WorldWideScience

Sample records for secure multicast key

  1. Key Management for Secure Multicast over IPv6 Wireless Networks

    Directory of Open Access Journals (Sweden)

    Siddiqi Mohammad Umar

    2006-01-01

    Full Text Available Multicasting is an efficient method for transmission and routing of packets to multiple destinations using fewer network resources. Along with widespread deployment of wireless networks, secure multicast over wireless networks is an important and challenging goal. In this paper, we extend the scope of a recent new key distribution scheme to a security framework that offers a novel solution for secure multicast over IPv6 wireless networks. Our key management framework includes two scenarios for securely distributing the group key and rekey messages for joining and leaving a mobile host in secure multicast group. In addition, we perform the security analysis and provide performance comparisons between our approach and two recently published scenarios. The benefits of our proposed techniques are that they minimize the number of transmissions required to rekey the multicast group and impose minimal storage requirements on the multicast group. In addition, our proposed schemes are also very desirable from the viewpoint of transmission bandwidth savings since an efficient rekeying mechanism is provided for membership changes and they significantly reduce the required bandwidth due to key updating in mobile networks. Moreover, they achieve the security and scalability requirements in wireless networks.

  2. Mobility Based Key Management Technique for Multicast Security in Mobile Ad Hoc Networks

    Directory of Open Access Journals (Sweden)

    B. Madhusudhanan

    2015-01-01

    Full Text Available In MANET multicasting, forward and backward secrecy result in increased packet drop rate owing to mobility. Frequent rekeying causes large message overhead which increases energy consumption and end-to-end delay. Particularly, the prevailing group key management techniques cause frequent mobility and disconnections. So there is a need to design a multicast key management technique to overcome these problems. In this paper, we propose the mobility based key management technique for multicast security in MANET. Initially, the nodes are categorized according to their stability index which is estimated based on the link availability and mobility. A multicast tree is constructed such that for every weak node, there is a strong parent node. A session key-based encryption technique is utilized to transmit a multicast data. The rekeying process is performed periodically by the initiator node. The rekeying interval is fixed depending on the node category so that this technique greatly minimizes the rekeying overhead. By simulation results, we show that our proposed approach reduces the packet drop rate and improves the data confidentiality.

  3. Secure Group Communications for Large Dynamic Multicast Group

    Institute of Scientific and Technical Information of China (English)

    Liu Jing; Zhou Mingtian

    2003-01-01

    As the major problem in multicast security, the group key management has been the focus of research But few results are satisfactory. In this paper, the problems of group key management and access control for large dynamic multicast group have been researched and a solution based on SubGroup Secure Controllers (SGSCs) is presented, which solves many problems in IOLUS system and WGL scheme.

  4. Secure Multicast Routing Algorithm for Wireless Mesh Networks

    Directory of Open Access Journals (Sweden)

    Rakesh Matam

    2016-01-01

    Full Text Available Multicast is an indispensable communication technique in wireless mesh network (WMN. Many applications in WMN including multicast TV, audio and video conferencing, and multiplayer social gaming use multicast transmission. On the other hand, security in multicast transmissions is crucial, without which the network services are significantly disrupted. Existing secure routing protocols that address different active attacks are still vulnerable due to subtle nature of flaws in protocol design. Moreover, existing secure routing protocols assume that adversarial nodes cannot share an out-of-band communication channel which rules out the possibility of wormhole attack. In this paper, we propose SEMRAW (SEcure Multicast Routing Algorithm for Wireless mesh network that is resistant against all known active threats including wormhole attack. SEMRAW employs digital signatures to prevent a malicious node from gaining illegitimate access to the message contents. Security of SEMRAW is evaluated using the simulation paradigm approach.

  5. Fingerprint multicast in secure video streaming.

    Science.gov (United States)

    Zhao, H Vicky; Liu, K J Ray

    2006-01-01

    Digital fingerprinting is an emerging technology to protect multimedia content from illegal redistribution, where each distributed copy is labeled with unique identification information. In video streaming, huge amount of data have to be transmitted to a large number of users under stