of successful intensional, event-based, formal approaches to reasoning about security protocols. The methods are concerned with reasoning about the events that a security protocol can perform, and make use of a causal dependency that exists between...

  9. Summary Report on Unconditionally Secure Protocols

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Salvail, Louis; Cachin, Christian

    This document describes the state of the art snd some of the main open problems in the area of unconditionally secure cryptographic protocols. The most essential part of a cryptographic protocol is not its being secure. Imagine a cryptographic protocol which is secure, but where we do not know th...

  10. New Models for Protocol Security

    Science.gov (United States)

    2015-06-18

    protocols and primitives (e.g., Schnorrs identification scheme, commitment schemes secure against selective openings, Chaum Blind Signatures , etc...Theory 156: 246-268 (2015) 5 3. Samantha Leung, Edward Lui, Rafael Pass: Voting with Coarse Beliefs. ITCS 2015: 61 4. Jing Chen, Silvio Micali, Rafael...Schneider: Multi-Verifier Signatures . J. Cryptology 25(2): 310-348 (2012) 7 37. Rafael Pass, Muthuramakrishnan Venkitasubramaniam: A Parallel Repetition

  11. Developing security protocols in χ-Spaces

    DEFF Research Database (Denmark)

    Crazzolara, Federico; Milicia, Giuseppe

    2002-01-01

    of formal protocol verification. Verification, however, is usually carried out on an abstract model not at all related with a protocol’s implementation. Experience shows that security breaches introduced in implementations of successfully verified models are rather common. The χ-Spaces framework...... is an implementation of SPL (Security Protocol Language), a formal model for studying security protocols. In this paper we discuss the use of χ-Spaces as a tool for developing robust security protocol implementations. To make the case, we take a family of key-translation protocols due to Woo and Lam and show how χ......It is of paramount importance that a security protocol effectively enforces the desired security requirements. The apparent simplicity of informal protocol descriptions hides the inherent complexity of their interactions which, often, invalidate informal correctness arguments and justify the effort...

  12. Efficient secure two-party protocols

    CERN Document Server

    Hazay, Carmit

    2010-01-01

    The authors present a comprehensive study of efficient protocols and techniques for secure two-party computation -- both general constructions that can be used to securely compute any functionality, and protocols for specific problems of interest. The book focuses on techniques for constructing efficient protocols and proving them secure. In addition, the authors study different definitional paradigms and compare the efficiency of protocols achieved under these different definitions.The book opens with a general introduction to secure computation and then presents definitions of security for a

  13. Bioinspired Security Analysis of Wireless Protocols

    DEFF Research Database (Denmark)

    Petrocchi, Marinella; Spognardi, Angelo; Santi, Paolo

    2016-01-01

    work, this paper investigates feasibility of adopting fraglets as model for specifying security protocols and analysing their properties. In particular, we give concrete sample analyses over a secure RFID protocol, showing evolution of the protocol run as chemical dynamics and simulating an adversary...

  14. Analysis of a security protocol in ?CRL

    NARCIS (Netherlands)

    Pang, J.

    2002-01-01

    Needham-Schroeder public-key protocol; With the growth and commercialization of the Internet, the security of communication between computers becomes a crucial point. A variety of security protocols based on cryptographic primitives are used to establish secure communication over insecure open netwo

  15. Algebraic techniques for low communication secure protocols

    NARCIS (Netherlands)

    Haan, Robbert de

    2009-01-01

    This thesis discusses new results in two areas within cryptography; securely transmitting a message between two parties and securely computing a function on the inputs of multiple parties. For both of these areas we mainly consider perfectly secure protocols, which are protocols that have a zero err

  16. Demarcation of Security in Authentication Protocols

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security analysis of communication protocols is a slippery business; many “secure” protocols later turn out to be insecure. Among many, two complains are more frequent: inadequate definition of security and unstated assumptions in the security model. In our experience, one principal cause...... for such state of affairs is an apparent overlap of security and correctness, which may lead to many sloppy security definitions and security models. Although there is no inherent need to separate security and correctness requirements, practically, such separation is significant. It makes security analysis...... easier, and enables us to define security goals with a fine granularity. We present one such separation, by introducing the notion of binding sequence as a security primitive. A binding sequence, roughly speaking, is the only required security property of an authentication protocol. All other...

  17. Demarcation of Security in Authentication Protocols

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security analysis of communication protocols is a slippery business; many “secure” protocols later turn out to be insecure. Among many, two complains are more frequent: inadequate definition of security and unstated assumptions in the security model. In our experience, one principal cause...... easier, and enables us to define security goals with a fine granularity. We present one such separation, by introducing the notion of binding sequence as a security primitive. A binding sequence, roughly speaking, is the only required security property of an authentication protocol. All other...

  18. Security Protocols: Specification, Verification, Implementation, and Composition

    DEFF Research Database (Denmark)

    Almousa, Omar

    An important aspect of Internet security is the security of cryptographic protocols that it deploys. We need to make sure that such protocols achieve their goals, whether in isolation or in composition, i.e., security protocols must not suffer from any aw that enables hostile intruders to break...... their security. Among others, tools like OFMC [MV09b] and Proverif [Bla01] are quite efficient for the automatic formal verification of a large class of protocols. These tools use different approaches such as symbolic model checking or static analysis. Either approach has its own pros and cons, and therefore, we...... called SPS (Security Protocol Specification) language, that enables users, without requiring deep expertise in formal models from them, to specify a wide range of real-world protocols in a simple and intuitive way. Thus, SPS allows users to verify their protocols using different tools, and generate...

  19. A Secure Short Message Communication Protocol

    Institute of Scientific and Technical Information of China (English)

    Chao-Wen Chang; Heng Pan; Hong-Yong Jia

    2008-01-01

    According to the security requirement of the short message service (SMS) industry application, a secure short message communication protocol is proposed. This is an application level protocol constructed on the standard SMS communication protocol using public key authentication and key agreement without the need of wireless public key infrastructure (WPKI). Secure short message transmission and dynamic key agreement between mobile terminals and the accessing gateway are realized. The security of the proposed protocol is validated through the BAN logic. Compared with the standard SMS protocol, the effective payload rate of our protocol can reach 91.4%, and subscriber identity module (SIM) tool kit (STK) applications based on our protocol suit well for all kinds of mobile terminals in practical application.

  20. Secure Key Management Protocol in WIMAX

    Directory of Open Access Journals (Sweden)

    Noudjoud Kahya

    2012-12-01

    Full Text Available The Worldwide Interoperability for Microwave Access (WIMAX /IEEE 802.16, is new technology basedon wireless metropolitan area network. Security of connections access in WIMAX /IEEE 802.16 iscomplete with respect to the Privacy Key Management (PKM protocol. The protocol is responsible forproviding the secure distribution of keying data from Base Station (BS to Subscriber Station (SS. In thispaper we provide the formal analysis of PKMv2 using Scyther tool to verify the security properties. Wefound that PKMv2 is vulnerable to replay, DoS, Man-in-the middle attacks. At last we have proposed asecure protocol (SPKM to prevent the authorization protocol from such attacks.

  1. Secure communication protocol for mobile multimedia applications

    OpenAIRE

    Komninos, N.; Honary, B.; Darnell, M.

    2000-01-01

    Data transmission over wireless communication networks is increasing rapidly and security has become a very important issue. The main considerations of secure communication systems are authentication, key distribution, and data transfer. This paper describes a secure communication protocol (SCP), which provides privacy and data integrity for end-to-end data transmission over wireless communication systems.

  2. Secure Fingerprint Alignment and Matching Protocols

    OpenAIRE

    Bayatbabolghani, Fattaneh; Blanton, Marina; Aliasgari, Mehrdad; Goodrich, Michael

    2017-01-01

    We present three secure privacy-preserving protocols for fingerprint alignment and matching, based on what are considered to be the most precise and efficient fingerprint recognition algorithms-those based on the geometric matching of "landmarks" known as minutia points. Our protocols allow two or more honest-but-curious parties to compare their respective privately-held fingerprints in a secure way such that they each learn nothing more than a highly-accurate score of how well the fingerprin...

  3. Secure Geographic Routing Protocols: Issues and Approaches

    CERN Document Server

    sookhak, Mehdi; Haghparast, Mahboobeh; ISnin, Ismail Fauzi

    2011-01-01

    In the years, routing protocols in wireless sensor networks (WSN) have been substantially investigated by researches. Most state-of-the-art surveys have focused on reviewing of wireless sensor network .In this paper we review the existing secure geographic routing protocols for wireless sensor network (WSN) and also provide a qualitative comparison of them.

  4. Secure Geographic Routing Protocols: Issues and Approaches

    Directory of Open Access Journals (Sweden)

    Mehdi sookhak

    2011-09-01

    Full Text Available In the years, routing protocols in wireless sensor networks (WSN have been substantially investigated by researches Most state-of-the-art surveys have focused on reviewing of wireless sensor network .In this paper we review the existing secure geographic routing protocols for wireless sensor network (WSN and also provide a qualitative comparison of them.

  5. Secure Multi-Player Protocols

    DEFF Research Database (Denmark)

    Fehr, Serge

    sharing (VSS), as well as multi-party computation (MPC) belong to the most appealing and/or useful ones. The former two are basic tools to achieve better robustness of cryptographic schemes against malfunction or misuse by “decentralizing” the security from one single to a whole group of individuals...... secret sharing in terms of simple algebraic conditions on the integer sharing coefficients, and we propose a black-box secret sharing scheme with minimal expansion factor. Note that, in contrast to the classical field-based secret sharing schemes, a black-box secret sharing scheme allows to share...... in the (mathematical) representation of the task that needs to be securely executed. (3) We propose a unified treatment of perfectly secure linear VSS and distributed commitments (a weaker version of the former), and we show that the security of such a scheme can be reduced to a linear algebra condition. The security...

  6. A CONTRIBUTION TO SECURE THE ROUTING PROTOCOL

    Directory of Open Access Journals (Sweden)

    Mohammed ERRITALI

    2011-10-01

    Full Text Available This work presents a contribution to secure the routing protocol GPSR (Greedy Perimeter StatelessRouting for vehicular ad hoc networks, we examine the possible attacks against GPSR and securitysolutions proposed by different research teams working on ad hoc network security. Then, we propose asolution to secure GPSR packet by adding a digital signature based on symmetric cryptographygenerated using the AES algorithm and the MD5 hash function more suited to a mobile environment

  7. Efficient Controlled Quantum Secure Direct Communication Protocols

    Science.gov (United States)

    Patwardhan, Siddharth; Moulick, Subhayan Roy; Panigrahi, Prasanta K.

    2016-07-01

    We study controlled quantum secure direct communication (CQSDC), a cryptographic scheme where a sender can send a secret bit-string to an intended recipient, without any secure classical channel, who can obtain the complete bit-string only with the permission of a controller. We report an efficient protocol to realize CQSDC using Cluster state and then go on to construct a (2-3)-CQSDC using Brown state, where a coalition of any two of the three controllers is required to retrieve the complete message. We argue both protocols to be unconditionally secure and analyze the efficiency of the protocols to show it to outperform the existing schemes while maintaining the same security specifications.

  8. Analysis of Security Protocols by Annotations

    DEFF Research Database (Denmark)

    Gao, Han

    The trend in Information Technology is that distributed systems and networks are becoming increasingly important, as most of the services and opportunities that characterise the modern society are based on these technologies. Communication among agents over networks has therefore acquired a great...... deal of research interest. In order to provide effective and reliable means of communication, more and more communication protocols are invented, and for most of them, security is a significant goal. It has long been a challenge to determine conclusively whether a given protocol is secure or not....... The development of formal techniques, e.g. control flow analyses, that can check various security properties, is an important tool to meet this challenge. This dissertation contributes to the development of such techniques. In this dissertation, security protocols are modelled in the process calculus LYSA...

  9. Security Weaknesses in Arbitrated Quantum Signature Protocols

    Science.gov (United States)

    Liu, Feng; Zhang, Kejia; Cao, Tianqing

    2014-01-01

    Arbitrated quantum signature (AQS) is a cryptographic scenario in which the sender (signer), Alice, generates the signature of a message and then a receiver (verifier), Bob, can verify the signature with the help of a trusted arbitrator, Trent. In this paper, we point out there exist some security weaknesses in two AQS protocols. Our analysis shows Alice can successfully disavow any of her signatures by a simple attack in the first protocol. Furthermore, we study the security weaknesses of the second protocol from the aspects of forgery and disavowal. Some potential improvements of this kind of protocols are given. We also design a new method to authenticate a signature or a message, which makes AQS protocols immune to Alice's disavowal attack and Bob's forgery attack effectively.

  10. Analysis of Security Protocols in Embedded Systems

    DEFF Research Database (Denmark)

    Bruni, Alessandro

    .e., protecting the system from the external world). With increased connectivity of these systems to external networks the attack surface has grown, and consequently there is a need for securing the system from external attacks. Introducing security protocols in safety critical systems requires careful......Embedded real-time systems have been adopted in a wide range of safety-critical applications—including automotive, avionics, and train control systems—where the focus has long been on safety (i.e., protecting the external world from the potential damage caused by the system) rather than security (i...... considerations on the available resources, especially in meeting real-time and resource constraints, as well as cost and reliability requirements. For this reason many proposed security protocols in this domain have peculiar features, not present in traditional security literature. In this thesis we tackle...

  11. Performance Evaluation of Security Protocols

    DEFF Research Database (Denmark)

    Bodei, Chiara; Buchholtz, Mikael; Curti, Michele

    2005-01-01

    We use a special operational semantics which drives us in inferring quantitative measures on systems describing cryptographis cryptographic protocols. We assign rates to transitions by only looking at these labels. The rates reflect the distributed architecture running applications and the use of...

  12. Performance Evaluation of Security Protocols

    DEFF Research Database (Denmark)

    Bodei, Chiara; Buchholtz, Mikael; Curti, Michele

    2005-01-01

    We use a special operational semantics which drives us in inferring quantitative measures on systems describing cryptographis cryptographic protocols. We assign rates to transitions by only looking at these labels. The rates reflect the distributed architecture running applications and the use of...... of possibly different cryptosystems. We then map transition systems to Markov chains and evaluate performance of systems, using standard tools....

  13. Formally Generating Adaptive Security Protocols

    Science.gov (United States)

    2013-03-01

    a proven version of leader election and 2/3 consensus. In 2011 we did the same for a simple version of Paxos. At each stage of the evolution as our... leader election [2] and authentication [4] would suffice for Paxos as well. In preparation for the harder protocols, we had added expressive power to the

  14. Analysis Models for Security Protocols

    NARCIS (Netherlands)

    Corin, R.J.; Corin, Ricardo Javier

    2006-01-01

    In this thesis, we present five significant, orthogonal extensions to the Dolev Yao model. Each extension considers a more realistic setting, closer to the real world, thus providing a stronger security guarantee. We provide examples both from the literature and from industrial case studies to show

  15. A fully efficient secure quantum cryptography protocol

    CERN Document Server

    Xiang Bin Wang

    2001-01-01

    Since Bennett and Brassard suggested their quantum key distribution protocol(BB84 protocol) in 1984, the subject has been extensively studied both theoretically and experimentally. The protocol allows two remote parties Alice and Bob to create and share a secret key using a quantum channel and public authenticated communications. The quantum key created in this way is in principle secure because eavesdroppers have no way to tap the quantum channel without disturb it. In the protocol, two level quantum bits are measured in two basis, $X$ and $Z$ randomly by Bob. So at least half of the measurement results will be discarded because Bob has a half probability taking the measurement in a wrong basis. On the other hand, the security is not the maximum in BB84 protocol. To increase the security, one may straightforwardly increase the number of basis used in the protocol. For example, six state protocol was proposed recently for two level system. However, in this way, it seems to be the case that the higher the secu...

  16. Analyzing security protocols in hierarchical networks

    DEFF Research Database (Denmark)

    Zhang, Ye; Nielson, Hanne Riis

    2006-01-01

    Validating security protocols is a well-known hard problem even in a simple setting of a single global network. But a real network often consists of, besides the public-accessed part, several sub-networks and thereby forms a hierarchical structure. In this paper we first present a process calculus...... capturing the characteristics of hierarchical networks and describe the behavior of protocols on such networks. We then develop a static analysis to automate the validation. Finally we demonstrate how the technique can benefit the protocol development and the design of network systems by presenting a series...

  17. Secure Multi-Player Protocols

    DEFF Research Database (Denmark)

    Fehr, Serge

    secret sharing in terms of simple algebraic conditions on the integer sharing coefficients, and we propose a black-box secret sharing scheme with minimal expansion factor. Note that, in contrast to the classical field-based secret sharing schemes, a black-box secret sharing scheme allows to share......, MPC can be based on arbitrary finite rings. This is in sharp contrast to the literature where essentially all MPC protocols require a much stronger mathematical structure, namely a field. Apart from its theoretical value, this can lead to efficiency improvements since it allows a greater freedom...... ones. We also construct a noninteractive distributed-verifier proof of circuit satisfiability, which—in principle—allows to prove anything that can be proven without giving away the proof....

  18. Sufficient Conditions for Vertical Composition of Security Protocols (Extended Version)

    DEFF Research Database (Denmark)

    Mödersheim, Sebastian Alexander; Viganò, Luca

    Vertical composition of security protocols means that an application protocol (e.g., a banking service) runs over a channel established by another protocol (e.g., a secure channel provided by TLS). This naturally gives rise to a compositionality question: given a secure protocol P1 that provides...

  19. SECURING VIRTUAL IMAGES USING BLIND AUTHENTICATION PROTOCOL

    Directory of Open Access Journals (Sweden)

    RAVIKIRAN PEELUKHANA,

    2011-04-01

    Full Text Available The cloud virtualization technology improves the economy of scale for data centers through server consolidation, application consolidation and resources consolidation. Virtualization allows the provider to move Virtual Images from more congested host to less-congested hosts, as required. Enterprises also get improved server reliability, which in turn increases application performance. Despite these benefits, it includes major security challenges with the portability of Virtual Images between different cloud providers.The security and integrity of Virtual images is the foundation for the overall security of the cloud. Many of the Virtual images are intended to be shared by diverse and unrelated users. Unfortunately, existing approaches to cloud security built by cloud practitioners fall short when dealing with Virtual images. Secure transmission of virtual Images can bepossible by providing authentication using Blind Authentication protocol (BAP. The proposed approach authenticates the allocation of virtual images using Blind authentication protocol. It provides provable protection against replay and client side attacks even if the keys of the user are compromised. The encryption also provides template protection, revocability and alleviates the concerns on privacy in widespread use of biometrics. Carrying out the authentication in the encrypted domain is a secure process, while the encryption key acts as an additional layer of security.

  20. On Protocol Security in the Cryptographic Model

    DEFF Research Database (Denmark)

    Nielsen, Jesper Buus

    the channels by which they communicate. A general solution to the secure multiparty computation problem is a compiler which given any feasible function describes an efficient protocol which allows the parties to compute the function securely on their local inputs over an open network. Over the past twenty...... previous approaches to the problem. Starting from an open point-to-point network there is a long way to general secure multiparty computation. The dissertation contains contributions at several points along the way. In particular we investigate how to realize secure channels. We also show how threshold...... you as possible. This is the general problem of secure multiparty computation. The usual way of formalizing the problem is to say that a number of parties who do not trust each other wish to compute some function of their local inputs, while keeping their inputs as secret as possible and guaranteeing...

  1. Analysis of Security Protocols for Mobile Healthcare.

    Science.gov (United States)

    Wazid, Mohammad; Zeadally, Sherali; Das, Ashok Kumar; Odelu, Vanga

    2016-11-01

    Mobile Healthcare (mHealth) continues to improve because of significant improvements and the decreasing costs of Information Communication Technologies (ICTs). mHealth is a medical and public health practice, which is supported by mobile devices (for example, smartphones) and, patient monitoring devices (for example, various types of wearable sensors, etc.). An mHealth system enables healthcare experts and professionals to have ubiquitous access to a patient's health data along with providing any ongoing medical treatment at any time, any place, and from any device. It also helps the patient requiring continuous medical monitoring to stay in touch with the appropriate medical staff and healthcare experts remotely. Thus, mHealth has become a major driving force in improving the health of citizens today. First, we discuss the security requirements, issues and threats to the mHealth system. We then present a taxonomy of recently proposed security protocols for mHealth system based on features supported and possible attacks, computation cost and communication cost. Our detailed taxonomy demonstrates the strength and weaknesses of recently proposed security protocols for the mHealth system. Finally, we identify some of the challenges in the area of security protocols for mHealth systems that still need to be addressed in the future to enable cost-effective, secure and robust mHealth systems.

  2. Language, Semantics, and Methods for Security Protocols

    DEFF Research Database (Denmark)

    Crazzolara, Federico

    -nets. They have persistent conditions and as we show in this thesis, unfold under reasonable assumptions to a more basic kind of nets. We relate SPL-nets to strand spaces and inductive rules, as well as trace languages and event structures so unifying a range of approaches, as well as providing conditions under...... which particular, more limited, models are adequate for the analysis of protocols. The relations that are described in this thesis help integrate process calculi and algebraic reasoning with event-based methods to obtain a more accurate analysis of security properties of protocols....

  3. Efficient Controlled Quantum Secure Direct Communication Protocols

    OpenAIRE

    Patwardhan, Siddharth; Moulick, Subhayan Roy; Prasanta K. Panigrahi

    2015-01-01

    We study controlled quantum secure direct communication (CQSDC), a cryptographic scheme where a sender can send a secret bit-string to an intended recipient, without any secure classical channel, who can obtain the complete bit-string only with the permission of a controller. We report an efficient protocol to realize CQSDC using Cluster state and then go on to construct a (2-3)-CQSDC using Brown state, where a coalition of any two of the three controllers is required to retrieve the complete...

  4. A model based security testing method for protocol implementation.

    Science.gov (United States)

    Fu, Yu Long; Xin, Xiao Long

    2014-01-01

    The security of protocol implementation is important and hard to be verified. Since the penetration testing is usually based on the experience of the security tester and the specific protocol specifications, a formal and automatic verification method is always required. In this paper, we propose an extended model of IOLTS to describe the legal roles and intruders of security protocol implementations, and then combine them together to generate the suitable test cases to verify the security of protocol implementation.

  5. A Model Based Security Testing Method for Protocol Implementation

    Directory of Open Access Journals (Sweden)

    Yu Long Fu

    2014-01-01

    Full Text Available The security of protocol implementation is important and hard to be verified. Since the penetration testing is usually based on the experience of the security tester and the specific protocol specifications, a formal and automatic verification method is always required. In this paper, we propose an extended model of IOLTS to describe the legal roles and intruders of security protocol implementations, and then combine them together to generate the suitable test cases to verify the security of protocol implementation.

  6. Simulation and Evaluation of CTP and Secure-CTP Protocols

    Directory of Open Access Journals (Sweden)

    P. Pecho

    2010-04-01

    Full Text Available The paper discusses characteristics and qualities of two routing protocols – Collection Tree Protocol and its secure modification. The original protocol, as well as other protocols for wireless sensors, solves only problems of ra- dio communication and limited resources. Our design of the secure protocol tries to solve also the essential security ob- jectives. For the evaluation of properties of our protocol in large networks, a TOSSIM simulator was used. Our effort was to show the influence of the modification of the routing protocol to its behavior and quality of routing trees. We have proved that adding security into protocol design does not necessarily mean higher demands for data transfer, power consumption or worse protocol efficiency. In the paper, we manifest that security in the protocol may be achieved with low cost and may offer similar performance as the original protocol.

  7. An Efficient Secure Real-Time Concurrency Control Protocol

    Institute of Scientific and Technical Information of China (English)

    XIAO Yingyuan; LIU Yunsheng; CHEN Xiangyang

    2006-01-01

    Secure real-time databases must simultaneously satisfy two requirements in guaranteeing data security and minimizing the missing deadlines ratio of transactions. However, these two requirements can conflict with each other and achieve one requirement is to sacrifice the other. This paper presents a secure real-time concurrency control protocol based on optimistic method. The concurrency control protocol incorporates security constraints in a real-time optimistic concurrency control protocol and makes a suitable tradeoff between security and real-time requirements by introducing secure influence factor and real-time influence factor. The experimental results show the concurrency control protocol achieves data security without degrading real-time performance significantly.

  8. Typed Multiset Rewriting Specifications of Security Protocols

    Science.gov (United States)

    2011-10-01

    Cape Breton , NS, Canada, 24–26 June 2002. IEEE Computer Society Press. [12] Frederic Butler, Iliano Cervesato, Aaron D. Jaggard, and Andre Scedrov... andR an active role set. Let moreover ΣDY and PDY be the signature and protocol theory for the Dolev-Yao intruder. 1. If ` Σ, then ` Σ,ΣDY ; 2. If Σ...Computer Society Press. [4] Michael Backes, Iliano Cervesato, Aaron D. Jaggard, Andre Scedrov, and Joe-Kai Tsay. Cryptographically Sound Security

  9. QAODV: Improved Security Routing Protocol of AODV

    OpenAIRE

    Ruihui Mu; Wuqiang Zhang

    2013-01-01

    Network control system (NCS) has higher requirements on QoS index of the network, but MANET can hardly meet the demands of control systems because of its own characteristics. The paper improves AODV and proposes AODV routing protocol QAODV with certain QoS security in combination with NCS and MANET, and expounds routing detection, routing register and routing maintenance. Simulation results show that end-to-end delay and packet loss of QAODV reduces evidently compared with AODV, and the proto...

  10. SECURED ELECTRONIC VOTING PROTOCOL USING HYBRID CRYPTOSYSTEM

    Directory of Open Access Journals (Sweden)

    KALAICHELVI V

    2013-04-01

    Full Text Available Electronic Voting play a really vital role in the democracy of our life. In this paper, we propose an electronic voting protocol. Our scheme does not require a special voting channel and communication can occur entirely over the current Internet. This method integrates the Internet convenience and cryptology. In the existing protocol the Tallier has to wait until the decryption key is received from the voter. So it will consume lot of time. But, the proposed protocol is based on the hybrid cryptosystem. In this, the ballot is encrypted using faster secret key algorithm and the digital envelope is encrypted using Tallier’s public key. So, the Tallier will decrypt the digital envelope using his own private key to get the secret key and then the encrypted ballot is decrypted using that secret key. So, comparatively the proposed protocol consumes less time. This paper also analyzes the various security issues involved in an electronic voting like security, privacy, authentication, anonymous, uniqueness, accuracy, fairness, efficiency and uncoercibility.

  11. A LITERARY REVIEW OF MANET SECURITY PROTOCOLS

    Directory of Open Access Journals (Sweden)

    Krishan Kumar

    2011-10-01

    Full Text Available Ad hoc networks offer various applications which are verymuch essential in wireless networks. But the vital problemconcerning their security aspects is the major issue whichmust be solved. A mobile adhoc network is a collection ofnodes that are connected through a wireless mediumforming rapidly changing topologies. The dynamic andcooperative nature of ad hoc networks present challenges insecuring these networks. Attacks on ad hoc network routingprotocols is the main problem which affects the networkperformance and reliability. Here a brief introduction ismade of the most popular protocols that follow the tabledrivenapproach and the source initiated on-demandapproach.

  12. Security Analysis of Broadcaster Group Key Exchange Protocols

    Institute of Scientific and Technical Information of China (English)

    LI Li; ZHANG Huanguo

    2006-01-01

    Group key exchange protocols are basic protocols to provide privacy and integrity in secure group communication. This paper discusses the security of one type of group key exchange protocols and defines the kind of protocols as broadcaster group protocols. It points out two attacks on this kind of protocols. The first attack can be avoided by using fresh values in each action during one session of the group protocol. The second attack should be related with concrete application. It also proposes a dynamic key agreement protocol as an example of solutions at the last part of the paper.

  13. A STRONG SECURITY PROTOCOL AGAINST FINGERPRINT DATABASE ATTACKS

    Directory of Open Access Journals (Sweden)

    U. Latha

    2013-08-01

    Full Text Available The Biometric data is subject to on-going changes and create a crucial problem in fingerprint database. To deal with this, a security protocol is proposed to protect the finger prints information from the prohibited users. Here, a security protocol is proposed to protect the finger prints information. The proposed system comprised of three phases namely, fingerprint reconstruction, feature extraction and development of trigon based security protocol. In fingerprint reconstruction, the different crack variance level finger prints images are reconstructed by the M-band Dual Tree Complex Wavelet Transform (DTCWT. After that features are extracted by binarization. A set of finger print images are utilized to evaluate the performance of security protocol and the result from this process guarantees the healthiness of the proposed trigon based security protocol. The implementation results show the effectiveness of proposed trigon based security protocol in protecting the finger print information and the achieved improvement in image reconstruction and the security process.

  14. An Enhanced Security Protocol for Fast Mobile IPv6

    Science.gov (United States)

    You, Ilsun; Sakurai, Kouichi; Hori, Yoshiaki

    Recently, Kempf and Koodli have proposed a security protocol for Fast Mobile IPv6 (FMIPv6). Through the SEcure Neighbor Discovery (SEND) protocol, it achieves secure distribution of a handover key, and consequently becomes a security standard for FMIPv6. However, it is still vulnerable to redirection attacks. In addition, due to the SEND protocol, it suffers from denial of service attacks and expensive computational cost. In this paper, we present a security protocol, which enhances Kempf-Koodli's one with the help of the AAA infrastructure.

  15. Analysis of a key-establishment security protocol

    Directory of Open Access Journals (Sweden)

    Reiner Dojen

    2008-05-01

    Full Text Available Nowadays security protocols are a key component in providing security services for fixed and mobile networks. These services include data confidentiality, radio link encryption, message integrity, mobile subscriber authentication, electronic payment, certified e-mail, contract signing and non-repudiation. This paper is concerned with attacks against security protocols. Security protocols are introduced and the most common attacks against security protocols are discussed. The Wide-Mouthed Frog key-establishemnt protocol of Burrows, Abadi and Needham is presented. Attacks which exploit known weaknesses in the protocol are discussed and a corrected version of the protocol by Lowe is presented. Analysis of the Lowe modified Wide-Mouthed Frog protocol in this paper reveals a new parallel session attack. The reasons for this attack and how it can be mounted are discussed.

  16. Securing Zone Routing Protocol in Ad-Hoc Networks

    Directory of Open Access Journals (Sweden)

    Ibrahim S. I. Abuhaiba

    2012-09-01

    Full Text Available This paper is a contribution in the field of security analysis on mobile ad-hoc networks, and security requirements of applications. Limitations of the mobile nodes have been studied in order to design a secure routing protocol that thwarts different kinds of attacks. Our approach is based on the Zone Routing Protocol (ZRP; the most popular hybrid routing protocol. The importance of the proposed solution lies in the fact that it ensures security as needed by providing a comprehensive architecture of Secure Zone Routing Protocol (SZRP based on efficient key management, secure neighbor discovery, secure routing packets, detection of malicious nodes, and preventing these nodes from destroying the network. In order to fulfill these objectives, both efficient key management and secure neighbor mechanisms have been designed to be performed prior to the functioning of the protocol.To validate the proposed solution, we use the network simulator NS-2 to test the performance of secure protocol and compare it with the conventional zone routing protocol over different number of factors that affect the network. Our results evidently show that our secure version paragons the conventional protocol in the packet delivery ratio while it has a tolerable increase in the routing overhead and average delay. Also, security analysis proves in details that the proposed protocol is robust enough to thwart all classes of ad-hoc attacks.

  17. Protocols for Wireless Sensor Networks and Its Security

    Directory of Open Access Journals (Sweden)

    Dr. Adil Jamil Zaru

    2016-12-01

    Full Text Available This paper proposes a protocol for Wireless Sensor Networks and its security which are characterized by severely constrained computational and energy resources, and an ad hoc operational environment. The paper first introduces sensor networks, and discusses security issues and goals along with security problems, threats, and risks in sensor networks. It describes crippling attacks against all of them and suggests countermeasures and design considerations. It gives a brief introduction of proposed security protocol SPINS whose building blocks are SNEP and μTESLA which overcome all the important security threats and problems and achieves security goals like data confidentiality, freshness, authentication in order to provide a secure Wireless Sensor Network.

  18. Passive Cryptanalysis of Unconditionally Secure Authentication Protocol for RFID Systems

    CERN Document Server

    Abyaneh, Mohammad Reza Sohizadeh

    2010-01-01

    Recently, Alomair et al. proposed the first UnConditionally Secure mutual authentication protocol for low-cost RFID systems(UCS-RFID). The security of the UCS-RFID relies on five dynamic secret keys which are updated at every protocol run using a fresh random number (nonce) secretly transmitted from a reader to tags. Our results show that, at the highest security level of the protocol (security parameter= 512), inferring a nonce is feasible with the probability of 0.99 by eavesdropping(observing) about 90 runs of the protocol. Finding a nonce enable a passive attacker to recover all five secret keys of the protocol. To do so, we propose a three-phase probabilistic approach in this paper. Our attack recovers the secret keys with a probability that increases by accessing to more protocol runs. We also show that tracing a tag using this protocol is also possible even with less runs of the protocol.

  19. Security Analysis of Routing Protocols in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Mohammad Sadeghi

    2012-01-01

    Full Text Available In this paper, I describe briefly some of the different types of attacks on wireless sensor networks such as Sybil, HELLO, Wormhole and Sinkhole attacks. Then I describe security analysis of some major routing protocols in wireless sensor network such as Directed Diffusion, TinyOS beaconing, geographic and Rumor routings in term of attacks and security goals. As a result I explain some secure routing protocols for wireless sensor network and is discussed briefly some methods and policy of these protocols to meet their security requirements. At last some simulation results of these protocols that have been done by their designer are mentioned.

  20. A Security Analysis of the 802.11s Wireless Mesh Network Routing Protocol and Its Secure Routing Protocols

    Directory of Open Access Journals (Sweden)

    Seong-Moo Yoo

    2013-09-01

    Full Text Available Wireless mesh networks (WMNs can act as a scalable backbone by connecting separate sensor networks and even by connecting WMNs to a wired network. The Hybrid Wireless Mesh Protocol (HWMP is the default routing protocol for the 802.11s WMN. The routing protocol is one of the most important parts of the network, and it requires protection, especially in the wireless environment. The existing security protocols, such as the Broadcast Integrity Protocol (BIP, Counter with cipher block chaining message authentication code protocol (CCMP, Secure Hybrid Wireless Mesh Protocol (SHWMP, Identity Based Cryptography HWMP (IBC-HWMP, Elliptic Curve Digital Signature Algorithm HWMP (ECDSA-HWMP, and Watchdog-HWMP aim to protect the HWMP frames. In this paper, we have analyzed the vulnerabilities of the HWMP and developed security requirements to protect these identified vulnerabilities. We applied the security requirements to analyze the existing secure schemes for HWMP. The results of our analysis indicate that none of these protocols is able to satisfy all of the security requirements. We also present a quantitative complexity comparison among the protocols and an example of a security scheme for HWMP to demonstrate how the result of our research can be utilized. Our research results thus provide a tool for designing secure schemes for the HWMP.

  1. A security analysis of the 802.11s wireless mesh network routing protocol and its secure routing protocols.

    Science.gov (United States)

    Tan, Whye Kit; Lee, Sang-Gon; Lam, Jun Huy; Yoo, Seong-Moo

    2013-09-02

    Wireless mesh networks (WMNs) can act as a scalable backbone by connecting separate sensor networks and even by connecting WMNs to a wired network. The Hybrid Wireless Mesh Protocol (HWMP) is the default routing protocol for the 802.11s WMN. The routing protocol is one of the most important parts of the network, and it requires protection, especially in the wireless environment. The existing security protocols, such as the Broadcast Integrity Protocol (BIP), Counter with cipher block chaining message authentication code protocol (CCMP), Secure Hybrid Wireless Mesh Protocol (SHWMP), Identity Based Cryptography HWMP (IBC-HWMP), Elliptic Curve Digital Signature Algorithm HWMP (ECDSA-HWMP), and Watchdog-HWMP aim to protect the HWMP frames. In this paper, we have analyzed the vulnerabilities of the HWMP and developed security requirements to protect these identified vulnerabilities. We applied the security requirements to analyze the existing secure schemes for HWMP. The results of our analysis indicate that none of these protocols is able to satisfy all of the security requirements. We also present a quantitative complexity comparison among the protocols and an example of a security scheme for HWMP to demonstrate how the result of our research can be utilized. Our research results thus provide a tool for designing secure schemes for the HWMP.

  2. Implementation of Security Facilities in Simple Network Management Protocol (SNMP)

    Institute of Scientific and Technical Information of China (English)

    2000-01-01

    Simple Network Management Protocol (SNMP) is the most widely used network management protocol on TCP/IP-based networks. However, the lack of security features, notably authentication and privacy, is its weakness. To rectify this deficiency, a new version of SNMP, known as SNMPv3, is presented. The principal security facilities defined in SNMPv3 which include timeliness mechanism, authentication, privacy and access control are outlined, and a example on how to implement security features in a practical software system is given.

  3. Securing statically-verified communications protocols against timing attacks

    DEFF Research Database (Denmark)

    Buchholtz, Mikael; Gilmore, Stephen; Hillston, Jane;

    2004-01-01

    We present a federated analysis of communication protocols which considers both security properties and timing. These are not entirely independent observations of a protocol; by using timing observations of an executing protocol it is possible to deduce derived information about the nature of the...

  4. A Secure Routing Protocol for Wireless Sensor Networks Considering Secure Data Aggregation

    Directory of Open Access Journals (Sweden)

    Triana Mugia Rahayu

    2015-06-01

    Full Text Available The commonly unattended and hostile deployments of WSNs and their resource-constrained sensor devices have led to an increasing demand for secure energy-efficient protocols. Routing and data aggregation receive the most attention since they are among the daily network routines. With the awareness of such demand, we found that so far there has been no work that lays out a secure routing protocol as the foundation for a secure data aggregation protocol. We argue that the secure routing role would be rendered useless if the data aggregation scheme built on it is not secure. Conversely, the secure data aggregation protocol needs a secure underlying routing protocol as its foundation in order to be effectively optimal. As an attempt for the solution, we devise an energy-aware protocol based on LEACH and ESPDA that combines secure routing protocol and secure data aggregation protocol. We then evaluate its security effectiveness and its energy-efficiency aspects, knowing that there are always trade-off between both.

  5. Formal Models and Techniques for Analyzing Security Protocols

    CERN Document Server

    Cortier, V

    2011-01-01

    Security protocols are the small distributed programs which are omnipresent in our daily lives in areas such as online banking and commerce and mobile phones. Their purpose is to keep our transactions and personal data secure. Because these protocols are generally implemented on potentially insecure networks like the internet, they are notoriously difficult to devise. The field of symbolic analysis of security protocols has seen significant advances during the last few years. There is now a better understanding of decidability and complexity questions and successful automated tools for the pro

  6. Improving the security of arbitrated quantum signature protocols

    CERN Document Server

    Sun, Zhiwei; Long, Dongyang

    2011-01-01

    Arbitrated quantum signatures (AQS), for signing quantum message, have been proposed. It was claimed that the AQS schemes could guarantee unconditional security. However, we show that all the presented AQS protocols are insecure if quantum one-time pad encryption is used. Our attack and security analysis show that the signer (Alice) can always successfully acquire Bob's secret key and disavow any of her signatures. So the original version of the protocol is revised. As a consequence, the attack we present can be prevented, and accordingly the security of the protocol is improved.

  7. A Secure Elliptic Curve-Based RFID Protocol

    Institute of Scientific and Technical Information of China (English)

    Santi Martínez; Magda Valls; Concepcó Roig; Josep M. Miret; Francesc Giné

    2009-01-01

    Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased.Nevertheless, some of these systems present privacy problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies in the literature proposed schemes that are proven to be secure, but they have scalability problems. A feasible and scalable protocol to guarantee privacy is presented in this paper.The proposed protocol uses elliptic curve cryptography combined with a zero knowledge-based authentication scheme. An analysis to prove the system secure, and even forward secure is also provided.

  8. Domain Name Server Security (DNSSEC) Protocol Deployment

    Science.gov (United States)

    2014-10-01

    was a 10-year effort to promote adoption of the DNS Security Extensions (DNSSEC), a method of cryptography securing domain name system ( DNS ) lookups...DISTRIBUTION UNLIMITED i 1. SUMMARY The DNSSEC Deployment Initiative was a 10-year effort to promote adoption of the DNS Security Extensions (DNSSEC), a...method of cryptographically securing domain name system ( DNS ) lookups. This paper describes the latter five years of the Initiative’s work, which

  9. DESIGN OF A NEW SECURITY PROTOCOL USING HYBRID CRYPTOGRAPHY ALGORITHMS

    Directory of Open Access Journals (Sweden)

    Dr.S.Subasree and Dr.N.K.Sakthivel

    2010-02-01

    Full Text Available A Computer Network is an interconnected group of autonomous computing nodes, which use a well defined, mutually agreed set of rules and conventions known as protocols, interact with one-another meaningfully and allow resource sharing preferably in a predictable and controllable manner. Communication has a major impact on today’s business. It is desired to communicate data with high security. Security Attacks compromises the security and hence various Symmetric and Asymmetric cryptographic algorithms have been proposed to achieve the security services such as Authentication, Confidentiality, Integrity, Non-Repudiation and Availability. At present, various types of cryptographic algorithms provide high security to information on controlled networks. These algorithms are required to provide data security and users authenticity. To improve the strength of these security algorithms, a new security protocol for on line transaction can be designed using combination of both symmetric and asymmetric cryptographic techniques. This protocol provides three cryptographic primitives such as integrity, confidentiality and authentication. These three primitives can be achieved with the help of Elliptic Curve Cryptography, Dual-RSA algorithm and Message Digest MD5. That is it uses Elliptic Curve Cryptography for encryption, Dual-RSA algorithm for authentication and MD-5 for integrity. This new security protocol has been designed for better security with integrity using a combination of both symmetric and asymmetric cryptographic techniques.

  10. Model Checking Electronic Commerce Security Protocols Based on CTL

    Institute of Scientific and Technical Information of China (English)

    XIAO De-qin; ZHANG Huan-guo

    2005-01-01

    We present a model based on Computational Temporal Logic (CTL) methods for verifying security requirements of electronic commerce protocols. The model describes formally the authentication, confidentiality integrity,non-repudiation, denial of service and access control of the electronic commerce protocols. We illustrate as case study a variant of the Lu-Smolka protocol proposed by Lu-Smolka.Moreover, we have discovered two attacks that allow a dishonest user to purchase a good debiting the amount to another user. And also, we compared our work with relative research works and found that the formal way of this paper is more general to specify security protocols for E-Commerce.

  11. A Secure and Efficient Handover Authentication Protocol for Wireless Networks

    Directory of Open Access Journals (Sweden)

    Weijia Wang

    2014-06-01

    Full Text Available Handover authentication protocol is a promising access control technology in the fields of WLANs and mobile wireless sensor networks. In this paper, we firstly review an effcient handover authentication protocol, named PairHand, and its existing security attacks and improvements. Then, we present an improved key recovery attack by using the linearly combining method and reanalyze its feasibility on the improved PairHand protocol. Finally, we present a new handover authentication protocol, which not only achieves the same desirable effciency features of PairHand, but enjoys the provable security in the random oracle model.

  12. COSR: A Reputation-Based Secure Route Protocol in MANET

    Directory of Open Access Journals (Sweden)

    Yang LaurenceT

    2010-01-01

    Full Text Available Now, the route protocols defined in the Mobile Ad Hoc Network (MANET are constructed in a common assumption which all nodes contained in such networks are trustworthy and cooperative. Once malicious or selfish nodes exist, all route paths built by these protocols must be broken immediately. According to the secure problems within MANET, this paper proposes Cooperative On-demand Secure Route (COSR, a novel secure source route protocol, against malicious and selfish behaviors. COSR measures node reputation (NR and route reputation (RR by contribution, Capability of Forwarding (CoF and recommendation upon Dynamic Source Route (DSR and uses RR to balance load to avoid hotpoint. Furthermore, COSR defines path collection algorithm by NR to enhance efficiency of protocol. At last, we verify COSR through GloMoSim. Results show that COSR is secure and stable.

  13. Relating multiset rewriting and process algebras for security protocol analysis

    NARCIS (Netherlands)

    Bistarelli, Stefano; Cervesato, Iliano; Lenzini, Gabriele; Martinelli, Fabio

    2005-01-01

    When formalizing security protocols, different specification languages support very different reasoning methodologies, whose results are not directly or easily comparable. Therefore, establishing clear mappings among different frameworks is highly desirable, as it permits various methodologies to co

  14. Secure Data Network System (SDNS) network, transport, and message security protocols

    Science.gov (United States)

    Dinkel, C.

    1990-03-01

    The Secure Data Network System (SDNS) project, implements computer to computer communications security for distributed applications. The internationally accepted Open Systems Interconnection (OSI) computer networking architecture provides the framework for SDNS. SDNS uses the layering principles of OSI to implement secure data transfers between computer nodes of local area and wide area networks. Four security protocol documents developed by the National Security Agency (NSA) as output from the SDNS project are included. SDN.301 provides the framework for security at layer 3 of the OSI Model. Cryptographic techniques to provide data protection for transport connections or for connectionless-mode transmission are described in SDN.401. Specifications for message security service and protocol are contained in SDN.701. Directory System Specifications for Message Security Protocol are covered in SDN.702.

  15. Formal Specifications and Verification of a Secure Communication Protocol Model

    Institute of Scientific and Technical Information of China (English)

    夏阳; 陆余良; 蒋凡

    2003-01-01

    This paper presents a secure communication protocol model-EABM, by which network security communication can be realized easily and efficiently. First, the paper gives a thorough analysis of the protocol system, systematic construction and state transition of EABM. Then , it describes the channels and the process of state transition of EABM in terms of ESTELLE. At last, it offers a verification of the accuracy of the EABM model.

  16. Security Analysis of two Distance-Bounding Protocols

    CERN Document Server

    Abyaneh, Mohammad Reza Sohizadeh

    2011-01-01

    In this paper, we analyze the security of two recently proposed distance bounding protocols called the Hitomi and the NUS protocols. Our results show that the claimed security of both protocols has been overestimated. Namely, we show that the Hitomi protocol is susceptible to a full secret key disclosure attack which not only results in violating the privacy of the protocol but also can be exploited for further attacks such as impersonation, ma?a fraud and terrorist fraud attacks. Our results also demonstrates that the probability of success in a distance fraud attack against the NUS protocol can be increased up to (3/4)^n and even slightly more, if the adversary is furnished with some computational capabilities.

  17. Secure Group Formation Protocol for a Medical Sensor Network Prototype

    DEFF Research Database (Denmark)

    Andersen, Jacob

    2009-01-01

    wireless sensors to be both secure and usable by exploring different solutions on a fully functional prototype platform. In this paper, we present an Elliptic Curve Cryptography (ECC) based protocol, which offers fully secure sensor set-up in a few seconds on standard (Telos) hardware. We evaluate...

  18. Algebra model and security analysis for cryptographic protocols

    Institute of Scientific and Technical Information of China (English)

    HUAI Jinpeng; LI Xianxian

    2004-01-01

    More and more cryptographic protocols have been used to achieve various security requirements of distributed systems in the open network environment. However cryptographic protocols are very difficult to design and analyze due to the complexity of the cryptographic protocol execution, and a large number of problems are unsolved that range from the theory framework to the concrete analysis technique. In this paper, we build a new algebra called cryptographic protocol algebra (CPA) for describing the message operations with many cryptographic primitives, and proposed a new algebra model for cryptographic protocols based on the CPA. In the model, expanding processes of the participant's knowledge on the protocol runs are characterized with some algebraic notions such as subalgebra, free generator and polynomial algebra, and attack processes are modeled with a new notion similar to that of the exact sequence used in homological algebra. Then we develope a mathematical approach to the cryptographic protocol security analysis. By using algebraic techniques, we have shown that for those cryptographic protocols with some symmetric properties, the execution space generated by an arbitrary number of participants may boil down to a smaller space generated by several honest participants and attackers. Furthermore we discuss the composability problem of cryptographic protocols and give a sufficient condition under which the protocol composed of two correct cryptographic protocols is still correct, and we finally offer a counterexample to show that the statement may not be true when the condition is not met.

  19. A Secure Authenticated Key Exchange Protocol for Credential Services

    Science.gov (United States)

    Shin, Seonghan; Kobara, Kazukuni; Imai, Hideki

    In this paper, we propose a leakage-resilient and proactive authenticated key exchange (called LRP-AKE) protocol for credential services which provides not only a higher level of security against leakage of stored secrets but also secrecy of private key with respect to the involving server. And we show that the LRP-AKE protocol is provably secure in the random oracle model with the reduction to the computational Difie-Hellman problem. In addition, we discuss about some possible applications of the LRP-AKE protocol.

  20. Quantum And Relativistic Protocols For Secure Multi-Party Computation

    CERN Document Server

    Colbeck, Roger

    2009-01-01

    After a general introduction, the thesis is divided into four parts. In the first, we discuss the task of coin tossing, principally in order to highlight the effect different physical theories have on security in a straightforward manner, but, also, to introduce a new protocol for non-relativistic strong coin tossing. This protocol matches the security of the best protocol known to date while using a conceptually different approach to achieve the task. In the second part variable bias coin tossing is introduced. This is a variant of coin tossing in which one party secretly chooses one of two biased coins to toss. It is shown that this can be achieved with unconditional security for a specified range of biases, and with cheat-evident security for any bias. We also discuss two further protocols which are conjectured to be unconditionally secure for any bias. The third section looks at other two-party secure computations for which, prior to our work, protocols and no-go theorems were unknown. We introduce a gene...

  1. A Secured Authentication Protocol for SIP Using Elliptic Curves Cryptography

    Science.gov (United States)

    Chen, Tien-Ho; Yeh, Hsiu-Lien; Liu, Pin-Chuan; Hsiang, Han-Chen; Shih, Wei-Kuan

    Session initiation protocol (SIP) is a technology regularly performed in Internet Telephony, and Hyper Text Transport Protocol (HTTP) as digest authentication is one of the major methods for SIP authentication mechanism. In 2005, Yang et al. pointed out that HTTP could not resist server spoofing attack and off-line guessing attack and proposed a secret authentication with Diffie-Hellman concept. In 2009, Tsai proposed a nonce based authentication protocol for SIP. In this paper, we demonstrate that their protocol could not resist the password guessing attack and insider attack. Furthermore, we propose an ECC-based authentication mechanism to solve their issues and present security analysis of our protocol to show that ours is suitable for applications with higher security requirement.

  2. Formal Security Analysis of the MaCAN Protocol

    DEFF Research Database (Denmark)

    Bruni, Alessandro; Sojka, Michal; Nielson, Flemming

    2014-01-01

    Embedded real-time network protocols such as the CAN bus cannot rely on off-the-shelf schemes for authentication, because of the bandwidth limitations imposed by the network. As a result, both academia and industry have proposed custom protocols that meet such constraints, with solutions that may....... Although the revised scheme improves the situation, it is still not completely secure. We argue that the modified protocol makes a good compromise between the desire to secure automotive systems and the limitations of CAN networks.......Embedded real-time network protocols such as the CAN bus cannot rely on off-the-shelf schemes for authentication, because of the bandwidth limitations imposed by the network. As a result, both academia and industry have proposed custom protocols that meet such constraints, with solutions that may...

  3. A Secure Electronic Transaction Payment Protocol Design and Implementation

    Directory of Open Access Journals (Sweden)

    Houssam El Ismaili

    2014-06-01

    Full Text Available Electronic payment is the very important step of the electronic business system, and its security must be ensured. SSL/TLS and SET are two widely discussed means of securing online credit card payments. Because of implementation issues, SET has not really been adopted by e-commerce participants, whereas, despite the fact that it does not address all security issues, SSL/TLS is commonly used for Internet e-commerce security. The three-domain (3D security schemes, including 3-D Secure and 3D SET have recently been proposed as ways of improving ecommerce transaction security. Based on our research about SSL, SET, 3D security schemes and the requirements of electronic payment, we designed a secure and efficient E-Payment protocol. The new protocol offers an extra layer of protection for cardholders and merchants. Customers are asked to enter an additional password after checkout completion to verify they are truly the cardholder, the authentication is done directly between the cardholder and card issuer using the issuer security certificate and without involving the third party (Visa, MasterCard.

  4. A protocol for secure communication in large distributed systems

    Science.gov (United States)

    Anderson, D. P.; Ferrari, D.; Rangan, P. V.; Sartirana, B.

    1987-01-01

    A mechanism for secure communication in large distributed systems is proposed. The mechanism, called Authenticated Datagram Protocol (ADP), provides message authentication and, optionally, privacy of data. ADP is a host-to-host datagram protocol, positioned below the transport layer; it uses public-key encryption to establish secure channels between hosts and to authenticate owners, and single-key encryption for communication over a channel and to ensure privacy of the messages. ADP is shown to satisfy the main security requirements of large distributed systems, to provide end-to-end security in spite of its relatively low level, and to exhibit several advantages over schemes in which security mechanisms are at a higher level. The results of a trace-driven measurement study of ADP performance show that its throughput and latency are acceptable even within the limitations of today's technology, provided single-key encryption/decryption can be done in hardware.

  5. Sessions and Separability in Security Protocols

    DEFF Research Database (Denmark)

    Carbone, Marco; Guttman, Joshua

    2013-01-01

    Despite much work on sessions and session types in non- adversarial contexts, session-like behavior given an active adversary has not received an adequate definition and proof methods. We provide a syntactic property that guarantees that a protocol has session-respecting executions. Any uncomprom......Despite much work on sessions and session types in non- adversarial contexts, session-like behavior given an active adversary has not received an adequate definition and proof methods. We provide a syntactic property that guarantees that a protocol has session-respecting executions. Any......- work, and gives a general pattern for reasoning about independence....

  6. A Security Protocol for the Identification and Data Encrypt- Key Management of Secure Mobile Devices

    Directory of Open Access Journals (Sweden)

    Song Han

    2013-07-01

    Full Text Available In this paper, we proposed an identification and data encrypt key manage protocol that can be used in some security system based on such secure devices as secure USB memories or RFIDs, which are widely used for identifying persons or other objects recently. In general, the default functions of the security system using a mobile device are the authentication for the owner of the device and secure storage of data stored on the device. We proposed a security model that consists of the server and mobile devices in order to realize these security features. In this model we defined the secure communication protocol for the authentication and management of data encryption keys using a private key encryption algorithm with the public key between the server and mobile devices. In addition, we was performed the analysis for the attack to the communication protocol between the mobile device and server. Using the communication protocol, the system will attempt to authenticate the mobile device. The data decrypt key is transmitted only if the authentication process is successful. The data in the mobile device can be decrypted using the key. Our analysis proved that this Protocol ensures anonymity, prevents replay attacks and realizes the interactive identification between the security devices and the authentication server.

  7. A Secure Scalar Product Protocol Against Malicious Adversaries

    Institute of Scientific and Technical Information of China (English)

    Bo Yang; Yong Yu; Chung-Huang Yang

    2013-01-01

    A secure scalar product protocol is a type of specific secure multi-party computation problem.Using this kind of protocol,two involved parties are able to jointly compute the scalar product of their private vectors,but no party will reveal any information about his/her private vector to another one.The secure scalar product protocol is of great importance in many privacy-preserving applications such as privacy-preserving data mining,privacy-preserving cooperative statistical analysis,and privacy-preserving geometry computation.In this paper;,we give an efficient and secure scalar product protocol in the presence of malicious adversaries based on two important tools:the proof of knowledge of a discrete logarithm and the verifiable encryption.The security of the new protocol is proved under the standard simulation-based definitions.Compared with the existing schemes,our scheme offers higher efficiency because of avoiding inefficient cut-and-choose proofs.

  8. A Multi-Factor Security Protocol for Wireless Payment - Secure Web Authentication using Mobile Devices

    CERN Document Server

    Tiwari, Ayu; Abraham, Ajith; Knapskog, Svein Johan; Sanyal, Sugata

    2011-01-01

    Previous Web access authentication systems often use either the Web or the Mobile channel individually to confirm the claimed identity of the remote user. This paper proposes a new protocol using multifactor authentication system that is both secure and highly usable. It uses a novel approach based on Transaction Identification Code and SMS to enforce extra security level with the traditional Login/password system. The system provides a highly secure environment that is simple to use and deploy, that does not require any change in infrastructure or protocol of wireless networks. This Protocol for Wireless Payment is extended to provide two way authentications.

  9. Toward Synthesis, Analysis, and Certification of Security Protocols

    Science.gov (United States)

    Schumann, Johann

    2004-01-01

    Implemented security protocols are basically pieces of software which are used to (a) authenticate the other communication partners, (b) establish a secure communication channel between them (using insecure communication media), and (c) transfer data between the communication partners in such a way that these data only available to the desired receiver, but not to anyone else. Such an implementation usually consists of the following components: the protocol-engine, which controls in which sequence the messages of the protocol are sent over the network, and which controls the assembly/disassembly and processing (e.g., decryption) of the data. the cryptographic routines to actually encrypt or decrypt the data (using given keys), and t,he interface to the operating system and to the application. For a correct working of such a security protocol, all of these components must work flawlessly. Many formal-methods based techniques for the analysis of a security protocols have been developed. They range from using specific logics (e.g.: BAN-logic [4], or higher order logics [12] to model checking [2] approaches. In each approach, the analysis tries to prove that no (or at least not a modeled intruder) can get access to secret data. Otherwise, a scenario illustrating the &tack may be produced. Despite the seeming simplicity of security protocols ("only" a few messages are sent between the protocol partners in order to ensure a secure communication), many flaws have been detected. Unfortunately, even a perfect protocol engine does not guarantee flawless working of a security protocol, as incidents show. Many break-ins and security vulnerabilities are caused by exploiting errors in the implementation of the protocol engine or the underlying operating system. Attacks using buffer-overflows are a very common class of such attacks. Errors in the implementation of exception or error handling can open up additional vulnerabilities. For example, on a website with a log-in screen

  10. Algebraic Techniques for Low Communication Secure Protocols

    NARCIS (Netherlands)

    R. de Haan (Robbert)

    2009-01-01

    htmlabstractInternet communication is often encrypted with the aid of mathematical problems that are hard to solve. Another method to secure electronic communication is the use of a digital lock of which the digital key must be exchanged first. PhD student Robbert de Haan (CWI) researched models for

  11. Quantum secure communication using a multi-photon tolerant protocol

    Science.gov (United States)

    El Rifai, Mayssaa; Verma, Pramode K.

    2015-03-01

    This paper proposes a quantum secure communication protocol using multiple photons to represent each bit of a message to be shared. The multi-photon tolerant approach to quantum cryptography provides a quantum level security while using more than a single photon per transmission. The protocol proposed is a multi-stage protocol; an explanation of its operation and implementation are provided. The multi-stage protocol is based on the use of unitary transformations known only to Alice and Bob. This paper studies the security aspects of the multi-stage protocol by assessing its vulnerability to different attacks. It is well known that as the number of photons increases, the level of vulnerability of the multi-stage protocol increases. This paper sets a limit on the number of photons that can be used while keeping the multi-stage protocol a multi-photon tolerant quantum secure method for communication. The analysis of the number of photons to be used is based on the probability of success of a Helstrom discrimination done by an eavesdropper on the channel. Limiting the number of photons up to certain threshold per stage makes it impossible for an eavesdropper to decipher the message sent over the channel. The proposed protocol obviates the disadvantages associated with single photon implementations, such as limited data rates and distances along with the need to have no more than a single photon per time slot. The multi-stage protocol is a step toward direct quantum communication rather than quantum key distribution associated with single photon approaches.

  12. A dynamic,secure,and efficient group key agreement protocol

    Institute of Scientific and Technical Information of China (English)

    ZHENG Shihui; WANG Shaohui; ZHANG Guoyan

    2007-01-01

    The key challenge of dynamic peer communication is how to realize secure and efficient group key management.A two rounds key agreement protocol for dynamic peer group (DPG) is proposed in this paper.The protocol,which was obtained by combining the E1Gamal encryption scheme with the E1Gamal signature scheme,is efficient and simple.The protocol is proven secure against passive attack by using indistinguishable method.Moreover,both perfect forward secrecy (PFS) and key independence (KI) were achieved.Because the protocol is based on the broadcast channel,it is also suitable for key agreement in wireless communications,especially in ad-hoc networks.

  13. A Secure and Efficient Buyer-Seller Watermarking Protocol

    Directory of Open Access Journals (Sweden)

    Yuping Hu

    2009-06-01

    Full Text Available The Digital watermarking technology has become increasing popular in the protection digital copyright. However, in the practical application, the watermarking algorithms should be combined with a secure copyright protection protocol to solve the copyright protection problems completely. In this paper, a novel buyer-seller watermarking protocol is proposed for piracy tracing, in which a memoryless Watermark Certification Authority (WCA can offer a number of watermarks for a buyer simultaneously, avoiding itself being involved in each digital transaction operated between the buyer and the seller. Besides, in order to guarantee the anonymity of the buyer, the WCA can provide the buyer with an encrypted digital certificate and have it submitted directly to the seller by the buyer. In addition, the proposed protocol also can resolve other problems, such as the customer right problem, the binding attack problem, the anonymity problem, the conspiracy problem, the dispute problem. The analyses indicate that the proposed protocol is secure and practical.

  14. A Spatial-Epistemic Logic for Reasoning about Security Protocols

    CERN Document Server

    Toninho, Bernardo; 10.4204/EPTCS.51.1

    2011-01-01

    Reasoning about security properties involves reasoning about where the information of a system is located, and how it evolves over time. While most security analysis techniques need to cope with some notions of information locality and knowledge propagation, usually they do not provide a general language for expressing arbitrary properties involving local knowledge and knowledge transfer. Building on this observation, we introduce a framework for security protocol analysis based on dynamic spatial logic specifications. Our computational model is a variant of existing pi-calculi, while specifications are expressed in a dynamic spatial logic extended with an epistemic operator. We present the syntax and semantics of the model and logic, and discuss the expressiveness of the approach, showing it complete for passive attackers. We also prove that generic Dolev-Yao attackers may be mechanically determined for any deterministic finite protocol, and discuss how this result may be used to reason about security proper...

  15. An Efficacious and Secure Registration for Internet Protocol Mobility

    Directory of Open Access Journals (Sweden)

    Senthil Kumar Mathi

    2013-09-01

    Full Text Available For the ample development of mobile internet protocol (IP technology and the recurrent movement of a mobile device, it is necessary for the mobile device to inform their home network where initially registered through an efficient and secured procedure against any sort of attacks. The procedure of registration for IP mobility by the portable system must have a better performance by providing a certain level of security, such as authentication, integrity, replay attack protection, and location privacy. All at once, the extreme security in the registration of IP mobility may cause long registration time, principally for real-time systems. This paper mainly deals with a balanced effort for secure and efficient registration procedure which gives better security and efficiency in terms of registration delay. The proposed work provides an easy and fast registration procedure and lessens the registration delay through the usage of an identity based authenticated key exchange scheme that eliminates expensive pairing operations. The proposed protocol is verified by using AVISPA tool. The performance evaluation reveals that the proposed protocol significantly outperforms the existing protocols in terms of the registration delay.Defence Science Journal, 2013, 63(5, pp.502-507, DOI:http://dx.doi.org/10.14429/dsj.63.4003

  16. Administrator and Fidelity Based Secure Routing (AFSR Protocol in MANET

    Directory of Open Access Journals (Sweden)

    Rohit Singh

    2016-03-01

    Full Text Available The proliferation of mobile computing and communication devices are driving a revolutionary change in our information society. Among all the applications and services run by mobile devices, network connections and corresponding data services are without doubt the most demanded services by mobile users. A MANET is a continuously self-configuring, infrastructure-less network of mobile devices connected without wires, which makes it ideal for the present scenario. But, due to lack of any centralized infrastructure and access to trusted authorities, the security in MANET poses a huge threat. The prominent routing protocols we know are generally designed for environments where the nodes within a network are non-malicious. Due to the vulnerable nature of the mobile ad hoc network, there are numerous security threats that disturb its development. We propose a protocol for MANETs named “Administrator and Fidelity Based Secure Routing Protocol” (AFSR, which ensures secure routing through the network: by electing an Administrator node on the basis of Willingness and Fidelity, after which a node only communicates to that secure Admin node. This selection of secured admin nodes results in mitigation of various threats. We have evaluated our proposed protocol by simulating and comparing in GloMoSim.

  17. Security of the arbitrated quantum signature protocols revisited

    Science.gov (United States)

    Kejia, Zhang; Dan, Li; Qi, Su

    2014-01-01

    Recently, much attention has been paid to the study of arbitrated quantum signature (AQS). Among these studies, the cryptanalysis of some AQS protocols and a series of improved ideas have been proposed. Compared with the previous analysis, we present a security criterion, which can judge whether an AQS protocol is able to prevent the receiver (i.e. one participant in the signature protocol) from forging a legal signature. According to our results, it can be seen that most AQS protocols which are based on the Zeng and Keitel (ZK) model are susceptible to a forgery attack. Furthermore, we present an improved idea of the ZK protocol. Finally, some supplement discussions and several interesting topics are provided.

  18. A Calculus for Control Flow Analysis of Security Protocols

    DEFF Research Database (Denmark)

    Buchholtz, Mikael; Nielson, Hanne Riis; Nielson, Flemming

    2004-01-01

    analysis methodology. We pursue an analysis methodology based on control flow analysis in flow logic style and we have previously shown its ability to analyse a variety of security protocols. This paper develops a calculus, LysaNS that allows for much greater control and clarity in the description...

  19. An intruder model for verifying liveness in security protocols

    NARCIS (Netherlands)

    Cederquist, J.G.; Dashti, Muhammad Torabi

    2006-01-01

    We present a process algebraic intruder model for verifying a class of liveness properties of security protocols. For this class, the proposed intruder model is proved to be equivalent to a Dolev-Yao intruder that does not delay indefinitely the delivery of messages. In order to prove the equivalenc

  20. On Adaptive vs. Non-adaptive Security of Multiparty Protocols

    DEFF Research Database (Denmark)

    Canetti, Ran; Damgård, Ivan Bjerre; Dziembowski, Stefan

    2001-01-01

    Security analysis of multiparty cryptographic protocols distinguishes between two types of adversarialsettings: In the non-adaptive setting, the set of corrupted parties is chosen in advance, before the interaction begins. In the adaptive setting, the adversary chooses who to corrupt during...

  1. 3D Digital Legos for Teaching Security Protocols

    Science.gov (United States)

    Yu, Li; Harrison, L.; Lu, Aidong; Li, Zhiwei; Wang, Weichao

    2011-01-01

    We have designed and developed a 3D digital Lego system as an education tool for teaching security protocols effectively in Information Assurance courses (Lego is a trademark of the LEGO Group. Here, we use it only to represent the pieces of a construction set.). Our approach applies the pedagogical methods learned from toy construction sets by…

  2. An Analysis of ASRP Secure Routing Protocol for MANET

    Directory of Open Access Journals (Sweden)

    Tarun Dalal

    2012-04-01

    Full Text Available Mobile ad hoc networks (MANET can be defined as a collection of large number of mobile nodes that form temporary network without aid of any existing network infrastructure or central access point. Each node participating in the network, acts both as host and a router and must therefore is willing to forward packets for other nodes. The characteristics of MANET provides large amount of degree of freedom and self-organizing capability that make it completely different from other network. Due to this nature of MANET, design and development of secure routing is challenging task for researcher in an open and distributed communication environments. The main work of this paper is to address the security issue, because MANET is generally more vulnerable to various attacks, so we proposed a secure routing protocol for MANET, named ASRP (Authenticate Secure Routing Protocol based on DSDV (Destination- sequence distance vector. This protocol is designed to protect the network from malicious and selfish nodes. We are implementing Extended Public key Cryptography mechanism in ASRP in order to achieve security goals.

  3. Protecting Privacy and Securing the Gathering of Location Proofs - The Secure Location Verification Proof Gathering Protocol

    Science.gov (United States)

    Graham, Michelle; Gray, David

    As wireless networks become increasingly ubiquitous, the demand for a method of locating a device has increased dramatically. Location Based Services are now commonplace but there are few methods of verifying or guaranteeing a location provided by a user without some specialised hardware, especially in larger scale networks. We propose a system for the verification of location claims, using proof gathered from neighbouring devices. In this paper we introduce a protocol to protect this proof gathering process, protecting the privacy of all involved parties and securing it from intruders and malicious claiming devices. We present the protocol in stages, extending the security of this protocol to allow for flexibility within its application. The Secure Location Verification Proof Gathering Protocol (SLVPGP) has been designed to function within the area of Vehicular Networks, although its application could be extended to any device with wireless & cryptographic capabilities.

  4. A Comparison of Internet Protocol (IPv6 Security Guidelines

    Directory of Open Access Journals (Sweden)

    Steffen Hermann

    2014-01-01

    Full Text Available The next generation of the Internet Protocol (IPv6 is currently about to be introduced in many organizations. However, its security features are still a very novel area of expertise for many practitioners. This study evaluates guidelines for secure deployment of IPv6, published by the U.S. NIST and the German federal agency BSI, for topicality, completeness and depth. The later two are scores defined in this paper and are based on the Requests for Comments relevant for IPv6 that were categorized, weighted and ranked for importance using an expert survey. Both guides turn out to be of practical value, but have a specific focus and are directed towards different audiences. Moreover, recommendations for possible improvements are presented. Our results could also support strategic management decisions on security priorities as well as for the choice of security guidelines for IPv6 roll-outs.

  5. Secure Group Formation Protocol for a Medical Sensor Network Prototype

    DEFF Research Database (Denmark)

    Andersen, Jacob

    2009-01-01

    Designing security mechanisms such as privacy and access control for medical sensor networks is a challenging task; as such systems may be operated very frequently, at a quick pace, and at times in emergency situations. Understandably, clinicians hold extra unproductive tasks in low regard......, and experience from user workshops and observations of clinicians at work on a hospital ward show that if the security mechanisms are not well designed, the technology is either rejected altogether, or they are circumvented leaving the system wide open to attacks. Our work targets the problem of designing...... wireless sensors to be both secure and usable by exploring different solutions on a fully functional prototype platform. In this paper, we present an Elliptic Curve Cryptography (ECC) based protocol, which offers fully secure sensor set-up in a few seconds on standard (Telos) hardware. We evaluate...

  6. A Secure Cluster-Based Multipath Routing Protocol for WMSNs

    Directory of Open Access Journals (Sweden)

    Jamal N. Al-Karaki

    2011-04-01

    Full Text Available The new characteristics of Wireless Multimedia Sensor Network (WMSN and its design issues brought by handling different traffic classes of multimedia content (video streams, audio, and still images as well as scalar data over the network, make the proposed routing protocols for typical WSNs not directly applicable for WMSNs. Handling real-time multimedia data requires both energy efficiency and QoS assurance in order to ensure efficient utility of different capabilities of sensor resources and correct delivery of collected information. In this paper, we propose a Secure Cluster-based Multipath Routing protocol for WMSNs, SCMR, to satisfy the requirements of delivering different data types and support high data rate multimedia traffic. SCMR exploits the hierarchical structure of powerful cluster heads and the optimized multiple paths to support timeliness and reliable high data rate multimedia communication with minimum energy dissipation. Also, we present a light-weight distributed security mechanism of key management in order to secure the communication between sensor nodes and protect the network against different types of attacks. Performance evaluation from simulation results demonstrates a significant performance improvement comparing with existing protocols (which do not even provide any kind of security feature in terms of average end-to-end delay, network throughput, packet delivery ratio, and energy consumption.

  7. A secure cluster-based multipath routing protocol for WMSNs.

    Science.gov (United States)

    Almalkawi, Islam T; Zapata, Manel Guerrero; Al-Karaki, Jamal N

    2011-01-01

    The new characteristics of Wireless Multimedia Sensor Network (WMSN) and its design issues brought by handling different traffic classes of multimedia content (video streams, audio, and still images) as well as scalar data over the network, make the proposed routing protocols for typical WSNs not directly applicable for WMSNs. Handling real-time multimedia data requires both energy efficiency and QoS assurance in order to ensure efficient utility of different capabilities of sensor resources and correct delivery of collected information. In this paper, we propose a Secure Cluster-based Multipath Routing protocol for WMSNs, SCMR, to satisfy the requirements of delivering different data types and support high data rate multimedia traffic. SCMR exploits the hierarchical structure of powerful cluster heads and the optimized multiple paths to support timeliness and reliable high data rate multimedia communication with minimum energy dissipation. Also, we present a light-weight distributed security mechanism of key management in order to secure the communication between sensor nodes and protect the network against different types of attacks. Performance evaluation from simulation results demonstrates a significant performance improvement comparing with existing protocols (which do not even provide any kind of security feature) in terms of average end-to-end delay, network throughput, packet delivery ratio, and energy consumption.

  8. Secure and Fair Cluster Head Selection Protocol for Enhancing Security in Mobile Ad Hoc Networks

    Science.gov (United States)

    Paramasivan, B.; Kaliappan, M.

    2014-01-01

    Mobile ad hoc networks (MANETs) are wireless networks consisting of number of autonomous mobile devices temporarily interconnected into a network by wireless media. MANETs become one of the most prevalent areas of research in the recent years. Resource limitations, energy efficiency, scalability, and security are the great challenging issues in MANETs. Due to its deployment nature, MANETs are more vulnerable to malicious attack. The secure routing protocols perform very basic security related functions which are not sufficient to protect the network. In this paper, a secure and fair cluster head selection protocol (SFCP) is proposed which integrates security factors into the clustering approach for achieving attacker identification and classification. Byzantine agreement based cooperative technique is used for attacker identification and classification to make the network more attack resistant. SFCP used to solve this issue by making the nodes that are totally surrounded by malicious neighbors adjust dynamically their belief and disbelief thresholds. The proposed protocol selects the secure and energy efficient cluster head which acts as a local detector without imposing overhead to the clustering performance. SFCP is simulated in network simulator 2 and compared with two protocols including AODV and CBRP. PMID:25143986

  9. Secure and fair cluster head selection protocol for enhancing security in mobile ad hoc networks.

    Science.gov (United States)

    Paramasivan, B; Kaliappan, M

    2014-01-01

    Mobile ad hoc networks (MANETs) are wireless networks consisting of number of autonomous mobile devices temporarily interconnected into a network by wireless media. MANETs become one of the most prevalent areas of research in the recent years. Resource limitations, energy efficiency, scalability, and security are the great challenging issues in MANETs. Due to its deployment nature, MANETs are more vulnerable to malicious attack. The secure routing protocols perform very basic security related functions which are not sufficient to protect the network. In this paper, a secure and fair cluster head selection protocol (SFCP) is proposed which integrates security factors into the clustering approach for achieving attacker identification and classification. Byzantine agreement based cooperative technique is used for attacker identification and classification to make the network more attack resistant. SFCP used to solve this issue by making the nodes that are totally surrounded by malicious neighbors adjust dynamically their belief and disbelief thresholds. The proposed protocol selects the secure and energy efficient cluster head which acts as a local detector without imposing overhead to the clustering performance. SFCP is simulated in network simulator 2 and compared with two protocols including AODV and CBRP.

  10. Secure and Fair Cluster Head Selection Protocol for Enhancing Security in Mobile Ad Hoc Networks

    Directory of Open Access Journals (Sweden)

    B. Paramasivan

    2014-01-01

    Full Text Available Mobile ad hoc networks (MANETs are wireless networks consisting of number of autonomous mobile devices temporarily interconnected into a network by wireless media. MANETs become one of the most prevalent areas of research in the recent years. Resource limitations, energy efficiency, scalability, and security are the great challenging issues in MANETs. Due to its deployment nature, MANETs are more vulnerable to malicious attack. The secure routing protocols perform very basic security related functions which are not sufficient to protect the network. In this paper, a secure and fair cluster head selection protocol (SFCP is proposed which integrates security factors into the clustering approach for achieving attacker identification and classification. Byzantine agreement based cooperative technique is used for attacker identification and classification to make the network more attack resistant. SFCP used to solve this issue by making the nodes that are totally surrounded by malicious neighbors adjust dynamically their belief and disbelief thresholds. The proposed protocol selects the secure and energy efficient cluster head which acts as a local detector without imposing overhead to the clustering performance. SFCP is simulated in network simulator 2 and compared with two protocols including AODV and CBRP.

  11. ENHANCING SECURITY FOR IPV6 NEIGHBOR DISCOVERY PROTOCOL USING CRYPTOGRAPHY

    Directory of Open Access Journals (Sweden)

    Rosilah Hassan

    2014-01-01

    Full Text Available Internet Protocol version 4 (IPv4 would gradually be replaced by Internet Protocol version 6 (IPv6 as the next generation of Internet protocol. The Neighbor Discovery Protocol (NDP, one of the main protocols in the IPv6 suite, comprises Neighbor Discovery for IPv6. NDP is used by both hosts and routers. Its functions include Neighbor Discovery (ND, Router Discovery (RD, Address Auto configuration, Address Resolution, Neighbor Unreachability Detection (NUD, Duplicate Address Detection (DAD and Redirection. If not secured, NDP is vulnerable to various attacks: Neighbor Solicitation (NS spoofing and Neighbor Advertisement (NS spoofing, redirection, stealing addresses, denial of service are examples of these attacks. Since its early stages of designing and development NDP assumes connections between nodes will be safe but deployment stage prove this assumption is incorrect and highlight the security holes. This fact leads Internet Engineer Task Force (IETF to request solutions in order to overcoming these drawbacks. Secure Neighbor Discovery or SEND is then proposed, SEND solve a part of the threats associated with NDP and request for more researches to find a better solution that manage to forbid all these threats and ignore its limitations. This study presents a new mechanism to avoid security threats for IPv6 NDP based on digital signature procedures. The proposed solution is manage to eliminate the threats because it do mapping and binding between IP address, MAC address and public keys of the nodes in the node’s neighbors cache, intruders will not be able to spoof other nodes’ IP addresses.

  12. On the security of an anonymous roaming protocol in UMTS mobile networks

    Directory of Open Access Journals (Sweden)

    Shuhua Wu

    2012-02-01

    Full Text Available In this communication, we first show that the privacy-preserving roaming protocol recently proposed for mobile networks cannot achieve the claimed security level. Then we suggest an improved protocol to remedy its security problems.

  13. Two RFID standard-based security protocols for healthcare environments.

    Science.gov (United States)

    Picazo-Sanchez, Pablo; Bagheri, Nasour; Peris-Lopez, Pedro; Tapiador, Juan E

    2013-10-01

    Radio Frequency Identification (RFID) systems are widely used in access control, transportation, real-time inventory and asset management, automated payment systems, etc. Nevertheless, the use of this technology is almost unexplored in healthcare environments, where potential applications include patient monitoring, asset traceability and drug administration systems, to mention just a few. RFID technology can offer more intelligent systems and applications, but privacy and security issues have to be addressed before its adoption. This is even more dramatical in healthcare applications where very sensitive information is at stake and patient safety is paramount. In Wu et al. (J. Med. Syst. 37:19, 43) recently proposed a new RFID authentication protocol for healthcare environments. In this paper we show that this protocol puts location privacy of tag holders at risk, which is a matter of gravest concern and ruins the security of this proposal. To facilitate the implementation of secure RFID-based solutions in the medical sector, we suggest two new applications (authentication and secure messaging) and propose solutions that, in contrast to previous proposals in this field, are fully based on ISO Standards and NIST Security Recommendations.

  14. Concrete Security for Entity Recognition: The Jane Doe Protocol

    DEFF Research Database (Denmark)

    Lucks, Stefan; Zenner, Erik; Weimerskirch, Andre

    2008-01-01

    Entity recognition does not ask whether the message is from some entity X, just whether a message is from the same entity as a previous message. This turns turns out to be very useful for low-end devices. The current paper proposes a new protocol – the “Jane Doe Protocol” –, and provides a formal...... proof of its concrete security. The protocol neither employs asymmetric cryptography, nor a trusted third party, nor any key pre-distribution. It is suitable for light-weight cryptographic devices such as sensor network motes and RFID tags....

  15. Quantum Secure Direct Communication Network with Two-Step Protocol

    Institute of Scientific and Technical Information of China (English)

    LI Xi-Han; ZHOU Ping; LIANG Yu-Jie; LI Chun-Yan; ZHOU Hong-Yu; DENG Fu-Guo

    2006-01-01

    @@ An efficient quantum secure direct communication network protocol with the two-step scheme is proposed by using the Einstein-Podolsky-Rosen (EPR) pair block as the quantum information carrier. The server, say Alice,prepares and measures the EPR pairs in the quantum communication and the users perform the four local unitary operations to encode their message. Anyone of the legitimate users can communicate another one on the network securely. Since almost all of the instances in this scheme are useful and each EPR pair can carry two bits of information, the efficiency for qubits and the source capacity both approach the maximal values.

  16. A Secure Cloud-Based NFC Mobile Payment Protocol

    Directory of Open Access Journals (Sweden)

    Pardis Pourghomi

    2014-10-01

    Full Text Available Near Field Communication (NFC is one the most recent technologies in the area of application development and service delivery via mobile phone. NFC enables the mobile phone to act as identification and a credit card for customers. Dynamic relationships of NFC ecosystem players in an NFC transaction process make them partners in a way that sometimes they should share their access permissions on the applications that are running in the service environment. One of the technologies that can be used to ensure secure NFC transactions is cloud computing which offers wide range advantages compare to the use of a Secure Element (SE as a single entity in an NFC enabled mobile phone. In this paper, we propose a protocol based on the concept of NFC mobile payments. Accordingly, we present an extended version of the NFC cloud Wallet model [14], in which, the Secure Element in the mobile device is used for customer authentication whereas the customer's banking credentials are stored in a cloud under the control of the Mobile Network Operator (MNO. In this circumstance, Mobile Network Operator plays the role of network carrier which is responsible for controlling all the credentials transferred to the end user. The proposed protocol eliminates the requirement of a shared secret between the Point-of-Sale (POS and the Mobile Network Operator before execution of the protocol, a mandatory requirement in the earlier version of this protocol [16]. This makes it more practicable and user friendly. At the end, we provide a detailed analysis of the protocol where we discuss multiple attack scenarios.

  17. A Secure Wireless Routing Protocol Using Enhanced Chain Signatures

    CERN Document Server

    Saxena, Amitabh

    2009-01-01

    We propose a routing protocol for wireless networks. Wireless routing protocols allow hosts within a network to have some knowledge of the topology in order to know when to forward a packet (via broadcast) and when to drop it. Since a routing protocol forms the backbone of a network, it is a lucrative target for many attacks, all of which attempt to disrupt network traffic by corrupting routing tables of neighboring routers using false updates. Secure routing protocols designed for wired networks (such as S-BGP) are not scalable in an ad-hoc wireless environment because of two main drawbacks: (1) the need to maintain knowledge about all immediate neighbors (which requires a discovery protocol), and (2) the need to transmit the same update several times, one for each neighbor. Although information about neighbors is readily available in a fairly static and wired network, such information is often not updated or available in an ad-hoc wireless network with mobile devices. Our protocol is a variant of S-BGP call...

  18. Deciding security properties for cryptographic protocols. Application to key cycles

    CERN Document Server

    Comon-Lundh, Hubert; Zalinescu, Eugen

    2007-01-01

    There has been a growing interest in applying formal methods for validating cryptographic protocols and many results have been obtained. In this paper, we re-investigate and extend the NP-complete decision procedure for a bounded number of sessions of Rusinowitch and Turuani. In this setting, constraint systems are now a standard for modeling security protocols. We provide a generic approach to decide general security properties by showing that any constraint system can be transformed in (possibly several) much simpler constraint systems that are called \\emph{solved forms}. As a consequence, we prove that deciding the existence of key cycles is NP-complete for a bounded number of sessions. Indeed, many recent results are concerned with interpreting proofs of security done in symbolic models in the more detailed models of computational cryptography. In the case of symmetric encryption, these results stringently demand that no key cycle (e.g. $\\{k\\}_k$) can be produced during the execution of protocols. We show...

  19. A Spatial-Epistemic Logic for Reasoning about Security Protocols

    Directory of Open Access Journals (Sweden)

    Bernardo Toninho

    2011-02-01

    Full Text Available Reasoning about security properties involves reasoning about where the information of a system is located, and how it evolves over time. While most security analysis techniques need to cope with some notions of information locality and knowledge propagation, usually they do not provide a general language for expressing arbitrary properties involving local knowledge and knowledge transfer. Building on this observation, we introduce a framework for security protocol analysis based on dynamic spatial logic specifications. Our computational model is a variant of existing pi-calculi, while specifications are expressed in a dynamic spatial logic extended with an epistemic operator. We present the syntax and semantics of the model and logic, and discuss the expressiveness of the approach, showing it complete for passive attackers. We also prove that generic Dolev-Yao attackers may be mechanically determined for any deterministic finite protocol, and discuss how this result may be used to reason about security properties of open systems. We also present a model-checking algorithm for our logic, which has been implemented as an extension to the SLMC system.

  20. An Efficient and Secure Protocol for Ensuring Data Storage Security in Cloud Computing

    Directory of Open Access Journals (Sweden)

    Syam Kumar P

    2011-11-01

    Full Text Available Currently, there has been an increasing trend in outsourcing data to remote cloud, where the people outsource their data at Cloud Service Provider(CSP who offers huge storage space with low cost. Thus users can reduce the maintenance and burden of local data storage. Meanwhile, once data goes into cloud they lose control of their data, which inevitably brings new security risks toward integrity and confidentiality. Hence, efficient and effective methods are needed to ensure the data integrity and confidentiality of outsource data on untrusted cloud servers. The previously proposed protocols fail to provide strong security assurance to the users. In this paper, we propose an efficient and secure protocol to address these issues. Our design is based on Elliptic Curve Cryptography and Sobol Sequence (random sampling. Our method allows third party auditor to periodically verify the data integrity stored at CSP without retrieving original data. It generates probabilistic proofs of integrity by challenging random sets of blocks from the server, which drastically reduces the communication and I/O costs. The challenge-response protocol transmits a small, constant amount of data, which minimizes network communication. Most importantly, our protocol is confidential: it never reveals the data contents to the malicious parties. The proposed scheme also considers the dynamic data operations at block level while maintaining the same security assurance. Our solution removes the burden of verification from the user, alleviates both the users and storage services fear about data leakage and data corruptions. Through security analysis, we prove that our method is secure and through performance and experimental results, we also prove that our method is efficient. To compare with existing schemes, our scheme is more secure and efficient.

  1. Modular approach to the design and analysis of password-based security protocols

    Institute of Scientific and Technical Information of China (English)

    FENG DengGuo; CHEN WeiDong

    2007-01-01

    In this paper, a general framework for designing and analyzing password-based security protocols is presented, First we introduce the concept of "weak computational indistinguishability" based on current progress of password-based security protocols. Then, we focus on cryptographic foundations for password-based security protocols, i.e., the theory of "weak pseudorandomness". Furthermore, based on the theory of weak pseudorandomness, we present a modular approach to design and analysis of password-based security protocols. Finally, applying the modular approach, we design two kinds of password-based security protocols, i.e.,password-based session key distribution (PSKD) protocol and protected password change (PPC) protocol. In addition to having forward secrecy and improved efficiency, new protocols are proved secure.

  2. Microcontroller Protocol for Secure Broadcast in Controller Area Networks

    Directory of Open Access Journals (Sweden)

    B.Vijayalakshmi

    2014-04-01

    Full Text Available Controller Area Network is a bus commonly used by controllers inside vehicles and in various industrial control applications. In the past controllers were assumed to operate in secure perimeters, but today these environments are well connected to the outside world and recent incidents showed them extremely vulnerable to cyber-attacks. To withstand such threats, one can implement security in the application layer of CAN. Here we design, refine and implement a broadcast authentication protocol based on the well known paradigm of using key-chains and time synchronization, a commonly used Mechanism in wireless sensor networks, which allows us to take advantage from the use of symmetric primitives without the need of secret shared keys during broadcast. But, as process control is a time critical operation we make several refinements in order to improve on the authentication delay. For this we study several trade-offs to alleviate shortcomings on computational speed, memory and bandwidth up to the point of using reduced versions of hash functions that can assure ad hoc security. To prove the efficiency of the protocol

  3. ENHANCED ENCAPSULATED SECURITY PAYLOAD A NEW MECHANISM TO SECURE INTERNET PROTOCOL VERSION 6 OVER INTERNET PROTOCOL VERSION 4

    Directory of Open Access Journals (Sweden)

    Rosilah Hassan

    2014-01-01

    Full Text Available A considerable amount of time will be needed before each system in the Internet can convert from Internet Protocol version 4 (IPv4 to Internet Protocol version 6 (IPv6. Three strategies have been proposed by the Internet Engineer Task Force (IETF to help the transition from IPv4 to IPv6 which are dual stack, header translation and tunneling. Tunneling is used when two computers using IPv6 want to communicate with each other and the packet will travel through a region that uses IPv4. To pass through this region, IPv6 packet must be encapsulated in IPv4 packet to have an IPv4 address in order to make it IPv4 routing compatible. Internet Protocol security (IPsec in transport mode carries the payload of the encapsulating packet as a plain data without any mean of protection. That is, two nodes using IPsec in transport mode to secure the tunnel can spoof the inner payload; the packet will be de-capsulated successfully and accepted. IETF mentioned this problem in many RFCs. According to RFC 3964 there is no simple way to prevent spoofing attack in IPv6 over IPv4 tunnel and longer term solutions would have to be deployed in both IPv4 and IPv6 networks to help identify the source of the attack, a total prevention is likely impossible. This study proposed a new spoofing defense mechanism based on IPsec’s protocol Encapsulated Security Payload (ESP. ESP’s padding area had been used to write the IPv6 source address of the encapsulated packet. Simulation is conducted based on two scenarios, one with spoofing attack and one without. The outcome proved that proposed mechanism has managed to eliminate spoofing threat in IPv6 over IPv4 tunnel.

  4. A new method for improving security in MANETs AODV Protocol

    Directory of Open Access Journals (Sweden)

    Zahra Alishahi

    2012-10-01

    Full Text Available In mobile ad hoc network (MANET, secure communication is more challenging task due to its fundamental characteristics like having less infrastructure, wireless link, distributed cooperation, dynamic topology, lack of association, resource constrained and physical vulnerability of node. In MANET, attacks can be broadly classified in two categories: routing attacks and data forwarding attacks. Any action not following rules of routing protocols belongs to routing attacks. The main objective of routing attacks is to disrupt normal functioning of network by advertising false routing updates. On the other hand, data forwarding attacks include actions such as modification or dropping data packet, which does not disrupt routing protocol. In this paper, we address the “Packet Drop Attack”, which is a serious threat to operational mobile ad hoc networks. The consequence of not forwarding other packets or dropping other packets prevents any kind of communication to be established in the network. Therefore, there is a need to address the packet dropping event takes higher priority for the mobile ad hoc networks to emerge and to operate, successfully. In this paper, we propose a method to secure ad hoc on-demand distance vector (AODV routing protocol. The proposed method provides security for routing packets where the malicious node acts as a black-hole and drops packets. In this method, the collaboration of a group of nodes is used to make accurate decisions. Validating received RREPs allows the source to select trusted path to its destination. The simulation results show that the proposed mechanism is able to detect any number of attackers.

  5. Security enhanced EMV-based mobile payment protocol.

    Science.gov (United States)

    Yang, Ming-Hour

    2014-01-01

    Near field communication has enabled customers to put their credit cards into a smartphone and use the phone for credit card transaction. But EMV contactless payment allows unauthorized readers to access credit cards. Besides, in offline transaction, a merchant's reader cannot verify whether a card has been revoked. Therefore, we propose an EMV-compatible payment protocol to mitigate the transaction risk. And our modifications to the EMV standard are transparent to merchants and users. We also encrypt the communications between a card and a reader to prevent eavesdropping on sensitive data. The protocol is able to resist impersonation attacks and to avoid the security threats in EMV. In offline transactions, our scheme requires a user to apply for a temporary offline certificate in advance. With the certificate, banks no longer need to lower customer's credits for risk control, and users can have online-equivalent credits in offline transactions.

  6. Security Enhanced EMV-Based Mobile Payment Protocol

    Directory of Open Access Journals (Sweden)

    Ming-Hour Yang

    2014-01-01

    Full Text Available Near field communication has enabled customers to put their credit cards into a smartphone and use the phone for credit card transaction. But EMV contactless payment allows unauthorized readers to access credit cards. Besides, in offline transaction, a merchant’s reader cannot verify whether a card has been revoked. Therefore, we propose an EMV-compatible payment protocol to mitigate the transaction risk. And our modifications to the EMV standard are transparent to merchants and users. We also encrypt the communications between a card and a reader to prevent eavesdropping on sensitive data. The protocol is able to resist impersonation attacks and to avoid the security threats in EMV. In offline transactions, our scheme requires a user to apply for a temporary offline certificate in advance. With the certificate, banks no longer need to lower customer’s credits for risk control, and users can have online-equivalent credits in offline transactions.

  7. An Attack-Finding Algorithm for Security Protocols

    Institute of Scientific and Technical Information of China (English)

    刘东喜; 李小勇; 白英彩

    2002-01-01

    This paper proposes an automatic attack construction algorithm in order to find potential attacks on security protocols. It is based on a dynamic strand space model,which enhances the original strand space model by introducing active nodes on strands so as to characterize the dynamic procedure of protocol execution. With exact causal dependency relations between messages considered in the model, this algorithm can avoid state space explosion caused by asynchronous composition. In order to get a finite state space, a new method called strand-added on demand is exploited, which extends a bundle in an incremental manner without requiring explicit configuration of protocol execution parameters. A finer granularity model of term structure is also introduced, in which subterms are divided into check subterms and data subterms. Moreover, data subterms can be further classified based on the compatible data subterm relation to obtain automatically the finite set of valid acceptable terms for an honest principal. In this algorithm, terms core is designed to represent the intruder's knowledge compactly, and forward search technology is used to simulate attack patterns easily. Using this algorithm, a new attack on the Dolve-Yao protocol can be found, which is even more harmful because the secret is revealed before the session terminates.

  8. E-mail security: mail clients must use encrypted protocols

    CERN Multimedia

    2006-01-01

    In the coming weeks, users of mail clients other than Outlook (e.g. Pine, Mozilla, Mac Mail, etc.) may receive an e-mail from Mail-service@cern.ch with instructions to update the security settings of their mail client. The aim of this campaign is to enforce the use of encrypted and authenticated mail protocols in order to prevent the propagation of viruses and protect passwords from theft. As a first step, from 6 June 2006 onwards, access to mail servers from outside CERN will require a securely configured mail client as described in the help page http://cern.ch/mmmservices/Help/?kbid=191040. On this page most users will also find tools that will update their mail client settings automatically. Note that Outlook clients and WebMail access are not affected. The Mail Team

  9. Framework for Efficient Secure Steganographic Communication over Network Protocols

    Directory of Open Access Journals (Sweden)

    Jasbir Singh

    2013-12-01

    Full Text Available Security by obscurity has gained attention; as a result steganography is becoming more popular in the network communication. Network steganography describes various methods used for transmitting data over a network without it being detected. Most of the methods proposed for hiding data in a network do not offer an additional protection to the covert data as it is sent as plain text. This paper presents a framework that offers the protection to the covert data by encrypting it and compresses it for gain in efficiency. Several ways of sending covert information through network using TCP/IP protocol are discussed. Also, the communication made more secure and efficient by using compression and encryption techniques. Finally, the performance of the proposed framework is compared with other steganography tools.

  10. A secure RFID mutual authentication protocol for healthcare environments using elliptic curve cryptography.

    Science.gov (United States)

    Jin, Chunhua; Xu, Chunxiang; Zhang, Xiaojun; Zhao, Jining

    2015-03-01

    Radio Frequency Identification(RFID) is an automatic identification technology, which can be widely used in healthcare environments to locate and track staff, equipment and patients. However, potential security and privacy problems in RFID system remain a challenge. In this paper, we design a mutual authentication protocol for RFID based on elliptic curve cryptography(ECC). We use pre-computing method within tag's communication, so that our protocol can get better efficiency. In terms of security, our protocol can achieve confidentiality, unforgeability, mutual authentication, tag's anonymity, availability and forward security. Our protocol also can overcome the weakness in the existing protocols. Therefore, our protocol is suitable for healthcare environments.

  11. Privacy-Enhancing Security Protocol in LTE Initial Attack

    Directory of Open Access Journals (Sweden)

    Uijin Jang

    2014-12-01

    Full Text Available Long-Term Evolution (LTE is a fourth-generation mobile communication technology implemented throughout the world. It is the communication means of smartphones that send and receive all of the private date of individuals. M2M, IOT, etc., are the base technologies of mobile communication that will be used in the future cyber world. However, identification parameters, such as International Mobile Subscriber Identity (IMSI, Radio Network Temporary Identities (RNTI, etc., in the initial attach section for accessing the LTE network are presented with the vulnerability of being exposed as clear text. Such vulnerability does not end in a mere identification parameter, but can lead to a secondary attack using the identification parameter, such as replication of the smartphone, illegal use of the mobile communication network, etc. This paper proposes a security protocol to safely transmit identification parameters in different cases of the initial attach. The proposed security protocol solves the exposed vulnerability by encrypting the parameters in transmission. Using an OPNET simulator, it is shown that the average rate of delay and processing ratio are efficient in comparison to the existing process.

  12. Security of Semi-Device-Independent Random Number Expansion Protocols

    Science.gov (United States)

    Li, Dan-Dan; Wen, Qiao-Yan; Wang, Yu-Kun; Zhou, Yu-Qian; Gao, Fei

    2015-01-01

    Semi-device-independent random number expansion (SDI-RNE) protocols require some truly random numbers to generate fresh ones, with making no assumptions on the internal working of quantum devices except for the dimension of the Hilbert space. The generated randomness is certified by non-classical correlation in the prepare-and-measure test. Until now, the analytical relations between the amount of the generated randomness and the degree of non-classical correlation, which are crucial for evaluating the security of SDI-RNE protocols, are not clear under both the ideal condition and the practical one. In the paper, first, we give the analytical relation between the above two factors under the ideal condition. As well, we derive the analytical relation under the practical conditions, where devices’ behavior is not independent and identical in each round and there exists deviation in estimating the non-classical behavior of devices. Furthermore, we choose a different randomness extractor (i.e., two-universal random function) and give the security proof. PMID:26503335

  13. SECURITY ENHANCEMENT FOR 3- PEKE PROTOCOL USING PARALLEL MESSAGE TRANSMISSION TECHNIQUE

    OpenAIRE

    2012-01-01

    It is easy to choose and memorize simple and meaningful vocabulary as secret passwords, but it is very hard to meet the requirement of security and efficiency. Hence chang and chang proposed a novel three party encrypted key exchange protocol without using the server’s public keys. The key exchange protocol has achieved great attention due to its simplicity and efficiency. It was claimed that the protocol was practically secure and efficient. On the other hand, the protocol resists all types ...

  14. SLEACH: Secure Low- Energy Adaptive Clustering Hierarchy Protocol for Wireless Sensor Networks

    Institute of Scientific and Technical Information of China (English)

    WANG Xiao-yun; YANG Li-zhen; CHEN Ke-fei

    2005-01-01

    LEACH (Low-Energy Adaptive Clustering Hierarchy) protocol is a basic clustering-based routing protocol of sensor networks. In this paper, we present the design of SLEACH, a secure extension for the LEACH protocol. We divide SLEACH into four phases and fit inexpensive cryptographic operations to each part of the protocol functionality to create an efficient, practical protocol. Then we give security analyses of SLEACH. Our security analyses show that our scheme is robust against any external attacker or compromised nodes in the sensor network

  15. Analysis of security protocols based on challenge-response

    Institute of Scientific and Technical Information of China (English)

    LUO JunZhou; YANG Ming

    2007-01-01

    Security protocol is specified as the procedure of challenge-response, which uses applied cryptography to confirm the existence of other principals and fulfill some data negotiation such as session keys. Most of the existing analysis methods,which either adopt theorem proving techniques such as state exploration or logic reasoning techniques such as authentication logic, face the conflicts between analysis power and operability. To solve the problem, a new efficient method is proposed that provides SSM semantics-based definition of secrecy and authentication goals and applies authentication logic as fundamental analysis techniques,in which secrecy analysis is split into two parts: Explicit-Information-Leakage and Implicit-Information-Leakage, and correspondence analysis is concluded as the analysis of the existence relationship of Strands and the agreement of Strand parameters. This new method owns both the power of the Strand Space Model and concision of authentication logic.

  16. Secure Handshake in Wi-Fi Connection (A Secure and Enhanced Communication Protocol

    Directory of Open Access Journals (Sweden)

    Ranbir Sinha

    2012-03-01

    Full Text Available This paper presents a concept of enhancing the security in wireless communication. A Computer Network is an interconnected group of autonomous computing nodes, which use a well-defined, mutually agreed set of rules and conventions known as protocols, interact with one-another meaningfully and allow resource sharing preferably in a predictable and controllable manner. Communication has a major impact on today’s business. It is desired to communicate data with high security. These days wireless communication has become an essential form of communication in all aspects of daily life. The main reason for this popularity among other things like the speed of communication and low cost is the convenience of managing and handling data transfer. However this communication is diminished by the insecurity of communication and unidentified intrusion into the network. This paper deals with a communication protocol that can be used in any wireless network for enhancing the security and preventing any unwanted intruders in penetrating the network.

  17. Enhancement in Ad hoc on Demand Distance Vector (AODV) Routing Protocol Security

    Institute of Scientific and Technical Information of China (English)

    WANG Cui-rong; YANG Xiao-zong; GAO Yuan

    2005-01-01

    Ad-hoc networking has mainly been associated with military battlefield networks. Security has received considerably less attention and the issue needs to be addressed before any successful applications will appear. Due to the insecure nature of the wireless link and their dynamically changing topology, wireless ad-hoc networks require a careful and security-oriented approach for designing routing protocols.In this paper, an AODV-based secure routing protocolENAODV is presented. A speed-optimized digital signature algorithm is integrated into the routing protocol. The protocol algorithm is implemented with NS-2. The security of the protocol is analyzed. The simulating results show that the performances of ENAODV protocol, such as average node energy consumption, packet delay and packet delivery is nearly the same as standard AODV protocol.

  18. An Advanced Survey on Secure Energy-Efficient Hierarchical Routing Protocols in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Abdoulaye Diop

    2013-01-01

    Full Text Available Wireless Sensor Networks (WSNs are often deployed in hostile environments, which make such networks highly vulnerable and increase the risk of attacks against this type of network. WSN comprise of large number of sensor nodes with different hardware abilities and functions. Due to the limited memory resources and energy constraints, complex security algorithms cannot be used in sensor networks. Therefore, it is necessary to balance between the security level and the associated energy consumption overhead to mitigate the security risks. Hierarchical routing protocol is more energy-efficient than other routing protocols in WSNs. Many secure cluster-based routing protocols have been proposed in the literature to overcome these constraints. In this paper, we discuss Secure Energy-Efficient Hierarchical Routing Protocols in WSNs and compare them in terms of security, performance and efficiency. Security issues for WSNs and their solutions are also discussed.

  19. The Internet Inter-Orb Protocol Security Bridge

    Directory of Open Access Journals (Sweden)

    Pawel Slowikowski

    1999-01-01

    Full Text Available In this paper, we present a security bridge for the Internet protocol of interoperability amongst CORBA objects and the Internet inter-ORB Protocol (IIOP. The bridge helps in making accessible objects in the Internet and makes possible the access control to them. The bridge was realized in the popular request broker the Visigenic's VisiBroker under Windows 95/NT and Solaris 2.X operating systems. We describe two ways of locating the bridge in the request broker. The first means uses one name domain of broker and is not transparent for client. The second one uses two name domains and provides objects protection on the level of the Naming Service and is transparent lor the client. We also describe the variant ofthe second means with using GateKeeper server to support IIOP tunneling within HTTP. We emphasize the importance of a firewall, cooperating with a bridge. which is required for the purpose of providing object protection. The paper presents an original conception of security managing, basing on the ideas of users, groups and resources defined using the standard terms of CORBA, IIOP and TCP/IP, that allows to control positively and negatively the access to classes (interfaces, objects and also to their individual methods. This conception was effectively implemented in a functioning bridge. Further chapters describe the foundations and some details of the bridge implementation sueli as the use ofthe Interface Repository, cache memory application, thread synchronization and the way of synchronization of the configuration applet with the bridge's objects. We discuss the influence of these solutions on the efficiency ofthe bridge and its source code portability. We also present the general structure of the component objects ofthe bridge with a scheme. ln the next part we characterize the implementation foundations ofthe bridge manager, realized as an applet in Java, with the stress on the possibility of the bridge configuration through the

  20. Improving an Anonymous and Provably Secure Authentication Protocol for a Mobile User

    Directory of Open Access Journals (Sweden)

    Jongho Moon

    2017-01-01

    Full Text Available Recently many authentication protocols using an extended chaotic map were suggested for a mobile user. Many researchers demonstrated that authentication protocol needs to provide key agreement, mutual authentication, and user anonymity between mobile user and server and resilience to many possible attacks. In this paper, we cautiously analyzed chaotic-map-based authentication scheme and proved that it is still insecure to off-line identity guessing, user and server impersonation, and on-line identity guessing attacks. To address these vulnerabilities, we proposed an improved protocol based on an extended chaotic map and a fuzzy extractor. We proved the security of the proposed protocol using a random oracle and AVISPA (Automated Validation of Internet Security Protocols and Applications tool. Furthermore, we present an informal security analysis to make sure that the improved protocol is invulnerable to possible attacks. The proposed protocol is also computationally efficient when compared to other previous protocols.

  1. Secure Handshake in Wi-Fi Connection (A Secure and Enhanced Communication Protocol

    Directory of Open Access Journals (Sweden)

    Ranbir Sinha

    2012-03-01

    Full Text Available This paper presents a concept of enhancing thesecurity in wireless communication. A ComputerNetwork is an interconnected group of autonomouscomputing nodes, which use a well-defined,mutually agreed set of rules and conventions knownas protocols, interact with one-anothermeaningfully and allow resource sharing preferablyin a predictable and controllable manner.Communication has a major impact on today’sbusiness. It is desired to communicate data withhigh security. These days wireless communicationhas become an essential form of communication inall aspects of daily life. The main reason for thispopularity among other things like the speed ofcommunication and low cost is the convenience ofmanaging and handling data transfer. However thiscommunication is diminished by the insecurity ofcommunication and unidentified intrusion into thenetwork. This paper deals with a communicationprotocol that can be used in any wireless networkfor enhancing the security and preventing anyunwanted intruders in penetrating the network.

  2. A Novel Quantum Covert Channel Protocol Based on Any Quantum Secure Direct Communication Scheme

    Institute of Scientific and Technical Information of China (English)

    XU Shu-Jiang; CHEN Xiu-Bo; NIU Xin-Xin; YANG Yi-Xian

    2013-01-01

    By analyzing the basic properties of unitary transformations used in a quantum secure direct communication (QSDC) protocol,we show the main idea why a covert channel can be established within any QSDC channel which employs unitary transformations to encode information.On the basis of the fact that the unitary transformations used in a QSDC protocol are secret and independent,a novel quantum covert channel protocol is proposed to transfer secret messages with unconditional security.The performance,including the imperceptibility,capacity and security of the proposed protocol are analyzed in detail.

  3. A Novel Quantum Covert Channel Protocol Based on Any Quantum Secure Direct Communication Scheme

    Science.gov (United States)

    Xu, Shu-Jiang; Chen, Xiu-Bo; Niu, Xin-Xin; Yang, Yi-Xian

    2013-05-01

    By analyzing the basic properties of unitary transformations used in a quantum secure direct communication (QSDC) protocol, we show the main idea why a covert channel can be established within any QSDC channel which employs unitary transformations to encode information. On the basis of the fact that the unitary transformations used in a QSDC protocol are secret and independent, a novel quantum covert channel protocol is proposed to transfer secret messages with unconditional security. The performance, including the imperceptibility, capacity and security of the proposed protocol are analyzed in detail.

  4. A Novel Mutual RFID Authentication Protocol with Low Complexity and High Security

    Directory of Open Access Journals (Sweden)

    Samad Rostampour

    2014-02-01

    Full Text Available Radio Frequency Identification (RFID is a method for automated identifying objects. One of the problems of this technology is its security. RFID tags include resource limitation; therefore, the system designers cannot implement complex circuits to enhance their security. Usually the symmetric and asymmetric encryption methods increase resources and cost. Because it is believed to increasing security is inconsistent with the simplicity, the researchers mostly use one-way encryption methods. In this paper, we propose a mutual authentication protocol based on public key cryptography. The used encryption method includes high security and low complexity. This protocol performs in few steps and is suitable for portable devices with power limitation. In terms of security, the proposed protocol is robust against known attacks. In addition, we prove the protocol is secure by an analytical method.

  5. Review of Security Approaches in Routing Protocol in Mobile Adhoc Network

    Directory of Open Access Journals (Sweden)

    Sumati Ramakrishna Gowda

    2013-01-01

    Full Text Available In this paper the objective is to present a review of routing protocols in mobile ad hoc network (MANET exclusively from security viewpoint. In MANET, the mobile nodes often move randomly for which reason the cumulative network experiences rapid and much unpredictable topology alterations. Due to presence of dynamic topology as well as limited range of transmission, very often some nodes cannot communicate directly with each other. Because of this phenomenon, all the QoS and security issues surface. Till now there is abundant literature work being formulated towards designing routing protocols. But security features designed till now are not able to provide optimal security towards secure routing. Routing protocols, data, bandwidth and battery power are the common target of the attackers. Therefore, in this paper the attempts are to throw light on the work that were focused exclusively for maintaining security in routing protocols in MANET

  6. Cryptanalysis and improvement of quantum secure communication network protocol with entangled photons for mobile communications

    Science.gov (United States)

    Gao, Gan

    2014-12-01

    Recently, a communication protocol called controlled bidirectional quantum secret direct communication for mobile networks was proposed by Chou et al (2014 Mobile Netw. Appl. 19 121). We study the security of the proposed communication protocol and find that it is not secure. The controller, Telecom Company, may eavesdrop secret messages from mobile devices without being detected. Finally, we give a possible improvement of the communication protocol.

  7. A new multi-tier adaptive military MANET security protocol using hybrid cryptography and signcryption

    OpenAIRE

    YAVUZ, Attila A.; ALAGÖZ, Fatih; Anarim, Emin

    2014-01-01

    Mobile Ad-hoc NETworks (MANETs) are expected to play an important role in tactical military networks by providing infrastructureless communication. However, maintaining secure and instant information sharing is a difficult task especially for highly dynamic military MANETs. To address this requirement, we propose a new multi-tier adaptive military MANET security protocol using hybrid cryptography and signcryption. In our protocol, we bring novelties to secure military MANET communic...

  8. A Provable Secure ID-Based Explicit Authenticated Key Agreement Protocol Without Random Oracles

    Institute of Scientific and Technical Information of China (English)

    Hai-Bo Tian; Willy Susilo; Yang Ming; Yu-Min Wang

    2008-01-01

    In this paper, we present an identity-based explicit authenticated key agreement protocol that is provably secure without random oracles. The protocol employs a new method to isolate a session key from key confirmation keys so that there is no direct usage of hash functions in the protocol. The protocol is proved secure without random oracles in a variant of Bellare and Rogaway style model, an exception to current proof method in this style model in the ID-based setting. We believe that this key isolation method is novel and can be further studied for constructing more efficient protocols.

  9. Security of six-state quantum key distribution protocol with threshold detectors.

    Science.gov (United States)

    Kato, Go; Tamaki, Kiyoshi

    2016-07-22

    The security of quantum key distribution (QKD) is established by a security proof, and the security proof puts some assumptions on the devices consisting of a QKD system. Among such assumptions, security proofs of the six-state protocol assume the use of photon number resolving (PNR) detector, and as a result the bit error rate threshold for secure key generation for the six-state protocol is higher than that for the BB84 protocol. Unfortunately, however, this type of detector is demanding in terms of technological level compared to the standard threshold detector, and removing the necessity of such a detector enhances the feasibility of the implementation of the six-state protocol. Here, we develop the security proof for the six-state protocol and show that we can use the threshold detector for the six-state protocol. Importantly, the bit error rate threshold for the key generation for the six-state protocol (12.611%) remains almost the same as the one (12.619%) that is derived from the existing security proofs assuming the use of PNR detectors. This clearly demonstrates feasibility of the six-state protocol with practical devices.

  10. A Secure Protocol for Sharing Trust Data in Hybrid P2P Network

    Directory of Open Access Journals (Sweden)

    Huaiqing Lin

    2011-04-01

    Full Text Available The trust data is critical to the trust model of P2P system. In this paper we present an efficient certificateless cryptography scheme and propose a protocol which provides the ability for sharing trust data securely. The protocol avoids the escrow problem identity-based cryptosystem and the secure delivery of private keys. The security of scheme is based on some underlying problems closely related to the Bilinear Diffie-Hellman Problem are computationally hard. It tolerates the Type I and Type II adversary. The proof of security is presented in the random oracle model.  Through security discussion, we show that my secure protocol is extremely secure when encounter a variety of possible attacks.

  11. A Trusted Centralized Public Key to Secure Border Gateway Protocol

    Directory of Open Access Journals (Sweden)

    Divan Raimagia

    2012-06-01

    Full Text Available The Secure Border Gateway Protocol (S-BGP is used when two different Autonomous System communicate with each other and upon reception of UPDATE from neighbor Autonomous System. A core layer Router in single Autonomous System called BGP speaker first verifies the receiving update and signs the full path with own digital signature and send it to neighbor AS. In Real scenario so many ASes and Routers communicate to each other. So due to several digital signatures mandates, large storage require in router as well as high processor overhead and more time require for sign generation and verification in S-BGP. In this paper, we propose a new approach that less burden on BGP Speaker for verify and generate number of digital signatures using Autonomous System makes trusted through KDC server. The Central KDC Server will send master certificate to validate autonomous system. In this environment each BGP speaker verify only one sign on each update and verify path only between itself and neighbor router. After verification of UPDATE, each BGP speaker sign full path encrypt routing table with neighbor’s public key,

  12. On Adaptive vs. Non-adaptive Security of Multiparty Protocols

    DEFF Research Database (Denmark)

    Canetti, Ran; Damgård, Ivan Bjerre; Dziembowski, Stefan

    2001-01-01

    to the definition of Canetti, for honest-but-curious adversaries, adaptive security is equivalent to non-adaptive security when the number of parties is logarithmic, and is strictly stronger than non-adaptive security when the number of parties is super-logarithmic. For Byzantine adversaries, adaptive security...

  13. Formal security analysis of registration protocols for interactive systems: a methodology and a case of study

    CERN Document Server

    Diaz, Jesus; Rodriguez, Francisco B

    2012-01-01

    In this work we present and formally analyze CHAT-SRP (CHAos based Tickets-Secure Registration Protocol), a protocol to provide interactive and collaborative platforms with a cryptographically robust solution to classical security issues. Namely, we focus on the secrecy and authenticity properties while keeping a high usability. Indeed, most interactive platforms currently base their security properties almost exclusively on the correct implementation and configuration of the systems. In this sense, users are forced to blindly trust the system administrators and developers. Moreover, as far as we know, there is a lack of formal methodologies for the verification of security properties for interactive applications. We propose here a methodology to fill this gap, i.e., to analyse both the security of the proposed protocol and the pertinence of the underlying premises. In this concern, we propose the definition and formal evaluation of a protocol for the distribution of digital identities. Once distributed, thes...

  14. An Authenticated On-Demand Routing Protocol with Key Exchange for Secure MANET

    Science.gov (United States)

    Park, Youngho; Rhee, Kyung-Hyune

    In the meantime, most secure ad hoc routing protocols based on cryptography just have assumed that pair-wise secret keys or public keys were distributed among nodes before running a routing protocol. In this paper, we raise a question about key management related to existing secure routing protocols, and then we propose an authenticated on-demand ad hoc routing protocol with key exchange by applying the ID-based keyed authenticator. In particular, we focus on providing an authentication mechanism to Dynamic Source Routing protocol combined with Diffie-Hellman key exchange protocol, and then we demonstrate simulated performance evaluations. The main contribution of our work is to provide a concurrent establishment of a route and a session key in a secure manner between source and destination nodes in ad hoc networks.

  15. A Protocol for Provably Secure Authentication of a Tiny Entity to a High Performance Computing One

    Directory of Open Access Journals (Sweden)

    Siniša Tomović

    2016-01-01

    Full Text Available The problem of developing authentication protocols dedicated to a specific scenario where an entity with limited computational capabilities should prove the identity to a computationally powerful Verifier is addressed. An authentication protocol suitable for the considered scenario which jointly employs the learning parity with noise (LPN problem and a paradigm of random selection is proposed. It is shown that the proposed protocol is secure against active attacking scenarios and so called GRS man-in-the-middle (MIM attacking scenarios. In comparison with the related previously reported authentication protocols the proposed one provides reduction of the implementation complexity and at least the same level of the cryptographic security.

  16. Typing and compositionality for security protocols: A generalization to the geometric fragment

    DEFF Research Database (Denmark)

    Almousa, Omar; Mödersheim, Sebastian Alexander; Modesti, Paolo;

    2015-01-01

    We integrate, and improve upon, prior relative soundness results of two kinds. The first kind are typing results showing that any security protocol that fulfils a number of sufficient conditions has an attack if it has a well-typed attack. The second kind considers the parallel composition...... of protocols, showing that when running two protocols in parallel allows for an attack, then at least one of the protocols has an attack in isolation. The most important generalization over previous work is the support for all security properties of the geometric fragment....

  17. Perfect forward secure identity-based authenticated key agreement protocol in the escrow mode

    Institute of Scientific and Technical Information of China (English)

    WANG ShengBao; CAO ZhenFu; CHENG ZhaoHui; CHOO Kim-KwangRaymond

    2009-01-01

    The majority of existing escrowable identity-based key agreement protocols only provide partial forward secrecy. Such protocols are, arguably, not suitable for many real-word applications, as the latter tends to require a stronger sense of forward secrecy-perfect forward secrecy. In this paper, we propose an efficient perfect forward-secure identity-based key agreement protocol in the escrow mode. We prove the security of our protocol in the random oracle model, assuming the intractability of the Gap Bilinear Diffie-Hellman (GBDH) problem.

  18. Quantum Key Distribution (QKD) and Commodity Security Protocols: Introduction and Integration

    CERN Document Server

    Mink, Alan; Perlner, Ray

    2010-01-01

    We present an overview of quantum key distribution (QKD), a secure key exchange method based on the quantum laws of physics rather than computational complexity. We also provide an overview of the two most widely used commodity security protocols, IPsec and TLS. Pursuing a key exchange model, we propose how QKD could be integrated into these security applications. For such a QKD integration we propose a support layer that provides a set of common QKD services between the QKD protocol and the security applications

  19. IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI

    Directory of Open Access Journals (Sweden)

    U. Pavan Kumar

    2013-06-01

    Full Text Available This paper is mainly based on providing security to the wireless networks through which devices likeBluetooth gets connected. The Wi-Fi connections are also prone to various attacks these days. The protocols that are required to provide security to wireless networks can be implemented by creating awireless scenario using the software Network Simulator. This paper illustrates a scenario to check the security protocol. As NS2 mainly has the implementation of routing protocols, a new protocol should be designed especially for security purpose. This is done by following many tutorials to get a minimum basic knowledge of NS2, C/C++ coding. The security feature followed in the paper is encryption/decryption of the data that is being exchanged. Data should be ensured as and then there will be a perfect implementation of the protocol. So, the paper throughout concentrates on adding a new security protocol to NS2 and implementation of that protocol by providing a wireless scenario.

  20. A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System.

    Science.gov (United States)

    Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

    2015-08-01

    Radio Frequency Identification (RFID) based solutions are widely used for providing many healthcare applications include patient monitoring, object traceability, drug administration system and telecare medicine information system (TMIS) etc. In order to reduce malpractices and ensure patient privacy, in 2015, Srivastava et al. proposed a hash based RFID tag authentication protocol in TMIS. Their protocol uses lightweight hash operation and synchronized secret value shared between back-end server and tag, which is more secure and efficient than other related RFID authentication protocols. Unfortunately, in this paper, we demonstrate that Srivastava et al.'s tag authentication protocol has a serious security problem in that an adversary may use the stolen/lost reader to connect to the medical back-end server that store information associated with tagged objects and this privacy damage causing the adversary could reveal medical data obtained from stolen/lost readers in a malicious way. Therefore, we propose a secure and efficient RFID tag authentication protocol to overcome security flaws and improve the system efficiency. Compared with Srivastava et al.'s protocol, the proposed protocol not only inherits the advantages of Srivastava et al.'s authentication protocol for TMIS but also provides better security with high system efficiency.

  1. A secured authentication protocol for wireless sensor networks using elliptic curves cryptography.

    Science.gov (United States)

    Yeh, Hsiu-Lien; Chen, Tien-Ho; Liu, Pin-Chuan; Kim, Tai-Hoo; Wei, Hsin-Wen

    2011-01-01

    User authentication is a crucial service in wireless sensor networks (WSNs) that is becoming increasingly common in WSNs because wireless sensor nodes are typically deployed in an unattended environment, leaving them open to possible hostile network attack. Because wireless sensor nodes are limited in computing power, data storage and communication capabilities, any user authentication protocol must be designed to operate efficiently in a resource constrained environment. In this paper, we review several proposed WSN user authentication protocols, with a detailed review of the M.L Das protocol and a cryptanalysis of Das' protocol that shows several security weaknesses. Furthermore, this paper proposes an ECC-based user authentication protocol that resolves these weaknesses. According to our analysis of security of the ECC-based protocol, it is suitable for applications with higher security requirements. Finally, we present a comparison of security, computation, and communication costs and performances for the proposed protocols. The ECC-based protocol is shown to be suitable for higher security WSNs.

  2. Fortification of Transport Layer Security Protocol with Hashed Fingerprint Identity Parameter

    Directory of Open Access Journals (Sweden)

    Kuljeet Kaur

    2012-03-01

    Full Text Available Identity over the public links becomes quiet complex as Client and Server needs proper access rights with authentication. For determining clients identity with password Secured Shell Protocol or Public Key Infrastructure is deployed by various organizations. For end to end transport security SSL (Secured Socket Layer is the de facto standard having Record and Handshake protocol dealing with data integrity and data security respectively. It seems secure but many risks lurk in its use. So focus of the paper would be formulating the steps to be used for the enhancement of SSL. One more tier of security to the transport layer security protocol is added in this research paper by using fingerprints for identity authentication along with password for enhancement of SSL. Bio Hashing which will be done with the help of Minutiae Points at the fingerprints would be used for mutual authentication. New hash algorithm RNA-FINNT is generated in this research paper for converting minutiae points into hashed code. Value of hashed code would be stored at the Database in the Multi Server environment of an organization. Research paper will perform mutual authentication in the multi server environment of an organization with the use of fingerprint and password both as identity authentication parameters. This will strengthen record and handshake protocol which will enhance SSL and further enhancement of SSL will result in the fortification of Transport Layer Security Protocol.

  3. Real Time MODBUS Transmissions and Cryptography Security Designs and Enhancements of Protocol Sensitive Information

    Directory of Open Access Journals (Sweden)

    Aamir Shahzad

    2015-07-01

    Full Text Available Information technology (IT security has become a major concern due to the growing demand for information and massive development of client/server applications for various types of applications running on modern IT infrastructure. How has security been taken into account and which paradigms are necessary to minimize security issues while increasing efficiency, reducing the influence on transmissions, ensuring protocol independency and achieving substantial performance? We have found cryptography to be an absolute security mechanism for client/server architectures, and in this study, a new security design was developed with the MODBUS protocol, which is considered to offer phenomenal performance for future development and enhancement of real IT infrastructure. This study is also considered to be a complete development because security is tested in almost all ways of MODBUS communication. The computed measurements are evaluated to validate the overall development, and the results indicate a substantial improvement in security that is differentiated from conventional methods.

  4. Sustaining Security In MANET: Biometric Stationed Authentication Protocol (BSAP Inculcating Meta-Heuristic Genetic Algorithm

    Directory of Open Access Journals (Sweden)

    Sherin Zafar

    2014-09-01

    Full Text Available The paper comprehends an impending accost of intensifying biometric stationed authentication protocol(BSAP bestowing meta-heuristic genetic algorithm for securing MANET. Biometric authentication using fingerprint, facial, iris scan, voice recognition etc. have gain a lot of importance in recent years to provide security in MANET. Biometrics are more advantageous and secure as compared to prevailing data security techniques like password or token mechanisms. A higher level of security is achieved in our impending approach using genetic algorithm to overcome the security and privacy concerns that exist in biometric technology. The foremost requirement of our protocol is to overcome various data attacks such as wormhole, cache poisoning, invisible node attack etc. that are confronted by MANET and make the network more secure.

  5. Decryptable to Your Eyes: Visualization of Security Protocols at the User Interface

    CERN Document Server

    Nyang, DaeHun; Kwon, Taekyoung; Kang, Brent; Stavrou, Angelos

    2011-01-01

    The design of authentication protocols, for online banking services in particular and any service that is of sensitive nature in general, is quite challenging. Indeed, enforcing security guarantees has overhead thus imposing additional computation and design considerations that do not always meet usability and user requirements. On the other hand, relaxing assumptions and rigorous security design to improve the user experience can lead to security breaches that can harm the users' trust in the system. In this paper, we demonstrate how careful visualization design can enhance not only the security but also the usability of the authentication process. To that end, we propose a family of visualized authentication protocols, a visualized transaction verification, and a "decryptable to your eyes only" protocol. Through rigorous analysis, we verify that our protocols are immune to many of the challenging authentication attacks applicable in the literature. Furthermore, using an extensive case study on a prototype o...

  6. Security of the DNS Protocol - Implementation and Weaknesses Analyses of DNSSEC

    Directory of Open Access Journals (Sweden)

    Kaouthar Chetioui

    2012-03-01

    Full Text Available Today, Internet offers many critical applications. So, it becomes very crucial for Internet service providers to ensure traceability of operations and to secure data exchange. Since all these communications are based on the use of the Domain Name System (DNS protocol, it becomes necessary to think to enhance and secure it by proposing a secure version of this protocol that can correct the whole or a part of the DNS protocol weaknesses and vulnerabilities. In this context, DNSsec was created by the IETF to ensure the integrity of DNS data and authentication of the source of such data. DNSsec is based on the key cryptography public to provide different security services. In the present paper, we will present first the DNS protocol and its weaknesses. After that, we will be interested in studying the DNSsec implementation and data exchange, and then give a deep analysis of its weaknesses.

  7. SD-AODV: A Protocol for Secure and Dynamic Data Dissemination in Mobile Ad Hoc Network

    CERN Document Server

    Nath, Rajender

    2011-01-01

    Security remains as a major concern in the mobile ad hoc networks. This paper presents a new protocol SD-AODV, which is an extension of the exiting protocol AODV. The proposed protocol is made secure and dynamic against three main types of routing attacks- wormhole attack, byzantine attack and blackhole attack. SD-AODV protocol was evaluated through simulation experiments done on Glomosim and performance of the network was measured in terms of packet delivery fraction, average end-to-end delay, global throughput and route errors of a mobile ad hoc network where a defined percentage of nodes behave maliciously. Experimentally it was found that the performance of the network did not degrade in the presence of the above said attacks indicating that the proposed protocol was secure against these attacks.

  8. SD-AODV: A Protocol for Secure and Dynamic Data Dissemination in Mobile Ad Hoc Network

    Directory of Open Access Journals (Sweden)

    Rajender Nath

    2010-11-01

    Full Text Available Security remains as a major concern in the mobile ad hoc networks. This paper presents a new protocol SD-AODV, which is an extension of the exiting protocol AODV. The proposed protocol is made secure and dynamic against three main types of routing attacks-wormhole attack, byzantine attack and blackhole attack. SD-AODV protocol was evaluated through simulation experiments done on Glomosim and performance of the network was measured in terms of packet delivery fraction, average end-to-end delay, global throughput and route errors of a mobile ad hoc network where a defined percentage of nodes behave maliciously. Experimentally it was found that the performance of the network did not degrade in the presence of the above said attacks indicating that the proposed protocol was secure against these attacks.

  9. A Secure and Pragmatic Routing Protocol for Mobile Ad hoc Networks

    Institute of Scientific and Technical Information of China (English)

    LIU Zhi-yuan

    2008-01-01

    An ad hoc network is a group of wireless mobile computers (or nodes), in which individual nodes cooperate by forwarding packets for each other to allow nodes to communicate beyond direct wireless transmission range. Because of node mobility and power limitations, the network topology changes frequently. Routing protocol plays an important role in the ad hoc network. A recent trend in ad hoc network routing is the reactive on-demand philosophy where routes are established only when required. As an optimization for the current Dynamic Source Routing Protocol, a secure and pragmatic routes selection scheme based on Reputation Systems was proposed. We design the Secure and Pragmatic Routing protocol and implement simulation models using GloMoSim. Simulation results show that the Secure and Pragmatic Routing protocol provides better experimental results on packet delivery ratio, power consumption and system throughput than Dynamic Source Routing Protocol.

  10. Final report for the protocol extensions for ATM Security Laboratory Directed Research and Development Project

    Energy Technology Data Exchange (ETDEWEB)

    Tarman, T.D.; Pierson, L.G.; Brenkosh, J.P. [and others

    1996-03-01

    This is the summary report for the Protocol Extensions for Asynchronous Transfer Mode project, funded under Sandia`s Laboratory Directed Research and Development program. During this one-year effort, techniques were examined for integrating security enhancements within standard ATM protocols, and mechanisms were developed to validate these techniques and to provide a basic set of ATM security assurances. Based on our experience during this project, recommendations were presented to the ATM Forum (a world-wide consortium of ATM product developers, service providers, and users) to assist with the development of security-related enhancements to their ATM specifications. As a result of this project, Sandia has taken a leading role in the formation of the ATM Forum`s Security Working Group, and has gained valuable alliances and leading-edge experience with emerging ATM security technologies and protocols.

  11. Experimental study for Yuen-Kim protocol of quantum key distribution with unconditional secure

    OpenAIRE

    Hirota, O.; Kato, K; Sohma, M.

    2002-01-01

    In this report, we simulate practical feature of Yuen-Kim protocol for quantum key distribution with unconditional secure. In order to demonstrate them experimentally by intensity modulation/direct detection(IMDD) optical fiber communication system, we use simplified encoding scheme to guarantee security for key information(1 or 0). That is, pairwise M-ary intensity modulation scheme is employed. Furthermore, we give an experimental implementation of YK protocol based on IMDD.

  12. A secure RFID authentication protocol for healthcare environments using elliptic curve cryptosystem.

    Science.gov (United States)

    Zhao, Zhenguo

    2014-05-01

    With the fast advancement of the wireless communication technology and the widespread use of medical systems, the radio frequency identification (RFID) technology has been widely used in healthcare environments. As the first important protocol for ensuring secure communication in healthcare environment, the RFID authentication protocols derive more and more attentions. Most of RFID authentication protocols are based on hash function or symmetric cryptography. To get more security properties, elliptic curve cryptosystem (ECC) has been used in the design of RFID authentication protocol. Recently, Liao and Hsiao proposed a new RFID authentication protocol using ECC and claimed their protocol could withstand various attacks. In this paper, we will show that their protocol suffers from the key compromise problem, i.e. an adversary could get the private key stored in the tag. To enhance the security, we propose a new RFID authentication protocol using ECC. Detailed analysis shows the proposed protocol not only could overcome weaknesses in Liao and Hsiao's protocol but also has the same performance. Therefore, it is more suitable for healthcare environments.

  13. Cryptographic protocol security analysis based on bounded constructing algorithm

    Institute of Scientific and Technical Information of China (English)

    2006-01-01

    An efficient approach to analyzing cryptographic protocols is to develop automatic analysis tools based on formal methods. However, the approach has encountered the high computational complexity problem due to reasons that participants of protocols are arbitrary, their message structures are complex and their executions are concurrent. We propose an efficient automatic verifying algorithm for analyzing cryptographic protocols based on the Cryptographic Protocol Algebra (CPA) model proposed recently, in which algebraic techniques are used to simplify the description of cryptographic protocols and their executions. Redundant states generated in the analysis processes are much reduced by introducing a new algebraic technique called Universal Polynomial Equation and the algorithm can be used to verify the correctness of protocols in the infinite states space. We have implemented an efficient automatic analysis tool for cryptographic protocols, called ACT-SPA, based on this algorithm, and used the tool to check more than 20 cryptographic protocols. The analysis results show that this tool is more efficient, and an attack instance not offered previously is checked by using this tool.

  14. Secure comparison protocols in the semi-honest model

    NARCIS (Netherlands)

    Veugen, P.J.M.; Blom, F.; Hoogh, S.J.A. de; Erkin, Z.

    2015-01-01

    Due to high complexity, comparison protocols with secret inputs have been a bottleneck in the design of privacy-preserving cryptographic protocols. Different solutions based on homomorphic encryption, garbled circuits and secret sharing techniques have been proposed over the last few years, each cla

  15. An Empirical Study and some Improvements of the MiniMac Protocol for Secure Computation

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Lauritsen, Rasmus; Toft, Tomas

    2014-01-01

    suggest a modification of MiniMac that achieves increased parallelism at no extra communication cost. This gives an asymptotic improvement of the original protocol as well as an 8-fold speed-up of our implementation. We compare the resulting protocol to TinyOT for the case of secure computation in parallel...

  16. Performance Comparison of Secure Routing Protocols in Mobile Ad-Hoc Networks

    Directory of Open Access Journals (Sweden)

    Ashwani Garg

    2012-08-01

    Full Text Available A mobile Ad-Hoc network (MANET is a collection of wireless mobile nodes dynamically forming a temporary network without the use of any existing network infrastructure or centralized administration. Each node operates not only as an end system but, also as a router to forward packets. The nodes are free to move about and organize themselves into a network. These nodes change position frequently. A node can get compromised during the route discovery process. Attackers from inside or outside can easily exploit the network. Several secure routing protocols are proposed for MANETs by researchers. In this paper, an attempt has been made to compare the performance of two prominent secure routing protocols for MANETs: Secure Efficient Ad-Hoc Distance Vector Protocol i.e. SEAD (a proactive or table driven protocol and Ariadne (a reactive or on demand protocol.Compared to the proactive routing protocols, less control overhead is a distinct advantage of the reactive protocols. Thus, reactive routing protocols have better scalability than proactive routing protocols. However, when using reactive routing protocols, source nodes may suffer from long delays for route searching before they can forward data packets. Hence these protocols are not suitable for real-time applications. As per our findings the difference in the protocols mechanics leads to significant performance differentials for both of these protocols. The performance differentials are analyzed using varying simulation time. These simulations are carried out using the NS-2 network simulator. The results presented in this work illustrate the importance in carefully evaluating and implementing routing protocols in an ad hoc environment.

  17. Cyber Security Vulnerabilities During Long Term Evolution Power-Saving Discontinuous Reception Protocol

    Science.gov (United States)

    2014-06-01

    packet-switched architecture used in third generation ( 3G ) cellular technologies instead of the circuit-switched architecture used in second generation...EVOLUTION NETWORK ARCHITECTURE .....................................................................5 1. Radio Protocol Architecture ...31 1. Security Architecture .........................................................................31 2. Access Stratum Security

  18. A Secure Simplification of the PKMv2 Protocol in IEEE 802.16e-2005

    DEFF Research Database (Denmark)

    Yuksel, Ender; Nielson, Hanne Riis; Nielsen, Christoffer Rosenkilde

    2007-01-01

    for IEEE 802.16e, PKMv2. This protocol seems to have an exaggerated mixture of security features. Thus, we iteratively investigate which components are necessary for upholding the security properties and which can be omitted safely. This approach is based on the LySa process calculus and employs...

  19. A Secure Simplification of the PKMv2 Protocol in IEEE 802.16e-2005

    DEFF Research Database (Denmark)

    Yuksel, Ender; Nielson, Hanne Riis; Nielsen, Christoffer Rosenkilde

    2007-01-01

    for IEEE 802.16e, PKMv2. This protocol seems to have an exaggerated mixture of security features. Thus, we iteratively investigate which components are necessary for upholding the security properties and which can be omitted safely. This approach is based on the LySa process calculus and employs...

  20. A Survey on Security Issues in Ad Hoc Routing Protocols and their Mitigation Techniques

    CERN Document Server

    Kayarkar, Harshavardhan

    2012-01-01

    Mobile Ad hoc Networks (MANETS) are transient networks of mobile nodes, connected through wireless links, without any fixed infrastructure or central management. Due to the self-configuring nature of these networks, the topology is highly dynamic. This makes the Ad Hoc Routing Protocols in MANETS highly vulnerable to serious security issues. In this paper, we survey the common security threats and attacks and summarize the solutions suggested in the survey to mitigate these security vulnerabilities.

  1. Securing Internet Protocol (IP) Storage: A Case Study

    CERN Document Server

    Somayaji, Siva Rama Krishnan; 10.5121/ijngn.2010.2102

    2010-01-01

    Storage networking technology has enjoyed strong growth in recent years, but security concerns and threats facing networked data have grown equally fast. Today, there are many potential threats that are targeted at storage networks, including data modification, destruction and theft, DoS attacks, malware, hardware theft and unauthorized access, among others. In order for a Storage Area Network (SAN) to be secure, each of these threats must be individually addressed. In this paper, we present a comparative study by implementing different security methods in IP Storage network.

  2. Bayesian Authentication: Quantifying Security of the Hancke-Kuhn Protocol

    NARCIS (Netherlands)

    Pavlovic, Dusko; Meadows, Catherine; Mislove, M.; Selinger, P.

    2010-01-01

    As mobile devices pervade physical space, the familiar authentication patterns are becoming insufficient: besides entity authentication, many applications require, e.g., location authentication. Many interesting protocols have been proposed and implemented to provide such strengthened forms of authe

  3. Research on secure buyer-seller watermarking protocol

    Institute of Scientific and Technical Information of China (English)

    Liu Quan; Chen Zheng; Zhou Zude

    2008-01-01

    A new buyer-seller watermarking protocol is proposed by applying a double encryption method and a novel mechanism of embedding a buyer's watermark. The protocol can effectively prevent against collusion attacks and the man in the middle attack if the third party is not trusted. Also, based on the proposed scheme for the first-hand transaction, a new buyer-reseller watermarking protocol and a formal multi-party watermarking protocol are also proposed. The proposed buyer-resell watermarking protocol only needs the original seller to provide transfer certificate and encryption-decryption service to support the second-hand transaction, and the multi-party watermarking protocol with distributed certificate authorities can overcome the difficulty in the combination of multicast mechanism with multiple unique watermarks and allow a seller to multicast the watermarked digital contents and key transaction information to n buyers. Furthermore, the idea of zero knowledge proof is also applied into the proposed scheme to allow the seller to take an effective control on the task performed by the third party.

  4. A Trust Based Cross Layer Security Protocol for Mobile Ad hoc Networks

    CERN Document Server

    Rajaram, A

    2009-01-01

    In this paper, we develop a trust based security protocol based on a cross layer approach which attains confidentiality and authentication of packets in both routing and link layers of MANETs. In the first phase of the protocol, we design a trust based packet forwarding scheme for detecting and isolating the malicious nodes using the routing layer information. It uses trust values to favor packet forwarding by maintaining a trust counter for each node. A node is punished or rewarded by decreasing or increasing the trust counter. If the trust counter value falls below a trust threshold, the corresponding intermediate node is marked as malicious. In the next phase of the protocol, we provide link layer security using the CBCX mode of authentication and encryption. By simulation results, we show that the proposed cross layer security protocol achieves high packet delivery ratio while attaining low delay and overhead.

  5. Secure and Robust IPV6 Autoconfiguration Protocol For Mobile Adhoc Networks Under Strong Adversarial Model

    CERN Document Server

    Slimane, Zohra; Feham, Mohamed; Taleb-Ahmed, Abdelmalik

    2011-01-01

    Automatic IP address assignment in Mobile Ad hoc Networks (MANETs) enables nodes to obtain routable addresses without any infrastructure. Different protocols have been developed throughout the last years to achieve this service. However, research primarily focused on correctness, efficiency and scalability; much less attention has been given to the security issues. The lack of security in the design of such protocols opens the possibility of many real threats leading to serious attacks in potentially hostile environments. Recently, few schemes have been proposed to solve this problem, but none of them has brought satisfactory solutions. Auto-configuration security issues are still an open problem. In this paper, a robust and secure stateful IP address allocation protocol for standalone MANETs is specified and evaluated within NS2. Our solution is based on mutual authentication, and a fully distributed Autoconfiguration and CA model, in conjunction with threshold cryptography. By deploying a new concept of joi...

  6. A Secure Key Establishment Protocol for ZigBee Wireless Sensor Networks

    DEFF Research Database (Denmark)

    Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

    2009-01-01

    ZigBee is a wireless sensor network standard that defines network and application layers on top of IEEE 802.15.4’s physical and medium access control layers. In the latest version of ZigBee, enhancements are prescribed for the security sublayer but we show in this paper that problems persist....... In particular we show that the End-to-End Application Key Establishment Protocol is flawed and we propose a secure protocol instead. We do so by using formal verification techniques based on static program analysis and process algebras. We present a way of using formal methods in wireless network security......, and propose a secure key establishment protocol for ZigBee networks....

  7. A Secure Key Establishment Protocol for ZigBee Wireless Sensor Networks

    DEFF Research Database (Denmark)

    Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

    2010-01-01

    ZigBee is a wireless sensor network standard that defines network and application layers on top of IEEE 802.15.4's physical and medium access control layers. In the latest version of ZigBee, enhancements are prescribed for the security sublayer but we show in this paper that problems persist....... In particular, we show that the end-to-end application key establishment protocol is flawed and we propose a secure protocol instead. We do so by using formal verification techniques based on static program analysis and process algebras. We present a way of using formal methods in wireless network security......, and propose a secure key establishment protocol for ZigBee networks....

  8. Security technologies and protocols for Asynchronous Transfer Mode networks

    Energy Technology Data Exchange (ETDEWEB)

    Tarman, T.D.

    1996-06-01

    Asynchronous Transfer Mode (ATM) is a new data communications technology that promises to integrate voice, video, and data traffic into a common network infrastructure. In order to fully utilize ATM`s ability to transfer real-time data at high rates, applications will start to access the ATM layer directly. As a result of this trend, security mechanisms at the ATM layer will be required. A number of research programs are currently in progress which seek to better understand the unique issues associated with ATM security. This paper describes some of these issues, and the approaches taken by various organizations in the design of ATM layer security mechanisms. Efforts within the ATM Forum to address the user communities need for ATM security are also described.

  9. A system architecture, processor, and communication protocol for secure implants

    NARCIS (Netherlands)

    C. Strydis (Christos); R.M. Seepers (Robert); P. Peris-Lopez (Pedro); D. Siskos (Dimitrios); I. Sourdis (Ioannis)

    2013-01-01

    textabstractSecure and energy-efficient communication between Implantable Medical Devices (IMDs) and authorized external users is attracting increasing attention these days. However, there currently exists no systematic approach to the problem, while solutions from neighboring fields, such as

  10. Security Routing Protocol For The Wireless Mesh Networks (WMNs)

    Institute of Scientific and Technical Information of China (English)

    王五妹; 赵彩丹; 黄联芬; 姚彦

    2008-01-01

    The pretty promising Wireless Mesh Networking technique, which is regarded as the next generation wireless Internet, not only possesses the normal features of wireless networks, but also has the advantages of multi-hop, self-organizing, etc. However, the great strength of the Mesh Networks also lead to a serious problem in the perspective of network security. This paper starts with the security issue of WMN routing and puts forward the corresponding solutions to the two kinds of routings’ security, such as adding the public/private (Pi/Si) key to the AODV to solve the problem of black hole and adding the credit value of nodes to the DSR to improve the security.

  11. Improved Security Models & Protocols in Online Mobile Business Financial Transactions

    OpenAIRE

    Sreeramana Aithal

    2017-01-01

    Chapter I : Introduction to Mobile Business and Mobile Banking Chapter II : Review of Literature on Mobile Business Technology, Mobile Banking Services & Security Chapter III : Research Objectives and Methodology Chapter IV : Results and Discussion Chapter V : Summary and Conclusions Bibliography

  12. Security Enhanced User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography

    Directory of Open Access Journals (Sweden)

    Younsung Choi

    2014-06-01

    Full Text Available Wireless sensor networks (WSNs consist of sensors, gateways and users. Sensors are widely distributed to monitor various conditions, such as temperature, sound, speed and pressure but they have limited computational ability and energy. To reduce the resource use of sensors and enhance the security of WSNs, various user authentication protocols have been proposed. In 2011, Yeh et al. first proposed a user authentication protocol based on elliptic curve cryptography (ECC for WSNs. However, it turned out that Yeh et al.’s protocol does not provide mutual authentication, perfect forward secrecy, and key agreement between the user and sensor. Later in 2013, Shi et al. proposed a new user authentication protocol that improves both security and efficiency of Yeh et al.’s protocol. However, Shi et al.’s improvement introduces other security weaknesses. In this paper, we show that Shi et al.’s improved protocol is vulnerable to session key attack, stolen smart card attack, and sensor energy exhausting attack. In addition, we propose a new, security-enhanced user authentication protocol using ECC for WSNs.

  13. Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography.

    Science.gov (United States)

    Choi, Younsung; Lee, Donghoon; Kim, Jiye; Jung, Jaewook; Nam, Junghyun; Won, Dongho

    2014-06-10

    Wireless sensor networks (WSNs) consist of sensors, gateways and users. Sensors are widely distributed to monitor various conditions, such as temperature, sound, speed and pressure but they have limited computational ability and energy. To reduce the resource use of sensors and enhance the security of WSNs, various user authentication protocols have been proposed. In 2011, Yeh et al. first proposed a user authentication protocol based on elliptic curve cryptography (ECC) for WSNs. However, it turned out that Yeh et al.'s protocol does not provide mutual authentication, perfect forward secrecy, and key agreement between the user and sensor. Later in 2013, Shi et al. proposed a new user authentication protocol that improves both security and efficiency of Yeh et al.'s protocol. However, Shi et al.'s improvement introduces other security weaknesses. In this paper, we show that Shi et al.'s improved protocol is vulnerable to session key attack, stolen smart card attack, and sensor energy exhausting attack. In addition, we propose a new, security-enhanced user authentication protocol using ECC for WSNs.

  14. Multiset Rewriting and the Complexity of Bounded Security Protocols

    Science.gov (United States)

    2003-06-06

    Stanford University University of Pennsylvania Stanford, CA Philadelphia, PA jcm@cs.stanford.edu andre @cis.upenn.edu June 6, 2003 Abstract We formalize... Breton , NS, Canada, 24{26 June 2002. IEEE Computer Society Press. [BM93] J.-P. Banâtre and D. Le Metayer. Computing by multiset transformation. Com...187, Cape Breton , Nova Scotia, Canada, 2001. IEEE Computer Society Press. [Sch96] S. Schneider. Security properties and CSP. In IEEE Symp. Security

  15. Secure chip based encrypted search protocol in mobile office environments

    Directory of Open Access Journals (Sweden)

    Hyun-A Park

    2016-05-01

    Full Text Available This paper deals with largely two security problems between the cloud computing service and trusted platform module (TPM chip as a mobile convergent technology. At first, we solve the social issues from inside attackers, which is caused by that we regard server managers as trustworthy. In order to solve this problem, we propose encrypted DB retrieval system whose server manager cannot access on real data (plaintexts in mobile office environments of the cloud datacenter. The other problem is that cloud computing has limitless computing resources; however, it faces with the vulnerability of security. On the other hand, the TPM technology has been known as a symbol of physical security; however, it has the severe limitation of use such as hardware constraints or limited amount of non-volatile memory. To overcome the weakness and produce synergic effects between the two technologies, we combine two applications (cloud datacenter service, TPM chip as a mobile convergent technology. The main methods are TPM-security-client and masked keys. With these methods, the real keys are stored in TPM and the faked keys (masked keys are implemented for computations instead of real keys. Thus, the result of the faked keys is the same as the real keys. Consequently, this system is secure against both of the insiders and outsiders, the cloud computing service can improve security weaknesses.

  16. An Analysis on Endaira:A Provably Secure On-Demand Source Routing Protocol

    Directory of Open Access Journals (Sweden)

    A.F.A. Abidin,

    2010-05-01

    Full Text Available Routing is one of the most basic networking functions inmobile ad hoc networks. Secure routing protocols for mobile ad hocnetworks provide the necessary functionality for proper networkoperation. Hence, an adversary can easily paralyze the operation ofthe network by attacking the routing protocol. This has beenrealized by many researchers, and several “secure” routingprotocols have been proposed for ad hoc networks. There are somesecure routing protocols that have been proposed to reduce the riskof attacking the routing protocol by Denial of Service, hackers andso on. In this research, we will explore and discuss a new ondemandsource routing protocol, called ENDAIRA, and wedemonstrate the usage of our framework by proving that it is mostsecure routing protocol. We assess the simulation study to compareand prove the strength of ENDAIRA model among the other securerouting protocol.

  17. A Novel Re-keying Function Protocol (NRFP For Wireless Sensor Network Security

    Directory of Open Access Journals (Sweden)

    Naif Alsharabi

    2008-12-01

    Full Text Available This paper describes a novel re-keying function protocol (NRFP for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs, covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding in-network processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks.

  18. A Secure Routing Protocol and its application in Multi-sink Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Nike Gui

    2010-05-01

    Full Text Available Wireless sensor networks are increasingly deployed in security-critical areas, such as battle field. However, general sensor nodes are manufactured with inexpensive components, and they are short of security enhancement. Therefore, an adversary could capture and compromise sensor nodes easily, then launch some malicious attacks (including tampering or discarding useful data collected from source nodes. In this paper, we propose a secure routing and aggregation protocol with low energy cost for sensor networks (named STAPLE, which utilizes one-way hash chain and multi-path mechanism to achieve security of wireless sensor networks, and develop a network expanding model to control communication cost incurred by multi-path routing. Then we discuss the protocol application in multi-sink wireless sensor networks. Finally, we perform the simulation of STAPLE in comparison with INSENS, the results demonstrate that STAPLE achieves a higher level security with considerably low communication overhead.

  19. Design and Research of a New secure Authentication Protocol in GSM networks

    Directory of Open Access Journals (Sweden)

    Qi Ai-qin

    2016-01-01

    Full Text Available As the first line of defense in the security application system, Authentication is an important security service. Its typical scheme is challenge/response mechanism and this scheme which is simple-structured and easy to realize has been used worldwide. But these protocols have many following problems In the GSM networks such as the leakage of user indentity privacy, no security protection between home registers and foreign registers and the vicious intruders’ information stealing and so on. This paper presents an authentication protocol in GSM networks based on maths operation and modular square root technique . The analysis of the security and performance has also been done. The results show that it is more robust and secure compared to the previous agreements.

  20. Security of a key agreement protocol based on chaotic maps

    Energy Technology Data Exchange (ETDEWEB)

    Han Song [Curtin University of Technology, G.P.O. Box U1987 Perth, WA 6845 (Australia)], E-mail: s.han@curtin.edu.au

    2008-11-15

    Kacorev et al. proposed new public key encryption scheme using chaotic maps. Subsequently, Bergamo et al. has broken Kacorev and Tasev's encryption scheme and then applied the attack on a key agreement protocol based on Kacorev et al.'s system. In order to address Bergamo et al.' attack, Xiao et al. proposed a novel key agreement protocol. In this paper, we will present two attacks on Xiao et al.'s key agreement protocol using chaotic maps. Our new attack method is different from the one that Bergamo et al. developed. The proposed attacks work in a way that an adversary can prevent the user and the server from establishing a shared session key even though the adversary cannot get any private information from the user and the server's communications.

  1. Security protocol specification and verification with AnBx

    DEFF Research Database (Denmark)

    Bugliesi, Michele; Calzavara, Stefano; Mödersheim, Sebastian Alexander

    2016-01-01

    Designing distributed protocols is complex and requires actions at very different levels: from the design of an interaction flow supporting the desired application-specific guarantees to the selection of the most appropriate network-level protection mechanisms. To tame this complexity, we propose...... AnBx, a formal protocol specification language based on the popular Alice & Bob notation. AnBx offers channels as the main abstraction for communication, providing different authenticity and/or confidentiality guarantees for message transmission. AnBx extends existing proposals in the literature...

  2. A comparative study of protocols for secure quantum communication under noisy environment: single-qubit-based protocols versus entangled-state-based protocols

    Science.gov (United States)

    Sharma, Vishal; Thapliyal, Kishore; Pathak, Anirban; Banerjee, Subhashish

    2016-11-01

    The effect of noise on various protocols of secure quantum communication has been studied. Specifically, we have investigated the effect of amplitude damping, phase damping, squeezed generalized amplitude damping, Pauli type as well as various collective noise models on the protocols of quantum key distribution, quantum key agreement, quantum secure direct quantum communication and quantum dialogue. From each type of protocol of secure quantum communication, we have chosen two protocols for our comparative study: one based on single-qubit states and the other one on entangled states. The comparative study reported here has revealed that single-qubit-based schemes are generally found to perform better in the presence of amplitude damping, phase damping, squeezed generalized amplitude damping noises, while entanglement-based protocols turn out to be preferable in the presence of collective noises. It is also observed that the effect of noise depends upon the number of rounds of quantum communication involved in a scheme of quantum communication. Further, it is observed that squeezing, a completely quantum mechanical resource present in the squeezed generalized amplitude channel, can be used in a beneficial way as it may yield higher fidelity compared to the corresponding zero squeezing case.

  3. Empirical Network Performance Evaluation of Security Protocols on Operating Systems

    Directory of Open Access Journals (Sweden)

    Shaneel Narayan

    2012-10-01

    Full Text Available Securing data transmission is currently a widely researched topic. There are numerous facades in data security. Virtual Private Network (VPN is one such strand that provides security for data that is in motion. Performance of a network that has VPN implementation is at the forefront of network design and choice of the operating systems and cryptographic algorithms is critical to enhancing network performance. In this research undertaking, three VPN techniques, namely DES, 3DES and AES, which are commonly used to implement IPSec VPNs, are performance analyzed on test-bed setup. These are implemented on a network with Linux Fedora and a router and Windows desktop operating systems on another node. The VPN algorithms tested show that there may be performance differences when implemented with different operating system combinations.

  4. On the security of the Mobile IP protocol family

    NARCIS (Netherlands)

    Meyer, Ulrike; Tschofenig, Hannes; Karagiannis, Georgios; Devetsikiotis, M.; Michailidis, G.

    2007-01-01

    The Internet Engineering Task Force (IETF) has worked on network layer mobility for more than 10 years and a number of RFCs are available by now. Although the IETF mobility protocols are not present in the Internet infrastructure as of today, deployment seems to be imminent since a number of organiz

  5. Performance Evaluation of Security Protocols Specified in LySa

    DEFF Research Database (Denmark)

    Bodei, Chiara; Curti, Michele; Degano, Pierpaolo

    2005-01-01

    We use a special operational semantics which drives us in inferring quantitative measures on system describing cryptographic protocols. The transitions of the system carry enhanced labels. We assign rates to transitions by only looking at these labels. The rates reflect the distributed architectu...

  6. A Source Anonymity-Based Lightweight Secure AODV Protocol for Fog-Based MANET

    Directory of Open Access Journals (Sweden)

    Weidong Fang

    2017-06-01

    Full Text Available Fog-based MANET (Mobile Ad hoc networks is a novel paradigm of a mobile ad hoc network with the advantages of both mobility and fog computing. Meanwhile, as traditional routing protocol, ad hoc on-demand distance vector (AODV routing protocol has been applied widely in fog-based MANET. Currently, how to improve the transmission performance and enhance security are the two major aspects in AODV’s research field. However, the researches on joint energy efficiency and security seem to be seldom considered. In this paper, we propose a source anonymity-based lightweight secure AODV (SAL-SAODV routing protocol to meet the above requirements. In SAL-SAODV protocol, source anonymous and secure transmitting schemes are proposed and applied. The scheme involves the following three parts: the source anonymity algorithm is employed to achieve the source node, without being tracked and located; the improved secure scheme based on the polynomial of CRC-4 is applied to substitute the RSA digital signature of SAODV and guarantee the data integrity, in addition to reducing the computation and energy consumption; the random delayed transmitting scheme (RDTM is implemented to separate the check code and transmitted data, and achieve tamper-proof results. The simulation results show that the comprehensive performance of the proposed SAL-SAODV is a trade-off of the transmission performance, energy efficiency, and security, and better than AODV and SAODV.

  7. A Source Anonymity-Based Lightweight Secure AODV Protocol for Fog-Based MANET.

    Science.gov (United States)

    Fang, Weidong; Zhang, Wuxiong; Xiao, Jinchao; Yang, Yang; Chen, Wei

    2017-06-17

    Fog-based MANET (Mobile Ad hoc networks) is a novel paradigm of a mobile ad hoc network with the advantages of both mobility and fog computing. Meanwhile, as traditional routing protocol, ad hoc on-demand distance vector (AODV) routing protocol has been applied widely in fog-based MANET. Currently, how to improve the transmission performance and enhance security are the two major aspects in AODV's research field. However, the researches on joint energy efficiency and security seem to be seldom considered. In this paper, we propose a source anonymity-based lightweight secure AODV (SAL-SAODV) routing protocol to meet the above requirements. In SAL-SAODV protocol, source anonymous and secure transmitting schemes are proposed and applied. The scheme involves the following three parts: the source anonymity algorithm is employed to achieve the source node, without being tracked and located; the improved secure scheme based on the polynomial of CRC-4 is applied to substitute the RSA digital signature of SAODV and guarantee the data integrity, in addition to reducing the computation and energy consumption; the random delayed transmitting scheme (RDTM) is implemented to separate the check code and transmitted data, and achieve tamper-proof results. The simulation results show that the comprehensive performance of the proposed SAL-SAODV is a trade-off of the transmission performance, energy efficiency, and security, and better than AODV and SAODV.

  8. A system architecture, processor, and communication protocol for secure implants

    NARCIS (Netherlands)

    C. Strydis (Christos); R.M. Seepers (Robert); P. Peris-Lopez (Pedro); D. Siskos (Dimitrios); I. Sourdis (Ioannis)

    2013-01-01

    textabstractSecure and energy-efficient communication between Implantable Medical Devices (IMDs) and authorized external users is attracting increasing attention these days. However, there currently exists no systematic approach to the problem, while solutions from neighboring fields, such as wirele

  9. Adaptive and Secure Routing Protocol for Emergency Mobile Ad Hoc Networks

    CERN Document Server

    Panaousis, Emmanouil A; Millar, Grant P; Politis, Christos; 10.5121/ijwmn.2010.2205

    2010-01-01

    The nature of Mobile Ad hoc NETworks (MANETs) makes them suitable to be utilized in the context of an extreme emergency for all involved rescue teams. We use the term emergency MANETs (eMANETs) in order to describe next generation IP-based networks, which are deployed in emergency cases such as forest fires and terrorist attacks. The main goal within the realm of eMANETs is to provide emergency workers with intelligent devices such as smart phones and PDAs. This technology allows communication "islets" to be established between the members of the same or different emergency teams (policemen, firemen, paramedics). In this article, we discuss an adaptive and secure routing protocol developed for the purposes of eMANETs. We evaluate the performance of the protocol by comparing it with other widely used routing protocols for MANETs. We finally show that the overhead introduced due to security considerations is affordable to support secure ad-hoc communications among lightweight devices.

  10. A Secure Time-Stamp Based Concurrency Control Protocol For Distributed Databases

    Directory of Open Access Journals (Sweden)

    Shashi Bhushan

    2007-01-01

    Full Text Available In distributed database systems the global database is partitioned into a collection of local databases stored at different sites. In this era of growing technology and fast communication media, security has an important role to play. In this paper we presented a secure concurrency control protocol (SCCP based on the timestamp ordering, which provides concurrency control and maintains security. We also implemented SCCP and a comparison of SCCP is presented in three cases (High, Medium and Low security levels. In this experiment, It is observed that throughput of the system decreases as the security level of the transaction increases, i.e., there is tradeoff between the security level and the throughput of the system.

  11. INTEROPERABILITY, TRUST BASED INFORMATION SHARING PROTOCOL AND SECURITY: DIGITAL GOVERNMENT KEY ISSUES

    Directory of Open Access Journals (Sweden)

    Md.Headayetullah

    2010-06-01

    Full Text Available Improved interoperability between public and private organizations is of key significance to make digitalgovernment newest triumphant. Digital Government interoperability, information sharing protocol andsecurity are measured the key issue for achieving a refined stage of digital government. Flawlessinteroperability is essential to share the information between diverse and merely dispersed organisationsin several network environments by using computer based tools. Digital government must ensure securityfor its information systems, including computers and networks for providing better service to the citizens.Governments around the world are increasingly revolving to information sharing and integration forsolving problems in programs and policy areas. Evils of global worry such as syndrome discovery andmanage, terror campaign, immigration and border control, prohibited drug trafficking, and more demandinformation sharing, harmonization and cooperation amid government agencies within a country andacross national borders. A number of daunting challenges survive to the progress of an efficientinformation sharing protocol. A secure and trusted information-sharing protocol is required to enableusers to interact and share information easily and perfectly across many diverse networks and databasesglobally. This article presents (1 literature review of digital government security and interoperabilityand, (2 key research issue trust based information sharing protocol for seamless interoperability amongdiverse government organizations or agencies around the world. While trust-based information access iswell studied in the literature, presented secure information sharing technologies and protocols cannotoffer enough incentives for government agencies to share information amid them without harming theirown national interest. To overcome the drawbacks of the exiting technology, an innovative and proficienttrust-based security protocol is proposed in this

  12. A Provably Secure Revocable ID-Based Authenticated Group Key Exchange Protocol with Identifying Malicious Participants

    Directory of Open Access Journals (Sweden)

    Tsu-Yang Wu

    2014-01-01

    Full Text Available The existence of malicious participants is a major threat for authenticated group key exchange (AGKE protocols. Typically, there are two detecting ways (passive and active to resist malicious participants in AGKE protocols. In 2012, the revocable identity- (ID- based public key system (R-IDPKS was proposed to solve the revocation problem in the ID-based public key system (IDPKS. Afterwards, based on the R-IDPKS, Wu et al. proposed a revocable ID-based AGKE (RID-AGKE protocol, which adopted a passive detecting way to resist malicious participants. However, it needs three rounds and cannot identify malicious participants. In this paper, we fuse a noninteractive confirmed computation technique to propose the first two-round RID-AGKE protocol with identifying malicious participants, which is an active detecting way. We demonstrate that our protocol is a provably secure AGKE protocol with forward secrecy and can identify malicious participants. When compared with the recently proposed ID/RID-AGKE protocols, our protocol possesses better performance and more robust security properties.

  13. Reducing software security risk through an integrated approach research initiative model based verification of the Secure Socket Layer (SSL) Protocol

    Science.gov (United States)

    Powell, John D.

    2003-01-01

    This document discusses the verification of the Secure Socket Layer (SSL) communication protocol as a demonstration of the Model Based Verification (MBV) portion of the verification instrument set being developed under the Reducing Software Security Risk (RSSR) Trough an Integrated Approach research initiative. Code Q of the National Aeronautics and Space Administration (NASA) funds this project. The NASA Goddard Independent Verification and Validation (IV&V) facility manages this research program at the NASA agency level and the Assurance Technology Program Office (ATPO) manages the research locally at the Jet Propulsion Laboratory (California institute of Technology) where the research is being carried out.

  14. Reducing software security risk through an integrated approach research initiative model based verification of the Secure Socket Layer (SSL) Protocol

    Science.gov (United States)

    Powell, John D.

    2003-01-01

    This document discusses the verification of the Secure Socket Layer (SSL) communication protocol as a demonstration of the Model Based Verification (MBV) portion of the verification instrument set being developed under the Reducing Software Security Risk (RSSR) Trough an Integrated Approach research initiative. Code Q of the National Aeronautics and Space Administration (NASA) funds this project. The NASA Goddard Independent Verification and Validation (IV&V) facility manages this research program at the NASA agency level and the Assurance Technology Program Office (ATPO) manages the research locally at the Jet Propulsion Laboratory (California institute of Technology) where the research is being carried out.

  15. Secure and Lightweight Cloud-Assisted Video Reporting Protocol over 5G-Enabled Vehicular Networks.

    Science.gov (United States)

    Nkenyereye, Lewis; Kwon, Joonho; Choi, Yoon-Ho

    2017-09-23

    In the vehicular networks, the real-time video reporting service is used to send the recorded videos in the vehicle to the cloud. However, when facilitating the real-time video reporting service in the vehicular networks, the usage of the fourth generation (4G) long term evolution (LTE) was proved to suffer from latency while the IEEE 802.11p standard does not offer sufficient scalability for a such congested environment. To overcome those drawbacks, the fifth-generation (5G)-enabled vehicular network is considered as a promising technology for empowering the real-time video reporting service. In this paper, we note that security and privacy related issues should also be carefully addressed to boost the early adoption of 5G-enabled vehicular networks. There exist a few research works for secure video reporting service in 5G-enabled vehicular networks. However, their usage is limited because of public key certificates and expensive pairing operations. Thus, we propose a secure and lightweight protocol for cloud-assisted video reporting service in 5G-enabled vehicular networks. Compared to the conventional public key certificates, the proposed protocol achieves entities' authorization through anonymous credential. Also, by using lightweight security primitives instead of expensive bilinear pairing operations, the proposed protocol minimizes the computational overhead. From the evaluation results, we show that the proposed protocol takes the smaller computation and communication time for the cryptographic primitives than that of the well-known Eiza-Ni-Shi protocol.

  16. Computational Security Analysis of the UMTS and LTE Authentication and Key Agreement Protocols

    CERN Document Server

    Mjølsnes, Stig

    2012-01-01

    One of the forerunners and main candidates for the fourth generation (4G) generation mobile communication system is commonly known under the name Long-Term Evolution (LTE) and its standard is produced and maintained by the international 3rd Generation Partnership Program (3GPP) consortium. The LTE Authentication and Key Agreement (AKA) protocol design is based on the Universal Mobile Telecommunications System (UMTS) AKA protocol, which is widely used today for third generation (3G) wireless networks. The authentication protocols for these mobile network systems will arguably become the most widely used security protocols in the near future. We present a computational security analysis of both the LTE AKA and the UMTS AKA. This work constitutes the first security analysis of LTE AKA to date. Our analysis is based on a computational security model. Moreover, we report on a deficiency in the protocol specifications, and show how this may enable attacks on both LTE AKA and UMTS AKA. The vulnerability can be explo...

  17. Cost-Effective Encryption-Based Autonomous Routing Protocol for Efficient and Secure Wireless Sensor Networks

    Science.gov (United States)

    Saleem, Kashif; Derhab, Abdelouahid; Orgun, Mehmet A.; Al-Muhtadi, Jalal; Rodrigues, Joel J. P. C.; Khalil, Mohammed Sayim; Ali Ahmed, Adel

    2016-01-01

    The deployment of intelligent remote surveillance systems depends on wireless sensor networks (WSNs) composed of various miniature resource-constrained wireless sensor nodes. The development of routing protocols for WSNs is a major challenge because of their severe resource constraints, ad hoc topology and dynamic nature. Among those proposed routing protocols, the biology-inspired self-organized secure autonomous routing protocol (BIOSARP) involves an artificial immune system (AIS) that requires a certain amount of time to build up knowledge of neighboring nodes. The AIS algorithm uses this knowledge to distinguish between self and non-self neighboring nodes. The knowledge-building phase is a critical period in the WSN lifespan and requires active security measures. This paper proposes an enhanced BIOSARP (E-BIOSARP) that incorporates a random key encryption mechanism in a cost-effective manner to provide active security measures in WSNs. A detailed description of E-BIOSARP is presented, followed by an extensive security and performance analysis to demonstrate its efficiency. A scenario with E-BIOSARP is implemented in network simulator 2 (ns-2) and is populated with malicious nodes for analysis. Furthermore, E-BIOSARP is compared with state-of-the-art secure routing protocols in terms of processing time, delivery ratio, energy consumption, and packet overhead. The findings show that the proposed mechanism can efficiently protect WSNs from selective forwarding, brute-force or exhaustive key search, spoofing, eavesdropping, replaying or altering of routing information, cloning, acknowledgment spoofing, HELLO flood attacks, and Sybil attacks. PMID:27043572

  18. Dynamic Auditing Protocol for Efficient and Secure Data Storage in Cloud Computing

    Directory of Open Access Journals (Sweden)

    J. Noorul Ameen

    2014-06-01

    Full Text Available Cloud computing, where the data has been stored on cloud servers and retrieved by users (data consumers the data from cloud servers. However, there are some security challenges which are in need of independent auditing services to verify the data integrity and safety in the cloud. Until now a numerous methods has been developed for remote integrity checking whichever only serve for static archive data and cannot be implemented to the auditing service if the data in the cloud is being dynamically updated. Therefore, it is expected to design an efficient and secure dynamic auditing protocol to convince the data owners for t he security and integrity of their data. In this paper, we intent to construct an auditing framework for cloud storage systems for efficient privacy-preserving auditing service. Then, our auditing protocol is extended to support the data dynamic operations for secure auditing in the random oracle model. In addition, our auditing protocol is improved to support batch auditing for both multiple owners and multiple clouds without any trusted organizer. Our proposed auditing protocols will be proved for their secure and efficient computation with reduced cost for the auditing.

  19. Cost-Effective Encryption-Based Autonomous Routing Protocol for Efficient and Secure Wireless Sensor Networks.

    Science.gov (United States)

    Saleem, Kashif; Derhab, Abdelouahid; Orgun, Mehmet A; Al-Muhtadi, Jalal; Rodrigues, Joel J P C; Khalil, Mohammed Sayim; Ali Ahmed, Adel

    2016-03-31

    The deployment of intelligent remote surveillance systems depends on wireless sensor networks (WSNs) composed of various miniature resource-constrained wireless sensor nodes. The development of routing protocols for WSNs is a major challenge because of their severe resource constraints, ad hoc topology and dynamic nature. Among those proposed routing protocols, the biology-inspired self-organized secure autonomous routing protocol (BIOSARP) involves an artificial immune system (AIS) that requires a certain amount of time to build up knowledge of neighboring nodes. The AIS algorithm uses this knowledge to distinguish between self and non-self neighboring nodes. The knowledge-building phase is a critical period in the WSN lifespan and requires active security measures. This paper proposes an enhanced BIOSARP (E-BIOSARP) that incorporates a random key encryption mechanism in a cost-effective manner to provide active security measures in WSNs. A detailed description of E-BIOSARP is presented, followed by an extensive security and performance analysis to demonstrate its efficiency. A scenario with E-BIOSARP is implemented in network simulator 2 (ns-2) and is populated with malicious nodes for analysis. Furthermore, E-BIOSARP is compared with state-of-the-art secure routing protocols in terms of processing time, delivery ratio, energy consumption, and packet overhead. The findings show that the proposed mechanism can efficiently protect WSNs from selective forwarding, brute-force or exhaustive key search, spoofing, eavesdropping, replaying or altering of routing information, cloning, acknowledgment spoofing, HELLO flood attacks, and Sybil attacks.

  20. A New Cellular Architecture for Information Retrieval from Sensor Networks through Embedded Service and Security Protocols

    Directory of Open Access Journals (Sweden)

    Aamir Shahzad

    2016-06-01

    Full Text Available Substantial changes have occurred in the Information Technology (IT sectors and with these changes, the demand for remote access to field sensor information has increased. This allows visualization, monitoring, and control through various electronic devices, such as laptops, tablets, i-Pads, PCs, and cellular phones. The smart phone is considered as a more reliable, faster and efficient device to access and monitor industrial systems and their corresponding information interfaces anywhere and anytime. This study describes the deployment of a protocol whereby industrial system information can be securely accessed by cellular phones via a Supervisory Control And Data Acquisition (SCADA server. To achieve the study goals, proprietary protocol interconnectivity with non-proprietary protocols and the usage of interconnectivity services are considered in detail. They support the visualization of the SCADA system information, and the related operations through smart phones. The intelligent sensors are configured and designated to process real information via cellular phones by employing information exchange services between the proprietary protocol and non-proprietary protocols. SCADA cellular access raises the issue of security flaws. For these challenges, a cryptography-based security method is considered and deployed, and it could be considered as a part of a proprietary protocol. Subsequently, transmission flows from the smart phones through a cellular network.

  1. A New Cellular Architecture for Information Retrieval from Sensor Networks through Embedded Service and Security Protocols.

    Science.gov (United States)

    Shahzad, Aamir; Landry, René; Lee, Malrey; Xiong, Naixue; Lee, Jongho; Lee, Changhoon

    2016-06-14

    Substantial changes have occurred in the Information Technology (IT) sectors and with these changes, the demand for remote access to field sensor information has increased. This allows visualization, monitoring, and control through various electronic devices, such as laptops, tablets, i-Pads, PCs, and cellular phones. The smart phone is considered as a more reliable, faster and efficient device to access and monitor industrial systems and their corresponding information interfaces anywhere and anytime. This study describes the deployment of a protocol whereby industrial system information can be securely accessed by cellular phones via a Supervisory Control And Data Acquisition (SCADA) server. To achieve the study goals, proprietary protocol interconnectivity with non-proprietary protocols and the usage of interconnectivity services are considered in detail. They support the visualization of the SCADA system information, and the related operations through smart phones. The intelligent sensors are configured and designated to process real information via cellular phones by employing information exchange services between the proprietary protocol and non-proprietary protocols. SCADA cellular access raises the issue of security flaws. For these challenges, a cryptography-based security method is considered and deployed, and it could be considered as a part of a proprietary protocol. Subsequently, transmission flows from the smart phones through a cellular network.

  2. A New Cellular Architecture for Information Retrieval from Sensor Networks through Embedded Service and Security Protocols

    Science.gov (United States)

    Shahzad, Aamir; Landry, René; Lee, Malrey; Xiong, Naixue; Lee, Jongho; Lee, Changhoon

    2016-01-01

    Substantial changes have occurred in the Information Technology (IT) sectors and with these changes, the demand for remote access to field sensor information has increased. This allows visualization, monitoring, and control through various electronic devices, such as laptops, tablets, i-Pads, PCs, and cellular phones. The smart phone is considered as a more reliable, faster and efficient device to access and monitor industrial systems and their corresponding information interfaces anywhere and anytime. This study describes the deployment of a protocol whereby industrial system information can be securely accessed by cellular phones via a Supervisory Control And Data Acquisition (SCADA) server. To achieve the study goals, proprietary protocol interconnectivity with non-proprietary protocols and the usage of interconnectivity services are considered in detail. They support the visualization of the SCADA system information, and the related operations through smart phones. The intelligent sensors are configured and designated to process real information via cellular phones by employing information exchange services between the proprietary protocol and non-proprietary protocols. SCADA cellular access raises the issue of security flaws. For these challenges, a cryptography-based security method is considered and deployed, and it could be considered as a part of a proprietary protocol. Subsequently, transmission flows from the smart phones through a cellular network. PMID:27314351

  3. Secure energy efficient routing protocol for wireless sensor network

    Directory of Open Access Journals (Sweden)

    Das Ayan Kumar

    2016-03-01

    Full Text Available The ease of deployment of economic sensor networks has always been a boon to disaster management applications. However, their vulnerability to a number of security threats makes communication a challenging task. This paper proposes a new routing technique to prevent from both external threats and internal threats like hello flooding, eavesdropping and wormhole attack. In this approach one way hash chain is used to reduce the energy drainage. Level based event driven clustering also helps to save energy. The simulation results show that the proposed scheme extends network lifetime even when the cluster based wireless sensor network is under attack.

  4. An Empirical Study and some Improvements of the MiniMac Protocol for Secure Computation

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Lauritsen, Rasmus; Toft, Tomas

    2014-01-01

    (nicknamed MiniMac). While TinyOT has already been implemented, we present in this paper the first implementation of MiniMac, using the same platform as the existing TinyOT implementation. We also suggest several improvements of MiniMac, both on the protocol design and implementation level. In particular, we...... suggest a modification of MiniMac that achieves increased parallelism at no extra communication cost. This gives an asymptotic improvement of the original protocol as well as an 8-fold speed-up of our implementation. We compare the resulting protocol to TinyOT for the case of secure computation in parallel...

  5. A Secure and Effective Anonymous Integrity Checking Protocol for Data Storage in Multicloud

    Directory of Open Access Journals (Sweden)

    Lingwei Song

    2015-01-01

    Full Text Available How to verify the integrity of outsourced data is an important problem in cloud storage. Most of previous work focuses on three aspects, which are providing data dynamics, public verifiability, and privacy against verifiers with the help of a third party auditor. In this paper, we propose an identity-based data storage and integrity verification protocol on untrusted cloud. And the proposed protocol can guarantee fair results without any third verifying auditor. The theoretical analysis and simulation results show that our protocols are secure and efficient.

  6. On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys

    Directory of Open Access Journals (Sweden)

    Junghyun Nam

    2014-01-01

    Full Text Available Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010: (1 the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2 the protocol cannot protect clients’ passwords against an offline dictionary attack; and (3 the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.

  7. Constructing UC Secure and Constant-Round Group Key Exchange Protocols via Secret Sharing

    Directory of Open Access Journals (Sweden)

    Sangjae Moon

    2008-07-01

    Full Text Available Group key exchange (GKE is one of the basic building blocks in securing group communication. A number of solutions to GKE problem have been proposed, but most of them are not scalable and require a number of rounds linear with the number of group members. We present a method of constructing constant-round and identity-based protocol via secret sharing for GKE within universally composability (UC framework. The resultant protocol focuses on round efficiency and three rounds of communication are required. The protocol allows the batch verification of messages signed by all other group participants. Moreover, compared with other identity-based protocols, the key generation center (KGC in our protocol is not always online.

  8. Constructing UC Secure and Constant-Round Group Key Exchange Protocols via Secret Sharing

    Directory of Open Access Journals (Sweden)

    Moon Sangjae

    2008-01-01

    Full Text Available Abstract Group key exchange (GKE is one of the basic building blocks in securing group communication. A number of solutions to GKE problem have been proposed, but most of them are not scalable and require a number of rounds linear with the number of group members. We present a method of constructing constant-round and identity-based protocol via secret sharing for GKE within universally composability (UC framework. The resultant protocol focuses on round efficiency and three rounds of communication are required. The protocol allows the batch verification of messages signed by all other group participants. Moreover, compared with other identity-based protocols, the key generation center (KGC in our protocol is not always online.

  9. SMEmail - A New Protocol for the Secure E-mail in Mobile Environments

    CERN Document Server

    Toorani, Mohsen

    2010-01-01

    The electronic mail plays an unavoidable role in the humankind communications. With the great interest for the connection via mobile platforms, and the growing number of vulnerabilities and attacks, it is essential to provide suitable security solutions regarding the limitations of resource restricted platforms. Although some solutions such as PGP and S/MIME are currently available for the secure e-mail over the Internet, they are based on traditional public key cryptography that involves huge computational costs. In this paper, a new secure application-layer protocol, called SMEmail, is introduced that provides several security attributes such as confidentiality, integrity, authentication, non-repudiation, and forward secrecy of message confidentiality for the electronic mails. SMEmail offers an elliptic curve-based public key solution that uses public keys for the secure key establishment of a symmetric encryption, and is so suitable for the resource restricted platforms such as mobile phones.

  10. Adaptive versus Non-Adaptive Security of Multi-Party Protocols

    DEFF Research Database (Denmark)

    Canetti, Ran; Damgård, Ivan Bjerre; Dziembowski, Stefan

    2004-01-01

    Security analysis of multi-party cryptographic protocols distinguishes between two types of adversarial settings: In the non-adaptive setting the set of corrupted parties is chosen in advance, before the interaction begins. In the adaptive setting the adversary chooses who to corrupt during the c...

  11. Typing and Compositionality for Security Protocols: A Generalization to the Geometric Fragment (Extended Version)

    DEFF Research Database (Denmark)

    Almousa, Omar; Mödersheim, Sebastian Alexander; Modesti, Paolo

    We integrate, and improve upon, prior relative soundness results of two kinds. The first kind are typing results showing that if any security protocol that fulfils a number of sufficient conditions has an attack then it has a well-typed attack. The second kind considers the parallel composition...

  12. Typing and compositionality for security protocols: A generalization to the geometric fragment

    DEFF Research Database (Denmark)

    Almousa, Omar; Mödersheim, Sebastian Alexander; Modesti, Paolo

    2015-01-01

    We integrate, and improve upon, prior relative soundness results of two kinds. The first kind are typing results showing that any security protocol that fulfils a number of sufficient conditions has an attack if it has a well-typed attack. The second kind considers the parallel composition...

  13. An Improved Constraint-based system for the verification of security protocols

    NARCIS (Netherlands)

    Corin, R.J.; Etalle, Sandro; Hermenegildo, Manuel V.; Puebla, German

    We propose a constraint-based system for the verification of security protocols that improves upon the one developed by Millen and Shmatikov. Our system features (1) a significantly more efficient implementation, (2) a monotonic behavior, which also allows to detect aws associated to partial runs

  14. An Improved Constraint-based system for the verification of security protocols

    NARCIS (Netherlands)

    Corin, Ricardo; Etalle, Sandro; Hermenegildo, Manuel V.; Puebla, German

    2002-01-01

    We propose a constraint-based system for the verification of security protocols that improves upon the one developed by Millen and Shmatikov. Our system features (1) a significantly more efficient implementation, (2) a monotonic behavior, which also allows to detect aws associated to partial runs an

  15. SECURE AND ROBUST IPV6 AUTOCONFIGURATION PROTOCOL FOR MOBILE ADHOC NETWORKS UNDER STRONG ADVERSARIAL MODEL

    Directory of Open Access Journals (Sweden)

    Zohra Slimane

    2011-08-01

    Full Text Available Automatic IP address assignment in Mobile Ad hoc Networks (MANETs enables nodes to obtainroutable addresses without any infrastructure. Different protocols have been developed throughout thelast years to achieve this service. However, research primarily focused on correctness, efficiency andscalability; much less attention has been given to the security issues. The lack of security in the design ofsuch protocols opens the possibility of many real threats leading to serious attacks in potentially hostileenvironments. Recently, few schemes have been proposed to solve this problem, but none of them hasbrought satisfactory solutions. Auto-configuration security issues are still an open problem. In this paper,a robust and secure stateful IP address allocation protocol for standalone MANETs is specified andevaluated within NS2. Our solution is based on mutual authentication, and a fully distributed Autoconfigurationand CA model, in conjunction with threshold cryptography. By deploying a new concept ofjoint IP address and public key certificate, we show that, instead of earlier approaches, our solutionsolves the problem of all possible attacks associated with dynamic IP address assignment in MANETs.The resulting protocol incurs low latency and control overhead.

  16. DICOM image secure communications with Internet protocols IPv6 and IPv4.

    Science.gov (United States)

    Zhang, Jianguo; Yu, Fenghai; Sun, Jianyong; Yang, Yuanyuan; Liang, Chenwen

    2007-01-01

    Image-data transmission from one site to another through public network is usually characterized in term of privacy, authenticity, and integrity. In this paper, we first describe a general scenario about how image is delivered from one site to another through a wide-area network (WAN) with security features of data privacy, integrity, and authenticity. Second, we give the common implementation method of the digital imaging and communication in medicine (DICOM) image communication software library with IPv6/IPv4 for high-speed broadband Internet by using open-source software. Third, we discuss two major security-transmission methods, the IP security (IPSec) and the secure-socket layer (SSL) or transport-layer security (TLS), being used currently in medical-image-data communication with privacy support. Fourth, we describe a test schema of multiple-modality DICOM-image communications through TCP/IPv4 and TCP/IPv6 with different security methods, different security algorithms, and operating systems, and evaluate the test results. We found that there are tradeoff factors between choosing the IPsec and the SSL/TLS-based security implementation of IPv6/IPv4 protocols. If the WAN networks only use IPv6 such as in high-speed broadband Internet, the choice is IPsec-based security. If the networks are IPv4 or the combination of IPv6 and IPv4, it is better to use SSL/TLS security. The Linux platform has more security algorithms implemented than the Windows (XP) platform, and can achieve better performance in most experiments of IPv6 and IPv4-based DICOM-image communications. In teleradiology or enterprise-PACS applications, the Linux operating system may be the better choice as peer security gateways for both the IPsec and the SSL/TLS-based secure DICOM communications cross public networks.

  17. Secure quantum voting protocol%安全量子投票协议

    Institute of Scientific and Technical Information of China (English)

    温晓军; 蔡学军

    2011-01-01

    结合人工投票的实际需求,提出了一个量子投票的模型及协议。该协议克服了传统电子投票中普遍存在的计算安全性的局限,具有无条件安全性。与现存的量子投票协议相比,本协议对验票人的行为采用即时监督来代替事后审计,同时降低了技术难度以提高协议的安全性及运行效率。%Based on the actual demand for labor vote,a model and a protocol of quantum voting were proposed.This protocol overcame the limitations of calculation security in the classic electronic voting protocol,and had unconditional security.With the existing quantum vote protocol,real-time monitoring was used instead of post audit to oversee the verifier's behavior.The security and efficiency of our protocol were improved by reducing the technical difficulty.

  18. Research of RFID Certification Security Protocol based on Hash Function and DES Algorithm

    Directory of Open Access Journals (Sweden)

    bin Xu

    2013-10-01

    Full Text Available RFID has been more and more attention and application by people, but the existence of security and privacy problems worthy of attention is concern. The certification process analysis of several typical security protocols is based on existing RFID authentication protocol. It proposed an improved bidirectional authentication algorithm. The use of one-way HASH function can solve the security problem of RFID. The protocol has anti-replay, impedance analysis, forgery, and tracking performance, and is suitable for the distributed system. With the development of computer and Internet is widely used in various industries, interaction of high-speed information transfer process. The problem of information security is concern. The paper produce and use all kinds of algorithms based on hash function firstly. Then as information on a solid safety lock, MD5, SHA-1 file verification, encryption, digital signature, PKI building has security full of all kinds of information. Finally, it can effectively prevent the attack, ensuring the authenticity of the information not to be modified or leaks

  19. Security Analysis of DTN Architecture and Bundle Protocol Specification for Space-Based Networks

    Science.gov (United States)

    Ivancic, William D.

    2009-01-01

    A Delay-Tolerant Network (DTN) Architecture (Request for Comment, RFC-4838) and Bundle Protocol Specification, RFC-5050, have been proposed for space and terrestrial networks. Additional security specifications have been provided via the Bundle Security Specification (currently a work in progress as an Internet Research Task Force internet-draft) and, for link-layer protocols applicable to Space networks, the Licklider Transport Protocol Security Extensions. This document provides a security analysis of the current DTN RFCs and proposed security related internet drafts with a focus on space-based communication networks, which is a rather restricted subset of DTN networks. Note, the original focus and motivation of DTN work was for the Interplanetary Internet . This document does not address general store-and-forward network overlays, just the current work being done by the Internet Research Task Force (IRTF) and the Consultative Committee for Space Data Systems (CCSDS) Space Internetworking Services Area (SIS) - DTN working group under the DTN and Bundle umbrellas. However, much of the analysis is relevant to general store-and-forward overlays.

  20. Secure Transaction Protocol for CEPS Compliant EPS in Limited Connectivity Environment

    Science.gov (United States)

    Devane, Satish; Phatak, Deepak

    Common Electronic Purse Specification (CEPS) used by European countries, elaborately defines the transaction between customer’s CEP card and merchant’s point of sales (POS) terminal. However it merely defines the specification to transfer the transactions between the Merchant and Merchant Acquirer (MA). This paper proposes a novel approach by introducing an entity, mobile merchant acquirer (MMA) which is a trusted agent of MA and principally works on man in middle concept, but facilitates remote two fold mutual authentication and secure transaction transfer between Merchant and MA through MMA. This approach removes the bottle-neck of connectivity issues between Merchant and MA in limited connectivity environment. The proposed protocol ensures the confidentiality, integrity and money atomicity of transaction batch. The proposed protocol has been verified for correctness by Spin, a model checker and security properties of the protocol have been verified by avispa.

  1. Adaptive and Secure Routing Protocol for Emergency Mobile Ad Hoc Networks

    Directory of Open Access Journals (Sweden)

    Emmanouil A. Panaousis

    2010-05-01

    Full Text Available The nature of Mobile Ad hoc NETworks (MANETs makes them suitable to be utilized in the context of anextreme emergency for all involved rescue teams. We use the term emergency MANETs (eMANETs inorder to describe next generation IP-based networks, which are deployed in emergency cases such asforest fires and terrorist attacks. The main goal within the realm of eMANETs is to provide emergencyworkers with intelligent devices such as smart phones and PDAs. This technology allows communication”islets” to be established between the members of the same or different emergency teams (policemen,firemen, paramedics. In this article, we discuss an adaptive and secure routing protocol developed forthe purposes of eMANETs. We evaluate the performance of the protocol by comparing it with otherwidely used routing protocols for MANETs. We finally show that the overhead introduced due to securityconsiderations is affordable to support secure ad-hoc communications among lightweight devices.

  2. Enhanced Secure Trusted AODV (ESTA Protocol to Mitigate Blackhole Attack in Mobile Ad Hoc Networks

    Directory of Open Access Journals (Sweden)

    Dilraj Singh

    2015-09-01

    Full Text Available The self-organizing nature of the Mobile Ad hoc Networks (MANETs provide a communication channel anywhere, anytime without any pre-existing network infrastructure. However, it is exposed to various vulnerabilities that may be exploited by the malicious nodes. One such malicious behavior is introduced by blackhole nodes, which can be easily introduced in the network and, in turn, such nodes try to crumble the working of the network by dropping the maximum data under transmission. In this paper, a new protocol is proposed which is based on the widely used Ad hoc On-Demand Distance Vector (AODV protocol, Enhanced Secure Trusted AODV (ESTA, which makes use of multiple paths along with use of trust and asymmetric cryptography to ensure data security. The results, based on NS-3 simulation, reveal that the proposed protocol is effectively able to counter the blackhole nodes in three different scenarios.

  3. A Secure Region-Based Geographic Routing Protocol (SRBGR) for Wireless Sensor Networks

    Science.gov (United States)

    Adnan, Ali Idarous; Hanapi, Zurina Mohd; Othman, Mohamed; Zukarnain, Zuriati Ahmad

    2017-01-01

    Due to the lack of dependency for routing initiation and an inadequate allocated sextant on responding messages, the secure geographic routing protocols for Wireless Sensor Networks (WSNs) have attracted considerable attention. However, the existing protocols are more likely to drop packets when legitimate nodes fail to respond to the routing initiation messages while attackers in the allocated sextant manage to respond. Furthermore, these protocols are designed with inefficient collection window and inadequate verification criteria which may lead to a high number of attacker selections. To prevent the failure to find an appropriate relay node and undesirable packet retransmission, this paper presents Secure Region-Based Geographic Routing Protocol (SRBGR) to increase the probability of selecting the appropriate relay node. By extending the allocated sextant and applying different message contention priorities more legitimate nodes can be admitted in the routing process. Moreover, the paper also proposed the bound collection window for a sufficient collection time and verification cost for both attacker identification and isolation. Extensive simulation experiments have been performed to evaluate the performance of the proposed protocol in comparison with other existing protocols. The results demonstrate that SRBGR increases network performance in terms of the packet delivery ratio and isolates attacks such as Sybil and Black hole. PMID:28121992

  4. Secured Communication for Business Process Outsourcing Using Optimized Arithmetic Cryptography Protocol Based on Virtual Parties

    Science.gov (United States)

    Pathak, Rohit; Joshi, Satyadhar

    Within a span of over a decade, India has become one of the most favored destinations across the world for Business Process Outsourcing (BPO) operations. India has rapidly achieved the status of being the most preferred destination for BPO for companies located in the US and Europe. Security and privacy are the two major issues needed to be addressed by the Indian software industry to have an increased and long-term outsourcing contract from the US. Another important issue is about sharing employee’s information to ensure that data and vital information of an outsourcing company is secured and protected. To ensure that the confidentiality of a client’s information is maintained, BPOs need to implement some data security measures. In this paper, we propose a new protocol for specifically for BPO Secure Multi-Party Computation (SMC). As there are many computations and surveys which involve confidential data from many parties or organizations and the concerned data is property of the organization, preservation and security of this data is of prime importance for such type of computations. Although the computation requires data from all the parties, but none of the associated parties would want to reveal their data to the other parties. We have proposed a new efficient and scalable protocol to perform computation on encrypted information. The information is encrypted in a manner that it does not affect the result of the computation. It uses modifier tokens which are distributed among virtual parties, and finally used in the computation. The computation function uses the acquired data and modifier tokens to compute right result from the encrypted data. Thus without revealing the data, right result can be computed and privacy of the parties is maintained. We have given a probabilistic security analysis of hacking the protocol and shown how zero hacking security can be achieved. Also we have analyzed the specific case of Indian BPO.

  5. [A security protocol for the exchange of personal medical data via Internet: monitoring treatment and drug effects].

    Science.gov (United States)

    Viviani, R; Fischer, J; Spitzer, M; Freudenmann, R W

    2004-04-01

    We present a security protocol for the exchange of medical data via the Internet, based on the type/domain model. We discuss two applications of the protocol: in a system for the exchange of data for quality assurance, and in an on-line database of adverse reactions to drug use. We state that a type/domain security protocol can successfully comply with the complex requirements for data privacy and accessibility typical of such applications.

  6. Engineering Secure Two-Party Computation Protocols Design, Optimization, and Applications of Efficient Secure Function Evaluation

    CERN Document Server

    Schneider, Thomas

    2012-01-01

    Secure two-party computation, called secure function evaluation (SFE), enables two mutually mistrusting parties, the client and server, to evaluate an arbitrary function on their respective private inputs while revealing nothing but the result. Originally the technique was considered to be too inefficient for practical privacy-preserving applications, but in recent years rapid speed-up in computers and communication networks, algorithmic improvements, automatic generation, and optimizations have enabled their application in many scenarios. The author offers an extensive overview of the most pr

  7. FuGeF: A Resource Bound Secure Forwarding Protocol for Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Idris Abubakar Umar

    2016-06-01

    Full Text Available Resource bound security solutions have facilitated the mitigation of spatio-temporal attacks by altering protocol semantics to provide minimal security while maintaining an acceptable level of performance. The Dynamic Window Secured Implicit Geographic Forwarding (DWSIGF routing protocol for Wireless Sensor Network (WSN has been proposed to achieve a minimal selection of malicious nodes by introducing a dynamic collection window period to the protocol’s semantics. However, its selection scheme suffers substantial packet losses due to the utilization of a single distance based parameter for node selection. In this paper, we propose a Fuzzy-based Geographic Forwarding protocol (FuGeF to minimize packet loss, while maintaining performance. The FuGeF utilizes a new form of dynamism and introduces three selection parameters: remaining energy, connectivity cost, and progressive distance, as well as a Fuzzy Logic System (FLS for node selection. These introduced mechanisms ensure the appropriate selection of a non-malicious node. Extensive simulation experiments have been conducted to evaluate the performance of the proposed FuGeF protocol as compared to DWSIGF variants. The simulation results show that the proposed FuGeF outperforms the two DWSIGF variants (DWSIGF-P and DWSIGF-R in terms of packet delivery.

  8. Protocol of Secure Key Distribution Using Hash Functions and Quantum Authenticated Channels (KDP-6DP

    Directory of Open Access Journals (Sweden)

    Mohammed M.A. Majeed

    2010-01-01

    Full Text Available Problem statement: In previous researches, we investigated the security of communication channels, which utilizes authentication, key distribution between two parties, error corrections and cost establishment. In the present work, we studied new concepts of Quantum Authentication (QA and sharing key according to previous points. Approach: This study presented a new protocol concept that allows the session and key generation on-site by independently applying a cascade of two hash functions on a random string of bits at the sender and receiver sides. This protocol however, required a reliable method of authentication. It employed an out-of-band authentication methodology based on quantum theory, which uses entangled pairs of photons. Results: The proposed quantum-authenticated channel is secure in the presence of eavesdropper who has access to both the classical and the quantum channels. Conclusion/Recommendations: The key distribution process using cascaded hash functions provides better security. The concepts presented by this protocol represent a valid approach to the communication security problem.

  9. TCP/IP Protocol and Information Security%TCP/IP协议与信息安全

    Institute of Scientific and Technical Information of China (English)

    陈彦君

    2011-01-01

    TCP/IP agreement, although there are serious security problems, but still has its own Security. In this paper, the TCP/IP protocol working principle were briefly reviewed in this paper, and discussed the TCP/IP protocol in information security is the safety and the safety of the existing problems. And to how the TCP/IP protocol to protect information security was briefly discussed in this paper.%TCP/IP协议虽然存在着严重的安全隐患,但是仍然有着其自己独有的安全性。本文对TCP/IP、协议工作原理进行了简要的介绍,讨论了TCP/IP协议在信息安全方面所具有的安全性与存在的安全问题,并对如何利用TCP/IP协议来保护信息安全进行了简要的探讨。

  10. Cost-Effective Encryption-Based Autonomous Routing Protocol for Efficient and Secure Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Kashif Saleem

    2016-03-01

    Full Text Available The deployment of intelligent remote surveillance systems depends on wireless sensor networks (WSNs composed of various miniature resource-constrained wireless sensor nodes. The development of routing protocols for WSNs is a major challenge because of their severe resource constraints, ad hoc topology and dynamic nature. Among those proposed routing protocols, the biology-inspired self-organized secure autonomous routing protocol (BIOSARP involves an artificial immune system (AIS that requires a certain amount of time to build up knowledge of neighboring nodes. The AIS algorithm uses this knowledge to distinguish between self and non-self neighboring nodes. The knowledge-building phase is a critical period in the WSN lifespan and requires active security measures. This paper proposes an enhanced BIOSARP (E-BIOSARP that incorporates a random key encryption mechanism in a cost-effective manner to provide active security measures in WSNs. A detailed description of E-BIOSARP is presented, followed by an extensive security and performance analysis to demonstrate its efficiency. A scenario with E-BIOSARP is implemented in network simulator 2 (ns-2 and is populated with malicious nodes for analysis. Furthermore, E-BIOSARP is compared with state-of-the-art secure routing protocols in terms of processing time, delivery ratio, energy consumption, and packet overhead. The findings show that the proposed mechanism can efficiently protect WSNs from selective forwarding, brute-force or exhaustive key search, spoofing, eavesdropping, replaying or altering of routing information, cloning, acknowledgment spoofing, HELLO flood attacks, and Sybil attacks.

  11. COMPARATIVE STUDY ON ENERGY CONSUMPTION IN DYNAMIC WINDOW SECURED IMPLICIT GEOGRAPHIC FORWARDING ROUTING PROTOCOL

    Directory of Open Access Journals (Sweden)

    Abubakar Idris Umar

    2014-01-01

    Full Text Available An Ideal WSNs should operate with the least possible energy required in order to increase the lifetime of the sensor nodes and at the same time, ensure network connectivity. But the Inherent power limitation makes power-awareness a critical requirement for WSN, this calls for the need to manage energy in sensor nodes. Also In order to ensure successful transmission of data from sensor node source to destination, it becomes necessary to maintain network availability. The network must be resilient to individual node failure which can happen due to zero power posses by the node and due to security attacks posed on the node and the network. Dynamic Window Secured Implicit Geographic Forwarding (DWSIGF routing protocol has proven to be robust, efficient and resistant to some security attack which causes failure in network availability. However the extent to which energy is consumed in sensor nodes which deploys DWSIGF as its routing protocol has never been mentioned. In this research, we performed a comparative study on energy consumption in DWSIGF routing protocol. Using the first order radio model, we determined the energy consumed in a network. The protocol (DWSIGF is matched up against its counterpart SIGF as the traffic is increased. Observation shows that DWSIGF due to the variable timing assigned to the CTS collection window, CTS signal fails to reach destination as collection window time expires, thus the need for retransmission. This in turn consumes more energy than the counterpart SIGF which has a fixed CTS collection time. The simulation work was done using Matlab 7.0. Energy consumed in the random variant of both protocols (DWSIGF and SIGF was also observed to be higher than the priority variant of the protocols.

  12. Performance evaluation of secured DICOM image communication with next generation internet protocol IPv6

    Science.gov (United States)

    Yu, Fenghai; Zhang, Jianguo; Chen, Xiaomeng; Huang, H. K.

    2005-04-01

    Next Generation Internet (NGI) technology with new communication protocol IPv6 emerges as a potential solution for low-cost and high-speed networks for image data transmission. IPv6 is designed to solve many of the problems of the current version of IP (known as IPv4) with regard to address depletion, security, autoconfiguration, extensibility, and more. We choose CTN (Central Test Node) DICOM software developed by The Mallinckrodt Institute of Radiology to implement IPv6/IPv4 enabled DICOM communication software on different operating systems (Windows/Linux), and used this DICOM software to evaluate the performance of the IPv6/IPv4 enabled DICOM image communication with different security setting and environments. We compared the security communications of IPsec with SSL/TLS on different TCP/IP protocols (IPv6/IPv4), and find that there are some trade-offs to choose security solution between IPsec and SSL/TLS in the security implementation of IPv6/IPv4 communication networks.

  13. Energy-efficient Secure Directed Diffusion Protocol for Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Malika BELKADI

    2013-12-01

    Full Text Available In wireless sensor networks, it is crucial to design and employ energy-efficient communication protocols, since nodes are battery-powered and thus their lifetimes are limited. Such constraints combined with a great number of applications used in these networks, pose many challenges (limited energy, low security… to the design and management of wireless sensor networks. These challenges necessitate a great attention. In this paper, we present a new version of Directed Diffusion routing protocol which provides both security and energy efficiency together in wireless sensor networks.

  14. STUDY & ANALYSIS OF SECURED E-COMMERCE TRANSACTIONS INFORMATION PROTOCOLS-PURCHASING ORDER

    Directory of Open Access Journals (Sweden)

    Deepu Soni

    2012-09-01

    Full Text Available Electronic Commerce is the very rapid growing field in today’s scenario. It is used for Purchasing Order i.e. for buying and selling electronic goods and all other type of things. And there is need for development of a number of e-commerce protocols, which ensure integrity, confidentiality, atomicity and fair exchange.The protocol uses a smart card for ensuring mutual authentication, dispute resolution and fair exchange and reduces reliance on a trusted third party. Also study and analysis of the security in e-transactions may avoid some of the frauds on internet transactionsfor purchasing and buying orders.

  15. Security bound of two-bases quantum key-distribution protocols using qudits

    CERN Document Server

    Nikolopoulos, G M; Nikolopoulos, Georgios M.; Alber, Gernot

    2005-01-01

    We investigate the security bounds of quantum cryptographic protocols using $d$-level systems. In particular, we focus on schemes that use two mutually unbiased bases, thus extending the BB84 quantum key distribution scheme to higher dimensions. Under the assumption of general coherent attacks, we derive an analytic expression for the ultimate upper security bound of such quantum cryptography schemes. This bound is well below the predictions of optimal cloning machines. The possibility of extraction of a secret key beyond entanglement distillation is discussed. In the case of qutrits we argue that any eavesdropping strategy is equivalent to a symmetric one. For higher dimensions such an equivalence is generally no longer valid.

  16. A New Scalable and Reliable Cost Effective Key Agreement Protocol for Secure Group Communication

    Directory of Open Access Journals (Sweden)

    S. J. Begum

    2011-01-01

    Full Text Available Problem statement: In a heterogeneous environment, for a secure multicast communication, the group members have to share a secret key which is used to encrypt/decrypt the secret messages among the members. The Secure Group Communication of large scale multicast group in a dynamic environment is more complex than securing one-to-one communication due to the inherent scalability issue of group key management. Since the group members are dynamic in nature such as joining or leaving the group, the key updating is performed among the valid members without interrupting the multicast session so that non group members can’t have access to the future renewed keys. Approach: The main aim is to develop a scheme which can reduce the cost of computational overhead, number of messages needed during the time of key refreshing and the number of keys stored in servers and members. The cost of establishing the key and renewal is proportionate to the size of the group and subsequently fetches a bottleneck performance in achieving scalability. By using a Cluster Based Hierarchical Key Distribution Protocol, the load of key management can be shared among dummy nodes of a cluster without revealing the group messages to them. Results: Especially, the existing model incurs a very less computational and communication overhead during renewal of keys. The proposed scheme yields better scalability because of the fact that the Key computational cost, the keys stored in key server and numbers of rekey-messages needed are very less. Conclusion: Our proposed protocol is based on Elliptic curve cryptography algorithm to form secure group key, even with smaller key size, it is capable of providing more security. This protocol can be used both in wired or wireless environments.

  17. A Secure & Hybrid Authentication Protocol of Intrusion Detection System for MANET

    Directory of Open Access Journals (Sweden)

    M.CHARLES AROCKIARAJ

    2015-06-01

    Full Text Available In MANET, security is the toughest and very challenging area, because nodes are without any predefined framework. This is due to the high mobility of outstanding vulnerabilities and attacks of the malicious nodes in the intrusion detection system of Mobile Ad Hoc Networks (MANET. A secure & hybrid protocol design has been proposed, in order to improve the detection efficiency and also to improvise the performance of Intrusion Detection Systems for MANET. Based on the hybrid techniques with the aid of key management authentication and combining with a fuzzy based decision model for detecting the misbehaving attacks. Identifying group of physical attacker and finding its probabilities and its side effects are evaluated. To discover the misbehaving attackers and predicting it effects by using Fuzzy based model. In the proposed hybrid authentication protocol for malicious node detection system and for avoiding problems related to missing packet, delay in the nodes and false misbehavior reports. Secure hybrid authentication protocol is used to detect various attacks in MANETs by incorporating hybrid techniques such as fuzzy schemes and key organization method. Hence the different ratio of all the parameter were experimented and analyzed, in terms of the attack prediction rate, attack precision, packet drop ratio and end to end delivery ratio. The schemes were compared with the existing mechanisms and results show that proposed hybrid authentication has superior improvement in the performance.

  18. A security analysis of version 2 of the Network Time Protocol (NTP): A report to the privacy and security research group

    Science.gov (United States)

    Bishop, Matt

    1991-01-01

    The Network Time Protocol is being used throughout the Internet to provide an accurate time service. The security requirements are examined of such a service, version 2 of the NTP protocol is analyzed to determine how well it meets these requirements, and improvements are suggested where appropriate.

  19. Delay-Tolerant, Low-Power Protocols for Large Security-Critical Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Claudio S. Malavenda

    2012-01-01

    Full Text Available This paper reports the analysis, implementation, and experimental testing of a delay-tolerant and energy-aware protocol for a wireless sensor node, oriented to security applications. The solution proposed takes advantages from different domains considering as a guideline the low power consumption and facing the problems of seamless and lossy connectivity offered by the wireless medium along with very limited resources offered by a wireless network node. The paper is organized as follows: first we give an overview on delay-tolerant wireless sensor networking (DTN; then we perform a simulation-based comparative analysis of state-of-the-art DTN approaches and illustrate the improvement offered by the proposed protocol; finally we present experimental data gathered from the implementation of the proposed protocol on a proprietary hardware node.

  20. Protocol for Systematic Review in Privacy and Security in Telehealth: Best Practices for Healthcare Professionals

    Directory of Open Access Journals (Sweden)

    Valerie J.M. Watzlaf

    2015-11-01

    Full Text Available Healthcare professionals engaged in telehealth are faced with complex US federal regulations (e.g., HIPAA/HITECH and could benefit from the guidance provided by best practices in Privacy and Security (P&S. This article describes a systematic review protocol to address this need. The protocol described herein uses the Preferred Reporting Items for Systematic Review and Meta-Analysis Protocols (PRISMA-P. The PRISMA-P contains 17 items that are considered essential, as well as minimum components to include in systematic reviews. PICOS (participants, interventions, comparisons, outcome(s and study design of the systematic review are also relevant to the development of best practices in P&S in telehealth systems. A systematic process can best determine what information should be included and how this information should be retrieved, condensed, analyzed, organized, and disseminated.

  1. Current Status of Mobile Internet Protocol version 4 and its Security Issues

    Directory of Open Access Journals (Sweden)

    Susanna S Henry

    2012-03-01

    Full Text Available Many consumers have moved from stationary personal computers to cellular mobile devices. These mobile devices permit change of location while staying connected to the network. To sustain stable communication with the receiver, Mobile Internet Protocol (Mobile IP was developed. Mobile IP is intended to afford absolutely automated and non interactive reconfiguration at any point. Mobile IP is considered to be a routing protocol thus solving the primary problem of routing IP packets to mobile nodes, which is a first step in providing mobility on the internet. Mobile IP is a secure, robust, and medium-independent protocol whose scaling properties make it applicable throughout the entire Internet. Mobile IP has two versions, Mobile IPv4 and Mobile IPv6.This paper analysis the current status of Mobile IPv4 which is on the verge of exhaustion and announces the urgent need to upgrade IP layer to Mobile IPv6.

  2. A Secure Mathematical Computation Protocol%安全网络数学计算协议

    Institute of Scientific and Technical Information of China (English)

    林东岱; 宋志敏; 等

    2002-01-01

    The Internet Accessible Mathematical Computation (IAMC) framework makes supplying/accessing mathematical computation easy on the Internet/Web.In this paper ,the vulnerabilities of the current IAMC framework is discussed.A scheme for incorporating SSL/TLS protocol into the current Mathematical Computation Protocol is presented. The resulting secure Mathematical Computation Protocol can then provide crypto-graphic authentications,data privacy and integrity.%讨论了网络数学计算框架IAMC的安全性问题,给出了一个用安全协议SSL/TLS提高数学计算协议MCP安全性的实现方案.改进后的网络数学计算框架可有效地提供计算数据的机密性、完整性和用户认证等安全功能.

  3. INTRUSION DETECTION IN MOBILE AD HOC NETWORK USING SECURE ROUTING FOR ATTACKER IDENTIFICATION PROTOCOL

    Directory of Open Access Journals (Sweden)

    S. Gopalakrishnan

    2014-01-01

    Full Text Available In past few decades, the migration of communication takes place from wired networks to wireless networks because of its mobility and scalability and Mobile Ad hoc Network (MANET is a unique and significant application in recent years which does not necessitates any pre-existing network infrastructure. Each node can act as both transmitters as well as receivers that are communicating with each other when they are in same communication/transmission range. Otherwise, these nodes depend on neighbor nodes to transmit their packets and they possess self-configuring ability which makes MANETs popular in various critical mission applications such as military and other emergency applications. In general, MANETs are open medium network and their nodes are widely distributed which makes the network more vulnerable to various attackers. Some times, the transmitted packets are viewed or modified or corrupted by the attackers through the way to reach destination and the destination could not find such type of packets. So, the receiver can deliver modified packets with wrong information. Thus, it is essential to present an efficient secure routing protocol to preserve MANET from several attacks. In this study, we are going to propose and implement a novel routing protocol named Secure Routing for Attacker Identification (SRAI protocol that executes at receiver/destination side to discover the modified packets in delivered nodes and generate misbehaviour report to the source. Compared to modern approaches, SRAI protocol establishes higher attacker identification rates in certain considerations.

  4. SYMMETRIC ENCRYPTION USING PRE-SHARED PUBLIC PARAMETERS FOR A SECURE TFTP PROTOCOL

    Directory of Open Access Journals (Sweden)

    N. N. MOHAMED

    2017-01-01

    Full Text Available Advances in the communication technology of embedded systems have led to the situation where nowadays almost all systems should implement security for data safety. Trivial File Transfer Protocol (TFTP has advantages for use in embedded systems due to its speed and simplicity, however without security mechanisms, it is vulnerable to various attacks. As an example, during upgrading of Wireless Access Points (WAPs, attackers can access the information and modify it, and then install malicious code to interrupt the system. This work proposes security implementation of Diffie Hellman Key Exchange in TFTP by pre-sharing public parameters that enable two parties to achieve same secret key without the risk of Man-In-The-Middle (MITM attacks. The implementation is integrated with compression and encryption methods to significantly reduce computational requirements in TFTP communication.

  5. Analysis of the End-by-Hop Protocol for Secure Aggregation in Sensor Networks

    DEFF Research Database (Denmark)

    Zenner, Erik

    In order to save bandwidth and thus battery power, sensor network measurements are sometimes aggregated en-route while being reported back to the querying server. Authentication of the measurements then becomes a challenge if message integrity is important for the application. At ESAS 2007, the E...... the proposed solution and point out shortcomings in the original complexity analysis. In particular, we show that the proposed solution is inferior to a naive solution without in-network aggregation both in security and in efficiency.......-by-Hop protocol for securing in-network aggregation for sensor nodes was presented. The solution was claimed to be secure and efficient and to provide the possibility of trading off bandwidth against computation time on the server. In this paper, we disprove these claims. We describe several attacks against...

  6. A quantum secure direct communication protocol based on a five-particle cluster state and classical XOR operation

    Institute of Scientific and Technical Information of China (English)

    LI Jian; SONG Dan-Jie; GUO Xiao-Jing; JING Bo

    2012-01-01

    In order to transmit secure messages,a quantum secure direct communication protocol based on a five-particle cluster state and classical XOR operation is presented.The five-particle cluster state is used to detect eavesdroppers,and the classical XOR operation serving as a one-time-pad is used to ensure the security of the protocol.In the security analysis,the entropy theory method is introduced,and three detection strategies are compared quantitatively by using the constraint between the information that the eavesdroppers can obtain and the interference introduced.If the eavesdroppers intend to obtain all the information,the detection rate of the original ping-pong protocol is 50%; the second protocol,using two particles of the Einstein-PodolskyRosen pair as detection particles,is also 50%; while the presented protocol is 89%.Finally,the security of the proposed protocol is discussed,and the analysis results indicate that the protocol in this paper is more secure than the other two.

  7. Design of a Robust, Computation-Efficient and Secure 3P-EKE Protocol using Analogous Message Transmission

    Directory of Open Access Journals (Sweden)

    Archana Raghuvamshi

    2016-05-01

    Full Text Available In this modern era of digital communication even a trivial task needs to be performed over internet which is not secure. Many cryptographic algorithms existed to provide security which facilitates secure communication through internet. As these algorithms need a secret session key, it is required to interchange this key in a secure way. In two-party communication, two clients initially share a low random (entropy password through a secure channel to establish a secret session key. But this paradigm necessitates high maintenance of passwords, since each communicating pair requires separate passwords to establish a secure session key. In three-party communication network, each communication party shares a password with the trusted third-party (server to exchange a secret session key. The beauty of this setting is that, even a server does not know the session key. The Password Authenticated Encrypted Key Exchange (PA-EKE protocols have attracted a lot of curiosity to authors to propose various two-party and three-party PA-EKE protocols. Security flaws in various protocols proposed by Chang-Chang, Yoon-Yoo, PSRJ and Raj et al. inspired to design a robust, computationally efficient and highly secure protocol. This paper is an attempt to propose a secure and novel Password Authenticated 3P-EKE protocol using XOR operations and analogous (parallel message transmission. The proposed protocol is easy to design and more secured against all types of attacks like password guessing, replay, pre-play, server spoofing etc. which made this protocol special.

  8. Formal Security-Proved Mobile Anonymous Authentication Protocols with Credit-Based Chargeability and Controllable Privacy

    Directory of Open Access Journals (Sweden)

    Chun-I Fan

    2016-06-01

    Full Text Available Smart mobile phones are widely popularized and advanced mobile communication services are provided increasingly often, such that ubiquitous computing environments will soon be a reality. However, there are many security threats to mobile networks and their impact on security is more serious than that in wireline networks owing to the features of wireless transmissions and the ubiquity property. The secret information which mobile users carry may be stolen by malicious entities. To guarantee the quality of advanced services, security and privacy would be important issues when users roam within various mobile networks. In this manuscript, an anonymous authentication scheme will be proposed to protect the security of the network system and the privacy of users. Not only does the proposed scheme provide mutual authentication between each user and the system, but also each user’s identity is kept secret against anyone else, including the system. Although the system anonymously authenticates the users, it can still generate correct bills to charge these anonymous users via a credit-based solution instead of debit-based ones. Furthermore, our protocols also achieve fair privacy which allows the judge to revoke the anonymity and trace the illegal users when they have misused the anonymity property, for example, if they have committed crimes. Finally, in this paper, we also carry out complete theoretical proofs on each claimed security property.

  9. Secure Multi-party Computation Protocol for Defense Applications in Military Operations Using Virtual Cryptography

    Science.gov (United States)

    Pathak, Rohit; Joshi, Satyadhar

    With the advent into the 20th century whole world has been facing the common dilemma of Terrorism. The suicide attacks on US twin towers 11 Sept. 2001, Train bombings in Madrid Spain 11 Mar. 2004, London bombings 7 Jul. 2005 and Mumbai attack 26 Nov. 2008 were some of the most disturbing, destructive and evil acts by terrorists in the last decade which has clearly shown their evil intent that they can go to any extent to accomplish their goals. Many terrorist organizations such as al Quaida, Harakat ul-Mujahidin, Hezbollah, Jaish-e-Mohammed, Lashkar-e-Toiba, etc. are carrying out training camps and terrorist operations which are accompanied with latest technology and high tech arsenal. To counter such terrorism our military is in need of advanced defense technology. One of the major issues of concern is secure communication. It has to be made sure that communication between different military forces is secure so that critical information is not leaked to the adversary. Military forces need secure communication to shield their confidential data from terrorist forces. Leakage of concerned data can prove hazardous, thus preservation and security is of prime importance. There may be a need to perform computations that require data from many military forces, but in some cases the associated forces would not want to reveal their data to other forces. In such situations Secure Multi-party Computations find their application. In this paper, we propose a new highly scalable Secure Multi-party Computation (SMC) protocol and algorithm for Defense applications which can be used to perform computation on encrypted data. Every party encrypts their data in accordance with a particular scheme. This encrypted data is distributed among some created virtual parties. These Virtual parties send their data to the TTP through an Anonymizer layer. TTP performs computation on encrypted data and announces the result. As the data sent was encrypted its actual value can’t be known by TTP

  10. Design and Analysis of Optimization Algorithms to Minimize Cryptographic Processing in BGP Security Protocols.

    Science.gov (United States)

    Sriram, Vinay K; Montgomery, Doug

    2017-07-01

    The Internet is subject to attacks due to vulnerabilities in its routing protocols. One proposed approach to attain greater security is to cryptographically protect network reachability announcements exchanged between Border Gateway Protocol (BGP) routers. This study proposes and evaluates the performance and efficiency of various optimization algorithms for validation of digitally signed BGP updates. In particular, this investigation focuses on the BGPSEC (BGP with SECurity extensions) protocol, currently under consideration for standardization in the Internet Engineering Task Force. We analyze three basic BGPSEC update processing algorithms: Unoptimized, Cache Common Segments (CCS) optimization, and Best Path Only (BPO) optimization. We further propose and study cache management schemes to be used in conjunction with the CCS and BPO algorithms. The performance metrics used in the analyses are: (1) routing table convergence time after BGPSEC peering reset or router reboot events and (2) peak-second signature verification workload. Both analytical modeling and detailed trace-driven simulation were performed. Results show that the BPO algorithm is 330% to 628% faster than the unoptimized algorithm for routing table convergence in a typical Internet core-facing provider edge router.

  11. RESEARCH ON SECURITY PROTOCOL FOR COLLABORATING MOBILE AGENTS IN NETWORK INTRUSION DETECTION SYSTEMS

    Directory of Open Access Journals (Sweden)

    Olumide Simeon Ogunnusi

    2013-01-01

    Full Text Available Despite the popularity of mobile agents in academic and commercial arena, the security issues associated with them have hindered their adoption on large scale distributed applications. However, researchers are making relentless effort to overcome the security impediments so that the interesting properties inherent in mobile agent application, especially in the field of intrusion detection, can be harnessed. Such properties include: adaptability, autonomous nature, low bandwidth utilization, latency eradication, mobility and intelligence. A number of protocols have been developed by researchers for different key distribution techniques to enhance their performance and to protect communicating entities against malicious attacks that can hinder their activities. However, they do not take into account the availability and fault tolerance of the protocols in case of any possible attack despite the authentication methods offered by encryption. This study therefore, proposes a fault-tolerant key distribution protocol for distributed mobile agents (communicating entities in network intrusion detection system to facilitate hitch-free collaboration geared towards intrusive packets detection in Wireless Local Area Network (WLAN.

  12. Q-ESP: a QoS-compliant Security Protocol to enrich IPSec Framework

    CERN Document Server

    Mostafa, Mahmoud; Fraboul, Christian

    2009-01-01

    IPSec is a protocol that allows to make secure connections between branch offices and allows secure VPN accesses. However, the efforts to improve IPSec are still under way; one aspect of this improvement is to take Quality of Service (QoS) requirements into account. QoS is the ability of the network to provide a service at an assured service level while optimizing the global usage of network resources. The QoS level that a flow receives depends on a six-bit identifier in the IP header; the so-called Differentiated Services code point (DSCP). Basically, Multi-Field classifiers classify a packet by inspecting IP/TCP headers, to decide how the packet should be processed. The current IPSec standard does hardly offer any guidance to do this, because the existing IPSec ESP security protocol hides much of this information in its encrypted payloads, preventing network control devices such as routers and switches from utilizing this information in performing classification appropriately. To solve this problem, we prop...

  13. 浅析TCP/IP协议及其安全%Analysis on TCP/IP Protocol and Its Security

    Institute of Scientific and Technical Information of China (English)

    李东灵; 毛自民

    2012-01-01

    本文主要讨论TCP/IP协议内容,以及TCP/IP协议的安全问题和几种常见的网络攻击手段.%This paper mainly discusses the TCP/IP protocol, and TCP/IP protocol security problems and some common network attack means.

  14. Discussion on data-security of space-earth integrated network and analysis of space communications protocol standards

    Institute of Scientific and Technical Information of China (English)

    Li Zehui; Liu Yong; Sun Jin

    2005-01-01

    The architecture and protocols of Internet can' t work well in space environments. To form a reliable and safe space network, characteristics of space communication network one discusse, brief synthesis is performed for consultative committee for space data system (CCSDS) space communications protocol standards (SCPS), and a model accounting for data security problem of space-earth integrated network is provided.

  15. Improving Podcast Distribution on Gwanda using PrivHab: a Multiagent Secure Georouting Protocol.

    Directory of Open Access Journals (Sweden)

    Adrián SÁNCHEZ-CARMONA

    2015-12-01

    Full Text Available We present PrivHab, a multiagent secure georouting protocol that improves podcast distribution on Gwanda, Zimbabwe. PrivHab learns the whereabouts of the nodes of the network to select an itinerary for each agent carrying a piece of data. PrivHab makes use of cryptographic techniques to make the decisions while preserving nodes' privacy. PrivHab uses a waypoint-based georouting that achieves a high performance and low overhead in rugged terrain areas that are plenty of physical obstacles. The store-carry-and-forward approach used is based on mobile agents and is designed to operate in areas that lack network infrastructure. The PrivHab protocol is compared with a set of well-known delay-tolerant routing algorithms and shown to outperform them.

  16. Efficient Noninteractive Secure Protocol Enforcing Privacy in Vehicle-to-Roadside Communication Networks

    Directory of Open Access Journals (Sweden)

    Fatty M. Salem

    2012-01-01

    Full Text Available Vehicular ad hoc networks (VANETs have attracted extensive attentions in recent years for their promises in improving safety and enabling other value-added services. In this paper, we propose an efficient noninteractive secure protocol preserving the privacy of drivers in vehicle-to-roadside (V2R communication networks with the ability of tracing malicious drivers only by a third trusted party (TTP, who is assumed to be fully trusted. Our proposed protocol can provide these complex requirements depending on symmetric cryptographic algorithms. The drivers can change the symmetric key used for message encryption with each message transmission and find noninteractively new values to be correctly used for verification and tracing in case of malicious behavior. The advantages of symmetric cryptographic algorithms over asymmetric algorithms are the faster processing speed and the shorter message length which makes it suitable for real-time applications such as V2R communications. An efficient key revocation scheme will be also described.

  17. Secure Publish-Subscribe Protocols for Heterogeneous Medical Wireless Body Area Networks

    Directory of Open Access Journals (Sweden)

    Pablo Picazo-Sanchez

    2014-11-01

    Full Text Available Security and privacy issues in medical wireless body area networks (WBANs constitute a major unsolved concern because of the challenges posed by the scarcity of resources in WBAN devices and the usability restrictions imposed by the healthcare domain. In this paper, we describe a WBAN architecture based on the well-known publish-subscribe paradigm. We present two protocols for publishing data and sending commands to a sensor that guarantee confidentiality and fine-grained access control. Both protocols are based on a recently proposed ciphertext policy attribute-based encryption (CP-ABE scheme that is lightweight enough to be embedded into wearable sensors. We show how sensors can implement lattice-based access control (LBAC policies using this scheme, which are highly appropriate for the eHealth domain. We report experimental results with a prototype implementation demonstrating the suitability of our proposed solution.

  18. Security of two-state and four-state practical quantum bit-commitment protocols

    Science.gov (United States)

    Loura, Ricardo; Arsenović, Dušan; Paunković, Nikola; Popović, Duška B.; Prvanović, Slobodan

    2016-12-01

    We study cheating strategies against a practical four-state quantum bit-commitment protocol [A. Danan and L. Vaidman, Quant. Info. Proc. 11, 769 (2012)], 10.1007/s11128-011-0284-4 and its two-state variant [R. Loura et al., Phys. Rev. A 89, 052336 (2014)], 10.1103/PhysRevA.89.052336 when the underlying quantum channels are noisy and the cheating party is constrained to using single-qubit measurements only. We show that simply inferring the transmitted photons' states by using the Breidbart basis, optimal for ambiguous (minimum-error) state discrimination, does not directly produce an optimal cheating strategy for this bit-commitment protocol. We introduce a strategy, based on certain postmeasurement processes and show it to have better chances at cheating than the direct approach. We also study to what extent sending forged geographical coordinates helps a dishonest party in breaking the binding security requirement. Finally, we investigate the impact of imperfect single-photon sources in the protocols. Our study shows that, in terms of the resources used, the four-state protocol is advantageous over the two-state version. The analysis performed can be straightforwardly generalized to any finite-qubit measurement, with the same qualitative results.

  19. SSH协议的研究与应用%Study and Application on Secure Shell Protocol

    Institute of Scientific and Technical Information of China (English)

    杨婧

    2011-01-01

    SSH support the ability of secure remote login through network environment, which is\\the powerful tool for remote server configure and management. The theory and application of secure shell protocol are discussed and an environment on virtual machine is supplied for implement of OpenSSH.%SSH协议能够实现安全的网络远程登录功能,是远程服务配置管理的有力工具,文章论述SSH的基本原理和实现方法,并结合开源软件OpenSSH,采用虚拟机方式验证SSH技术的应用环境.

  20. SEAODV: A Security Enhanced AODV Routing Protocol for Wireless Mesh Networks

    Science.gov (United States)

    Li, Celia; Wang, Zhuang; Yang, Cungang

    In this paper, we propose a Security Enhanced AODV routing protocol (SEAODV) for wireless mesh networks (WMN). SEAODV employs Blom's key pre-distribution scheme to compute the pairwise transient key (PTK) through the flooding of enhanced HELLO message and subsequently uses the established PTK to distribute the group transient key (GTK). PTK and GTK authenticate unicast and broadcast routing messages respectively. In WMN, a unique PTK is shared by each pair of nodes, while GTK is shared secretly between the node and all its one-hop neighbours. A message authentication code (MAC) is attached as the extension to the original AODV routing message to guarantee the message's authenticity and integrity in a hop-by-hop fashion. Security analysis and performance evaluation show that SEAODV is more effective in preventing identified routing attacks and outperforms ARAN and SAODV in terms of computation cost and route acquisition latency.

  1. Interoperability, Trust Based Information Sharing Protocol and Security: Digital Government Key Issues

    CERN Document Server

    Headayetullah, Md; 10.5121/ijcsit.2010.2306

    2010-01-01

    Improved interoperability between public and private organizations is of key significance to make digital government newest triumphant. Digital Government interoperability, information sharing protocol and security are measured the key issue for achieving a refined stage of digital government. Flawless interoperability is essential to share the information between diverse and merely dispersed organisations in several network environments by using computer based tools. Digital government must ensure security for its information systems, including computers and networks for providing better service to the citizens. Governments around the world are increasingly revolving to information sharing and integration for solving problems in programs and policy areas. Evils of global worry such as syndrome discovery and manage, terror campaign, immigration and border control, prohibited drug trafficking, and more demand information sharing, harmonization and cooperation amid government agencies within a country and acros...

  2. Watchdog-LEACH: A new method based on LEACH protocol to Secure Clustered Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Mohammad Reza Rohbanian

    2013-07-01

    Full Text Available Wireless sensor network comprises of small sensor nodes with limited resources. Clustered networks have been proposed in many researches to reduce the power consumption in sensor networks. LEACH is one of the most interested techniques that offer an efficient way to minimize the power consumption in sensor networks. However, due to the characteristics of restricted resources and operation in a hostile environment, WSNs are subjected to numerous threats and are vulnerable to attacks. This research proposes a solution that can be applied on LEACH to increase the level of security. In Watchdog-LEACH, some nodes are considered as watchdogs and some changes are applied on LEACH protocol for intrusion detection. Watchdog-LEACH is able to protect against a wide range of attacks and it provides security, energy efficiency and memory efficiency. The result of simulation shows that in comparison to LEACH, the energy overhead is about 2% so this method is practical and can be applied to WSNs.

  3. QoS and security in Link State Routing protocols for MANETs

    OpenAIRE

    Cervera, Gimer; Barbeau, Michel; Garcia-Alfaro, Joaquin; Kranakis, Evangelos

    2013-01-01

    International audience; We study security issues in the Optimized Link State Routing (OLSR) protocol with Quality-of-Service (QoS). We propose the function k-robust-QANS, to construct a Quality Advertisement Neighbor Set (QANS). Given a node v, the one-hop nodes selected as part of its QANS generate routing information to advertise, when possible, a set with k+1 links to reach any two-hop neighbor. Several approaches have been proposed to construct a QANS. However, none of them guarantees tha...

  4. DSSS with ISAKMP Key Management Protocol to Secure Physical Layer for Mobile Adhoc Network

    Directory of Open Access Journals (Sweden)

    G.Padmavathi

    2012-02-01

    Full Text Available The wireless and dynamic nature of mobile ad hoc networks (MANETs leaves them more vulnerable to security attacks than their wired counterparts. The nodes act both as routers and as communication endpoints. This makes the physical layer more prone to security attacks. The MANET physical layer is challenging to DoS attack and also some passive attacks. The physical layer protocol in MANETs is responsible for bit-level transmission between network nodes. The proposed model combines spread spectrum technology Direct Sequence Spread Spectrum (DSSS with key management technique ISAKMP to defend against signal jamming denial-of-service attacks in physical layer of MANET.DSSS with ISAKMP is found to be a good security solution even with its known security problems. The simulation is done using network simulator qualnet 5.0 for different number of mobile nodes. The proposed model has shown improved results in terms of Average throughput, Average end to end delay, Average packet delivery ratio, and Average jitter.

  5. SECURED DATA ON CLOUD ENVIRONMENT BY SAPA PROTOCOL WITH AUTO-RENEWAL

    Directory of Open Access Journals (Sweden)

    K. Prashanthi

    2015-10-01

    Full Text Available Cloud computing is rising as a rife knowledge interactive paradigm to understand users’ knowledge remotely hold on in a web cloud server. Cloud services offer nice conveniences for the users to relish the on-demand cloud applications while not c Knowledge Obstrucity, Forward Security, Universal Composability onsidering the native infrastructure limitations. Throughout the information accessing, completely different users could also be in a very cooperative relationship, and so knowledge sharing becomes vital to attain productive edges. The prevailing security solutions chiefly concentrate on the authentication to understand that a user’s privative knowledge cannot be unauthorized accessed, however neglect a delicate privacy issue throughout a user.It is difficult for the cloud server to request different users for knowledge sharing. The challenged access request itself might reveal the user’s privacy in spite of whether or not it will acquire the information access permissions. During this paper, we have a tendency to propose a shared authority primarily based privacy-preserving authentication protocol (SAPA to deal with higher than privacy issue for cloud storage. Within the SAPA, 1 shared access authority is achieved by anonymous access request matching mechanism with security and privacy concerns (e.g., authentication, knowledge obscurity, user privacy, and forward security; 2 attribute primarily based access management is adopted to understand that the user will solely access its own knowledge fields; 3 proxy re-encryption is applied by the cloud server to supply knowledge sharing among the multiple users. Meanwhile, universal compos ability (UC model is established to prove that the SAPA on paper has the planning correctness. It indicates that the projected protocol realizing privacy-preserving knowledge access authority sharing is enticing for multi-user cooperative cloud applications.

  6. An RSA-Based Leakage-Resilient Authenticated Key Exchange Protocol Secure against Replacement Attacks, and Its Extensions

    Science.gov (United States)

    Shin, Seonghan; Kobara, Kazukuni; Imai, Hideki

    Secure channels can be realized by an authenticated key exchange (AKE) protocol that generates authenticated session keys between the involving parties. In [32], Shin et al., proposed a new kind of AKE (RSA-AKE) protocol whose goal is to provide high efficiency and security against leakage of stored secrets as much as possible. Let us consider more powerful attacks where an adversary completely controls the communications and the stored secrets (the latter is denoted by “replacement” attacks). In this paper, we first show that the RSA-AKE protocol [32] is no longer secure against such an adversary. The main contributions of this paper are as follows: (1) we propose an RSA-based leakage-resilient AKE (RSA-AKE2) protocol that is secure against active attacks as well as replacement attacks; (2) we prove that the RSA-AKE2 protocol is secure against replacement attacks based on the number theory results; (3) we show that it is provably secure in the random oracle model, by showing the reduction to the RSA one-wayness, under an extended model that covers active attacks and replacement attacks; (4) in terms of efficiency, the RSA-AKE2 protocol is comparable to [32] in the sense that the client needs to compute only one modular multiplication with pre-computation; and (5) we also discuss about extensions of the RSA-AKE2 protocol for several security properties (i.e., synchronization of stored secrets, privacy of client and solution to server compromise-impersonation attacks).

  7. Compact Extensible Authentication Protocol for the Internet of Things: Enabling Scalable and Efficient Security Commissioning

    Directory of Open Access Journals (Sweden)

    Marcin Piotr Pawlowski

    2015-01-01

    Full Text Available Internet of Things security is one of the most challenging parts of the domain. Combining strong cryptography and lifelong security with highly constrained devices under conditions of limited energy consumption and no maintenance time is extremely difficult task. This paper presents an approach that combines authentication and bootstrapping protocol (TEPANOM with Extensible Authentication Protocol (EAP framework optimized for the IEEE 802.15.4 networks. The solution achieves significant reduction of network resource usage. Additionally, by application of EAP header compacting approach, further network usage savings have been reached. The EAP-TEPANOM solution has achieved substantial reduction of 42% in the number of transferred packets and 35% reduction of the transferred data. By application of EAP header compaction, it has been possible to achieve up to 80% smaller EAP header. That comprises further reduction of transferred data for 3.84% for the EAP-TEPANOM method and 10% for the EAP-TLS-ECDSA based methods. The results have placed the EAP-TEPANOM method as one of the most lightweight EAP methods from ones that have been tested throughout this research, making it feasible for large scale deployments scenarios of IoT.

  8. Adequate Security Protocols Adopt in a Conceptual Model in Identity Management for the Civil Registry of Ecuador

    Science.gov (United States)

    Toapanta, Moisés; Mafla, Enrique; Orizaga, Antonio

    2017-08-01

    We analyzed the problems of security of the information of the civil registries and identification at world level that are considered strategic. The objective is to adopt the appropriate security protocols in a conceptual model in the identity management for the Civil Registry of Ecuador. In this phase, the appropriate security protocols were determined in a Conceptual Model in Identity Management with Authentication, Authorization and Auditing (AAA). We used the deductive method and exploratory research to define the appropriate security protocols to be adopted in the identity model: IPSec, DNSsec, Radius, SSL, TLS, IEEE 802.1X EAP, Set. It was a prototype of the location of the security protocols adopted in the logical design of the technological infrastructure considering the conceptual model for Identity, Authentication, Authorization, and Audit management. It was concluded that the adopted protocols are appropriate for a distributed database and should have a direct relationship with the algorithms, which allows vulnerability and risk mitigation taking into account confidentiality, integrity and availability (CIA).

  9. Security Proof for Rhee Protocol%Rhee协议的安全性证明

    Institute of Scientific and Technical Information of China (English)

    邓强东; 王立斌

    2012-01-01

    By using the Juels model, a formal proof is given that the output of the Rhee protocol preserves privacy, denotes as ind-privacy. The accurate security boundary of the Rhee protocol is computed rigorously. The privacy of protocol is reduced tightly to assumption that the Random Oracle is existed by utilizing the Game-based technique and the Shoup lemma which can distinguish adjacent game with the negligible probability of upper bound. This technique is a powerful tool for analyzing and solving the privacy problem of Radio Frequency Identification(RFID)system, and provides an effective and universal solution in the future.%在Juels模型下,证明Rhee协议具有不可区分的强隐私性,并得到确切的安全界.协议的证明使用基 于Game的方法和Shoup引理确定相邻Game之间可区分的概率上界,由于概率上界是可忽略的,因此将协议的不可区分的隐私性归约到随机 预言机存在的假设上.该证明技术能够用于分析和解决无线射频识别系统安全性问题.

  10. The Phish-Market Protocol: Securely Sharing Attack Data between Competitors

    Science.gov (United States)

    Moran, Tal; Moore, Tyler

    A key way in which banks mitigate the effects of phishing is to remove fraudulent websites or suspend abusive domain names. This 'take-down' is often subcontracted to specialist firms. Prior work has shown that these take-down companies refuse to share 'feeds' of phishing website URLs with each other, and consequently, many phishing websites are not removed because the firm with the take-down contract remains unaware of their existence. The take-down companies are reticent to exchange feeds, fearing that competitors with less comprehensive lists might 'free-ride' off their efforts by not investing resources to find new websites, as well as use the feeds to poach clients. In this paper, we propose the Phish-Market protocol, which enables companies with less comprehensive feeds to learn about websites impersonating their own clients that are held by other firms. The protocol is designed so that the contributing firm is compensated only for those websites affecting its competitor's clients and only those previously unknown to the receiving firm. Crucially, the protocol does not reveal to the contributing firm which URLs are needed by the receiver, as this is viewed as sensitive information by take-down firms. Using complete lists of phishing URLs obtained from two large take-down companies, our elliptic-curve-based implementation added a negligible average 5 second delay to securely share URLs.

  11. A Secure 3-Way Routing Protocols for Intermittently Connected Mobile Ad Hoc Networks

    Directory of Open Access Journals (Sweden)

    Ramesh Sekaran

    2014-01-01

    Full Text Available The mobile ad hoc network may be partially connected or it may be disconnected in nature and these forms of networks are termed intermittently connected mobile ad hoc network (ICMANET. The routing in such disconnected network is commonly an arduous task. Many routing protocols have been proposed for routing in ICMANET since decades. The routing techniques in existence for ICMANET are, namely, flooding, epidemic, probabilistic, copy case, spray and wait, and so forth. These techniques achieve an effective routing with minimum latency, higher delivery ratio, lesser overhead, and so forth. Though these techniques generate effective results, in this paper, we propose novel routing algorithms grounded on agent and cryptographic techniques, namely, location dissemination service (LoDiS routing with agent AES, A-LoDiS with agent AES routing, and B-LoDiS with agent AES routing, ensuring optimal results with respect to various network routing parameters. The algorithm along with efficient routing ensures higher degree of security. The security level is cited testing with respect to possibility of malicious nodes into the network. This paper also aids, with the comparative results of proposed algorithms, for secure routing in ICMANET.

  12. A secure 3-way routing protocols for intermittently connected mobile ad hoc networks.

    Science.gov (United States)

    Sekaran, Ramesh; Parasuraman, Ganesh Kumar

    2014-01-01

    The mobile ad hoc network may be partially connected or it may be disconnected in nature and these forms of networks are termed intermittently connected mobile ad hoc network (ICMANET). The routing in such disconnected network is commonly an arduous task. Many routing protocols have been proposed for routing in ICMANET since decades. The routing techniques in existence for ICMANET are, namely, flooding, epidemic, probabilistic, copy case, spray and wait, and so forth. These techniques achieve an effective routing with minimum latency, higher delivery ratio, lesser overhead, and so forth. Though these techniques generate effective results, in this paper, we propose novel routing algorithms grounded on agent and cryptographic techniques, namely, location dissemination service (LoDiS) routing with agent AES, A-LoDiS with agent AES routing, and B-LoDiS with agent AES routing, ensuring optimal results with respect to various network routing parameters. The algorithm along with efficient routing ensures higher degree of security. The security level is cited testing with respect to possibility of malicious nodes into the network. This paper also aids, with the comparative results of proposed algorithms, for secure routing in ICMANET.

  13. Secure and lightweight network admission and transmission protocol for body sensor networks.

    Science.gov (United States)

    He, Daojing; Chen, Chun; Chan, Sammy; Bu, Jiajun; Zhang, Pingxin

    2013-05-01

    A body sensor network (BSN) is a wireless network of biosensors and a local processing unit, which is commonly referred to as the personal wireless hub (PWH). Personal health information (PHI) is collected by biosensors and delivered to the PWH before it is forwarded to the remote healthcare center for further processing. In a BSN, it is critical to only admit eligible biosensors and PWH into the network. Also, securing the transmission from each biosensor to PWH is essential not only for ensuring safety of PHI delivery, but also for preserving the privacy of PHI. In this paper, we present the design, implementation, and evaluation of a secure network admission and transmission subsystem based on a polynomial-based authentication scheme. The procedures in this subsystem to establish keys for each biosensor are communication efficient and energy efficient. Moreover, based on the observation that an adversary eavesdropping in a BSN faces inevitable channel errors, we propose to exploit the adversary's uncertainty regarding the PHI transmission to update the individual key dynamically and improve key secrecy. In addition to the theoretical analysis that demonstrates the security properties of our system, this paper also reports the experimental results of the proposed protocol on resource-limited sensor platforms, which show the efficiency of our system in practice.

  14. Implementation and Test of a Secure Mechanism's Modules in Routing Protocol of MANETs with the Theory of Games

    Directory of Open Access Journals (Sweden)

    Karim KONATE

    2012-08-01

    Full Text Available The present work is dedicated to the implementation of a secure mechanism’s modules in routing protocol of MANET with the theory of games. First we are doing an introduction to what the Mobile Ad hoc Networks (MANETs and a presentation of some various attacks in MANETs pertaining to fail routing protocols. We study these attacks and the mechanisms which the secured routing protocols use to counter them. In the second hand we also study a reputation mechanism and we also propose a secure algorithm based on the reputation. Our work ends with a proposal analytical model by the theorical games and an implementation to the modules of our mechanism..

  15. A Partially Non-Cryptographic Security Routing Protocol in Mobile Ad Hoc Networks

    Institute of Scientific and Technical Information of China (English)

    CHEN Jing; CUI Guohua

    2006-01-01

    In this paper, we propose a partially non-cryptographic security routing protocol(PNCSR ) that protects both routing and data forwarding operations through the same reactive approach. PNCSR only apply public-key cryptographic system in managing token, but it doesn't utilize any cryptographic primitives on the routing messages. In PNCSR, each node is fair. Local neighboring nodes collaboratively monitor each other and sustain each other. It also uses a novel credit strategy which additively increases the token lifetime each time a node renews its token. We also analyze the storage, computation, and communication overhead of PNCSR, and provide a simple yet meaningful overhead comparison. Finally, the simulation results show the effectiveness of PNCSR in various situations.

  16. The Kyoto protocol - a victim of supply security? or: if Maslow were in energy politics

    Energy Technology Data Exchange (ETDEWEB)

    Frei, Christoph W. E-mail: christoph.frei@weforum.org

    2004-07-01

    History suggests that energy policy priorities can be stratified, similar to the way Maslow structured his famous pyramid of human needs. The essay below claims that access to energy, supply security, energy costs, environmental issues and social acceptance are not subject to trade-off, but to a hierarchy that underlies the importance of satisfying lower-order needs before addressing the higher-order needs. The essay demonstrates the hierarchy with an 'energy policy needs pyramid' based on historical evidence. The pyramid is used to analyze the viability of current items of the energy policy agenda. Conclusions indicate that the Kyoto protocol might be a victim of supply insecurity, that OPEC is good for the environment and that environmentalists should make the fight against energy poverty their first priority in order to achieve their overall goals.

  17. A Secure Routing Protocol to Eliminate Integrity, Authentication and Sleep Deprivation Based Threats in Mobile Ad hoc Network

    Directory of Open Access Journals (Sweden)

    Edna E. Nallathambi

    2011-01-01

    Full Text Available Problem statement: Network security in Mobile Ad hoc Network (MANET is a major issue. Some of the attacks such as modification, impersonation, Time To Live (TTL and sleep deprivation are due to misbehaviour of malicious nodes, which disrupts the transmission. Some of the existing security protocols such as ARAN, SAODV and SEAD are basically used to detect and eliminate one or two types of attacks. The major requirement of a secure protocol is to prevent and eliminate many attacks simultaneously which will make the MANETs more secured. Approach: We propose the algorithm that can prevent and also eliminate multiple attacks simultaneously, called MIST algorithm (Modification, Impersonation, Sleep deprivation and TTL attacks. This algorithm is written on Node Transition Probability (NTP based protocol which provides maximum utilization of bandwidth during heavy traffic with less overhead. Thus this has been named MIST NTP. Results: The proposed MIST NTP has been compared with NTP without the MIST algorithm, Authenticated Routing for Ad hoc Networks (ARAN and Ad hoc on Demand Distance Vector (AODV. Extensive packet level simulations show that MIST NTP produces around 10% less end to end delay than ARAN, it even drops 30% fewer packets compared to malicious NTP on an average and around 50-60% fewer packets compared to AODV during multiple attacks. Conclusion: The results ensure that MIST NTP can break the greatest security challenge prevailing in MANETs by securing the MANET against several attacks at once.

  18. Designing Secure Clustering Protocol With The Approach Of Reducing Energy Consumption In Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Sanaz Sadeghi

    2013-07-01

    Full Text Available In recent years, many researchers have focused on wireless sensor networks and their applications. Toobtain scalability potential in these networks most of the nodes are categorized as distinct groups namedcluster and the node which is selected as cluster head or Aggregation Node offers the operation of datacollection from other cluster nodes and aggregation and sending it to the rest of the network. Clusteringand data aggregation increase network scalability and cause that limited resources of the network are usedwell. However, these mechanisms also make several breaches in the network, for example in clusterednetworks cluster head nodes areconsidered Desirable and attractive targets for attackers since reachingtheir information whether by physical attack and node capturing or by other attacks, the attacker canobtain the whole information of corresponding cluster. In this study secure clustering of the nodes areconsidered with the approach of reducing energy consumption of nodes and a protocol is presented that inaddition to satisfying Advanced security needs of wireless sensor networks reduces the amount of energyconsumption by the nodes. Due to network clustering there is scalability potential in such a network andAccording to frequent change of cluster head nodes load distribution is performed in the cluster andeventually increase the network lifetime.

  19. STFTP: Secure TFTP Protocol for Embedded Multi-Agent Systems Communication

    Directory of Open Access Journals (Sweden)

    ZAGAR, D.

    2013-05-01

    Full Text Available Today's embedded systems have evolved into multipurpose devices moving towards an embedded multi-agent system (MAS infrastructure. With the involvement of MAS in embedded systems, one remaining issues is establishing communication between agents in low computational power and low memory embedded systems without present Embedded Operating System (EOS. One solution is the extension of an outdated Trivial File Transfer Protocol (TFTP. The main advantage of using TFTP in embedded systems is the easy implementation. However, the problem at hand is the overall lack of security mechanisms in TFTP. This paper proposes an extension to the existing TFTP in a form of added security mechanisms: STFTP. The authentication is proposed using Digest Access Authentication process whereas the data encryption can be performed by various cryptographic algorithms. The proposal is experimentally tested using two embedded systems based on micro-controller architecture. Communication is analyzed for authentication, data rate and transfer time versus various data encryption ciphers and files sizes. STFTP results in an expected drop in performance, which is in the range of similar encryption algorithms. The system could be improved by using embedded systems of higher computational power or by the use of hardware encryption modules.

  20. An Energy Efficient and Secure Clustering Protocol for Military based WSN

    Directory of Open Access Journals (Sweden)

    Prachi

    2017-01-01

    Full Text Available Less contiguous nature of military applications demands for surveillance of widespread areas that are indeed harder to monitor. Unlike traditional Wireless Sensor Networks (WSNs, a military based large size sensor network possesses unique requirements/challenges in terms of self-configuration, coverage, connectivity and energy dissipation. Taking this aspect into consideration, this paper proposes a novel, efficient and secure clustering method for military based applications. In any clustering based approach, one of the prime concerns is appropriate selection of Cluster Heads and formation of balanced clusters. This paper proposes and analyzes two schemes, Average Energy based Clustering (AEC and Threshold Energy based Clustering (TEC. In AEC, a node is elected as Cluster Head (CH if its residual energy is above the average energy of its cluster whereas in case of TEC, a node is elected as Cluster Head if its residual energy is above the threshold energy. Further, both AEC and TEC choose nodes as CHs if their distance lies within safety zone of the Base Station. In this paper, aim is to come up with a solution that not only conserves energy but balance load while electing safe nodes as CHs. The performance of proposed protocols was critically evaluated in terms of network lifetime, average residual energy of nodes and uniformity in energy dissipation of nodes. Results clearly demonstrated that AEC is successful in incorporating security whilst increasing overall lifetime of network, load balance and uniform energy dissipation.

  1. A secure distance-based RFID identification protocol with an off-line back-end database

    NARCIS (Netherlands)

    Peris-Lopez, P.; Orfila, A.; Palomar, E.; Hernandez-Castro, J.C.

    2011-01-01

    The design of a secure RFID identification scheme is a thought-provoking challenge, and this paper deals with this problem adopting a groundbreaking approach. The proposed protocol, called Noent, is based on cryptographic puzzles to avoid the indiscriminate disclose of the confidential information

  2. Deterministic Secure Quantum Communication and Authentication Protocol based on Extended GHZ-W State and Quantum One-time Pad

    Science.gov (United States)

    Li, Na; Li, Jian; Li, Lei-Lei; Wang, Zheng; Wang, Tao

    2016-08-01

    A deterministic secure quantum communication and authentication protocol based on extended GHZ-W state and quantum one-time pad is proposed. In the protocol, state | φ -> is used as the carrier. One photon of | φ -> state is sent to Alice, and Alice obtains a random key by measuring photons with bases determined by ID. The information of bases is secret to others except Alice and Bob. Extended GHZ-W states are used as decoy photons, the positions of which in information sequence are encoded with identity string ID of the legal user, and the eavesdropping detection rate reaches 81%. The eavesdropping detection based on extended GHZ-W state combines with authentication and the secret ID ensures the security of the protocol.

  3. Mobile Ad Hoc Network Security for Reactive Routing Protocol with Node Reputation Scheme

    Directory of Open Access Journals (Sweden)

    A. Suresh

    2011-01-01

    Full Text Available The mobile node’s reputation in the Mobile Ad hoc Network (MANET identifies its trust worthiness for secured multiple data communication. Unknown nature of the node’s communication status for initial period has great impact in the effective data transfer as MANET is self-organized and distributed. Problem statement: The functional operation of the mobile network relies on the trusty cooperation between the nodes. The major factor in securing the MANET is based on the quantification of node’s reputation and trustworthiness. The previous literatures provided uncertainty model to reflect a node’s confidence in sufficiency of its past experience and effect of collecting trust information from the unknown node status. With node mobility characteristic, it reduces unknown nature and speed up trust convergence. Approach: Mobility-assisted uncertainty reduction schemes comprised of, proactive schemes, that achieve trust convergence and reactive schemes provide node authentication and their reputation. They provide an acceptable trade-off between delay and uncertainty. The mobility based node reputation scheme presented in this study, identifies and monitor the node’s trustworthiness in sharing the information within the ad hoc network. Mobile nodes information uncertainty is handled with the mobility characteristics and its reputation is evaluated to trust or discard the node’s communication. Results: Simulations are carried out to evaluate the performance of mobility based node reputation scheme by measuring the nodes consistency behavior, neighboring communication rate and path diversity. Conclusion: The average node’s neighboring communication rate is high for the proposed mobility based reputation scheme compared to the reactive routing protocols.

  4. CCMP-AES Model with DSR routing protocol to secure Link layer and Network layer in Mobile Adhoc Networks

    Directory of Open Access Journals (Sweden)

    Dr.G.Padmavathi

    2010-08-01

    Full Text Available Mobile Adhoc network is a special kind of wireless networks. It is a collection of mobile nodes without having aid of established infrastructure. Mobile Adhoc network are vulnerable to attacks compared to wired networks due to limited physical security, volatilenetwork topologies, power-constrained operations, intrinsic requirement of mutual trust among all nodes. During deployment, security emerges as a central requirement due to many attacks that affects the performance of the ad hoc networks. Particularly Blackhole attack is one such severe attack against ad hoc routing protocols which is a challenging one to defend against. The proposed model combines the On demand routing protocol DSR with CCMP-AES mode to defend against black hole attack and it also provides confidentiality and authentication of packets in both routing and link layers of MANET. The primary focus of this work is to provide security mechanisms while transmitting data frames in a node to node manner. The security protocol CCMP-AES working in data link layerkeeps data frame from eavesdropping, interception, alteration, or dropping from unauthorized party along the route from the source to the destination. The simulation is done for different number of mobile nodes using network simulator qualnet 5.0. The proposedmodel has shown better results in terms of Total bytes received, packet delivery ratio, throughput, End to End delay and Average jitter.

  5. E-APSAR:Enhanced Anonymous Position Based Security Aware Routing Protocol For Manets

    Directory of Open Access Journals (Sweden)

    Priyanka Malgi

    2014-03-01

    Full Text Available In the past few years, we have seen a rapid expansion in the field of mobile computing due to the pro- liferation of inexpensive, widely available wireless devices or networks.However, all these networks are conventional wireless networks as they require a fixed network infrastructure with cen- tralised administration for their operation, potentially consuming a lot of time and money for set-up and maintenance.Drawbacks of conventional wireless networks are driving a new alternative way for mobile communication, in which mobile devices form a selfcreating, self-organising and self-administering wireless network, called a mobile ad hoc network.In mobile ad-hoc networking (MANETs, nodes communicate to each other based on public identities. In this paper,for a position based routing[22] an innovative packet forwarding mechanism is proposed in which source node generates route request packet and broadcast packet to other neighbor nodes to locate destination by implementing black hole attack[8]. Proposed E-APSAR (Enhanced Anonymous Position Based security aware routing protocol is implemented on NS-2 and results shown significant improvement over original DSR in terms of various performance metrics. It has been found that on dense network certain numbers of malicious nodes are supportive to reducing communication overhead and because of density negative effect of malicious attacks which is proposed E-APSAR that is able to reduce. Hence result shows proposed E-APSAR will be helpful to decrease communication overhead.

  6. Modelling Efficient Process Oriented Architecture for Secure Mobile Commerce Using Hybrid Routing Protocol in Mobile Adhoc Network

    Directory of Open Access Journals (Sweden)

    Chitra Kiran N

    2012-01-01

    Full Text Available The proposed research work presents a novel approach of process oriented architecture for secure mobile commerce framework using uniquely designed hybrid mobile adhoc routing protocols using reactive and proactive type in real time test-bed. The research work discusses about deployment of mobile commerce which is one of the emerging trend in mobile applications with huge demands. Majority of the existing system lacks either QoS or efficient security protocol when it relates to secure mobile transaction due to the reason that development in wireless technology involved in m-commerce is still in its nascent stage. The real time test bed has been implemented with 20 Intel Atom processor with 32 bit OS establishing an adhoc network and by providing a random mobility to achieve any file type transfer from node to node. For the real-time set up purpose, the experiment is conducted in wireless infrastructure with mobility using G-based Linksys wireless router. Iteration of experiments conducted shows a satisfactory results. This research journal will provide insights with various parameters, security requirements, and concepts which is required in creating a robust model for secure m-commerce system.

  7. ANODR-ECC Key Management protocol with TELNET to secure Application and Network layer for Mobile Adhoc Networks

    Directory of Open Access Journals (Sweden)

    G.Padmavathi

    2012-02-01

    Full Text Available A mobile ad hoc network (MANETs is a self-organizing network that consists of mobile nodes that are connected through wireless media. A number of unique features, such as lack of infrastructural or central administrative supports, dynamic network topologies, open communication channels, and limited device capabilities and bandwidths, have made secure, reliable and efficient routing operations in MANET a challenging task. The ultimate goal of the security solutions for MANET is to provide security services, such as authentication, confidentiality, integrity, anonymity, and availability to mobile users. To achieve the goals, the security solution need for entire protocol stack. . The proposed protocol ANODRECC with Telnet provide application layer security and it ensures route anonymity and location privacy and is robust against eavesdropping attack.For route anonymity, it prevents strong adversaries from tracing a packet flow back to its source or destination; for location privacy, it ensures that adversaries cannot discover the real identities of local transmitters. The simulation is done using network simulator qualnet 5.0 for different number of mobile nodes. The proposed model has exposed improved results in terms of Average throughput, Average end to end delay, Average packet delivery ratio and Average jitter.

  8. A Novel Fast and Secure Mutual Remote User Authentication Protocol with Session Key Agreement Using Second Order Cellular Automata

    Directory of Open Access Journals (Sweden)

    Sofiane Baghor

    2016-06-01

    Full Text Available In this paper, we propose a novel remote user authentication protocol with session key agreement, using the mechanism of one-dimensional second order cellular automata. The scheme use simple and elementary operations to handle the problem of mutual authentication between two communicating parties, and enable the sharing of a common secure session key. Security of the proposed scheme is shown to be high, while it resist most common attacks on authentications schemes. Besides, runtime performances of the authentication protocol are very competitive, and outperform those of existing similar schemes. The proposed schemes ensure the three authentication requirements, namely the mutuality, the authenticity and the key agreement using only elementary and parallelizable operations, without requiring any addition cryptographic functions

  9. A Contribution to Secure the Routing Protocol "Greedy Perimeter Stateless Routing" Using a Symmetric Signature-Based AES and MD5 Hash

    CERN Document Server

    Erritali, Mohammed; Ouahidi, Bouabid El; 10.5121/ijdps.2011.2509

    2011-01-01

    This work presents a contribution to secure the routing protocol GPSR (Greedy Perimeter Stateless Routing) for vehicular ad hoc networks, we examine the possible attacks against GPSR and security solutions proposed by different research teams working on ad hoc network security. Then, we propose a solution to secure GPSR packet by adding a digital signature based on symmetric cryptography generated using the AES algorithm and the MD5 hash function more suited to a mobile environment.

  10. 基于Spi演算的安全协议验证%VERIFYING SECURITY PROTOCOLS BASED ON SPI CALCULUS

    Institute of Scientific and Technical Information of China (English)

    郑清雄

    2011-01-01

    在安全协议的各种验证方法中,进程代数方法依托完善的进程演算理论得到了很好的应用.Spi演算在PI演算的基础上扩充了密码操作原语来刻画安全协议,并使用测试等价验证安全属性.讨论了利用Spi演算进行验证的过程,并对经典NSSK协议进行分析.%Among several authentication methods for security protocols, process algebra approach which relies on a sound theory of concurrent process calculus has been well applied.The Spi calculus depicts security protocols as an extension of the pi calculus by enriching its cryptographic primitives, and uses testing equivalence to verify security properties.The process of authentication with Spi calculus is discussed in the paper, the analysis on classical NSSK protocol is carried out using this approach as well.

  11. Internet密钥IKE协议安全性分析%Security Analysis for Internet Key Exchange Protocol

    Institute of Scientific and Technical Information of China (English)

    马萌; 王全成; 康乃林

    2013-01-01

    To deal with complex metwork threats and attacks faces by Internet Key Exchange protocol, this paper analyzes the essential thoughts of Internet Key Exchange protocol and four main security defects in detail, and helps making up possible security vulnerabilities and hidden dangers through adopting more effective information security technology and methods, and thus meets increasing need in network security applications.%为了应对Internet密钥交换协议面临的复杂多样的网络威胁和攻击手段,本文详细分析了IKE协议的基本思想和主要存在的四个方面的安全缺陷,为采取更加有效的信息安全技术和方法,堵塞可能的安全漏洞和隐患提供帮助,从而满足日益增长的网络安全应用要求。

  12. 电子商务安全协议分析%Research on the Situation of E - Commerce and Study on Security Protocol

    Institute of Scientific and Technical Information of China (English)

    沈二波

    2012-01-01

    This paper analyzes the course of Electronic Commerce, studies the present situation of security of E commerce and argues that tile network payment security is the main bottleneck during the development of E commerce. As the key factors affecting the secu rity of network payment is Network Protocol, this paper analyzes and compares the security of two protocols, then verifies that using SSL is more secure than using http.%对两种常见网络协议的结构进行了分析与比较,通过实际网络环境操作,验证了SSL协议的安全性.

  13. AODVSEC: A Novel Approach to Secure Ad Hoc on-Demand Distance Vector (AODV Routing Protocol from Insider Attacks in MANETs

    Directory of Open Access Journals (Sweden)

    Akshai Aggarwal

    2012-08-01

    Full Text Available Mobile Ad hoc Network (MANET is a collection of mobile nodes that can communicate with each other using multihop wireless links without requiring any fixed based-station infrastructure and centralizedmanagement. Each node in the network acts as both a host and a router. In such scenario, designing of an efficient, reliable and secure routing protocol has been a major challenging issue over the last many years. Numerous schemes have been proposed for secure routing protocols and most of the research work has so far focused on providing security for routing using cryptography. In this paper, we propose a novel approach to secure Ad hoc On-demand Distance Vector (AODV routing protocol from the insider attacks launched through active forging of its Route Reply (RREP control message. AODV routing protocol does not have any security provision that makes it less reliable in publicly open ad hoc network. To deal with the concerned security attacks, we have proposed AODV Security Extension (AODVSEC which enhances the scope of AODV for the security provision. We have compared AODVSEC with AODV and Secure AODV (SAODV in normal situation as well as in presence of the three concerned attacks viz.Resource Consumption (RC attack, Route Disturb (RD attack, Route Invasion (RI attack and Blackhole (BH attack. To evaluate the performances, we have considered Packet Delivery Fraction (PDF, Average End-to-End Delay (AED, Average Throughput (AT, Normalized Routing Load (NRL and Average Jitter and Accumulated Average Processing Time.

  14. DEVELOPMENT OF AN ENERGY- EFFICIENT, SECURE AND RELIABLE WIRELESS SENSOR NETWORKS ROUTING PROTOCOL BASED ON DATA AGGREGATION AND USER AUTHENTICATION

    Directory of Open Access Journals (Sweden)

    A. Gopi Saminathan

    2013-01-01

    Full Text Available Data aggregation protocols are required in Wireless Sensor Networks (WSNs to improve the data accuracy and extend the network lifetime by reducing the energy consumption. The existing Data Aggregation-Optimal LEACH (DAO-LEACH protocol for WSN is enhanced in terms of security and fault-tolerance based on Gracefully Degraded Data Aggregation (GDDA to ensure the integrity of the aggregated data and Hybrid Layer User Authentication (HLUA to ensure the confidentiality of the aggregated data. This data aggregation scheme rejects the false data from compromised and malfunctioning Sensor Nodes (SNs. HLUA consists of a combination of Secret Key Cryptography (SKC method such as Message Authentication Code (MAC algorithm and Public Key Cryptography (PKC method such as Elliptic Curve Cryptography (ECC. MAC algorithm is used between the Cluster Heads (CHs and SNs to fulfill lower power demand, while ECC is applied for User Authentication (UA between CHs and users. The enhanced DAO-LEACH protocol is resistant to security attacks such as, replay attacks, node compromising attacks and impersonation attacks. It performs better in terms of energy consumption, number of nodes alive, End-to-End Delay (EED, false data detection and aggregation accuracy.

  15. Secure Quantum Private Comparison Protocol Based on the Entanglement Swapping Between Three-Particle W-Class State and Bell State

    Science.gov (United States)

    Li, Jian; Jia, Lu; Zhou, Hong-Fu; Zhang, Ting-Ting

    2016-03-01

    We propose a new quantum private comparison protocol with the help of a semi-honest third party (TP), enabling two participants to compare the equality of their private inputs without exposing any information about their respective private inputs. Different from previous protocols, our protocol utilizes the properties of entanglement swapping between three-particle W-Class state and Bell state. The presented protocol can ensure correctness, fairness and security. Meanwhile, all the quantum particles undergo a one-way transmission, and all the participants including TP are just required having the ability to perform Bell-state measurement and exclusive-or operation which make our protocol more feasible and efficient. At last, the security of this protocol with respect to various kinds of attacks is analyzed in detail.

  16. An Ingenious Wireless Home Security System and Protocol based upon Multi-hop 802.15.4 standard, Magnetic contact and PIR sensor

    Directory of Open Access Journals (Sweden)

    Ulya Sabeel

    2013-09-01

    Full Text Available Security is the major part of home automation systems for the people. With the development of network and automatic control technology, a home security monitoring and alarming system becomes more and more practicable today. In this paper we have proposed simple, low cost, low power consumption and a novel method for implementing the home security using Zigbee (802.15.4 standard and also a security protocol for detecting and localizing identity based attacks in the system. We have named our scheme as Wireless Home Security System (WHSS and protocol as Wireless Home Security Protocol (WHSP. It consists of many sensor nodes deployed in the rooms as well as the doors/ windows of the house together with the zigbee modules which act as end devices that monitor continuously and send the security status of each room to the coordinator node connected to a PC which acts as the master. The communication in this case is multi-hop which provides unlimited range. Here we have used the XBEE Pro series1 (XBP24-AWI-001 radios for RF communication, DYP-ME003 PIR sensor, and Contact Door / window sensor based on magnetic reed switch (ORD221.The hardware implementation has been tested for validation successfully. The software has been implemented using C#. Also the performance of our proposed security protocol has been analysed using NS2 and is found to be satisfactory.

  17. Finalizing the CCSDS Space-Data Link Layer Security Protocol: Setup and Execution of the Interoperability Testing

    Science.gov (United States)

    Fischer, Daniel; Aguilar-Sanchez, Ignacio; Saba, Bruno; Moury, Gilles; Biggerstaff, Craig; Bailey, Brandon; Weiss, Howard; Pilgram, Martin; Richter, Dorothea

    2015-01-01

    The protection of data transmitted over the space-link is an issue of growing importance also for civilian space missions. Through the Consultative Committee for Space Data Systems (CCSDS), space agencies have reacted to this need by specifying the Space Data-Link Layer Security (SDLS) protocol which provides confidentiality and integrity services for the CCSDS Telemetry (TM), Telecommand (TC) and Advanced Orbiting Services (AOS) space data-link protocols. This paper describes the approach of the CCSDS SDLS working group to specify and execute the necessary interoperability tests. It first details the individual SDLS implementations that have been produced by ESA, NASA, and CNES and then the overall architecture that allows the interoperability tests between them. The paper reports on the results of the interoperability tests and identifies relevant aspects for the evolution of the test environment.

  18. A Review of Attacks and Security Protocols for Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Fangmin Sun

    2014-05-01

    Full Text Available With the development of the wireless communication technology and the improvement of the performance of the MEMS sensor, wireless sensor networks are widely used in various application scenarios such as smart building, intelligent transportation, ubiquitous and unobtrusive health monitoring system, etc. As information communicated among these networks is usually of privacy, so security in wireless sensor networks is of particular importance, and sensitive information must be protected from unauthorized usage for personal advantages and fraudulent acts. While, due to the extremely stringent constraints of energy, memory and computation ability, securing the communication among the sensors has posed various challenges to researchers. And at present, studies toward completely secure sensor networks are still in their infancy stages. In this paper, we explained the basic conceptions and the essential knowledge in the area of wireless senor network; and then we introduced and classified the common security attacks designed to demolish the wireless sensor networks, and the corresponding countermeasures against these issues are followed; examples of security problems in the application of health monitoring field are specially presented in the last section; and finally, we summarized the paper and imagined the possible future development of the security problems of the wireless sensor networks. I hope through this paper, one can learn the recent development of the attack and securing technology in the wireless sensor network and then develop more advanced anti-attack methods

  19. A Secure Multi-Party Computation Protocol for Malicious Computation Prevention for preserving privacy during Data Mining

    CERN Document Server

    Mishra, Dr Durgesh Kumar; Kapoor, Nikhil; Bahety, Ravish

    2009-01-01

    Secure Multi-Party Computation (SMC) allows parties with similar background to compute results upon their private data, minimizing the threat of disclosure. The exponential increase in sensitive data that needs to be passed upon networked computers and the stupendous growth of internet has precipitated vast opportunities for cooperative computation, where parties come together to facilitate computations and draw out conclusions that are mutually beneficial; at the same time aspiring to keep their private data secure. These computations are generally required to be done between competitors, who are obviously weary of each-others intentions. SMC caters not only to the needs of such parties but also provides plausible solutions to individual organizations for problems like privacy-preserving database query, privacy-preserving scientific computations, privacy-preserving intrusion detection and privacy-preserving data mining. This paper is an extension to a previously proposed protocol Encrytpo_Random, which prese...

  20. A Security plan for LMOs - concentrated on environmental policy of Biosafety Protocol

    Energy Technology Data Exchange (ETDEWEB)

    Park, Yong Ha [Korea Environment Institute, Seoul (Korea)

    1998-12-01

    Biotechnology industry in Korea is raised by the national support. Also, Korea imports 70% of entire agricultural products. Considering the present situation in Korea, signing a Biosafety Protocol is necessary to prevent harm by LMOs and to protect associated biotechnological industry. Therefore, the problems on signing Biosafety Protocol were analyzed and the environmental policy to be pursued was proposed. This study result will be a cornerstone to prepare a definite environmental policy by government. 54 refs., 7 figs., 27 tabs.

  1. Experimental Platform for Usability Testing of Secure Medical Sensor Network Protocols

    DEFF Research Database (Denmark)

    Andersen, Jacob; Lo, Benny P.; Yang, Guang-Zhong

    2008-01-01

    designed security mechanisms are essential. Several experimental sensor network platforms have emerged in recent years targeted for clinical use. However, few of them consider the importance of security issues such as privacy and access control, and how these can impact the usability of the platform, while......Implementing security mechanisms such as access control for clinical use is a challenging research issue in BSN due to its required heterogeneous operating responses ranging from chronic diseases management to emergency care. To ensure the clinical uptake of the BSN technology, appropriately...... others develop BSN security without considering how a prototype implementation would be received by clinicians in real-life situations. The purpose of this paper is to present our initial effort in building a flexible experimental platform for providing a basic infrastructure with symmetric AES...

  2. New and secure location protocol based on RSSI%一种新的RSSI安全定位协议

    Institute of Scientific and Technical Information of China (English)

    胡向东; 崔鹏; 胡韬

    2013-01-01

    在分析现有安全定位方法及其特点的基础上,提出一种基于簇头检测、结合对称加密和非对称加密的安全定位协议,引入质心法对定位结果进行校正.仿真结果表明该定位协议具有较高的定位精度,并能有效地抵御恶意节点的攻击.%Based on the analysis of known secure positioning methods and their shortcomings,this paper proposed a new and secure location protocol by cluster head detection as well as using the asymmetric encryption and symmetric one.Furthermore,it used centroid method to calibrate the positioning data.The simulation results show that the proposed locating protocol experiences a high precision of location and it can defense the attack of malicious nodes very well.

  3. Efficient and Spontaneous Privacy-Preserving Protocol for Secure Vehicular Communications

    CERN Document Server

    Xiong, Hu; Qin, Zhiguang

    2009-01-01

    This paper introduces an efficient and spontaneous privacy-preserving protocol for vehicular ad-hoc networks based on revocable ring signature. The proposed protocol has three appealing characteristics: First, it offers conditional privacy-preservation: while a receiver can verify that a message issuer is an authorized participant in the system only a trusted authority can reveal the true identity of a message sender. Second, it is spontaneous: safety messages can be authenticated locally, without support from the roadside units or contacting other vehicles. Third, it is efficient by offering fast message authentication and verification, cost-effective identity tracking in case of a dispute, and low storage requirements. We use extensive analysis to demonstrate the merits of the proposed protocol and to contrast it with previously proposed solutions.

  4. Security Mechanisms and Access Control Infrastructure for Biometrics Passport using Cryptographic Protocols

    Directory of Open Access Journals (Sweden)

    V.K. Narendira Kumar

    2013-09-01

    Full Text Available Electronic passports (e-passports are to prevent the illegal entry of traveller into a specific country and limit the use of counterfeit documents by more accurate identification of an individual. The e-passport, as it is sometimes called, represents a bold initiative in the deployment of two new technologies: cryptography security and biometrics (face, fingerprints, palm prints and iris. A passport contains the important personal information of holder such as photo, name, date of birth and place, nationality, date of issue, date of expiry, authority and so on. The goal of the adoption of the electronic passport is not only to expedite processing at border crossings, but also to increase security. The paper explores the privacy and security implications of this impending worldwide experiment in biometrics authentication technology.

  5. NFC mobile coupon protocols : developing, formal security modelling and analysis, and addressing relay attack.

    OpenAIRE

    Alshehri, Ali A.

    2015-01-01

    Near Field Communication} (NFC) is a Radio Frequency (RF) technology that allows data to be exchanged between devices that are in close proximity. An NFC-based mobile coupon (M-coupon) is a coupon that is retrieved by the user from a source such as a newspaper or a smart poster and redeemed afterwards. The NFC-based mobile coupon (M-coupon) is a cryptographically secured electronic message with some value stored at user's mobile. The M-coupon requires secure issuing and cashing (redeeming). ...

  6. An Efficient and Secure Routing Protocol for Mobile Ad-Hoc Networks

    CERN Document Server

    Iyengar, N Ch Sriman Narayana; Nagar, Piyush; Sharma, Siddharth; Atrey, Akshay; 10.5121/ijcnc.2010.2303

    2010-01-01

    Efficiency and simplicity of random algorithms have made them a lucrative alternative for solving complex problems in the domain of communication networks. This paper presents a random algorithm for handling the routing problem in Mobile Ad hoc Networks [MANETS].The performance of most existing routing protocols for MANETS degrades in terms of packet delay and congestion caused as the number of mobile nodes increases beyond a certain level or their speed passes a certain level. As the network becomes more and more dynamic, congestion in network increases due to control packets generated by the routing protocols in the process of route discovery and route maintenance. Most of this congestion is due to flooding mechanism used in protocols like AODV and DSDV for the purpose of route discovery and route maintenance or for route discovery as in the case of DSR protocol. This paper introduces the concept of random routing algorithm that neither maintains a routing table nor floods the entire network as done by vari...

  7. A New Type of Network Security Protocol Using Hybrid Encryption in Virtual Private Networking

    Directory of Open Access Journals (Sweden)

    E. Ramaraj

    2006-01-01

    Full Text Available Today wireless communications is acting as a major role in networks. Through year-end 2006, the employee's ability to install unmanaged access points will result is more than 50% of enterprises exposing sensitive information through the wireless virtual private networks (VPN. It enables you to send the data between two computers across a shared or public network in a manner that emulates the properties of a private link. The basic requirements for VPN are User Authentication, Address Management, Data Compression, Data Encryption and Key Management. The private links are established in VPN using Point-to-Point Tunneling Protocol (PPTP and Layer-Two-Tunneling Protocol (L2TP. These protocols are satisfies VPN requirements in five layers. In user authentication layer, multiple trusted authorities using Extensible Authentication Protocol (EAP do the authentication process. In fourth layer the data encryption part using RC4 called Microsoft-Point-to-Point Encryption (MPPE method. The aim of this paper, instead of multiple trusted authorities we focus single trusted authority using public key cryptography RSA in EAP and also we include AES-Rijndael stream cipher algorithm instead of RC4 for MPPE. We propose new type of hybrid encryption technique using AES-Rijndael for encryption and decryption and RSA used for key management.

  8. 基于WS-Security的SOA安全协议框架设计%Design of SOA security protocol framework based on WS-Security

    Institute of Scientific and Technical Information of China (English)

    徐烨; 曾浩

    2011-01-01

    Service-oriented architecture (SOA), which is platform-independent, can help enterprises break through the intranet restrictions and enable the enterprises achieve close contact between supply chain partners. According to the design theory of SOA, this paper constructs a framework of security protocols based on Web services. It solves the problem of systems integration, and assures the information security between systems.%面向服务的架构(SOA)具有平台无关性,突破企业内部网的限制,实现供应链上下游伙伴业务的紧密结合等优点.文章根据SOA的架构设计理念,设计了面向web服务的安全协议框架;研究结果较好地解决了系统集成的问题,而且系统间消息安全性也得以保障.

  9. On privacy-preserving protocols for smart metering systems security and privacy in smart grids

    CERN Document Server

    Borges de Oliveira, Fábio

    2017-01-01

    This book presents current research in privacy-preserving protocols for smart grids. It contains several approaches and compares them analytically and by means of simulation. In particular, the book introduces asymmetric DC-Nets, which offer an ideal combination of performance and features in comparison with homomorphic encryption; data anonymization via cryptographic protocols; and data obfuscation by means of noise injection or by means of the installation of storage banks. The author shows that this theory can be leveraged into several application scenarios, and how asymmetric DC-Nets are generalizations of additive homomorphic encryption schemes and abstractions of symmetric DC-Nets. The book provides the reader with an understanding about smart grid scenarios, the privacy problem, and the mathematics and algorithms used to solve it.

  10. The Secure Dynamic Source Routing Protocol in MANET using MD5 Hash Function

    Directory of Open Access Journals (Sweden)

    Radha S. Savankar

    2012-06-01

    Full Text Available Dynamic Source Routing (DSR is a routing protocol designed specifically for use in mobile ad hoc networks. The protocol allows nodes to dynamically discover a source route across multiple network hops to any destination in the ad hoc network. The protocol is composed of the two mechanisms of Route Discovery and Route Maintenance, which work together to allow nodes to discover and maintain source routes to arbitrary destinations in the ad hoc network. When using source routing, each packet to be routed carries in its header the complete, ordered list of nodes through which the packet must pass. A key advantage of source routing is that intermediate hops do not need to maintain routing information in order to route the packets they receive, since the packets themselves already contain all of the necessary routing information. This, coupled with the dynamic, on-demand nature of Route Discovery, completely eliminates the need for periodic router advertisements and link status packets, reducing the overhead of DSR, especially during periods when the network topology is stable and these packets serve only as keep-alives

  11. Security Issues in the Optimized Link State Routing Protocol Version 2 (OLSRV2

    Directory of Open Access Journals (Sweden)

    Ulrich Herberg

    2010-04-01

    Full Text Available Mobile Ad hoc NETworks (MANETs are leaving the confines of research laboratories, to find place in real-world deployments. Outside specialized domains (military, vehicular, etc., city-wide communitynetworks are emerging, connecting regular Internet users with each other, and with the Internet, via MANETs. Growing to encompass more than a handful of “trusted participants”, the question of preserving the MANET network connectivity, even when faced with careless or malicious participants, arises, and must be addressed. A first step towards protecting a MANET is to analyze the vulnerabilities of the routing protocol, managing the connectivity. By understanding how the algorithms of the routing protocol operate,and how these can be exploited by those with ill intent, countermeasures can be developed, readying MANETs for wider deployment and use.This paper takes an abstract look at the algorithms that constitute the Optimized Link State Routing Protocolversion 2 (OLSRv2, and identifies for each protocol element the possible vulnerabilities and attacks in a certain way, provides a “cookbook” for how to best attack an operational OLSRv2 network, or for how to proceed with developing protective countermeasures against these attacks

  12. A Secure Network Communication Protocol Based on Text to Barcode Encryption Algorithm

    Directory of Open Access Journals (Sweden)

    Abusukhon Ahmad

    2015-12-01

    Full Text Available Nowadays, after the significant development in the Internet, communication and information exchange around the world has become easier and faster than before. One may send an e-mail or perform money transaction (using a credit card while being at home. The Internet users can also share resources (storage, memory, etc. or invoke a method on a remote machine. All these activities require securing data while the data are sent through the global network. There are various methods for securing data on the internet and ensuring its privacy; one of these methods is data encryption. This technique is used to protect the data from hackers by scrambling these data into a non-readable form. In this paper, we propose a novel method for data encryption based on the transformation of a text message into a barcode image. In this paper, the proposed Bar Code Encryption Algorithm (BCEA is tested and analyzed.

  13. New Capabilities in Security and QoS Using the Updated MANET Routing Protocol OLSRv2

    Science.gov (United States)

    2010-09-01

    in an OLSRv2-based MANET is described. 1.0 INTRODUCTION Mobile ad hoc networks (MANETs) are self- organising , self-healing, networks in which...characteristics of not deploying an authority (for example a certificate authority ) in the network, where it also would be vulnerable, and to make... authority , which is maintained in a secure location, not part of the ad hoc network. Note that this authority could be, for example, simply a laptop

  14. Improved Wireless Security through Physical Layer Protocol Manipulation and Radio Frequency Fingerprinting

    Science.gov (United States)

    2014-09-18

    FINGERPRINTING I. Introduction Modern wireless communications networks have revolutionized the ways in which information is shared. Inexpensive low-rate wireless ... Wireless Intrusion Detection and Device Fingerprinting through PHY Manipulation 2.1 Introduction Properly securing low-rate LR-WPANs is challenging due... wireless interference or are completely uninterpretable by the receiver. Influence of wireless noise is mitigated by operating on IEEE 802.15.4 channel

  15. A FRAMEWORK FOR SIMPLE OBJECT ACCESS PROTOCOL MESSAGES TO DETECT EXPANSION ATTACKS FOR SECURE WEBSERVICE

    Directory of Open Access Journals (Sweden)

    Igni Sabasti Prabu Siluvai

    2013-01-01

    Full Text Available The world has shrunk in this internet era. The applications in the internet use XML and Web Services which are simple, but powerful standards that enable applications to more efficiently communicate with each other. Unfortunately this advantage is coupled with concerns of Web services security. All the services provided by the internet face security problem. The hackers find a loophole to attack the web service to eliminate the availability of service. One of the most severe threats is Denial of Service attacks which are intended to annihilate the availability of a service. In this study we propose a schema to detect a special type of Denial of Service attack where the hacker modifies the SOAP messages by expanding it. The message expanded thus, takes a huge amount of memory while parsing and thereby denies service to a legitimate request. To overcome this problem, in this study, we propose a new security scheme which adds a digital signature to the message and also limits the upper bound of the length of the SOAP message.

  16. On Secure Implementation of an IHE XUA-Based Protocol for Authenticating Healthcare Professionals

    Science.gov (United States)

    Masi, Massimiliano; Pugliese, Rosario; Tiezzi, Francesco

    The importance of the Electronic Health Record (EHR) has been addressed in recent years by governments and institutions.Many large scale projects have been funded with the aim to allow healthcare professionals to consult patients data. Properties such as confidentiality, authentication and authorization are the key for the success for these projects. The Integrating the Healthcare Enterprise (IHE) initiative promotes the coordinated use of established standards for authenticated and secure EHR exchanges among clinics and hospitals. In particular, the IHE integration profile named XUA permits to attest user identities by relying on SAML assertions, i.e. XML documents containing authentication statements. In this paper, we provide a formal model for the secure issuance of such an assertion. We first specify the scenario using the process calculus COWS and then analyse it using the model checker CMC. Our analysis reveals a potential flaw in the XUA profile when using a SAML assertion in an unprotected network. We then suggest a solution for this flaw, and model check and implement this solution to show that it is secure and feasible.

  17. A Cluster based Technique for Securing Routing Protocol AODV against Black-hole Attack in MANET

    Directory of Open Access Journals (Sweden)

    Sonam Yadav

    2013-04-01

    Full Text Available Mobile ad-hocnetworks areprone tovarioussecurity vulnerabilitiesbecause of its characteristicsmainlyhigh mobility of nodes,and no well defined architecture.Security measuresare difficult to implement asthere is nocentral administration. Several attackson Mobile ad-hoc networkhavebeen identified so farand Black hole attack is oneof them. In this paper we discussblack hole attackon Ad-hoc network andpropose a solution to the hijacked node behaving as black hole node. A scenario has been consideredwhere anode inside network has been intruded andcompromised tocause blackholeattack. The proposedsecuritysolutionmodifies original AODV using a hierarchical basedintrusion detectionmethod toidentifyhijacked nodeand exclude the particular node from network

  18. Research and implementation of database security protocol%数据库安全协议研究与实现

    Institute of Scientific and Technical Information of China (English)

    凃云杰

    2016-01-01

    With provision for the multiple access modes of Cache database,the Antlr grammar generating tool is used to convert the Cache object script grammar and SQL script grammar into the intermediate representation language,so as to set the uniform audit rule. The main functions of the system include Cache protocol analysis and Cache object script grammar transfor-mation mainly. The manual method is used to compile and collect massive test cases in realization process. It is determined that the protocol analysis module can play a role in security audit of Cache database.%鉴于Cache数据库多种访问方式,利用Antlr语法产生工具完成Cache对象脚本语法和SQL脚本语法向中间表示语言的转换以便于设置统一的审计规则.该系统的主要功能包括Cache协议分析和Cache对象脚本语法转换等.在实现过程中用人工方法编写和收集大量测试用例,确定了协议分析模块能够起到对Cache数据库进行安全审计的作用.

  19. Analysis of Secure Real Time Transport Protocol on VoIP over Wireless LAN in Campus Environment

    Directory of Open Access Journals (Sweden)

    Mohd Nazri Ismail

    2010-05-01

    Full Text Available In this research, we propose to implement Secure Real Time Transport Protocol (SRTP on VoIP services in campus environment. Today, thedeployment of VoIP in campus environment over wireless local area network (WLAN is not considered on security during communicationbetween two parties. Therefore, this study is to analyzed SRTP performance on different VoIP codec selection over wired. We have implemented a real VoIP network in University of Kuala Lumpur (UniKL, Malaysia. We use softphone as our medium communication between two parties in campus environment. The results show that implementation of SRTP is able to improve the VoIP quality between one-to-one conversation and multi conference call (many-to-many. In our experiment, it shows that iLBC, SPEEX and GSM codec are able to improve significantly the multi conference (many-to-many VoIP quality during conversation. In additional, implementation ofSRTP on G.711 and G.726 codec will decrease the multi conference (many-to-many VoIP quality.

  20. Implementing voice over Internet protocol in mobile ad hoc network – analysing its features regarding efficiency, reliability and security

    Directory of Open Access Journals (Sweden)

    Naveed Ahmed Sheikh

    2014-05-01

    Full Text Available Providing secure and efficient real-time voice communication in mobile ad hoc network (MANET environment is a challenging problem. Voice over Internet protocol (VoIP has originally been developed over the past two decades for infrastructure-based networks. There are strict timing constraints for acceptable quality VoIP services, in addition to registration and discovery issues in VoIP end-points. In MANETs, ad hoc nature of networks and multi-hop wireless environment with significant packet loss and delays present formidable challenges to the implementation. Providing a secure real-time VoIP service on MANET is the main design objective of this paper. The authors have successfully developed a prototype system that establishes reliable and efficient VoIP communication and provides an extremely flexible method for voice communication in MANETs. The authors’ cooperative mesh-based MANET implementation can be used for rapidly deployable VoIP communication with survivable and efficient dynamic networking using open source software.

  1. Security Routing Protocol Based on AODV%一种基于AODV的安全路由协议

    Institute of Scientific and Technical Information of China (English)

    柯冰; 慕晓冬; 许夙晖; 宋崴

    2014-01-01

    随着移动Ad Hoc网络逐渐成为实现复杂战场环境信息传递的重要方式,网络安全逐渐引起重视。针对Ad hoc网络易遭受恶意节点攻击而造成大量丢包现象的安全问题,分析了目前针对移动Ad hoc网络AODV协议的几种典型的攻击模型,运用简单的缓存概念,提出了一种基于AODV的安全路由协议AODVCA,并以黑洞攻击为例,对各种性能指标进行了仿真和分析。结果表明此协议能够很好地预防和解决Ad hoc网络中恶意节点的路由攻击。%With mobile Ad Hoc network becoming the important way of delivering message in the complex battlefield circumstance,the network’s safety is attached importance.On the basis of introducing some typical attacking model of AODV protocol in the mobile Ad hoc network,this paper mainly analyses the damage to the Ad hoc network by the attacker. A security routing protocol named AODVCA based on the easy cache conception is proposed. As the example of black-hole attack,this paper simulates and analyses kinds of function index,and results obtained through simulations demonstrate that the improved protocol is better than AODV to in attack and reducing network congestion and packet loss rate.

  2. A Systematic Comprehensive Computational Model for Stake Estimation in Mission Assurance: Applying Cyber Security Econometrics System (CSES) to Mission Assurance Analysis Protocol (MAAP)

    Energy Technology Data Exchange (ETDEWEB)

    Abercrombie, Robert K [ORNL; Sheldon, Frederick T [ORNL; Grimaila, Michael R [ORNL

    2010-01-01

    In earlier works, we presented a computational infrastructure that allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain as a result of security breakdowns. In this paper, we discuss how this infrastructure can be used in the subject domain of mission assurance as defined as the full life-cycle engineering process to identify and mitigate design, production, test, and field support deficiencies of mission success. We address the opportunity to apply the Cyberspace Security Econometrics System (CSES) to Carnegie Mellon University and Software Engineering Institute s Mission Assurance Analysis Protocol (MAAP) in this context.

  3. Provable secure authenticated key exchange protocol under standard model%标准模型下可证安全的认证密钥协商协议

    Institute of Scientific and Technical Information of China (English)

    邓帆; 邓少锋; 李益发

    2011-01-01

    This paper presents an identity-based authenticated key exchange protocol in the standard model.Protocol design is inspired by bilinear pairings.Strand space knowledge and Game method in provable security are comprehensively used.The correctness of the protocol is analysed and a strict proof is given.The protocol has good forward security and session key non-hosting.At the same time,through the explicit anthentication,it improves the efficiency of the implementation of the protocol.Compared with the protocol in the random oracle model, the protocol has the same computational and communication efficiencies.%提出了一个标准模型下的基于身份认证的密钥协商协议.协议的设计采用了双线性配对的思想,协议的安全性分析,则综合运用了串空间知识以及可证安全中Game证明的方法,给出了严格的证明.协议具有良好的前向安全性和会话密钥无托管性,通过利用显式的身份认证,提高了协议的执行效率.与随机预言模型中的协议相比,在计算和通信效率方面相当.

  4. A Secure ECC-based RFID Mutual Authentication Protocol to Enhance Patient Medication Safety.

    Science.gov (United States)

    Jin, Chunhua; Xu, Chunxiang; Zhang, Xiaojun; Li, Fagen

    2016-01-01

    Patient medication safety is an important issue in patient medication systems. In order to prevent medication errors, integrating Radio Frequency Identification (RFID) technology into automated patient medication systems is required in hospitals. Based on RFID technology, such systems can provide medical evidence for patients' prescriptions and medicine doses, etc. Due to the mutual authentication between the medication server and the tag, RFID authentication scheme is the best choice for automated patient medication systems. In this paper, we present a RFID mutual authentication scheme based on elliptic curve cryptography (ECC) to enhance patient medication safety. Our scheme can achieve security requirements and overcome various attacks existing in other schemes. In addition, our scheme has better performance in terms of computational cost and communication overhead. Therefore, the proposed scheme is well suitable for patient medication systems.

  5. Vertical Protocol Composition

    DEFF Research Database (Denmark)

    Groß, Thomas; Mödersheim, Sebastian Alexander

    2011-01-01

    The security of key exchange and secure channel protocols, such as TLS, has been studied intensively. However, only few works have considered what happens when the established keys are actually used—to run some protocol securely over the established “channel”. We call this a vertical protocol com...

  6. Cryptanalysis of Controlled Quantum Secure Direct Communication and Authentication Protocol Based on Five-Particle Cluster State and Quantum One-Time Pad

    Science.gov (United States)

    Liu, Zhihao; Chen, Hanwu; Liu, Wenjie

    2016-10-01

    A new attack strategy, the so-called intercept-selectively-measure-resend attack is put forward. It shows that there are some security issues in the controlled quantum secure direct communication (CQSDC) and authentication protocol based on five-particle cluster states and quantum one-time pad. Firstly, an eavesdropper (Eve) can use this attack to eavesdrop on 0.656 bit of every bit of the identity string of the receiver and 1.406 bits of every couple of the corresponding bits of the secret message without being detected. Also, she can eavesdrop on 0.311 bit of every bit of the identity string of the controller. Secondly, the receiver can also take this attack to obtain 1.311 bits of every couple of the corresponding bits of the secret message without the permission of the controller, which is not allowed in the CQSDC protocols. In fact, there is another security issue in this protocol, that is, one half of the information about the secret is leaked out unconsciously. In addition, an alternative attack strategy which is called as the selective-CNOT-operation attack strategy to attack this protocol is discussed.

  7. Security

    Science.gov (United States)

    Technology & Learning, 2008

    2008-01-01

    Anytime, anywhere, learning provides opportunities to create digital learning environments for new teaching styles and personalized learning. As part of making sure the program is effective, the safety and security of students and assets are essential--and mandated by law. The Children's Internet Protection Act (CIPA) addresses Internet content…

  8. MANET网络安全协议仿真系统设计和实现%Design and Realization of MANET Network Secure Protocols Simulation Platform

    Institute of Scientific and Technical Information of China (English)

    邱修峰; 刘建伟; 陈杰; 刘哲

    2012-01-01

    Because of enormous cost of analyzing and designing MANET network secure protocols in real network environment, it has important significance to develop a simulation system that can analyze the performance of different MANET network secure proto- cols. On the basis of analyzing specific requirements of MANET network secure protocol simulation, this paper designed and implemen- ted a simulation system that integrates fuctions of generating network topology, configuring secure protocol, seting up data flows and at- tack events, generating simulation scripts automatically, running attacks and comparing protocol performance, etc.. Through the com- parative analysis to Delay, Control Overhead, Throughput, Packet Loss Rate, Package Delivery Rate, and Jitter of simulation results from running different secure protocols under different attacks, the system can realize the performance analysis to various ad hoc network secure protocols, and demonstrate the dynamic changes of a network under attacks in the form of animation.%在真实的网络环境中分析和设计MANET(Mobile Adhoc Network)网络安全协议耗资巨大,因此开发对MANET网络安全协议进行性能分析的仿真软件具有重大意义.在分析MANET网络安全协议仿真的具体需求基础上,基于NS2设计和实现了集成可视化网络拓扑生成、安全协议配置、网络数据流的设置、攻击事件的设置、仿真脚本自动生成到攻击过程的仿真运行和协议性能的对比分析等功能于一体的仿真系统,通过对不同网络安全协议在不同攻击下仿真结果数据的延迟、控制开销、吞吐量,丢包率、包交付率和抖动等参数的对比分析,系统可实现不同adhoc网络安全协议的性能分析,系统还可动画演示协议受攻击时的节点运动信息、数据包信息、数据流信息和攻击信息等细节的动态变化过程.

  9. Experimental study for Yuen-Kim protocol of quantum key distribution with unconditional secure Bell's Theorem Without Inequalities for two Maximally Entangled Particles

    CERN Document Server

    Hirota, O; Sohma, M; Li Ming Wei; Tang, Z L; Liao, C C

    2002-01-01

    In this report, we simulate practical feature of Yuen-Kim protocol for quantum key distribution with unconditional secure. In order to demonstrate them experimentally by intensity modulation/direct detection(IMDD) optical fiber communication system, we use simplified encoding scheme to guarantee security for key information(1 or 0). That is, pairwise M-ary intensity modulation scheme is employed. Furthermore, we give an experimental implementation of YK protocol based on IMDD. A proof of Bell's theorem without inequalities for two maximally entangled particles is proposed using the technique of quantum teleportation. It follows Hardy's arguments for a non-maximally entangled state with the help of two auxiliary particles without correlation. The present proof can be tested by measurements with 100% probability.

  10. Design and analysis about security based on LEACH routing protocol.%基于LEACH协议的安全路由设计与分析

    Institute of Scientific and Technical Information of China (English)

    郭芸; 高铁杠

    2011-01-01

    无线传感器网络中,路由算法是否安全直接影响整个网络的安全性和可用性.所以,基于LEACH路由协议,通过增加身份认证机制、密钥的动态更新机制,以及双重密钥加密机制,提出了一个新的安全策略--IS-LEACH,并给出了该策略的详细设计和分析.%The security of the routing protocol of Wireless Sensor Network(WSN) has direct influence on the security and availability of the entire network. By adding identity authentication mechanism, key update mechanism and dual-key encryption mechanism to Low Energy Adaptive Clustering Hierarchy(LEACH) protocol, a new secure LEACH protocol——IS-LEACH is proposed.Detailed design and analysis of the proposed protocol are given.

  11. Universally Composable Secure Just Fast Keying Protocol%一种通用可组合安全的快速密钥交换协议

    Institute of Scientific and Technical Information of China (English)

    齐庆磊; 张浩军; 王逸芳

    2011-01-01

    Aiming at the redundancy of Just Fast Keying(JFKi) and the absence of its forma proof, a new Lightly Just Fast Keying(LJFKi) is proposed. Through the contrast analysis, it is found that the protocol proved is one-third shorter than the natural protocol, which has higher communication efficiency and is more convenient for the sensitive network to communication payload. The proposed protocol can realize secure session ideal function and afford Universally Composable(UC) security by proving with universally composable secure model.%针对快速密钥交换协议JFKi信息冗余及缺乏形式化证明的问题,提出一种轻量级快速密钥交互协议LJFKi.通过对比分析,发现所提协议的消息长度较原有协议减少1/3,具有较高的通信效率,更适用于对通信负载比较敏感的网络.利用通用可组合安全模型证明该协议能够实现安会会话理想函数,具有通用可组合安全性.

  12. Application of Modbus Protocol in Security and Stability Control Device%Modbus协议在安全稳定控制装置中的应用

    Institute of Scientific and Technical Information of China (English)

    司庆华; 徐海波; 颜云松; 许高阳

    2016-01-01

    Modbus协议是应用非常广泛的现场总线之一,市场上有大量支持Modbus通信协议的触摸屏可选作安全稳定控制装置的人机界面.首先介绍Modbus通信协议应用于稳控装置的意义;然后提出一种利用Modbus通信协议的方法,实现安全稳定控制装置内部数据的通信,这种方法不仅使得人机界面更加友好,而且产品开发周期更短,产品可升级扩展性更好.%The Modbus protocol is one of the widely applied field buses. There are a large number of touch screens supporting Modbus protocol on the market, which can be used for human machine interface of security and stability control device. This paper firstly introduces the significance of Modbus protocol's application in the stability control device. Then a method of using Modbus communication protocol is proposed to realize the communication of the data in the security and stability control device. This method not only makes the human machine interface (HMI) more friendly, but also makes the product development cycle shorter, and the scalable extensibility of the product becomes better.

  13. 阅读器破坏条件下RFID前向安全认证协议%Forward Secure Authentication Protocol of RFID with Reader Corruption

    Institute of Scientific and Technical Information of China (English)

    王少辉; 刘天; 李静; 肖甫

    2016-01-01

    无线射频识别( RFID)是一种可实现自动识别和数据获取的无线技术,其在健康护理领域应用广泛并已成为该领域的主导识别技术。 RFID系统的安全与隐私问题受到越来越多的关注,许多基于椭圆曲线密码系统或Hash函数的认证协议都实现了保护系统安全性和隐私性的设计目标,但很少有协议考虑标签或阅读器破坏条件下的前向安全性。对新近提出的三个安全协议进行了分析,结果表明,三个协议并不能在标签或阅读器破坏下提供前向隐私保护,进而提出一种改进的基于ECC的RFID认证协议,对改进协议的安全性进行了详细分析。结果表明,新协议在满足各安全需求的同时,可以提供阅读器破坏条件下的前向安全性,而且新协议需要的计算开销更少,效率更优。%Radio Frequency Identification ( RFID) is a wireless technology for automatic identification and data capture and is deployed as a dominant identification technology in a health care domain. Security and privacy issues in the RFID systems have attracted much atten-tion,and many authentication protocols based on Elliptic Curve Cryptosystem ( ECC) or Hash functions have been proposed to achieve the security and privacy goals,but seldom protocols have considered the forward security with tag or reader corruption,which can be viewed as the highest level of user privacy. Three recently protocols presented respectively suffer from the forward privacy problem with tag or reader corruption. To enhance the security,an improved efficient ECC-based RFID authentication protocol is put forward. A com-prehensive analysis shows the new scheme can not only provide the strong forward security with reader corruption besides all the other se-curity requirements,but also have more functionality in terms of computational cost.

  14. Research on Secure Multipath Routing Protocol Based on DSR%基于DSR的安全多径路由协议研究

    Institute of Scientific and Technical Information of China (English)

    刘浩; 贺文华

    2012-01-01

    Ad hoc网络的开放性、自组织、可移动等特点使其路由的安全问题日益突出,然而,目前大多数的路由协议并没有考虑该问题.文章给出了一种基于DSR的安全多径路由协议(SMDSR),该协议采用简单易实现的独立多径路由算法,并通过信任机制和公钥密码体制使其能有效地抑制伪装、篡改和路由重放等典型的安全攻击.模拟实验结果表明SMDSR路由协议的路由性能要优于DSR,并具有良好的安全性.%The openness, self-organizing and mobile of Ad hoc networks make the routing security an important issue. However, most of the existing routing protocols don' t take this security problem into account. This paper proposes a secure multipath routing pro- tocol based on DSR, which uses a simple independent multipath routing algorithm, trust mechanism and public key cryptosystem, as a result ,this routing prot~ol is capable of effectively restraining several typical security attacks such as fabrication, modification and muting reply. The results of experiment show that the SMDSR routing protocol provides better routing performance and higher security than DSR.

  15. Distributed Secure Clustering Protocol in Wireless Sensor Networks%一种无线传感器网络分布式安全成簇协议

    Institute of Scientific and Technical Information of China (English)

    余磊; 李建中; 骆吉洲

    2009-01-01

    The cluster-based hierarchical topology control has been widely studied and applied in wireless sensor networks. But because of the open nature and limited resource of the sensor network, clustering protocols are vulnerable to the misuse and disruption attacks from the adversaries. As a result, the security of the clustering protocols is a basic requirement for its wide application. A distributed secure clustering protocol is proposed, in which the secure network initialization, random number broadcast from the base station and one-way hash chain are used to achieve the resiliency against possible attacks including node personating, cluster-head occupying, malicious cluster-member recruiting and multiple cluster-membership attacks. The security and cost of the protocol are evaluated and the results show the resiliency and efficiency of the proposed protocol.%分簇的层次型拓扑控制方式在无线传感器网络中得到广泛研究和应用.然而,由于传感器网络本身所具有的开放性和资源有限的特点,攻击者可以很容易对成簇协议实施有效的误用和破坏.因此,保证成簇协议安全性是其实际广泛应用的基本前提.针对成簇协议所面临的各种安全威胁,提出了一种分布式安全成簇协议,通过网络安全初始化、可信基站的随机数广播和单向密钥链技术来有效地抵御节点伪装和簇首占据攻击、簇成员恶意征募攻击和多重簇成员身份攻击.对协议的安全性和开销进行了广泛和深入的分析,证明了协议的安全性和有效性.

  16. 基于特征的轻量级 RFID安全搜索协议%FEATURE-BASED LIGHTWEIGHT SECURE SEARCH PROTOCOLS FOR RFID SYSTEMS

    Institute of Scientific and Technical Information of China (English)

    乔梁

    2013-01-01

    在RFID技术的应用中,需要对特定的RFID标签进行有效安全的搜索。由于低成本的RFID标签的计算能力和硬件资源的限制,使RFID标签搜索协议的有效性和安全性更难保证。从减少RFID标签的计算量为出发点,提出一个轻量级的基于物品特征的RFID安全搜索协议,以解决隐私泄露、前向安全、跟踪、重放攻击和假冒等安全问题,并对该协议给出基于BAN逻辑的形式化证明。在该协议中,RFID标签只存储自己的标识符和一个秘密数,在通信过程中只进行一次随机数运算,因此,该协议更适合于低成本RFID系统中对标签的搜索。%In application of RFID technology , effective and safe search on the specific RFID tag is required .Due to the limits of calculation ability and hardware resource of the low cost RFID tag , it is more difficult for RFID tag search protocol to ensure its validity and security .From the view of reducing the calculation of RFID tag , we propose an item feature-based lightweight secure search protocol for RFID systems so as to tackle some security problems including privacy disclosure , forward security , tracking , replay attack and spoofing attack , etc.The formal proof of the protocol based on BAN logic is given as well .In this protocol , each RFID tag only stores its own identifier and one secret number , and in communication process the random numbers calculation only operates once .Therefore, the protocol is more suitable for low cost RFID system to search the specific tag .

  17. Cassandra - D6.3 - final protocol: Seventh Framework Programme THEME Monitoring and Tracking of Shipping Containers Security

    NARCIS (Netherlands)

    Malenstein, J.; Schewe, W.; Zomer, G.; Klievink, A.J.; Nijdam, M.; Visscher, W.

    2014-01-01

    The Cassandra project addressed procedures and methods (protocols) for government supervision of international trade lanes. Specifically, it looked at the impact of the Cassandra innovations on the procedures and methods to assess risks (risk assessment protocols). This covers the way in which the

  18. Cassandra - D6.3 - final protocol: Seventh Framework Programme THEME Monitoring and Tracking of Shipping Containers Security

    NARCIS (Netherlands)

    Malenstein, J.; Schewe, W.; Zomer, G.; Klievink, A.J.; Nijdam, M.; Visscher, W.

    2014-01-01

    The Cassandra project addressed procedures and methods (protocols) for government supervision of international trade lanes. Specifically, it looked at the impact of the Cassandra innovations on the procedures and methods to assess risks (risk assessment protocols). This covers the way in which the b

  19. Protocols for Detection and Removal of Wormholes for Secure Routing and Neighborhood Creation in Wireless Ad Hoc Networks

    Science.gov (United States)

    Hayajneh, Thaier Saleh

    2009-01-01

    Wireless ad hoc networks are suitable and sometimes the only solution for several applications. Many applications, particularly those in military and critical civilian domains (such as battlefield surveillance and emergency rescue) require that ad hoc networks be secure and stable. In fact, security is one of the main barriers to the extensive use…

  20. A no-key-exchange secure image sharing scheme based on Shamir's three-pass cryptography protocol and the multiple-parameter fractional Fourier transform.

    Science.gov (United States)

    Lang, Jun

    2012-01-30

    In this paper, we propose a novel secure image sharing scheme based on Shamir's three-pass protocol and the multiple-parameter fractional Fourier transform (MPFRFT), which can safely exchange information with no advance distribution of either secret keys or public keys between users. The image is encrypted directly by the MPFRFT spectrum without the use of phase keys, and information can be shared by transmitting the encrypted image (or message) three times between users. Numerical simulation results are given to verify the performance of the proposed algorithm.

  1. 无线局域网安全协议BAP研究%Research of Wireless LAN Security Protocol BAP

    Institute of Scientific and Technical Information of China (English)

    姚会娟; 周祥

    2016-01-01

    随着无线局域网的普及,它的安全性备受人们的关注,文章就此问题提出了一种新的安全协议BA P。%With the popularity of wireless LAN, its security has attracted people's attention. In this paper, we propose a new security prot ocol BAP.

  2. Verifiable and secure outsourcing protocol for convex quadratic programming%可验证的凸二次规划安全外包协议

    Institute of Scientific and Technical Information of China (English)

    刘振华; 李宾; 白翠翠

    2016-01-01

    To reduce the computation required for resource⁃constrained clients when performing convex quadratic programming, we propose an outsourcing computation protocol for convex quadratic programming whose security can be verified. In the new protocol, the client first utilizes a permutation technique to transform the original problem in⁃to a new random problem, which the cloud server receives and solves, and the client then verifies the returned re⁃sults. Thus, the new protocol can reduce the client's amount of required computation. Security analysis shows that the proposed protocol can protect the privacy of the input and output data, and detect any misbehavior by the cloud server to indicate the probability of a malicious model. Experimental results show that the new protocol has a com⁃parative advantage over existing protocols in its transformation and verification efficiency.%为了降低资源受限用户求解凸二次规划问题的计算量,提出了可验证安全的凸二次规划外包计算协议。新协议首次引入置换技术,将原始问题盲化转换成随机问题,然后外包给云服务器求解,最后验证服务器返回结果,减少了用户端的计算量。安全性分析表明,在完全恶意模型下,新协议可以保证输入输出数据的隐私性,且能以最优的概率检测出云服务器的不诚实行为。仿真实验表明,与现有协议相比,新协议中用户在转换和验证阶段所需时间明显降低。

  3. 基于SSL协议的VPN系统实现及安全性研究%Security Research and Implementation of VPN System Based on SSL Protocol

    Institute of Scientific and Technical Information of China (English)

    李长春

    2016-01-01

    通过对SSL协议的分析研究,在Linux操作系统环境下,利用开源软件OpenVPN实现基于SSL协议的VPN系统。使用Wireshark抓包分析工具对OpenVPN系统性能进行测试分析,结果表明该系统有效解决了数据传输的安全性和可靠性问题。最后采用Grails开发框架设计了基于Web的文件分发系统,解决OpenVPN系统用户端证书、密钥等文件的安全分发问题。%Based on the analysis of SSL protocol ,under the Linux operating system environment ,open source software OpenVPN was utilized to implement the VPN system based on the SSL protocol. The performance of OpenVPN system was tested and analyzed by using Wireshark capture tool ,the results showed that the system can effectively solve the problem of security and reliability of data transmission. Finally ,using Grails development framework to design a file distribution system based Web ,and to solve the security problems of the OpenVPN system ,such as the user′s certificate ,key ,etc.

  4. 使用Sniffer软件透视TCP/IP协议的安全%To Analyze the Security of TCP/IP Protocol Using Sniffer Software

    Institute of Scientific and Technical Information of China (English)

    张保江

    2014-01-01

    TCP/IP协议是当前计算机局域网和Internet普遍使用的组网协议,该文结合TCP/IP的一个通信实例,使用Sniffer软件,截取并分析其通信数据,得出TCP/IP协议缺乏相应的安全机制的结论,并在此基础上,讨论了基于TCP/IP协议的有关安全的常用做法。%TCP/IP is the protocol that commonly used to build the Ethernet or Internet. Based on an instance of TCP/IP com-munication, the thesis uses the sniffer software to capture and analyze the data of TCP/IP communications and draws the conclu-sion that TCP/IP protocol has no measures to ensure the security of the communications. At last the thesis introduces some ways to ensure the security of TCP/IP communications.

  5. Research on Security of Routing Protocols for Battlefield Wireless Ad Hoc Networks%战场无线Ad Hoc网络路由协议的安全性研究

    Institute of Scientific and Technical Information of China (English)

    周铭; 杨华兵; 李方敏; 王敏

    2011-01-01

    Battlefield wireless Ad Hoc networks are independent from fixed infrastructure and feature flexible and quick deployment. However, battlefield wireless Ad Hoc networks are not widely applied for security concerns. This paper lists types of attacks faced by secure routing protocols for battlefield wireless Ad Hoc networks and describes the design requirements on secure routing protocols. In addition, it analyzes the widely-applied secure routing protocols for wireless Ad Hoc networks in details and compares their attack-defending capabilities. The result indicates that no single protocol can defend against all kinds of attacks and that initiation of common security criteria for all secure routing protocols is the most urgent issue at the moment. At last, this paper proposes some directions for future research and design of secure routing protocols for battlefield wireless Ad Hoc networks.%战场无线Ad Hoc网络不需要固定基础设施,具有组网灵活、快捷等特点,然而由于安全性问题致使其未能广泛应用.作者给出了针对战场无线Ad Hoc网络路由协议的攻击分类,列举了安全路由协议的设计要求,详细分析了多种无线Ad Hoc网络安全路由协议,并对其防御攻击能力进行了比较.结果表明,没有一种安全路由协议能够防御所有的攻击,目前急需评判路由协议的安全性准则.最后指出了关于战场无线Ad Hoc网络安全路由协议的设计目标和下一步的研究方向.

  6. 拓扑隐藏的MANET安全多路径路由协议%Topology-Hiding Secure Multipath Routing Protocol for MANET

    Institute of Scientific and Technical Information of China (English)

    胡琪; 张娇; 张玉军; 李忠诚

    2011-01-01

    分析了移动自组网(mobile ad hoc network,简称MANET)暴露拓扑带来的安全问题,提出了一种拓扑隐藏的安全多路径路由协议.在路由发现过程中,不在路由包中携带任何路径信息,从而有效隐藏网络拓扑.通过按需的邻居发现进行身份认证并建立路由表项,最终采用排除节点的方法实现多路径的选取;在路由维护过程中,设计了专门的错误发现机制以检验所选路径的有效性和安全性.该协议综合考虑时间因素和路径长度因素,实现了安全的最短路径确定.安全分析表明,该方案可以抵御黑洞攻击、虫洞攻击、rushing攻击和sybil等典型攻击,同时对一般类型的攻击也具有抵御能力.仿真结果表明,与SRP(secure routing protocol)这种典型的安全多路径方案相比,该方案能够找到更多节点不相交的多路径;在普通场景中,该方案没有对协议性能带来额外影响;在黑洞攻击场景中,该方案只需付出一定的信令开销即可大幅度提高数据包转发率,可有效抵御黑洞攻击.%This paper provides a detailed ana. lysis on the threats of topology-exposure in Mobile Ad Hoc Network (MANET) and proposes a secure topology-hiding multipath routing protocol based on the analysis. In Route Discovery, the new protocol exposes no routing information in packets to hide the network topology and adopts a node-excluded mechanism to find multiple paths. During this process, this protocol implements on-demand Neighbor Discovery to verify node identities. In Route Maintenance, a fault detection mechanism is designed to provide assurance that the selected paths are available and secure. Considering the factors of both reaction time and the path length, the scheme aims to find the shortest secure path. The security analysis shows that this scheme can resist the black hole attack, the wormhole attack, the rushing attack, the sybil attack, and other types of common attacks. Through extensive

  7. Hybrid-secure MPC 

    DEFF Research Database (Denmark)

    Lucas, Christoph; Raub, Dominik; Maurer, Ueli

    2010-01-01

    Most protocols for distributed, fault-tolerant computation, or multi-party computation (MPC), provide security guarantees in an all-or-nothing fashion. In contrast, a hybrid-secure protocol provides different security guarantees depending on the set of corrupted parties and the computational powe...

  8. 基于SSL协议的智能电视支付安全研究%Smart TV Payment Security based on SSL Protocol

    Institute of Scientific and Technical Information of China (English)

    蔡盛勇; 吴静

    2013-01-01

    近年来android市场的火热催生了android的智能电视产业。伴随着智能电视越来越普及,普通家庭用户通过足不出户的通过智能电视完成家庭一般的电费、水费、燃气费等基本缴费交易,将会方便大家的生活。安全问题将是这一支付业务普及的重要影响因素。通过对SSL协议的分析与讨论,总结和改进SSL的协议应用于智能电视支付中,并提出利用USB Key移动设备的身份认证支付模式应用于智能电视支付,提高了支付的安全性。%Recently the android market gives rise to the smart TV industry of android. As smart TV be-comes more and more popular, common-family users could indoors finish the general payment transactions by smart TV, such as electricity fee, water fee, gas fee, and this would bring much convenience to the people's lives. Security issue is an important factor affecting the popularization of the payment business. Based on analysis and discussion of SSL protocol, the application of SSL protocol in the smart TV payment is summarized and improved, and the application of mobile device with USB key authentication payment mode in the smart TV is proposed, thus to improve the security of the payment system.

  9. 基于CDP协议网络攻击的安全防范%The Security of Network Attacks Based on CDP Protocol

    Institute of Scientific and Technical Information of China (English)

    姜宝华

    2011-01-01

    CDP (Cisco Discovery Protocol) is one of Cisco's data link layer discovery protocol that runs on Cisco routers,bridges,access servers and switches and other devices used to find and view details of a neighbor important agreements,such as IP address,software version,platform, performance,and the native VLAN.Intruders often use denial of service (DOS) attacks such as access to these information,and use this information for CDP deception,resulting in significant security threats.%CDP( Cisco Discovery Protocol )是思科的一个数据链路层的发现协议,运行在思科路由器、网桥、接入服务器和交换机等设备上,用来发现和查看相邻设备详细信息的一种重要协议,如IP地址、软件版本、平台、性能和本机VLAN等。入侵者通常利用拒绝服务(DoS)等攻击获得这些信息,并利用这些信息进行CDP欺骗,造成很大的安全威胁。

  10. GPER路由协议的安全性改进%Improvements on GPER Routing Protocol Security

    Institute of Scientific and Technical Information of China (English)

    王新生; 李海涛; 赵衍静

    2011-01-01

    As Wireless Sensor Network(WSN) deployed in the natural environment, the network faces many security problems and the trust relation between nodes is difficult to confirm.Aiming at the problem, a fuzzy trust model is established to deal with the trust evaluation and calculation problems between nodes by adopting fuzzy theory, and this fuzzy trust model is used to solve routing security issues for WSN.Experimental results show that the trust model can evaluate the trust status of the node effectively and resist packet loss of misbehavior nodes.%无线传感器网络存在很多安全问题,节点间的信任关系难以确认.针对上述问题,采用模糊理论建立一种模糊信任模型解决节点间信任的评价、计算问题,并用该模糊信任模型解决无线传感器网络的路由安全问题.实验结果表明,该信任模型能有效评价节点的信任状态,抵御不良节点的丢包问题.

  11. [Food Security in Europe: comparison between the "Hygiene Package" and the British Retail Consortium (BRC) & International Food Standard (IFS) protocols].

    Science.gov (United States)

    Stilo, A; Parisi, S; Delia, S; Anastasi, F; Bruno, G; Laganà, P

    2009-01-01

    The birth of Hygiene Package and of the Reg. CE no 2073/2005 in the food production field signalled a change in Italy. This process started in Italy in 1997 with the legislative decree no 155 on Self-control but in reality, it was implemented in the UK in 1990 with the promulgation of the Food Safety Act. This legal act was influenced by some basic rules corresponding to the application of HACCP standards. Since 1990 the British chains of distribution (Retailers) have involved all aspects of the food line in this type of responsibility. Due to this growing awareness for a need for greater regulation, a protocol, edited by British Retail Consortium was created in 1998. This protocol acted as a "stamp" of approval for food products and it is now known as the BRC Global Food Standard. In July 2008, this protocol became effective in its fifth version. After the birth of BRC, also French and German Retailers have established a standard practically equivalent and perhaps more pertinent to safety food, that is International Food Standard (IFS). The new approach is specific to the food field and strictly applies criteria which will ensure "safety, quality and legality" of food products, similarly to ISO 22000:2005 (mainly based on BRC & IFS past experiences). New standards aim to create a sort of green list with fully "proper and fit" Suppliers only, because of comprehensible exigencies of Retailers. It is expected, as we have shown, that Auditor authorities who are responsible for ensuring that inspections are now carried out like the Hygiene Package, will find these new standards useful. The advantages of streamlining this system is that it will allow enterprises to diligently enforce food safety practices without fear of upset or legal consequence, to improve the quality (HACCP) of management & traceability system; to restrict wastes, reprocessing and withdrawal of products. However some discordances about the interpretation of certain sub-field norms (e.g., water

  12. Secure Teleassistance towards endless medical litigations: identification of liabilities through a protocol using Joint Watermarking-Encryption Evidences.

    Science.gov (United States)

    Bouslimi, D; Coatrieux, G; Quantin, C; Allaërt, F A; Cozic, M; Roux, Ch

    2014-01-01

    Teleassistance is defined by the help provided through a telemedicine network by a medical practitioner to one other medical practitioner faced to a difficult case. One of the main limiting factors of its development is the fear of the practitioners to be involved in a litigation. In such a situation, the main issue is to determine as quick and as certain as possible if the damage is in relation with the tort of negligence and the liabilities of each involved physician. After a brief summary of the legal context, we present a protocol combining joint watermarking-encryption and a third party to enforce exchange traceability and therefore to bring valuable electronic evidence in case of teleassistance litigations.

  13. Some Bounds on Security Protocol Analysis--Combining Model Checking and Strand Spaces%安全协议分析的界--综合模型检查与Strand Spaces

    Institute of Scientific and Technical Information of China (English)

    刘怡文; 李伟琴

    2002-01-01

    Strand Spaces serve as a model of security protocol analysis. In this paper, the main characteristics of Strand Spaces are briefly introduced, and its advantages and disadvantages are presented . An algorithm of building an ideal model of a protocol is proposed, which is used to bound both the abilities of the penetrator and the number of concurrent protocol runs. Combining Model Checking and Strand Spaces, a method is proposed to use both the automatic reasoning mechanism of the Model Checking and the bounds on security protocol analysis to achieve effective analysis of security protocols, avoiding state explosion problems.%Strand Spaces是一种用于分析安全协议的机器证明方法.简要介绍了Strand Spaces的基本特点,分析了其优劣,提出了构造协议的理想子环的算法,并以此来约束协议入侵者的能力和协议并行运行的次数.将模型检查与Strand Spaces结合在一起,提出了一种综合分析方法来验证协议的安全特性,该方法可充分发挥模型检查与Strand Spaces二者的优势.

  14. On the security of \\alpha\\eta: Response to `Some attacks on quantum-based cryptographic protocols'

    CERN Document Server

    Yuen, H P; Corndorf, E; Kanter, G S; Kumar, P; Yuen, Horace P.; Nair, Ranjith; Corndorf, Eric; Kanter, Gregory S.; Kumar, Prem

    2005-01-01

    Lo and Ko, in QIC (6) pp. 40-47 [1], have developed some attacks on the cryptosystem called \\alpha\\eta [2], claiming that these attacks undermine the security of \\alpha\\eta for both direct encryption and key generation. In this paper, we show that their arguments fail in many different ways. In particular, the first attack in [1] requires channel loss or length of known-plaintext that is exponential in the key length and is unrealistic even for moderate key lengths. The second attack in [1] is a Grover search attack based on `asymptotic orthogonality' and was not analyzed quantitatively. We explain why it is not logically possible to ``pull back'' an argument valid only at n=infinity into a limit statement, let alone one valid for a finite number of transmissions n. We illustrate this by a `proof' using a similar asymptotic orthogonality argument that coherent-state BB84 is insecure for \\emph{any} value of loss. Even if a limit statement is true, this attack is \\emph{a priori} irrelevant as it requires an ind...

  15. Open Mobile Alliance Secure Content Exchange: Introducing Key Management Constructs and Protocols for Compromise-Resilient Easing of DRM Restrictions

    Science.gov (United States)

    Kravitz, David William

    This paper presents an insider's view of the rationale and the cryptographic mechanics of some principal elements of the Open Mobile Alliance (OMA) Secure Content Exchange (SCE) Technical Specifications. A primary goal is to enable implementation of a configurable methodology that quarantines the effects that unknown-compromised entities have on still-compliant entities in the system, while allowing import from upstream protection systems and multi-client reuse of Rights Objects that grant access to plaintext content. This has to be done without breaking compatibility with the underlying legacy OMA DRM v2.0/v2.1 Technical Specifications. It is also required that legacy devices can take at least partial advantage of the new import functionality, and can request the creation of SCE-compatible Rights Objects and utilize Rights Objects created upon request of SCE-conformant devices. This must be done in a way that the roles played by newly defined entities unrecognizable by legacy devices remain hidden.

  16. RFID分布式密钥阵列认证协议的安全性分析%Security analysis of key array authentication protocol

    Institute of Scientific and Technical Information of China (English)

    刘彦龙; 白煜; 滕建辅

    2014-01-01

    As the Radio Frequency IDentification(RFID)technology is widely applied in admission control, payment, ticketing and supply chain management, the security and privacy issues become more and more serious. So it is imperative to design authentication protocols to resist possible attacks and threats. 2011, H. Ning etc. proposed a scalable and distributed key array authentication protocol(KAAP), which uses the distributed key architecture, access list mechanism and dynamic random number mechanism to resist both external attacks and internal forgery attacks. In this paper, we proposed two effective attacks are proposed to against the KAAP, and attacks analysis shows KAAP fails to resist external attacks including replay attack and Denial of Service attack effectively. Therefore, KAAP has security vulnerability and can not achieve the expected goals.%RFID技术已广泛地应用在诸如访问控制、支付系统、票务系统以及供应链管理等领域,但同时安全和隐私问题变得越来越严重。安全认证协议的设计与完善对于保护信息安全和用户隐私变得更加重要。2011年H.Ning等人提出分布式可扩展密钥阵列认证协议(KAAP),该协议采用分布式密钥阵列架构、访问列表机制和动态随机数机制来抵御系统外部攻击和内部假冒攻击。针对KAAP建立两种有效的攻击模型,在此基础上分析得出该认证协议不能有效地抵御来自外部的重放攻击和拒绝服务攻击。KAAP安全性存在漏洞,不能达到设计的预期目标。

  17. A new secure routing protocol of WSNs%一种新的无线传感器网络安全路由协议

    Institute of Scientific and Technical Information of China (English)

    蒋华; 曾梅梅

    2013-01-01

    针对Gossiping协议中存在信息重叠、没有考虑到节点能量利用率和网络传输安全等问题,根据图论中Prims或者Kruskal算法来生成最小生成树的思想,在改进的最小生成树算法前提下,提出了一种传感器网络能量高效的安全路由(EESR)方案,引入了节点的可信度和能量值来作为图中边的权值,充分地考虑到能量的利用,同时防止了恶意节点篡改、丢弃数据包.实验结果表明:该方法提高了网络能量利用率,降低了网络丢包率,延长了无线传感器网络的生命周期.%In order to solve the problems of information overlap, and without consideration on node-energy utilization rate and network transmission security in Gossiping protocol of wireless sensor networks, according to idea of minimum spanning tree idea is generated, by Prim or Kruskal algorithms of graph theory, a scheme of energy-efficient secure routing ( EESR) of wireless sensor networks is proposed based on improved minimum spanning tree algorithm. It not only makes full use of the energy but also prevents malicious nodes from tampering or loss of datapacket by introducing reliability and energy value as weight values of sides. The experimental result shows that the proposed EESR algorithm improves the efficiency of network energy, reduces the loss rate of network packets and extends the life cycle of wireless sensor networks.

  18. AODV路由协议的安全性改进%Security improvement of AODV routing protocol

    Institute of Scientific and Technical Information of China (English)

    王寒冰; 张曦煌

    2012-01-01

    针对Ad Hoc网络易遭受黑洞攻击而造成大量丢包现象的安全问题,提出了一种基于非合作博弈理论的安全路由方法.以Ad Hoc网络节点和恶意节点为对象建立双人博弈模型,理论分析证明该模型存在纳什均衡点,即对博弈的双方均存在优势策略.Ad Hoc网络根据自己的优势策略选择路由进行防御和网络传输,恶意节点根据自己的优势策略采取网络攻击行为.分析和仿真结果表明,新方法能有效地选择比较安全的路由,从而减少了恶意节点对Ad Hoc网络进行黑洞攻击造成的影响,降低了路由开销和网络丢包率.%To defend the Ad Hoc network against blackhole attacks which cause a significant number of dropped packets, a new approach based on non-cooperative game theory is presented. A two-player game theory model is made regarding the Ad Hoc network as one player and malicious nodes as the other. Theoretical analysis proves that there exists a Nash equilibrium point in the model. There are dominant strategies for both parts of the two players. According to their own dominant strategies, the Ad Hoc network selectes a route to defend and to transmit packets, and the malicious nodes launch blackhole attacks. Analysis and simulation results show that the proposed approach can efficiently select a secure route in order to reduce the influence of the attacks by the malicious nodes against Ad Hoc network, and thus reducing the route overhead and the packet loss rate.

  19. A secure double-image sharing scheme based on Shamir's three-pass protocol and 2D Sine Logistic modulation map in discrete multiple-parameter fractional angular transform domain

    Science.gov (United States)

    Sui, Liansheng; Duan, Kuaikuai; Liang, Junli

    2016-05-01

    A secure double-image sharing scheme is proposed by using the Shamir's three-pass protocol in the discrete multiple-parameter fractional angular transform domain. First, an enlarged image is formed by assembling two plain images successively in the horizontal direction and scrambled in the chaotic permutation process, in which the sequences of chaotic pairs are generated by the two-dimensional Sine Logistic modulation map. Second, the scrambled image is divided into two components which are used to constitute a complex image. One component is normalized and regarded as the phase part of the complex image as well as other is considered as the amplitude part. Finally, the complex image is shared between the sender and the receiver by using the Shamir's three-pass protocol, in which the discrete multiple-parameter fractional angular transform is used as the encryption function due to its commutative property. The proposed double-image sharing scheme has an obvious advantage that the key management is convenient without distributing the random phase mask keys in advance. Moreover, the security of the image sharing scheme is enhanced with the help of extra parameters of the discrete multiple-parameter fractional angular transform. To the best of our knowledge, this is the first report on integrating the Shamir's three-pass protocol with double-image sharing scheme in the information security field. Simulation results and security analysis verify the feasibility and effectiveness of the proposed scheme.

  20. Security Extension on Strand Space Model for Ad-hoc Routing Protocols%Ad-hoc路由协议的串空间安全性扩展

    Institute of Scientific and Technical Information of China (English)

    董学文; 牛文生; 马建峰; 盛立杰

    2011-01-01

    根据Ad-hoc移动网络特点,深入分析了串空间模型的一致性条件,提出路由五段式模型,将中继者可信条件修改为任意中继者可信条件,使串空间适用于Ad-hoc安全路由协议分析.然后以一个攻击实例验证路由五段式模型的正确性和优越性.%based on the characteristics of Ad-hoc mobile network and detail analysis of the consistency condition in strand space model,a concept of five routing segments model was brought up and intermediator credibility condition was changed into the arbitrary intermediator credibility condition, thus the strand space model was adapted to the security analysis for Ad-hoc routing protocols. Then an attack was brought to verify the correctness and superiority of the five routing segments model.

  1. 一种基于不可复制功能的RFID认证协议的安全性分析%Security analysis of a RFID authentication protocol based on physically unclonable function

    Institute of Scientific and Technical Information of China (English)

    张龙翔

    2012-01-01

    The Radio Frequency IDentification (RFID) authentication protocols based on Physically Unclonale Function (PUF) is a hot research field recent years. In 2011, Bassil et al. proposed a new RFID authentication protocol based on PUF in international conference on Internet technology and secured transactions (BASSIL R, EL-BEAINO W, KAYSSI A, et al. A PUF-based ultra-lightweight mutual-authentication RFID protocol [C]// 2011 International Conference on Internet Technology and Secured Transactions. Piscataway: IEEE, 2011: 495 -499). The paper analyzed the security of this protocol by an imaginative adversary and found that it cannot resist secret disclosure attack, traceability attack, reader impersonation attack and desynchronization attack. The paper described the details of these attacks and computed their success probabilities and computation complexities.%基于不可复制功能(PUF)的射频识别(RFID)认证协议是近年来的研究热点.2011年,Bassil等在TST国际会议上提出了一种新的基于PUF的RFID认证协议(BASSIL R,EL-BEAINO W,KAYSSI A,et al.A PUF-based ultra-lightweight mutual-authentication RFID protocol[C]//2011 International Conference on Internet Technology and Secured Transactions.Piscataway:IEEE,2011:495-499).分析了该认证协议的安全性,通过假设敌手参与协议,指出其不能抵抗密钥泄露攻击、跟踪攻击,也不能抵抗阅读器冒充攻击以及同步破坏攻击;同时描述了这些攻击的细节,并给出了它们的成功概率和计算复杂度.

  2. Wireless Security

    CERN Document Server

    Osterhage, Wolfgang

    2011-01-01

    In the wake of the growing use of wireless communications, new types of security risks have evolved. Wireless Security covers the major topic of wireless communications with relevance both to organizations and private users. The technological background of these applications and protocols is laid out and presented in detail. Special emphasis is placed on the IEEE 802.11x-Standards that have been introduced for WLAN technology. Other technologies covered besides WLAN include: mobile phones, bluetooth and infrared. In each chapter a major part is devoted to security risks and provisions includin

  3. Static Validation of a Voting Protocol

    DEFF Research Database (Denmark)

    Nielsen, Christoffer Rosenkilde; Andersen, Esben Heltoft; Nielson, Hanne Riis

    2005-01-01

    The desired security properties of electronic voting protocols include verifiability, accuracy, democracy and fairness. In this paper we use a static program analysis tool to validate these properties for one of the classical voting protocols under appropriate assumptions. The protocol is formali......The desired security properties of electronic voting protocols include verifiability, accuracy, democracy and fairness. In this paper we use a static program analysis tool to validate these properties for one of the classical voting protocols under appropriate assumptions. The protocol...

  4. Security Analysis and Strategy Research of Kerberos Protocol%Kerberos协议的安全分析及对策研究

    Institute of Scientific and Technical Information of China (English)

    杨萍; 宁红云

    2015-01-01

    Some improvements are made based on the analysis of the traditional Kerberos protocol’s security. To solve problems of the password guessing attacks and the complexity of symmetric key storage,public key encryption and private key decryption mechanism is presented in this paper. The new methods of combining the message sequence number with the random number is used to help the application server to distinguish the message replayed by the attacker and the message resent by the legal client,so as to solve the problem that the encrypted request message is seized and replayed by the attacker. Also,in view of the problem that the session key is intercepted,the non-volatile memory is adopted on the client and application server to store the key chain and the message list,and message between client and application server is encrypted by the key in the key chain instead of the session key issued by the Ticket Granting Server ( TGS ) , the dynamic key ensures the integrity of the message. Analysis result shows that the improued protocol can improve the security of the system.%对传统Kerberos协议的安全性进行分析,提出一种改进协议。利用公钥加密私钥解密体制,解决口令猜测攻击以及对称密钥存储复杂的问题。为避免请求资源的消息被攻击者截获后进行重放,通过增加消息序列号和发送随机数相结合的方法,使应用服务器能够识别出被攻击者重放攻击和客户端重发的消息。在客户端和应用服务器端都采用非易失性存储器来存储密钥链和消息列表,客户端与资源服务器之间的交互数据都使用密钥链中的密钥代替票据授权服务器颁发的会话密钥进行加密,动态密钥保证消息的完整性,使会话密钥不易被截获。分析结果表明,改进协议能有效提高系统的安全性。

  5. 基于多属性的移动终端安全接入网络认证协议%A SECURITY ACCESS NETWORK AUTHENTICATION PROTOCOL FOR MOBILE DEVICES BASED ON MULTI-ATTRIBUTE

    Institute of Scientific and Technical Information of China (English)

    滕震方

    2013-01-01

    很多网络安全事件是由恶意用户具有较大访问的权限而引起的.先预防网络恶意行为的发生,首先解决好网络安全按入认证.基于此,提出一个基于多属性的移动终端安全接入网络认证协议.该协议将移动设备属性和用户属性映射为一个网络访问标识符,在移动设备和网络之间建立一个双向认证过程,并支持设备的移动性.另外网络在移动终端的访问过程中采取定期认证检验,避免假冒用户现象发生.仿真实验表明,该协议具有较好的安全性和较短的认证延时.%Many network security events are caused by malicious users which have greater access privileges.In order to prevent the occurrence of malicious behaviour in networks,the first is to solve the network security access authentication.Based on this concept,we present a multi-attribute based mobile terminal security access network authentication protocol.The protocol maps the attributes of both mobile devices and users to a network access identifier,sets up a mutual authentication process between the mobile devices and the networks,and the protocol supports the equipment mobility as well.Besides,the network will authenticate regularly the mobile terminal in its access process to avoid the fake user.Simulation results show that this authentication protocol has better security and a shorter authentication delay.

  6. Mobile communication security

    NARCIS (Netherlands)

    Broek, F.M.J. van den

    2016-01-01

    Security of the mobile network Fabian van den Broek We looked at the security of the wireless connection between mobile phone and cell towers and suggested possible improvements. The security was analysed on a design level, by looking at the protocols and encryption techniques, but also on an impl

  7. Mobile communication security

    NARCIS (Netherlands)

    Broek, F.M.J. van den

    2016-01-01

    Security of the mobile network Fabian van den Broek We looked at the security of the wireless connection between mobile phone and cell towers and suggested possible improvements. The security was analysed on a design level, by looking at the protocols and encryption techniques, but also on an impl

  8. ACSEPP On-Line Electronic Payment Protocol

    Institute of Scientific and Technical Information of China (English)

    WANG Shao-bin; ZHU Xian; HONG Fan

    2004-01-01

    With analyzing the existing on-line electronic payment protocols, this paper presents a new on-line electronic payment protocol named ACSEPP: Anonymous, Convenient and Secure Electronic Payment Protocol.Its aim is to design a practical electronic payment protocol which is both secure and convenient.Without using PKI_CA frame, it realized the anonymity of consumer and merchant, the convenient of handling, the low cost of maintenance and the security.

  9. Quantum deniable authentication protocol

    Science.gov (United States)

    Shi, Wei-Min; Zhou, Yi-Hua; Yang, Yu-Guang

    2014-07-01

    The proposed quantum identity authentication schemes only involved authentication between two communicators, but communications with deniability capability are often desired in electronic applications such as online negotiation and electronic voting. In this paper, we proposed a quantum deniable authentication protocol. According to the property of unitary transformation and quantum one-way function, this protocol can provide that only the specified receiver can identify the true source of a given message and the specified receiver cannot prove the source of the message to a third party by a transcript simulation algorithm. Moreover, the quantum key distribution and quantum encryption algorithm guarantee the unconditional security of this scheme. Security analysis results show that this protocol satisfies the basic security requirements of deniable authentication protocol such as completeness and deniability and can withstand the forgery attack, impersonation attack, inter-resend attack.

  10. The Function and Significance of Network Security Protocol in Computer Communication Technology%网络安全协议在计算机通信技术中的作用与意义

    Institute of Scientific and Technical Information of China (English)

    马玉红

    2015-01-01

    With the development and progress of society, rapid development of information technology, processing and transmission of information has gradually broken the limits of time and space, network information technology has been widely used in many ifelds, mainly military, cultural, ifnancial and commercial ifelds, and plays a big role, but with the development and progress, gradually the problem of network security, which has become a major obstacle to restrict the development of network information technology, the Internet has shared and open, there will be many security risks, therefore, we need to establish a network security protocol, so as to ensure the security of the network environment, but also a major part of construction of network safety, ensure the accuracy and the security of security protocols can avoid the problems caused the loss of data network hidden etc. This paper mainly studies the function and signiifcance of network security protocol in computer communication technology.%随着社会的发展和进步,信息技术不断飞速发展,处理和传递信息的方式已经逐渐打破空间和时间的限制,网络信息化已经在很多领域得到广泛应用,主要有军事、文化、金融以及商业领域等,并且起到很大的作用,但随着发展和进步,逐渐出现了网络安全问题,这成为了限制网络信息技术发展的主要障碍,互联网具有共享性和开放性,会存在很多安全隐患,因此,就需要建立一定的网络安全协议,从而保证网络环境的安全性,同时也是建设安全网络的主要部分,保证安全协议的正确性和安全性可以避免由于数据丢失导致的网络隐患等问题。文章主要研究了网络安全协议在计算机通信技术当中的作用与意义。

  11. Design of Trusted Network Connection Security Protocol and Access Control Architecture%可信网络连接安全协议与访问控制体系设计

    Institute of Scientific and Technical Information of China (English)

    王明书

    2016-01-01

    针对现阶段可信网络在连接与控制方面存在问题,分析现有可信网络实体功能、结构层次和接口协议,提出包含完整度量收集器在内的全新可信网络连接体系架构,重新设计以 EAP⁃TNC 数据包为核心的安全网络协议及访问控制体系。通过设置网络带宽、终端状态和可信等级等多项指标,对体系访问控制和连接性能进行实验测试。结论表明,可信网络连接安全协议和访问控制体系可使终端以安全可控的方式访问网络,具备良好的安全性和可用性。%In order to solve the connection and control problems of trusted network,the entity function,architecture and interface protocol of trusted network are analyzed,a new trusted network connection architecture,including the integrity measurement collector,is proposed,the security network protocol and access control architecture based on EAP⁃TNC data packet are designed.By setting specifi⁃cations such as network bandwidth,terminal state and reliability level,the performance of the basic connection and access control is test⁃ed.The result shows that based on the connection security protocol and access control architecture of trusted network, the terminal equipment can access the network in a secure and controllable way,and the security and availability are improved.

  12. Universally composable protocols with relaxed set-up assumptions

    DEFF Research Database (Denmark)

    Barak, Boaz; Canetti, Ran; Nielsen, Jesper Buus

    2004-01-01

    A desirable goal for cryptographic protocols is to guarantee security when the protocol is composed with other protocol instances. Universally composable (UC) protocols provide this guarantee in a strong sense: A protocol remains secure even when composed concurrently with an unbounded number of ...

  13. The Simplest Protocol for Oblivious Transfer

    DEFF Research Database (Denmark)

    Chou, Tung; Orlandi, Claudio

    2015-01-01

    Oblivious Transfer (OT) is the fundamental building block of cryptographic protocols. In this paper we describe the simplest and most efficient protocol for 1-out-of-n OT to date, which is obtained by tweaking the Diffie-Hellman key-exchange protocol. The protocol achieves UC-security against...... optimizations) is at least one order of magnitude faster than previous work. Category / Keywords: cryptographic protocols / Oblivious Transfer, UC Security, Elliptic Curves, Efficient Implementation...

  14. 基于改进的3-D Secure协议的移动支付安全解决方案%ON SAFE SOLUTION OF MOBILE PAYMENT BASED ON IMPROVED 3-D SECURE PROTOCOL

    Institute of Scientific and Technical Information of China (English)

    卫红春; 马丁

    2011-01-01

    A new safe solution of mobile payment based on improved 3-D Secure protocol is presented by learning from existing mobile transaction payment patterns abroad and in conjunction with the features of security requirements of domestic financial system, The solution adopts AES algorithm to encrypt communication message and uses a set of security authentication systems supporting the multi-channel secure message transmission control to ensure the safety of the customers', the merchants' and the funds information in mobile payment transaction.The feasibility and security of the solution in payment transaction are analysed, tested and validated as well.%借鉴国外已有的移动交易支付模式,结合我国金融系统的特点及安全要求,提出了一种基于改进的3-D Secure协议的移动支付安全方案,该方案采用AES(Advanced Encryption Standard)算法对通信报文加密,通过一套支持多信道报文安全传输控制的安全认证体系,来保证在移动支付业务中的客户、商户和资金信息的安全.分析并测试验证了该方案在支付业务中的可行性和安全性.

  15. Network security

    CERN Document Server

    Perez, André

    2014-01-01

    This book introduces the security mechanisms deployed in Ethernet, Wireless-Fidelity (Wi-Fi), Internet Protocol (IP) and MultiProtocol Label Switching (MPLS) networks. These mechanisms are grouped throughout the book according to the following four functions: data protection, access control, network isolation, and data monitoring. Data protection is supplied by data confidentiality and integrity control services. Access control is provided by a third-party authentication service. Network isolation is supplied by the Virtual Private Network (VPN) service. Data monitoring consists of applying

  16. A survey of security architecture of ZigBee protocol stack%ZigBee协议栈的安全体系综述

    Institute of Scientific and Technical Information of China (English)

    黄太波; 赵华伟; 潘金秋; 聂培尧; 杨泽军

    2012-01-01

    ZigBee, an emerging wireless sensor,network technology, has wide application and its security is increasingly significant. This paper presents its security architecture, security service, security model, security components, security keys and trust center and security policy of each layer. The paper also gives its security implementation steps. The paper eventually proposes a new idea for its key management, which is favorable to its security enhancement.%ZigBee技术作为无线传感网络领域的新兴技术获得广泛应用,其安全性日益重要。本文从现存的ZigBee安全体系入手,针对ZigBee的安全结构、安全服务、安全模式、安全组件、安全密钥和信任中心以及各层的安全措施展开论述,并具体介绍了ZigBee实现安全的步骤,最后提出一种可以提高ZigBee安全性的密钥管理方案的新思路。

  17. Design of Network Security Defense System Based on the TCP/IP Protocol%一种基于TCP/IP协议的网络安全防御系统设计

    Institute of Scientific and Technical Information of China (English)

    张辉

    2013-01-01

    This paper firstly described the structure and functions of each layer of the TCP / IP (Transmission Control Protocol/Internet Protocol)briefly, and analyzed and discussed the potential security risks of the protocol layers , Then designed a network security defense system model in the combination of active defense new technology, gave out the concrete realization physical structure, Finally discussed its features and benefits briefly.%  简要阐述了TCP/IP协议的结构及各层功能,分析讨论了各层协议自身潜在的安全性隐患,结合主动防御新技术,设计了一个网络安全防御系统模型,并给出了具体实现的物理结构,最后简要论述了该网络安全防御系统的特点和优越性。

  18. Multiparty Quantum Cryptographic Protocol

    Institute of Scientific and Technical Information of China (English)

    M. Ramzan; M. K. Khan

    2008-01-01

    We propose a multiparty quantum cryptographic protocol. Unitary operators applied by Bob and Charlie, on their respective qubits of a tripartite entangled state encoding a classical symbol that can be decoded at Alice's end with the help of a decoding matrix. Eve's presence can be detected by the disturbance of the decoding matrix. Our protocol is secure against intercept-resend attacks. Furthermore, it is efficient and deterministic in the sense that two classical bits can be transferred per entangled pair of qubits. It is worth mentioning that in this protocol, the same symbol can be used for key distribution and Eve's detection that enhances the effciency of the protocol.

  19. Novel analysis and improvement of Yahalom protocol

    Institute of Scientific and Technical Information of China (English)

    CHEN Chun-ling; YU Han; L(U) Heng-shan; WANG Ru-chuan

    2009-01-01

    The modified version of Yahalom protocol improved by Burrows, Abradi, and Needham (BAN) still has security drawbacks. This study analyzed such flaws in a detailed way from the point of strand spaces, which is a novel method of analyzing protocol's security. First, a mathematical model of BAN-Yahalom protocol is constructed. Second, penetrators' abilities are restricted with a rigorous and formalized definition. Moreover, to increase the security of this protocol against potential attackers in practice, a further improvement is made to the protocol. Future application of this re-improved protocol is also discussed.

  20. EPICS: Channel Access security design

    Energy Technology Data Exchange (ETDEWEB)

    Kraimer, M.; Hill, J.

    1994-05-01

    This document presents the design for implementing the requirements specified in: EPICS -- Channel Access Security -- functional requirements, Ned. D. Arnold, 03/09/92. Use of the access security system is described along with a summary of the functional requirements. The programmer`s interface is given. Security protocol is described and finally aids for reading the access security code are provided.

  1. Turismo Activo y Protocolos de Seguridad: BTT en la Vía Verde de Morata de Tajuña. Active Tourism and Security Protocols: BTT at Tajuña´S Green Way

    Directory of Open Access Journals (Sweden)

    Jiménez Martín, Pedro Jesús

    2006-01-01

    Full Text Available ResumenLa normativa actual referente al turismo activo en España ha establecido que para poder darse de alta en el registro oficial las empresas del sector están obligadas a presentar un protocolo de seguridad para el desarrollo de sus actividades. Sin embargo, en la normativa no se especifica en qué debe consistir el citado protocolo dejando la iniciativa totalmente abierta. Este artículo presenta una propuesta de cómo podría establecerse un protocolo de seguridad para una actividad: excursión en bicicleta de montaña por la vía verde de Tajuña en la Comunidad de Madrid. Hemos elegido como entorno de trabajo el Programa Vías Verdes por el gran potencial recreativo y medioambiental que nos brinda para las empresas de turismo activo y los profesionales de la actividad física y el deporte, así como por las ventajas de: oportunidades laborales, seguridad y fácil acceso.AbstractActive tourism regulations currently in force in Spain establish that companies must present a security protocol for the performance of their activities to become officially registered. However, normative does not specify what this protocol entails keeping opened the initiative. This paper proposes the way a security protocol could be designed for a certain activity: mountain-bike at Tajuña´s Green Way, located at Madrid Community. We have chosen the Program Green Routes as framework due to the great recreational and environmental potential they offer to companies of active tourism and professionals of the physical activity and sport, as well as good labour opportunities, high security and easy access.

  2. Quantum key distribution with delayed privacy amplification and its application to the security proof of a two-way deterministic protocol

    OpenAIRE

    Chau, HF; Fung, CHF; X.; Ma; Cai, QY

    2012-01-01

    Privacy amplification (PA) is an essential postprocessing step in quantum key distribution (QKD) for removing any information an eavesdropper may have on the final secret key. In this paper, we consider delaying PA of the final key after its use in one-time pad encryption and prove its security. We prove that the security and the key generation rate are not affected by delaying PA. Delaying PA has two applications: it serves as a tool for significantly simplifying the security proof of QKD wi...

  3. 基于IEEE 802.1 x/EAP-TLS认证协议安全性的改进%The Improvement of Security based on IEEE 802 . 1 x/EAP-TLS Protocol

    Institute of Scientific and Technical Information of China (English)

    孟迪

    2014-01-01

    Nowadays, the Internet Technology develops rapidly, the application of WLAN has become more and more widespread. Because the wireless network has the nature of opening,at the same time of applying rap-idly,the security problem is constraining the wireless network. By studying the security of IEEE 802. 1x/EAP-TLS protocol,this thesis provides an improvement scheme to make the information which are transmitted be-tween client and AP more secure,promote the security of wireless network in some degree.%在网络技术飞速发展的今天,无线网的应用范围越来越广泛.由于无线网具有开放性,在广泛应用的同时,其安全问题也成为了制约网络发展的关键问题.本文详细研究了IEEE 802.1x/EAP-TLS认证协议的安全问题,针对安全漏洞提出了改进方案,通过对客户端与认证系统之间传递信息的改进,在一定程度上提升了无线网的安全性.

  4. Security Routing Protocol Resisting Blackhole Attack in Delay-tolerant Sensor Network%时延容忍传感器网络中抗黑洞攻击的安全路由协议

    Institute of Scientific and Technical Information of China (English)

    陈思; 张宏; 李华峰; 涂庆华; 汤东阳

    2014-01-01

    时延容忍网络是一种在大部分时间内源节点和目的节点之间不存在端到端路径,而依靠存储转发机制实现异步通信的无线自组织网络。针对其黑洞攻击的问题,设计一种能够检测黑洞节点的安全路由协议。分析时延容忍传感器网络模型和黑洞攻击模型,给出基于传递证据的恶意节点检测方案,并将其与路由协议相融合。仿真结果表明,该协议可准确识别出恶意节点,并且在传感器网络环境中具有较好的路由性能。将安全路由协议应用于水下环境监测或城市交通控制等领域,可以避免其网络环境遭受恶意节点的攻击,保证网络的可靠性与稳定性。%Delay-tolerant Network(DTN) is an Ad Hoc network, in which there is not end-to-end path between the source and the destination nodes in most of the time, and DTN relies on the mechanism of store and forwards to realize the asynchronous communication. Aiming at the blackhole attack in DTN, this paper proposes a security routing protocol which can detect blackhole nodes. It analyzes the model of DTN, gives a scheme to detect malicious nodes, and merges this scheme with the routing protocol. Compared with existing routing protocols through the simulation, it verifies that the security routing protocol can accurately detect the malicious nodes and it has better performance in DTN environment. When being used in water environment monitoring or city traffic control and other fields, the security routing protocol can avoid the network environment from malicious nodes attack, and ensure the reliability and stability of network.

  5. Improved Authenticated Multi-Key Agreement Protocol

    Institute of Scientific and Technical Information of China (English)

    ZHANG Hua; YUAN Zheng; WEN Qiaoyan

    2006-01-01

    Zhou et al give an attack on Harn's modified authenticated multi-key agreement protocol, and give a protocol that can prevent the unknown key-share attack. The paper points out that the protocol is vulnerable to a concatenation attack. This paper proposes an improved authenticated multi-key agreement protocol which shows how to make Harn's protocol more secure by modifying the signature and verification. And this protocol can escape the concatenation attack.

  6. An Identity- Based Key- Exchange Protocol

    Institute of Scientific and Technical Information of China (English)

    ZHANG Ya-juan; ZHU Yue-fei; HUANG Qiu-sheng

    2005-01-01

    An identity-based key-exchange protocol using a bilinear map is proposed and it is proved SK-secure(session key secure) in the AM (authenticated links adversarial model)provided the BDDH (bilinear Diffie-Hellmen) assumption is correct. Then we apply the signature-based authenticator to our protocol and obtain an identity-Based key-exchange protocol that is SK-secure in the UM (unauthenticated links adversarial model) provided the BDDH assumption is correct.

  7. AN IMPROVED AUTHENTICATED KEY AGREEMENT PROTOCOL

    Institute of Scientific and Technical Information of China (English)

    2005-01-01

    In 1999, Seo and Sweeney proposed a simple authenticated key agreement protocol that was designed to act as a Diffie-Hellman key agreement protocol with user authentication.Various attacks on this protocol are described and enhanced in the literature. Recently, Ku and Wang proposed an improved authenticated key agreement protocol, where they asserted the protocol could withstand the existing attacks. This paper shows that Ku and Wang's protocol is still vulnerable to the modification attack and presents an improved authenticated key agreement protocol to enhance the security of Ku and Wang's protocol. The protocol has more efficient performance by replacing exponentiation operations with message authentication code operations.

  8. Cognitive Protocol Stack Design

    Science.gov (United States)

    2015-12-30

    directly related to the protocol stack, e.g., environmental or positioning data) that can be exploited to design and test novel cognitive networking ...quality of service (QoS) is challenging. Currently, 5G technologies are being developed to answer the need for further increasing network capacity, and...SECURITY CLASSIFICATION OF: In the ARO “Cognitive Protocol Stack Design" project we proposed cognitive networking solutions published in international

  9. A Survey of E-Commerce Security

    Institute of Scientific and Technical Information of China (English)

    QIN Zhiguang; LUO Xucheng; GAO Rong

    2004-01-01

    E-commerce is a very active field of Intemet research. A very important aspect of e-commerce is its security. Because of the variety of e-commerce applications, many security policies,protocols and techniques are involved in the deployment of the security. The related standards and protocols ofe-commerce are studied in this paper. The general model of e-commerce security is set forth.In this model, two most important e-commerce protocols including secure sockets layer (SSL) and secure electronic transaction (SET) are analyzed. The open problems and new trends of e-commerce security are presented.

  10. Relaxing Chosen-Ciphertext Security

    DEFF Research Database (Denmark)

    Canetti, Ran; Krawczyk, Hugo; Nielsen, Jesper Buus

    2003-01-01

    Security against adaptive chosen ciphertext attacks (or, CCA security) has been accepted as the standard requirement from encryption schemes that need to withstand active attacks. In particular, it is regarded as the appropriate security notion for encryption schemes used as components within...... general protocols and applications. Indeed, CCA security was shown to suffice in a large variety of contexts. However, CCA security often appears to be somewhat too strong: there exist encryption schemes (some of which come up naturally in practice) that are not CCA secure, but seem sufficiently secure...... “for most practical purposes.” We propose a relaxed variant of CCA security, called Replayable CCA (RCCA) security. RCCA security accepts as secure the non-CCA (yet arguably secure) schemes mentioned above; furthermore, it suffices for most existing applications of CCA security. We provide three...

  11. Analysis and Verification of Secure E-commerce Payment Protocol Based on Four Parties%基于四方的安全电子商务支付协议分析与验证

    Institute of Scientific and Technical Information of China (English)

    肖仕成; 李开; 甘早斌

    2012-01-01

    Both the finite state model and the CTL (Computation Tree Logic) formulations were first constructed for the secure e-commerce payment protocol based on four parties (FSET) in this paper. Then, the symbolic model checking (SMV) was used to analyze and verify the atomicity of the FSET protocol. The result of analysis and verification indicates that the FSET can meet with the money atomicity, the goods atomicity and the certified delivery, as well as the electronic payment security requirements.%以基于四方的安全电子商务支付协议为研究对象,建立了协议的有限状态模型以及安全计算树逻辑CTL公式,利用符号模型检测工具SMV对协议的原子性进行检测验证.验证结果证明,基于四方的安全电子商务支付协议满足电子支付的金钱原子性、商品原子性以及确认发送原子性,协议符合电子支付的原子性安全要求.

  12. Model Checking-Based Formal Analysis and Improvement on Wireless Sensor Network Security Protocols%基于模型检测的无线传感网安全协议形式化分析与改进

    Institute of Scientific and Technical Information of China (English)

    陈铁明; 何卡特; 江颉

    2013-01-01

    针对Zhang等人提出的一种基于位置的无线传感网络安全方案,开展基于模型检测的形式化分析与改进研究.首先采用模型检测工具SPIN分析和验证邻居节点认证协议,发现节点移动后将导致邻居节点无法认证的问题;为支持节点可移动,直接对协议给出一种改进方案,并采用模型检测对改进后的协议重新建模分析,发现存在中间人攻击威胁;最后根据模型检测结果,进一步提出用时间戳替换随机数的改进方案,可有效抵御中间人攻击.本文工作表明,模型检测不仅能实现对无线传感网络安全协议的形式化分析与验证,还可有效协助实现安全协议的设计与改进.%Formal analysis and improvement on a novel location-based security mechanism for wireless sensor networks are conducted in this paper. At first, the neighbor node authentication protocol is formally verified using the model check tool SPIN, and it is found that the authentication will fail if the node moves off its location. To obtain a node move-free scheme,an improved location-based authentication security protocol is directly proposed. However, by model checking the modified specification again, a man-in-the-middle attack is eventually detected. Finally, the timestamp is employed to substitute the original nonce to resist the MITM attack. Our works show that model check, as an efficient formal method,can not only analyze and verify the specialized security protocols on wireless sensor networks,but also facilitate the security scheme design and improvement.

  13. Lemnos interoperable security project.

    Energy Technology Data Exchange (ETDEWEB)

    Halbgewachs, Ronald D.

    2010-03-01

    With the Lemnos framework, interoperability of control security equipment is straightforward. To obtain interoperability between proprietary security appliance units, one or both vendors must now write cumbersome 'translation code.' If one party changes something, the translation code 'breaks.' The Lemnos project is developing and testing a framework that uses widely available security functions and protocols like IPsec - to form a secure communications channel - and Syslog, to exchange security log messages. Using this model, security appliances from two or more different vendors can clearly and securely exchange information, helping to better protect the total system. Simplify regulatory compliance in a complicated security environment by leveraging the Lemnos framework. As an electric utility, are you struggling to implement the NERC CIP standards and other regulations? Are you weighing the misery of multiple management interfaces against committing to a ubiquitous single-vendor solution? When vendors build their security appliances to interoperate using the Lemnos framework, it becomes practical to match best-of-breed offerings from an assortment of vendors to your specific control systems needs. The Lemnos project is developing and testing a framework that uses widely available open-source security functions and protocols like IPsec and Syslog to create a secure communications channel between appliances in order to exchange security data.

  14. DIRAC Security

    CERN Document Server

    Casajús Ramo, A

    2006-01-01

    DIRAC is the LHCb Workload and Data Management System. Based on a service-oriented architecture, it enables generic distributed computing with lightweight Agents and Clients for job execution and data transfers. DIRAC implements a client-server architecture exposing server methods through XML Remote Procedure Call (XML-RPC) protocol. DIRAC is mostly coded in python. DIRAC security infrastructure has been designed to be a completely generic XML-RPC transport over a SSL tunnel. This new security layer is able to handle standard X509 certificates as well as grid-proxies to authenticate both sides of the connection. Serve and client authentication relies over OpenSSL and py-Open SSL, but to be able to handle grid proxies some modifications have been added to those libraries. DIRAC security infrastructure handles authorization and authorization as well as provides extended capabilities like secure connection tunneling and file transfer. Using this new security infrastructure all LHCb users can safely make use o...

  15. Homomorphic encryption and secure comparison

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Geisler, Martin; Krøigaard, Mikkel

    2008-01-01

    We propose a protocol for secure comparison of integers based on homomorphic encryption.We also propose a homomorphic encryption scheme that can be used in our protocol, makes it more efficient than previous solutions, and can also be used as the basis of efficient and general secure Multiparty C...

  16. 一种基于带承诺加密电路的移动代码保护协议%A Secure Mobile Code Protocol Based on Committed Garbled Circuit

    Institute of Scientific and Technical Information of China (English)

    叶建伟; 张宏莉; 张永铮

    2011-01-01

    基于Jarecki和Shmatikov的带承诺加密电路技术和Pedersen的可验证门限秘密共享方案,提出了一种新的适用于恶意环境的移动代码保护协议.新协议使用一组服务器来代理部分零知识证明过程并共享密钥.当诚实的服务器多于2/3时,新协议:1)能同时保护输入输出的安全,较现有协议有更高安全性;2)适用于无交互的移动代码环境;3)使得发起者无需和执行者交互就能验证移动代码的正确性,从而避免恶意发起者使用恶意代码来破坏执行者的安全性;4)使得发起者和执行者能公平地得到正确的输出.%The lack of protections hinders the application of mobile code, and no sound solutions have been proposed for it so far.Garbled circuit is the only pure software protecting technique that is universal and has provable security, by now.The existing CCKM, ACCK, Tate-Xu and Zhong-Yang protocols based on garbled circuit cannot prevent the attacks from malicious participants and cannot fit to mobile code non-interactively.Based on the committed garbled circuit technology of Jarecki et al.and Pedersen's verifiable threshold secret sharing scheme, this paper presents a new secure mobile code protocol against the malicious participants.In the new protocol, a group of third-party servers are employed to “challenge” the provers, and to share secrets in every secret sharing scheme.When more than two-thirds of the servers are honest, the new protocol: 1) protects the inputs and outputs of the mobile codes simultaneously and offers more protection than existing protocols; 2) suits for mobile code application non-interactive; 3) makes the executors be able to verify the garbled circuit non-interactively and thus protect themselves from malicious codes; and 4) guarantees that the generators and executors can get correct outputs full fairly.

  17. 基于随机性检测的ZigBee协议安全传输测试方法研究%Secure transmission test method of ZigBee protocol based on randomness detection

    Institute of Scientific and Technical Information of China (English)

    汤永利; 赵文静; 梁博; 赵章界

    2015-01-01

    In order to effectively identify and test the encryption measures of ZigBee protocol, this paper studies secure working mode with ZigBee protocol and proposes a new security testing method based on randomness detection. This method synthetically considers the randomness of test sequences and test effectiveness,and uses the typical randomness detection algorithm to construct a reasonable testing program. By analyzing the characteristics of data frame structure in ZigBee network layer and application layers and testing ZigBee protocol data of different encryption mechanisms,this paper can effectively identify whether the transmission data are encrypted or not. By analyzing the encryption positions of load byte data,this paper can determine the encryption level of the ZigBee protocol data. The experimental results show that this method can accurately identify whether the ZigBee protocol data are encrypted and use the encryption level and can effectively test the encryption strength.%为了有效鉴别和测试ZigBee协议传输数据的加密措施,该文结合ZigBee协议的安全工作模式,提出了基于随机性检测的ZigBee协议安全测试方法。该方法综合考虑测试序列的随机性和测试的有效性,采用典型随机性检测算法构造合理的测试方案。同时通过对网络层与应用层数据帧结构特点的分析,以及ZigBee设备中不同加密机制传输数据的测试,可有效鉴别传输数据是否加密;并通过分析负载数据加密字节的位置,可判断ZigBee协议数据的加密层级。实验结果表明:该方法不仅适用于判断ZigBee协议数据是否采取加密传输及其加密层级,而且也能用于测试ZigBee协议数据的加密强度。

  18. 认知无线网络动态频谱感知决策安全协议框架研究%Research on security protocol framework of dynamic spectrum sensing in cognitive radio networks

    Institute of Scientific and Technical Information of China (English)

    高刃; 伍爵博; 唐龙

    2013-01-01

    对认知网络频谱感知安全研究现状进行了分析,提出了一个频谱感知决策安全协议框架.对认知无线网络模型中相关组件、符号进行了定义,并对其结构和安全性进行了详细描述.通过与相关方案比较,结果表明该协议框架能够用来抵御频谱感知所面临的潜在威胁,使之进行正确的频谱决策.%This paper analyzed the state of the art in spectrum sensing security of cognitive radio networks,and presented a security protocol framework of spectrum sensing.It gave the related definitions for cognitive radio network model and analyzed its structure and security.This paper carried out comparisons with other solutions.The results show that the proposed framework can be used to ward off the potential threat on spectnun sensing in order to make correct decision.

  19. OT-Combiners Via Secure Computation

    DEFF Research Database (Denmark)

    Harnik, Danny; Ishai, Yuval; Kushilevitz, Eyal

    2008-01-01

    An OT-combiner implements a secure oblivious transfer (OT) protocol using oracle access to n OT-candidates of which at most t may be faulty. We introduce a new general approach for combining OTs by making a simple and modular use of protocols for secure computation. Specifically, we obtain an OT......, in a network consisting of a single OT-channel. Our approach applies both to the “semi-honest” and the “malicious” models of secure computation, yielding the corresponding types of OT-combiners. Instantiating our general approach with secure computation protocols from the literature, we conceptually simplify......-combiner from any instantiation of the following two ingredients: (1) a t-secure n-party protocol for the OT functionality, in a network consisting of secure point-to-point channels and a broadcast primitive; and (2) a secure two-party protocol for a functionality determined by the former multiparty protocol...

  20. A Provably Secure Asynchronous Proactive RSA Scheme

    Institute of Scientific and Technical Information of China (English)

    ZHANG Rui-shan; LI Qiang; CHEN Ke-fei

    2005-01-01

    The drawback of the first asynchronous proactive RSA scheme presented by Zhou in 2001, is that the se curity definition and security proof do not follow the approach of provable security. This paper presented a provably secure asynchronous proactive RSA scheme, which includes three protocols: initial key distribution protocol,signature generation protocol and share refreshing protocol. Taken these protocols together, a complete provably secure proactive RSA scheme was obtained. And the efficiency of the scheme is approximate to that of the scheme of Zhou.

  1. Provably Secure Authenticated Key Agreement Protocol Based on Hierarchical Identity%基于层级化身份的可证明安全的认证密钥协商协议

    Institute of Scientific and Technical Information of China (English)

    曹晨磊; 刘明奇; 张茹; 杨义先

    2014-01-01

    目前基于身份的认证密钥协商协议均以单个私钥生成器(PKG)为可信第三方,但这种系统结构难以满足身份分层注册与认证需求。该文以基于层级化身份的加密(HIBE)系统为基础重构了私钥的组成元素,并利用椭圆曲线乘法循环群上的双线性映射提出一个基于层级化身份的认证密钥协商协议,为隶属于不同层级的云实体提供了安全的会话密钥协商机制。基于CDH(Computational Diffie-Hellman)与GDH(Gap Diffie-Hellman)假设,该文证明了新协议在eCK模型下具有已知密钥安全性、前向安全性和PKG前向安全性,并且能够抵抗基于密钥泄露的伪装攻击。%At present most Identity-based authenticated key agreement protocols are built on the security infrastructure in which a single Private Key Generator (PKG) is contained as the only trusted third party of the whole system, however such kind of infrastructure can not satisfy the requirements of hierarchical identity register and authentication. On the basis of Hierarchical Identity Based Encryption (HIBE) system, this paper reconstructs the private key and proposes a new hierarchical identity based authenticated key agreement protocol using the bilinear map in multiplicative cyclic group and it provides secure session key exchange mechanism for cloud entities on different hierarchical levels. Based on the Computational Diffie-Hellman (CDH) and Gap Diffie-Hellman (GDH) assumptions, this paper proves that the new protocol not only achieves known-key security, forward secrecy and PKG forward secrecy, but also resists key-compromise impersonation attacks in the eCK model.

  2. Stream Control Transmission Protocol Steganography

    CERN Document Server

    Fraczek, Wojciech; Szczypiorski, Krzysztof

    2010-01-01

    Stream Control Transmission Protocol (SCTP) is a new transport layer protocol that is due to replace TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) protocols in future IP networks. Currently, it is implemented in such operating systems like BSD, Linux, HP-UX or Sun Solaris. It is also supported in Cisco network devices operating system (Cisco IOS) and may be used in Windows. This paper describes potential steganographic methods that may be applied to SCTP and may pose a threat to network security. Proposed methods utilize new, characteristic SCTP features like multi-homing and multistreaming. Identified new threats and suggested countermeasures may be used as a supplement to RFC 5062, which describes security attacks in SCTP protocol and can induce further standard modifications.

  3. 基于SRP-6协议的Web Services安全通信%Secure Web Services Communication Based on SRP-6 Protocol

    Institute of Scientific and Technical Information of China (English)

    刘劲武; 陈峰

    2007-01-01

    Web Services容易受到Internet上的各种安全攻击,分析了SRP(Secure Remote Password)协议的工作机理,提出了一种将SRP-6协议和SOAP相结合的方案以保障Web Services的安全运行.该方案可构建为一个独立层以支持现存的Web Services系统.

  4. Secure Architectures for Mobile Applications

    Directory of Open Access Journals (Sweden)

    2007-01-01

    Full Text Available The paper presents security issues and architectures for mobile applications and GSM infrastructure. The article also introduces the idea of a new secure architecture for an inter-sector electronic wallet used in payments - STP4EW (Secure Transmission Protocol for Electronic Wallet

  5. 低速率移动自组织网络安全路由协议%Study of Security Routing Protocol for the Low-Rate Mobile Ad Hoc Networks

    Institute of Scientific and Technical Information of China (English)

    马涛; 陈娟; 王勇

    2014-01-01

    由于移动Ad Hoc网络具有无需基础设施,可以快速部署,很难完全被摧毁等优点,被作为数字化战场通信的优先选择,设计实现了一种适用于低速率移动Ad Hoc网络的安全路由协议---LSRP,它适用于分层架构的低速移动电台自组网,可以在网络资源有限的情况下,防御来自外部和内部两方面的攻击。LSRP协议利用分布式门限RSA签名方案来阻止非授权接入,防范来自网络外部的攻击;利用邻节点信任度评估机制,进行恶意节点检测和剪除,防范来自网络内部的攻击,增强了网络的安全性。%With advantages in many respects,such as without infrastructure,rapidly deployed and hard to be totally destroyed,Mobile Ad Hoc Networks have been the first choice for digital battlefield communications. The LSRP protocol,which is a constructive safe routing protocol for the low-rate Mobile Ad Hoc Networks,has been proposed and implemented in this thesis. The protocol can defend attacking from outside and inside with limited network resource. In order to increase the security of LSRP,the distributed threshold RSA signature scheme is imposed to prevent unauthorized access, avoiding the attacks from outside of the network. In addition,in order to detect the attacks from inside of the cluster and,the trust evaluation between neighbor nodes has been brought into LSRP for detecting and purging the malicious nodes. The security of LSRP protocol has been greatly enhanced.

  6. A secure multipath routing protocol for hierarchical wireless sensor networks%分簇无线传感器网络安全多路径路由协议

    Institute of Scientific and Technical Information of China (English)

    白恩健; 葛华勇; 杨阳

    2012-01-01

    Multipath routing cannot effectively resist security attacks against the network layer by a malicious node in wireless sensor networks. Combining multipath routing with node reliability evaluation, a secure multipath routing protocol was presented based on a reliability node. The trust value was obtained from the direct and indirect trust u-sing the weighted average method. The direct trust value of the nodes was obtained successfully from the factor of the rate of the forwarding packets and the rate of packet retransmission, and the indirect trust value of a node was obtained from the trust of neighboring nodes in the assessment node. The credit value was only created and exchanged among the cluster heads in order to reduce network overhead. Measured by the node reliability of the next hop node, secure multipalh routing was established by computing the number of multipaths to achieve the desired security requirements. Simulation results show that the protocol performs well in balancing energy consumption, ensuring the routing safety, and prolonging the network lifetime in wireless sensor networks.%针对多路径路由难以有效抵御恶意节点对无线传感器网络网络层的安全攻击,将多路径路由与节点可信度评价进行有效结合,以节点的转发数据包成功率和包重传率作为直接信任指标,邻居节点对评价节点的信任作为间接信任指标,提出一种基于可信节点的安全多路径路由协议.为降低网络开销,只对簇头节点进行可信度评价,并利用节点信任值衡量下一跳节点的可靠性,计算能达到期望安全性要求的多路径数目,进行信任多路径路由的建立.仿真结果表明:该协议能够有效地均衡路由能耗,延长网络生存周期,保障无线传感器网络的路由安全.

  7. Computer Security: the security marathon

    CERN Multimedia

    Computer Security Team

    2014-01-01

    If you believe that “security” is a sprint, that a quick hack is invulnerable, that quick bug fixing is sufficient, that plugging security measures on top of existing structures is good, that once you are secure your life will be easy... then let me convince you otherwise.   An excellent example of this is when the summer students join us at CERN. As the summer period is short, software projects must be accomplished quickly, like a sprint. Rush, rush! But often, this sprint ends with aching muscles. Regularly, these summer students approach us to have their project or web server made visible to the Internet. Regularly, quick security reviews of those web servers diagnose severe underperformance with regards to security: the web applications are flawed or use insecure protocols; the employed software tools, databases or web frameworks are sub-optimal and not adequately chosen for that project; the operating system is non-standard and has never been brought up-to-date; and ...

  8. 基于AS联盟与信誉机制的域间安全路由协议%Inter-domain Security Routing Protocol Based on Autonomous Systems Alliance and Reputation Mechanism

    Institute of Scientific and Technical Information of China (English)

    李兆斌; 康志荣; 池亚平; 方勇

    2012-01-01

    基于信誉机制的边界网关协议存在信誉值计算不合理和数据存储不安全等问题.为此,提出一种新的域间安全路由协议TBGP.从网络节点、链路和路径3个方面计算信誉值,以提高路由的安全性,并引入可信计算,利用自治系统联盟管理保证信誉值数据的完整性和存储的安全性.理论分析及仿真结果表明,该协议可较好地抑制不可信路由的传播,实现最优路径选择.%Border Gateway Protoco!(BGP) based on reputation mechanism has some defects such as unreasonable computing of reputation value and insecurity data storage. This paper proposes a new inter-domain routing protocol called Trusted Border Gateway Protocol(TBGP). In order to improve the security of routing, TBGP calculates reputation value from the three aspects of the network nodes, links and path. The trusted computing is also introduced to TBGP, and Autonomous Systems(AS) alliance management is used to ensure the integrity and security of reputation value. Analysis and simulation results show that TBGP can inhibit the spread of untmsted routing and help to choose the best path.

  9. Animation of Natural Language Specifications of Authentication Protocols

    Directory of Open Access Journals (Sweden)

    Mabroka A. Mayouf

    2008-01-01

    Full Text Available Problem Statement: A few visualization tools have been created for protocol design and analysis. Although these tools provide an environment for designing security protocols, each one has its own protocol definition language (its also called informal specification language. The problem is that the user should understand the language which related to the used tool in order to define an exist protocol or design a new one. For specification, a language needs to be intuitive as well as easily usable and understandable by the security protocol engineer. It must be able to precisely and unambiguously specify the behavior of security protocol. Approach: In this study, we propose an approach for protocol specification based on the Natural language definitions of protocol semantics. By using programmatic semantics together with animations, representational flexibility of different protocol demonstration is retained for as long as it is needed. Result: This study provides an environment that can be used by protocols designers to develop and investigate different scenarios of security protocols especially authentication protocols. Natural Language Protocol Specifications (NLPS approach is used to define the protocol. The environment accepts the natural language text of protocol specifications and converts it to animations of protocol behavior. Conclusions/Recommendations: NLPS environment can really help protocol designer to consider and investigate the behavior of security protocols. It can also be used for teaching-learning security protocol concepts. In further, we will consider the possibility of analyzing security protocols using our NLPS environment and animation techniques in order to improve the correctness; that is determining whether or not the intended security properties of a protocol do hold.

  10. Collective Study On Security Threats In VOIP Networks

    Directory of Open Access Journals (Sweden)

    Muhammad Zulkifl Hasan

    2015-08-01

    Full Text Available The Collective study will critically evaluate the voice over internet protocol VOIP Security threats issues amp challenges in the communication over the network the solution provided by different vendors. Authors will be discussing all security issues different protocols but main focus will be on SIP protocol its implementation and vendors VOIP security system.

  11. Methods and protocol of a mixed method quasi-experiment to evaluate the effects of a structural economic and food security intervention on HIV vulnerability in rural Malawi: The SAGE4Health Study.

    Science.gov (United States)

    Weinhardt, Lance S; Galvao, Loren W; Mwenyekonde, Thokozani; Grande, Katarina M; Stevens, Patricia; Yan, Alice F; Mkandawire-Valhmu, Lucy; Masanjala, Winford; Kibicho, Jennifer; Ngui, Emmanuel; Emer, Lindsay; Watkins, Susan C

    2014-01-01

    Poverty and lack of a predictable, stable source of food are two fundamental determinants of ill health, including HIV/AIDS. Conversely, episodes of poor health and death from HIV can disrupt the ability to maintain economic stability in affected households, especially those that rely on subsistence farming. However, little empirical research has examined if, and how, improvements in people's economic status and food security translate into changes in HIV vulnerability. In this paper, we describe in detail the methods and protocol of an academic-NGO collaboration on a quasi-experimental, longitudinal study of the mechanisms and magnitude of the impact of a multilevel economic and food security program (Support to Able-Bodied Vulnerable Groups to Achieve Food Security; SAFE), as implemented by CARE. Primary outcomes include HIV vulnerability (i.e., HIV risk behaviors, HIV infection), economic status (i.e., income, household assets) and food security (including anthropometric measures). We recruited participants from two types of areas of rural central Malawi: traditional authorities (TA) selected by CARE to receive the SAFE program (intervention group) and TAs receiving other unrelated CARE programming (controls). In the intervention TAs, we recruited 598 program participants (398 women, 200 men) and interviewed them at baseline and 18- and 36-month follow-ups; we interviewed 301 control households. In addition, we conducted random surveys (n = 1002) in the intervention and control areas with a 36-month assessment interval, prior to and after implementation of SAFE. Thus, we are examining intervention outcomes both in direct SAFE program participants and their larger communities. We are using multilevel modeling to examine mediators and moderators of the effects of SAFE on HIV outcomes at the individual and community levels and determine the ways in which changes in HIV outcomes feed back into economic outcomes and food security at later interviews. Finally, we

  12. 信任评价的低能耗安全GEAR路由协义的研究%Study on low-consumption and secure GEAR routing protocol improved by trust evaluation

    Institute of Scientific and Technical Information of China (English)

    杨华; 王潜平; 韩刚; 周锐

    2011-01-01

    To the problems of threat to routing security and limited energy of the nodes in GEAR, a new routing protocol named T-GEAR based on trust mechanism and data fusion is proposed.By adding trust parameters on each node,T-GEAR will take into account the node's trust value when selecting the next hop node.And this can avoid the next hop node is an attack node.Moreover.in the target area,this new protocol can aggregate the data to low the energy consumption to some de-gree.Simulation results show that T-GEAR has longer network lifetime, higher packet transmission rate and lower packet loss rate than GEAR protocol while attacking nodes exist.%针对GEAR路由协议所面临的安全威胁和节点能量有限的不足,利用信任评价机制和数据融合技术对其进行改进,提出了一种新的协议T-GEAR (Trust-GEAR,T-GEAR).该协议通过为节点增加信任度参数,使节点在选择下一跳节点时考虑了其信任值,降低了下一跳节点是攻击节点的可能性.此外,该协议还对目标区域内的信息传递进行了数据融合,在一定程度上降低了网络的能耗.实验仿真结果表明,与GEAR协议相比,T-GEAR协议延长了网络的生命周期,具有较高的包传输率和较低的丢包率,提高了网络的安全性.

  13. 基于身份的电子文档域密钥分发算法及协议%Identity-based domain key distribution protocol in the E-document security management

    Institute of Scientific and Technical Information of China (English)

    闫玺玺; 马兆丰; 杨义先; 钮心忻

    2012-01-01

    In order to create a security domain environment in the E-document management, an identity domain key distribution scheme using bilinear pairings for large and dynamic domain was proposed. The scheme could handle the joining and leaving of domain members efficiently, and updateed the domain key in the manner of broadcast, which avoided the complex protocols of key agreement. In addition, the distribution protocol based sharing-domain for E-document was also given, which aimed to realize the function of sharing the documents in a domain and distributing the documents between different domains securely. With the protocol, the E-documents obtained by a domain member could be transmitted to other domain members seamlessly. On the opposite, the E-document which was distributed to another domain need to be upload to the server, which would verify the identity of the domain member and encrypt the documents with the specified domain key.%为了实现电子文档安全管理环境中域间用户的通信安全,采用双线性对构造了一个适用于大数量、动态域组的基于身份的域密钥分发算法,该算法实现了域环境下用户的动态加入与离开,通过广播加密的方式使域用户获得更新后的域密钥,避免了复杂的密钥更新协商协议.另外,提出基于共享域的电子文档管理协议,实现域内用户共享,不同域之间安全分发电子文档.在该协议工作下,共享域内每个用户合法获得的电子文档可以在域中各设备间无缝地流动,实现资源共享.不同的域之间电子文档的传输有严格的限制,需要经服务器认证,确保电子文档的安全管理与防泄密.

  14. The Braid-Based Bit Commitment Protocol

    Institute of Scientific and Technical Information of China (English)

    WANG Li-cheng; CAO Zhen-fu; CAO Feng; QIAN Hai-feng

    2006-01-01

    With recent advances of quantum computation, new threats have closed in upon to the classical public key cryptosystems. In order to build more secure bit commitment schemes, this paper gave a survey of the new coming braid-based cryptography and then brought forward the first braid-based bit commitment protocol. The security proof manifests that the proposed protocol is computationally binding and information-theoretically hiding.Furthermore, the proposed protocol is also invulnerable to currently known quantum attacks.

  15. Static Validation of a Voting Protocol

    DEFF Research Database (Denmark)

    Nielsen, Christoffer Rosenkilde; Andersen, Esben Heltoft; Nielson, Hanne Riis

    2005-01-01

    The desired security properties of electronic voting protocols include verifiability, accuracy, democracy and fairness. In this paper we use a static program analysis tool to validate these properties for one of the classical voting protocols under appropriate assumptions. The protocol is formali...

  16. IPv6 Protocol Analyzer

    Institute of Scientific and Technical Information of China (English)

    2002-01-01

    With the emerging of next generation Intemet protocol (IPv6), it is expected to replace the current version of Internet protocol (IPv4) that will be exhausted in the near future. Besides providing adequate address space, some other new features are included into the new 128 bits of IP such as IP auto configuration, quality of service, simple routing capability, security, mobility and multicasting. The current protocol analyzer will not be able to handle IPv6 packets. This paper will focus on developing protocol analyzer that decodes IPv6 packet. IPv6 protocol analyzer is an application module,which is able to decode the IPv6 packet and provide detail breakdown of the construction of the packet. It has to understand the detail construction of the IPv6, and provide a high level abstraction of bits and bytes of the IPv6 packet.Thus it increases network administrators' understanding of a network protocol,helps he/she in solving protocol related problem in a IPv6 network environment.

  17. 基于SSL协议的网银系统设计与实现%Design and implementation of online bank system based on secure sockets layer protocol

    Institute of Scientific and Technical Information of China (English)

    李继良

    2010-01-01

    针对目前网上交易信息安全的需求,设计与实现了一个基于SSL协议的网上银行系统SSLOBS(SSL protocol based online bank system).SSLOBS系统基于SSL协议,并结合数字签名技术来实现网上银行交易信息的安全性与不可否认性.分析了SSLOBS系统的功能需求、系统的体系结构、安全交易方案设计及不可否认性方案的设计.SSLOBS系统的实现过程分为3个部分,开发平台的选择.SSL协议的实现、数字签名技术的实现.通过功能测试结果表明,SSLOBS系统是一个可行与实际的网上银行系统,可以实现网上交易信息的安全.

  18. GSM Security Using Identity-based Cryptography

    CERN Document Server

    Agarwal, Animesh; Das, Manik Lal

    2009-01-01

    Current security model in Global System for Mobile Communications (GSM) predominantly use symmetric key cryptography. The rapid advancement of Internet technology facilitates online trading, banking, downloading, emailing using resource-constrained handheld devices such as personal digital assistants and cell phones. However, these applications require more security than the present GSM supports. Consequently, a careful design of GSM security using both symmetric and asymmetric key cryptography would make GSM security more adaptable in security intensive applications. This paper presents a secure and efficient protocol for GSM security using identity based cryptography. The salient features of the proposed protocol are (i) authenticated key exchange; (ii) mutual authentication amongst communicating entities; and (iii) user anonymity. The security analysis of the protocol shows its strength against some known threats observed in conventional GSM security.

  19. Improved reputation model in secure routing protocol of WMN%Mesh网络安全路由协议声誉模型的改进

    Institute of Scientific and Technical Information of China (English)

    曾萍; 宋杰; 杨亚涛; 张历

    2012-01-01

    Reputation program utilize the observing between the nodes to detect the bad one with good results. However, with the shortcomings of the large calculation and complicated process, it can not effectively deal with the high strength attack. Therefore, the program is proposed to determine the reputation value of the nodes. By contrasting the behavior between the ahead and latter nodes detect, the bad one to compute reputation value with Markov algorithm and give every node corresponding rewards and punishments. It is highly resistant performance to attack, can improve security and robustness of the overall sys tern, and less calculated quantity.%声誉方案利用节点之间相互观察和通告的手段来检测不良节点,具有较好的效果.然而,该方案也存在着计算量大,处理过程复杂、不能有效应对高攻击性等缺点,因此提出改进的声誉值确定方案.通过对前后跳节点行为的对比检测,采用Markov算法来计算节点的声誉值并进行相应的奖惩,使其具有较高的抗攻击性能,能够提高整个系统的安全性和鲁棒性,并且计算量不大.

  20. Security in Internet

    Directory of Open Access Journals (Sweden)

    Felician ALECU

    2006-01-01

    Full Text Available A very good method that can be used to protect a private network is the implementation of a firewall between Internet and Intranet. This firewall will filter the packets that transit the network according with the security policy defined at the system level. The SSL protocol allows verifying the identity of a WEB server based on a digital certificate issued by a certification authority. Secure data transport over the Internet is done by using encryption methods.

  1. Secure quantum communication using classical correlated channel

    Science.gov (United States)

    Costa, D.; de Almeida, N. G.; Villas-Boas, C. J.

    2016-10-01

    We propose a secure protocol to send quantum information from one part to another without a quantum channel. In our protocol, which resembles quantum teleportation, a sender (Alice) and a receiver (Bob) share classical correlated states instead of EPR ones, with Alice performing measurements in two different bases and then communicating her results to Bob through a classical channel. Our secure quantum communication protocol requires the same amount of classical bits as the standard quantum teleportation protocol. In our scheme, as in the usual quantum teleportation protocol, once the classical channel is established in a secure way, a spy (Eve) will never be able to recover the information of the unknown quantum state, even if she is aware of Alice's measurement results. Security, advantages, and limitations of our protocol are discussed and compared with the standard quantum teleportation protocol.

  2. Homeland Security

    Science.gov (United States)

    Provides an overview of EPA's homeland security roles and responsibilities, and links to specific homeland security issues: water security, research, emergency response, recovery, and waste management.

  3. Security of Quantum Key Distribution

    CERN Document Server

    Renner, R

    2005-01-01

    We propose various new techniques in quantum information theory, including a de Finetti style representation theorem for finite symmetric quantum states. As an application, we give a proof for the security of quantum key distribution which applies to arbitrary protocols.

  4. Node Credible Security Routing Protocol for Wireless Sensor Network Based on ACO%基于蚁群算法的无线传感器网络节点可信安全路由

    Institute of Scientific and Technical Information of China (English)

    张智威; 孙子文

    2016-01-01

    Aiming at internal malicious attack behaviors generated in the wireless sensor network,this paper pres⁃ents anode trustedsecurity routing protocol for wireless sensor network based on ant colony algorithm. In this proto⁃col,the node trust evaluation model is introduced into the ant colony routing algorithm to improve the network node credibility,and isolate malicious nodes and enhance the security of the wireless sensor network by the node credibil⁃ity. Simulation results show that our routing protocol can perform better in packet loss、end to end delay、throughput and energy consumption,and have a preferable resistance in black hole attack.%针对无线传感器网络内部恶意节点可能产生的攻击,提出一种基于蚁群算法的节点可信安全路由协议,将节点信任评估模型引入到蚁群路由算法中,提高无线传感器网络的节点可信度,以节点可信度为依据隔离恶意节点,增强网络安全性。仿真结果显示,算法在网络丢包率、端到端时延、吞吐量和全网能耗等评价指标上都得到了显著的改善,对黑洞攻击具有较好的抵抗性能。

  5. Cryptographic Protocols under Quantum Attacks

    CERN Document Server

    Lunemann, Carolin

    2011-01-01

    The realm of this thesis is cryptographic protocol theory in the quantum world. We study the security of quantum and classical protocols against adversaries that are assumed to exploit quantum effects to their advantage. Security in the quantum world means that quantum computation does not jeopardize the assumption, underlying the protocol construction. But moreover, we encounter additional setbacks in the security proofs, which are mostly due to the fact that some well-known classical proof techniques are forbidden by certain properties of a quantum environment. Interestingly, we can exploit some of the very same properties to the benefit of quantum cryptography. Thus, this work lies right at the heart of the conflict between highly potential effects but likewise rather demanding conditions in the quantum world.

  6. Software Safety and Security

    CERN Document Server

    Nipkow, T; Hauptmann, B

    2012-01-01

    Recent decades have seen major advances in methods and tools for checking the safety and security of software systems. Automatic tools can now detect security flaws not only in programs of the order of a million lines of code, but also in high-level protocol descriptions. There has also been something of a breakthrough in the area of operating system verification. This book presents the lectures from the NATO Advanced Study Institute on Tools for Analysis and Verification of Software Safety and Security; a summer school held at Bayrischzell, Germany, in 2011. This Advanced Study Institute was

  7. Comment on "flexible protocol for quantum private query based on B92 protocol"

    Science.gov (United States)

    Chang, Yan; Zhang, Shi-Bin; Zhu, Jing-Min

    2017-03-01

    In a recent paper (Quantum Inf Process 13:805-813, 2014), a flexible quantum private query (QPQ) protocol based on B92 protocol is presented. Here we point out that the B92-based QPQ protocol is insecure in database security when the channel has loss, that is, the user (Alice) will know more records in Bob's database compared with she has bought.

  8. 物联网安全网关认证与密钥协商协议设计%A Design of Authentication and Key Agreement Protocol for Secure Gateways in IoTs

    Institute of Scientific and Technical Information of China (English)

    杜大海; 范红; 王冠; 李程远

    2014-01-01

    分析研究了物联网节点认证与密钥管理技术。针对大量节点同时对物联网网关集中访问的特点,提出了一种快速认证与密钥协商协议。采用会聚认证算法,提高了认证效率,密钥协商过程中每个节点都贡献一份因子参与密钥协商,提高了密钥生成的安全性。%Access control and key agreement technology of IoTs is studied in this paper .Since many nodes in IoTs may access the gateway at the same time ,a fast authentication and key agreement protocol is proposed in this paper .We use an aggregated verification scheme to improve the authentication efficiency . Each node participates in the key agreement procedure and contributes a key parameter ,which improves the security level of the key establishment scheme .

  9. Securing Wireless Sensor Networks: Security Architectures

    Directory of Open Access Journals (Sweden)

    David Boyle

    2008-01-01

    Full Text Available Wireless sensor networking remains one of the most exciting and challenging research domains of our time. As technology progresses, so do the capabilities of sensor networks. Limited only by what can be technologically sensed, it is envisaged that wireless sensor networks will play an important part in our daily lives in the foreseeable future. Privy to many types of sensitive information, both sensed and disseminated, there is a critical need for security in a number of applications related to this technology. Resulting from the continuous debate over the most effective means of securing wireless sensor networks, this paper considers a number of the security architectures employed, and proposed, to date, with this goal in sight. They are presented such that the various characteristics of each protocol are easily identifiable to potential network designers, allowing a more informed decision to be made when implementing a security protocol for their intended application. Authentication is the primary focus, as the most malicious attacks on a network are the work of imposters, such as DOS attacks, packet insertion etc. Authentication can be defined as a security mechanism, whereby, the identity of a node in the network can be identified as a valid node of the network. Subsequently, data authenticity can be achieved; once the integrity of the message sender/receiver has been established.

  10. Security Analysis of Parlay/OSA Framework

    NARCIS (Netherlands)

    Corin, R.J.; Di Caprio, G.; Etalle, Sandro; Gnesi, S.; Lenzini, Gabriele; Moiso, C.; Villain, B.

    2004-01-01

    This paper analyzes the security of the Trust and Security Management (TSM) protocol, an authentication protocol which is part of the Parlay/OSA Application Program Interfaces (APIs). Architectures based on Parlay/OSA APIs allow third party service providers to develop new services that can access,

  11. Security Analysis of Parlay/OSA Framework

    NARCIS (Netherlands)

    Corin, R.J.; Di Caprio, G.; Etalle, Sandro; Gnesi, S.; Lenzini, Gabriele; Moiso, C.

    This paper analyzes the security of the Trust and Security Management (TSM) protocol, an authentication protocol which is part of the Parlay/OSA Application Program Interfaces (APIs). Architectures based on Parlay/OSA APIs allow third party service providers to develop new services that can access,

  12. Superposition Attacks on Cryptographic Protocols

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Funder, Jakob Løvstad; Nielsen, Jesper Buus

    2011-01-01

    Attacks on classical cryptographic protocols are usually modeled by allowing an adversary to ask queries from an oracle. Security is then defined by requiring that as long as the queries satisfy some constraint, there is some problem the adversary cannot solve, such as compute a certain piece...... of information. In this paper, we introduce a fundamentally new model of quantum attacks on classical cryptographic protocols, where the adversary is allowed to ask several classical queries in quantum superposition. This is a strictly stronger attack than the standard one, and we consider the security...

  13. DESIGN AND IMPLEMENTATION OF CLOUD STORAGE SECURITY GATEWAY SYSTEM BASED ON CIFS PROTOCOL%基于CIFS协议的云存储安全网关的设计与实现

    Institute of Scientific and Technical Information of China (English)

    郝斐; 王雷; 荆继武; 王平建

    2013-01-01

    CIFS ( Common Internet File System) , the core protocol of the network storage in application layer, is the communication protocol for data storage applied in NAS (network attached storage). Cloud storage is a novel form of network storage, and both the enterprise and individual users begin to use cloud storage as their network storage media. Along with the widespread use, the security issues of the cloud storage catch the eyes of users, such as data leakage and data tampering. In this paper, based on the cloud storage service of Amazon S3, we design and implement a CIFS-based cloud storage security gateway system (CSSGS). With the CSSGS, users are able to utilise the cloud storage service of Amazon S3 in their habits the same as accessing NAS. It also encrypts/decrypts all the users data before uploading/downloading to/from Amazon S3, hence the information leakage during the process of data communication and storage is prevented effectively. It also offers the integrity checking on files downloaded from S3 to examine the consistency of the contents with the uploaded one for data tempering prevention.%CIFS(Common Internet File System)协议是网络存储在应用层的核心协议,是应用于网络附加存储NAS(Network Attached Storage)进行数据存储的通信协议.云存储是一种新型的网络存储形式,企业和个人用户都开始使用云存储作为其网络存储媒介.随着云存储的广泛使用,云存储中数据的安全问题,如数据泄漏和数据篡改,也成了用户广泛关注的问题.基于Amazon S3的云存储服务,设计并实现一款基于CIFS协议的云存储安全网关系统CSSGS (Cloud Storage Security Gateway System).通过该网关,用户能够以访问NAS的访问习惯,使用Amazon S3云存储服务;该网关还对用户上传至Amazon S3的数据进行加密保护,可以有效防止数据在传输和存储过程中的泄漏;同时该网关还对从S3下载的文件进行完整性校验,检测其内容与上

  14. Wireless network security theories and applications

    CERN Document Server

    Chen, Lei; Zhang, Zihong

    2013-01-01

    Wireless Network Security Theories and Applications discusses the relevant security technologies, vulnerabilities, and potential threats, and introduces the corresponding security standards and protocols, as well as provides solutions to security concerns. Authors of each chapter in this book, mostly top researchers in relevant research fields in the U.S. and China, presented their research findings and results about the security of the following types of wireless networks: Wireless Cellular Networks, Wireless Local Area Networks (WLANs), Wireless Metropolitan Area Networks (WMANs), Bluetooth

  15. A Flexible Improvement for Ping-Pong Protocol

    Institute of Scientific and Technical Information of China (English)

    LIU Yu; HUA Sha; WANG Xiao-Xin; LI Yue; YE Jun; LI Jun

    2006-01-01

    A deterministic quantum communication protocol, called the ping-pong protocol, has been represented by Bostr(o)m and Felbinger [Phys. Rev. Lett. 89 (2002) 187902]. Based on an entangled pair of photons, it allows asymptotically secure key distribution and quasi-secure direct communication. However, it was concluded from our previous research that the experiment realization of this protocol requires two optic paths strictly equivalent for interferometry. Here we propose an improved protocol, which is more flexible and secure for conceivable applications. Its feasibility and security are also discussed.

  16. Efficient Privacy Preserving Protocols for Similarity Join

    Directory of Open Access Journals (Sweden)

    Bilal Hawashin

    2012-04-01

    Full Text Available During the similarity join process, one or more sources may not allow sharing its data with other sources. In this case, a privacy preserving similarity join is required. We showed in our previous work [4] that using long attributes, such as paper abstracts, movie summaries, product descriptions, and user feedbacks, could improve the similarity join accuracy using supervised learning. However, the existing secure protocols for similarity join methods can not be used to join sources using these long attributes. Moreover, the majority of the existing privacy‐preserving protocols do not consider the semantic similarities during the similarity join process. In this paper, we introduce a secure efficient protocol to semantically join sources when the join attributes are long attributes. We provide two secure protocols for both scenarios when a training set exists and when there is no available training set. Furthermore, we introduced the multi‐label supervised secure protocol and the expandable supervised secure protocol. Results show that our protocols can efficiently join sources using the long attributes by considering the semantic relationships among the long string values. Therefore, it improves the overall secure similarity join performance.

  17. Hardening Stratum, the Bitcoin Pool Mining Protocol

    National Research Council Canada - National Science Library

    Ruben Recabarren; Bogdan Carbunar

    2017-01-01

    .... In this paper we exploit Stratum’s lack of encryption to develop passive and active attacks on Bitcoin’s mining protocol, with important implications on the privacy, security and even safety of mining equipment owners...

  18. Adaptive grid secure routing protocol based on hash-chain in WSNs%一种基于散列链的自适应网格安全路由协议

    Institute of Scientific and Technical Information of China (English)

    王灿; 乔建华; 闫庆森

    2015-01-01

    LEACH(Low Energy Adaptive Clustering Hierarchy)路由协议是无线传感器网络拓扑控制中最具代表性和重要性的算法之一。针对LEACH路由协议簇头分布不均匀,节点死亡率高,易产生路由空洞及其所面临安全威胁等问题,提出一种基于散列链的区域划分网格自治安全路由协议LEACH-SEED。剔除低能量节点入选簇头的权利,改进簇头选举机制,簇头选举完成之后,每个簇头节点随机从散列链组成的密钥池中分配q个链密钥,其他节点利用单向哈希函数和伪随机函数生成通信密钥,网络遭受攻击后利用网格自治和待选簇头身份标识编号进行网络恢复。实验结果表明,改进的分簇算法能有效地降低节点死亡率,增强抗攻击能力,提高数据融合度,延长网络生存时间。%LEACH(Low Energy Adaptive Clustering Hierarchy)is a wireless sensor networks routing protocol in topology control algorithm of the most representative and important one. In order to solve LEACH uneven distribution of routing protocol suite, node high mortality rates, easy to produce issues of routing hole, security threats, it proposes an improved algorithms and simulation based on hash-chain and grid in wireless sensor networks. It deprives the right of selecting the low-energy node as a cluster node and improves cluster-head election mechanism. Each cluster head node is assigned with q chain keys from the hash chain randomly after cluster head selection. The other nodes use one-way hash function and pseudo-random function to generate communication keys. The network is recovered by adaptive grid and the cluster-head ID after attacking. The experimental results show that the improved clustering algorithm can reduce mortality node effec-tively, strengthen anti-attack ability of the network, improve data alignment and prolong network lifetimes.

  19. On the Connection between Leakage Tolerance and Adaptive Security

    DEFF Research Database (Denmark)

    Nielsen, Jesper Buus; Venturi, Daniele; Zottarel, Angela

    2013-01-01

    at the end of the protocol execution, if and only if the protocol has passive adaptive security against an adaptive corruption of one party at the end of the protocol execution. This shows that as soon as a little leakage is tolerated, one needs full adaptive security. In case more than one party can...

  20. A Framework for the Development of Protocols

    DEFF Research Database (Denmark)

    Crazzolara, Federico; Milicia, Giuseppe

    2003-01-01

    We present the χ-Spaces framework, a tool designed to support every step of a security protocol’s life cycle. Its Integrated Development Environment (IDE) eases the task of protocol design, debugging and simulation.......We present the χ-Spaces framework, a tool designed to support every step of a security protocol’s life cycle. Its Integrated Development Environment (IDE) eases the task of protocol design, debugging and simulation....

  1. Quantum Key Distribution Protocol with User Authentication

    CERN Document Server

    Lee, H; Lee, D; Lim, J; Yang, H J; Lee, Hwayean; Lee, Sangjin; Lee, Donghoon; Lim, Jongin; Yang, HyungJin

    2005-01-01

    We propose a quantum key distribution protocol with quantum based user authentication. User authentication is executed by validating the correlation of GHZ states. Alice and Bob can distribute a secure key using the remaining GHZ states after authentication. This secret key does not leak even to the arbitrator by the properties of the entanglement. We will show that our protocol is secure against the cloning attack.

  2. Mutual Authentication Protocols for RFID Systems

    Institute of Scientific and Technical Information of China (English)

    Ashrar A. Omer; Johnson P. Thomas; Ling Zhu

    2008-01-01

    With the availability of low-cost radio frequency identification (RFID) tags, security becomes an increasing concern.However, such tags do not permit complex eryptographic functions due to their computational, communications, and storage limitations.In this paper, we investigate the security issues and requirements of RFID systems, and propose ultra-light weight and light weight protocols for low-cost RFID tags. The proposed protocols has been applied to a supply chain management system.

  3. Scalable and Unconditionally Secure Multiparty Computation

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Nielsen, Jesper Buus

    2007-01-01

    We present a multiparty computation protocol that is unconditionally secure against adaptive and active adversaries, with communication complexity O(Cn)k+O(Dn^2)k+poly(nk), where C is the number of gates in the circuit, n is the number of parties, k is the bit-length of the elements of the field...... over which the computation is carried out, D is the multiplicative depth of the circuit, and κ is the security parameter. The corruption threshold is t security the corruption threshold is t secure......, the protocol has so called everlasting security....

  4. Framework for Flexible Security in Group Communications

    Science.gov (United States)

    McDaniel, Patrick; Prakash, Atul

    2006-01-01

    The Antigone software system defines a framework for the flexible definition and implementation of security policies in group communication systems. Antigone does not dictate the available security policies, but provides high-level mechanisms for implementing them. A central element of the Antigone architecture is a suite of such mechanisms comprising micro-protocols that provide the basic services needed by secure groups.

  5. Stuttering partial-order reduction algorithm in verification of security protocols%安全协议状态空间的束动作偏序约简算法

    Institute of Scientific and Technical Information of China (English)

    马亚南; 刘楠; 祝跃飞; 胡宗立

    2011-01-01

    At present,the partial-order reduction algorithms used for the verification of security protocols are complicated, and uneasy to carry out,resulting in a limited scope of applicability. Furthermore it permutes based on actions, leading to a limited effect of reduction. To solve the above problems, this paper considered the action sequences in the same session as a stuttering action,and proposed a stuttering action reduction algorithm on the base of partial-order reduction. It judged whether the succes sors of stutter-equivalent stuttering transitions were redundant based on the relation between messages achieved by the intruder and the intruder knowledges, in order to reduce the state space. This algorithm has a clear structure and easy to implement. Experiment clearly implies that the adopted reduction method is effective.%目前安全协议分析的偏序归约算法较为复杂、不易实现,限制了其适用范围,且以动作为基础,粒度较小,对减少状态空间的作用有限.针对该问题提出了一种束动作偏序约简算法,将同一会话中的动作序列看做一个束动作,根据攻击者截获的消息与攻击者知识集间的关系,判断迹等价的束动作迁移所到达的后继状态是否为冗余节点,以约简状态空间.该算法思想简单、易于实现;实例表明它有效地约简了安全协议的状态空间.

  6. CRYPTOGRAPHIC PROTOCOLS SPECIFICATION AND VERIFICATION TOOLS - A SURVEY

    Directory of Open Access Journals (Sweden)

    Amol H Shinde

    2017-06-01

    Full Text Available Cryptographic protocols cannot guarantee the secure operations by merely using state-of-the-art cryptographic mechanisms. Validation of such protocols is done by using formal methods. Various specialized tools have been developed for this purpose and are being used to validate real life cryptographic protocols. These tools give feedback to the designers of protocols in terms of loops and attacks in protocols to improve security. In this paper, we discuss the brief history of formal methods and tools that are useful for the formal verification of the cryptographic protocols.

  7. Smart grid security

    Energy Technology Data Exchange (ETDEWEB)

    Cuellar, Jorge (ed.) [Siemens AG, Muenchen (Germany). Corporate Technology

    2013-11-01

    The engineering, deployment and security of the future smart grid will be an enormous project requiring the consensus of many stakeholders with different views on the security and privacy requirements, not to mention methods and solutions. The fragmentation of research agendas and proposed approaches or solutions for securing the future smart grid becomes apparent observing the results from different projects, standards, committees, etc, in different countries. The different approaches and views of the papers in this collection also witness this fragmentation. This book contains the following papers: 1. IT Security Architecture Approaches for Smart Metering and Smart Grid. 2. Smart Grid Information Exchange - Securing the Smart Grid from the Ground. 3. A Tool Set for the Evaluation of Security and Reliability in Smart Grids. 4. A Holistic View of Security and Privacy Issues in Smart Grids. 5. Hardware Security for Device Authentication in the Smart Grid. 6. Maintaining Privacy in Data Rich Demand Response Applications. 7. Data Protection in a Cloud-Enabled Smart Grid. 8. Formal Analysis of a Privacy-Preserving Billing Protocol. 9. Privacy in Smart Metering Ecosystems. 10. Energy rate at home Leveraging ZigBee to Enable Smart Grid in Residential Environment.

  8. Petri Nets in Cryptographic Protocols

    DEFF Research Database (Denmark)

    Crazzolara, Federico; Winskel, Glynn

    2001-01-01

    A process language for security protocols is presented together with a semantics in terms of sets of events. The denotation of process is a set of events, and as each event specifies a set of pre and postconditions, this denotation can be viewed as a Petri net. By means of an example we illustrat...

  9. Recursive Ping-Pong Protocols

    DEFF Research Database (Denmark)

    Huttel, Hans; Srba, Jiri

    2004-01-01

    This paper introduces a process calculus with recursion which allows us to express an unbounded number of runs of the ping-pong protocols introduced by Dolev and Yao. We study the decidability issues associated with two common approaches to checking security properties, namely reachability analys...

  10. Probability Distributions over Cryptographic Protocols

    Science.gov (United States)

    2009-06-01

    exception. Cryptyc integrates use of pattern- matching in the spi calculus framework , which in turn allows the specification of nested cryptographic...programs too: the metaheuristic search for security protocols,” Information and Software Technology, vol. 43, pp. 891– 904, December 2001. 131 [9] X

  11. Wireless LANs; Protocols, Security and Deployment

    NARCIS (Netherlands)

    Prasad, A.R.

    2003-01-01

    This thesis presents a broad range of work done in the field of Wireless Local Area Networks (WLANs). It proposes several novel schemes which performance are analyzed. The thesis first proposes an Automatic Repeat reQuest (ARQ) scheme named as Selective Repeat / Multi-Copy (SR/MC). The purpose of th

  12. Analysing ZigBee Key Establishment Protocols

    CERN Document Server

    Yüksel, Ender

    2012-01-01

    In this report, we present our approach for protocol analysis together with a real example where we find an important flow in a contemporary wireless sensor network security protocol. We start by modelling protocols using a specific process algebraic formalism called LySa process calculus. We then apply an analysis based on a special program analysis technique called control flow analysis. We apply this technique to the ZigBee-2007 End-to-End Application Key Establishment Protocol and with the help of the analysis discover an unknown flaw. Finally we suggest a fix for the protocol, and verify that the fix works by using the same technique.

  13. (dtltt) protocol

    African Journals Online (AJOL)

    2013-03-01

    Mar 1, 2013 ... Keywords: multi-access, multiservice, network, synchronous, asynchronous, traffic, timed-token. 1. ... 12, 13 ] SAFENET [14], Manufacturing Automation. Protocol (MAP) ...... ken circulation on mobile Ad Hoc Networks. 21th In-.

  14. 物联网自治安全适配层模型以及T2ToI中T2T匿名认证协议%Autonomous Security Adaptive Layer for IOT and T2T Anonymous Authentication Protocols in T2ToI

    Institute of Scientific and Technical Information of China (English)

    任伟; 宋军; 叶敏; 刘宇靓

    2011-01-01

    System model and network model of IOT are presented. Security requirements for IOT are also analyzed. An autonomous security layer is proposed. A new security problem, anonymous T2T authentication in T2ToI, is pointed out. Several anonymous authentication protocols are proposed.%归纳分析了物联网的系统模型和网络模型、物联网的安全需求,提出了针对物联网的自治安全适配层模型,指出了物联网中一个新安全问题:在T2ToI中的物体间的匿名T2T认证问题,并给出相应匿名认证协议.

  15. Security Expertise

    DEFF Research Database (Denmark)

    and to reflect on the impact and responsibility of security analysis. In science and technology studies, the study of security politics adds a challenging new case to the agenda of research on expertise and policy. The contributors investigate cases such as academic security studies, security think tanks...... will be of particular interest to students of critical security studies, sociology, science and technology studies, and IR/security studies in general....

  16. Symmetric cryptographic protocols for extended millionaires' problem

    Institute of Scientific and Technical Information of China (English)

    LI ShunDong; WANG DaoShun; DAI YiQi

    2009-01-01

    Yao's millionaires' problem is a fundamental problem in secure multiparty computation, and its solutions have become building blocks of many secure multiparty computation solutions. Unfortunately,most protocols for millionaires' problem are constructed based on public cryptography, and thus are inefficient. Furthermore, all protocols are designed to solve the basic millionaires' problem, that is,to privately determine which of two natural numbers is greater. If the numbers are real, existing solutions do not directly work. These features limit the extensive application of the existing protocols. This study introduces and refines the first symmetric cryptographic protocol for the basic millionaires' problem, and then extends the symmetric cryptographic protocol to privately determining which of two real numbers is greater, which are called the extended millionaires' problem, and proposes corresponding Constructed based on symmetric cryptography, these protocols are very efficient.

  17. Using IND-CVA for constructing secure communication

    Institute of Scientific and Technical Information of China (English)

    HU ZhenYu; JIANG JianChun; SUN FuChun

    2009-01-01

    Within the framework of UC (universally composable) security, a general method is presented to con-struct a secure channel protocol with using IND-CVA (indistinguishability of encryption scheme under ciphertext verification attacks). A channel protocol with using the method first invokes an ideal key-exchange protocol to get a session key, and then computes the messages with an authenticated en-cryption scheme. The paper shows that a channel protocol is UC secure if and only if the underlying authenticated encryption scheme is both IND-CVA secure and INT-PTXT secure. The condition about secure channel protocol in this paper is much weaker than IND-CCA secure and INT-CTXT secure. The IND-CVA can be presented for describing the privacy requirements of secure channels in detail. More-over, the method for designing secure channel protocol in the paper reduces the UC security of secure channels, which are measured by action-simulation in the UC security framework, to the security of authenticated encryption schemes, which are measured semantically.

  18. Symmetric cryptographic protocols

    CERN Document Server

    Ramkumar, Mahalingam

    2014-01-01

    This book focuses on protocols and constructions that make good use of symmetric pseudo random functions (PRF) like block ciphers and hash functions - the building blocks for symmetric cryptography. Readers will benefit from detailed discussion of several strategies for utilizing symmetric PRFs. Coverage includes various key distribution strategies for unicast, broadcast and multicast security, and strategies for constructing efficient digests of dynamic databases using binary hash trees.   •        Provides detailed coverage of symmetric key protocols •        Describes various applications of symmetric building blocks •        Includes strategies for constructing compact and efficient digests of dynamic databases

  19. Automatic analysis of distance bounding protocols

    CERN Document Server

    Malladi, Sreekanth; Kothapalli, Kishore

    2010-01-01

    Distance bounding protocols are used by nodes in wireless networks to calculate upper bounds on their distances to other nodes. However, dishonest nodes in the network can turn the calculations both illegitimate and inaccurate when they participate in protocol executions. It is important to analyze protocols for the possibility of such violations. Past efforts to analyze distance bounding protocols have only been manual. However, automated approaches are important since they are quite likely to find flaws that manual approaches cannot, as witnessed in literature for analysis pertaining to key establishment protocols. In this paper, we use the constraint solver tool to automatically analyze distance bounding protocols. We first formulate a new trace property called Secure Distance Bounding (SDB) that protocol executions must satisfy. We then classify the scenarios in which these protocols can operate considering the (dis)honesty of nodes and location of the attacker in the network. Finally, we extend the const...

  20. Lemnos Interoperable Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Stewart, John [Tennessee Valley Authority, Knoxville, TN (United States); Halbgewachs, Ron [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Chavez, Adrian [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Smith, Rhett [Schweitzer Engineering Laboratories, Chattanooga, TN (United States); Teumim, David [Teumim Technical, Allentown, PA (United States)

    2012-01-31

    The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or tunnels , to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock

  1. 基于序列号和可靠应答机制DSR安全路由的实现%Exploring an Effective Design of Secure Dynamic Source Routing (DSR) Protocol Using Request Sequence Number and End-to-End Acknowledgement Principle

    Institute of Scientific and Technical Information of China (English)

    王建平; 史浩山

    2011-01-01

    Aim. The introduction of the full paper analyzes a type of black-hole attack on a route request (RREQ) packet. To avoid such attack, it proposes the exploration of a secure DSR protocol design, which is explained in sections 1 and 2. Section 1 explains that the sequence number of the RREQ packet is monotonically increasing.The core of section 2 consists of: ( 1 ) we perform the secure DSR routing protocol design with the sequence number increment principle and the end-to-end acknowledgement principle so that the route can effectively resist the blackhole attack; (2) to establish the credible routing information list, we design the procedural steps for processing the nodes in the RREQ packet and the end-to-end acknowledgement packet, which are illustrated by the block diagram shown in Fig. 2. To validate the effectiveness for resisting the black-hole attack, section 3 simulates the DSR protocol design obtained with our method; the simulation results, given in Figs. 6 and 7, and their analysis show preliminarily that: ( 1 ) the secure DSR protocol design obtained with our method can effectively resist the black-hole attack on the RREQ packet, guarantee secure routing information without expending much resource; (2) compared with the conventional DSR protocol design, our DSR protocol design has higher packet delivery ratio and smaller average delay.%文章分析了动态源路由(DSR)协议面临的路由请求(route request,RREQ)报文的黑洞攻击,针对该攻击,设计一种利用可靠的端到端应答机制和根据RREQ报文序列号连续递增原则来建立路由信息表.该设计在不消耗过多资源的基础上保证路由信息.通过仿真验证该设计能够很好地抵御RREQ报文的黑洞攻击,且与经典的DSR路由协议相比,分组投递率维持在较高水平上,且平均时延很小,具有更好的性能.

  2. Secure integrated circuits and systems

    CERN Document Server

    Verbauwhede, Ingrid MR

    2010-01-01

    On any advanced integrated circuit or 'system-on-chip' there is a need for security. In many applications the actual implementation has become the weakest link in security rather than the algorithms or protocols. The purpose of the book is to give the integrated circuits and systems designer an insight into the basics of security and cryptography from the implementation point of view. As a designer of integrated circuits and systems it is important to know both the state-of-the-art attacks as well as the countermeasures. Optimizing for security is different from optimizations for speed, area,

  3. On Secure Workflow Decentralisation on the Internet

    Directory of Open Access Journals (Sweden)

    Petteri Kaskenpalo

    2010-06-01

    Full Text Available Decentralised workflow management systems are a new research area, where most work to-date has focused on the system's overall architecture. As little attention has been given to the security aspects in such systems, we follow a security driven approach, and consider, from the perspective of available security building blocks, how security can be implemented and what new opportunities are presented when empowering the decentralised environment with modern distributed security protocols. Our research is motivated by a more general question of how to combine the positive enablers that email exchange enjoys, with the general benefits of workflow systems, and more specifically with the benefits that can be introduced in a decentralised environment. This aims to equip email users with a set of tools to manage the semantics of a message exchange, contents, participants and their roles in the exchange in an environment that provides inherent assurances of security and privacy. This work is based on a survey of contemporary distributed security protocols, and considers how these protocols could be used in implementing a distributed workflow management system with decentralised control . We review a set of these protocols, focusing on the required message sequences in reviewing the protocols, and discuss how these security protocols provide the foundations for implementing core control-flow, data, and resource patterns in a distributed workflow environment.

  4. Experimental Eavesdropping Attack against Ekert's Protocol based on Wigner's Inequality

    CERN Document Server

    Bovino, F A; Castagnoli, G C; Degiovanni, I P; Berchera, I R; Castelletto, S; Rastello, M L

    2003-01-01

    We experimentally implemented an eavesdropping attack against the Ekert protocol for quantum key distribution based on the Wigner inequality. We demonstrate a serious lack of security of this protocol when the eavesdropper gains total control of the source. In addition we tested a modified Wigner inequality which should guarantee a secure quantum key distribution.

  5. Practical secure quantum communications

    Science.gov (United States)

    Diamanti, Eleni

    2015-05-01

    We review recent advances in the field of quantum cryptography, focusing in particular on practical implementations of two central protocols for quantum network applications, namely key distribution and coin flipping. The former allows two parties to share secret messages with information-theoretic security, even in the presence of a malicious eavesdropper in the communication channel, which is impossible with classical resources alone. The latter enables two distrustful parties to agree on a random bit, again with information-theoretic security, and with a cheating probability lower than the one that can be reached in a classical scenario. Our implementations rely on continuous-variable technology for quantum key distribution and on a plug and play discrete-variable system for coin flipping, and necessitate a rigorous security analysis adapted to the experimental schemes and their imperfections. In both cases, we demonstrate the protocols with provable security over record long distances in optical fibers and assess the performance of our systems as well as their limitations. The reported advances offer a powerful toolbox for practical applications of secure communications within future quantum networks.

  6. A Survey of RFID Authentication Protocols Based on Hash-Chain Method

    CERN Document Server

    Syamsuddin, Irfan; Chang, Elizabeth; Han, Song; 10.1109/ICCIT.2008.314

    2010-01-01

    Security and privacy are the inherent problems in RFID communications. There are several protocols have been proposed to overcome those problems. Hash chain is commonly employed by the protocols to improve security and privacy for RFID authentication. Although the protocols able to provide specific solution for RFID security and privacy problems, they fail to provide integrated solution. This article is a survey to closely observe those protocols in terms of its focus and limitations.

  7. ANALYSIS OF THE PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

    Directory of Open Access Journals (Sweden)

    Amit Rana

    2012-09-01

    Full Text Available The Internet Engineering Task Force (IETF has proposednew protocols for highly secured wireless networking. Thepurpose of this paper is to implement one such proposedsecurity protocol - PEAP (Protected ExtensibleAuthentication Protocol [1]. PEAP was jointly developedby Microsoft, Cisco and RSA security. The protocolimplementation is done on the server end of a Client/Servernetwork model on a RADIUS server (RemoteAuthentication Dial-in User Service. The proposedprotocol - PEAP provides for Client identity protection andkey generation thus preventing unauthorized user accessand protecting or encrypting the data against maliciousactivities.

  8. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  9. Financial security

    NARCIS (Netherlands)

    de Goede, M.; Burgess, J.P.

    2010-01-01

    1. Introduction J. Peter Burgess Part 1: New Security Concepts 2. Civilizational Security Brett Bowden 3. Risk Oliver Kessler 4. Small Arms Keith Krause 5. Critical Human Security Taylor Owen 6. Critical Geopolitics Simon Dalby Part 2: New Security Subjects 7. Biopolitics Michael Dillon 8. Gendered

  10. Financial security

    NARCIS (Netherlands)

    de Goede, M.; Burgess, J.P.

    2010-01-01

    1. Introduction J. Peter Burgess Part 1: New Security Concepts 2. Civilizational Security Brett Bowden 3. Risk Oliver Kessler 4. Small Arms Keith Krause 5. Critical Human Security Taylor Owen 6. Critical Geopolitics Simon Dalby Part 2: New Security Subjects 7. Biopolitics Michael Dillon 8. Gendered

  11. Analyzed Virtual Routing Protocol for Future Networks (MANET & topological network

    Directory of Open Access Journals (Sweden)

    R. Viswanathan

    2012-08-01

    Full Text Available The mobile ad-hoc network (MANET is a wireless unstructured network and this has mostly suggested for multimedia streaming efficiency. The hackers attacks are reduce the capacity and efficiency of network in MANET. There are various types of protocol are used for the communication in MANET, but security is lacking in those techniques and some insoluble problems present in MANET. In this paper exhibits, a layered protocol network for secured data transmission called Analyzed Virtual Routing Protocol (AVRP. This protocol used to provide more secured data transmission and this not disturbing data streaming in the network.

  12. LTE security

    CERN Document Server

    Forsberg, Dan; Moeller, Wolf-Dietrich

    2010-01-01

    Addressing the security solutions for LTE, a cellular technology from Third Generation Partnership Project (3GPP), this book shows how LTE security substantially extends GSM and 3G security. It also encompasses the architectural aspects, known as SAE, to give a comprehensive resource on the topic. Although the security for SAE/LTE evolved from the security for GSM and 3G, due to different architectural and business requirements of fourth generation systems the SAE/LTE security architecture is substantially different from its predecessors. This book presents in detail the security mechanisms em

  13. Secure IP mobility management for VANET

    CERN Document Server

    Taha, Sanaa

    2013-01-01

    This brief presents the challenges and solutions for VANETs' security and privacy problems occurring in mobility management protocols including Mobile IPv6 (MIPv6), Proxy MIPv6 (PMIPv6), and Network Mobility (NEMO). The authors give an overview of the concept of the vehicular IP-address configurations as the prerequisite step to achieve mobility management for VANETs, and review the current security and privacy schemes applied in the three mobility management protocols. Throughout the brief, the authors propose new schemes and protocols to increase the security of IP addresses within VANETs in

  14. ZigBee-2007 Security Essentials

    DEFF Research Database (Denmark)

    Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

    2008-01-01

    ZigBee is a fairly new but promising standard for wireless networks due to its low resource requirements. As in other wireless network standards, security is an important issue and each new version of the ZigBee Specification enhances the level of the ZigBee security. In this paper, we present...... the security essentials of the latest ZigBee Specification, ZigBee-2007. We explain the key concepts, protocols, and computations. In addition, we formulate the protocols using standard protocol narrations. Finally, we identify the key challenges to be considered for consolidating ZigBee....

  15. An Internet Key Exchange Protocol Based on Public Key Infrastructure

    Institute of Scientific and Technical Information of China (English)

    朱建明; 马建峰

    2004-01-01

    Internet key exchange (IKE) is an automated key exchange mechanism that is used to facilitate the transfer of IPSec security associations (SAs). Public key infrastructure (PKI) is considered as a key element for providing security to new distributed communication networks and services. In this paper, we concentrate on the properties of the protocol of Phase 1 IKE. After investigating IKE protocol and PKI technology, we combine IKE protocol and PKI and present an implementation scheme of the IKE based on PKI. Then, we give a logic analysis of the proposed protocol with the BAN-logic and discuss the security of the protocol. The result indicates that the protocol is correct and satisfies the security requirements of Internet key exchange.

  16. Security and privacy threats in RFID traceability network

    Institute of Scientific and Technical Information of China (English)

    Chu; Chao-Hsien

    2008-01-01

    To address security and privacy issues in radio frequency identification (RFID) traceability networks, a multi-layer privacy and security framework is proposed, which includes four facets: a security model, a communication protocol, access permission and privacy preservation. According to the security requirements that are needed in an RFID system, a security model that incorporates security requirements that include privacy of tag data, privacy of ownership, and availability of tag identity is introduced. ...

  17. Secure Two-Party Point-Circle Inclusion Problem

    Institute of Scientific and Technical Information of China (English)

    Yong-Long Luo; Liu-Sheng Huang; Hong Zhong

    2007-01-01

    Privacy-preserving computational geometry is a special secure multi-party computation and has many applica-tions.Previous protocols for determining whether a point is inside a circle are not secure enough.We present a two-round protocol for computing the distance between two private points and develop a more efficient protocol for the point-circle inclusion problem based on the distance protocol.In comparison with previous solutions, our protocol not only is more secure but also reduces the number of communication rounds and the number of modular multiplications significantly.

  18. Study and Improvement of WTLS Protocol in WAP

    Institute of Scientific and Technical Information of China (English)

    CHEN Kai; LIU Ying; XIAO Guozhen

    2001-01-01

    Wireless application protocol (WAP)is a set of protocol designed for mobile terminal toconnect to Internet and is likely to become world stan-dard. Wireless transport layer security (WTLS) incor-porates the security features in WAP. In this paper,the analysis of the performance of WTLS is made.Two improvement schemes on WTLS are given: oneis that the client stores the certificate of servers; theother is that a new WTLS protocol is proposed basedon the designed authentication scheme.

  19. A Cryptographic Moving-Knife Cake-Cutting Protocol

    Directory of Open Access Journals (Sweden)

    Yoshifumi Manabe

    2012-02-01

    Full Text Available This paper proposes a cake-cutting protocol using cryptography when the cake is a heterogeneous good that is represented by an interval on a real line. Although the Dubins-Spanier moving-knife protocol with one knife achieves simple fairness, all players must execute the protocol synchronously. Thus, the protocol cannot be executed on asynchronous networks such as the Internet. We show that the moving-knife protocol can be executed asynchronously by a discrete protocol using a secure auction protocol. The number of cuts is n-1 where n is the number of players, which is the minimum.

  20. Efficient multiparty protocols via log-depth threshold formulae

    DEFF Research Database (Denmark)

    Cohen, Gil; Damgård, Ivan Bjerre; Ishai, Yuval;

    2013-01-01

    We put forward a new approach for the design of efficient multiparty protocols: Design a protocol π for a small number of parties (say, 3 or 4) which achieves security against a single corrupted party. Such protocols are typically easy to construct, as they may employ techniques that do not scale...... of efficient protocols for Secure Multiparty Computation (MPC) in the presence of an honest majority, as well as broadcast protocols from point-to-point channels and a 2-cast primitive. We obtain new results on MPC over blackbox groups and other algebraic structures. The above results rely on the following...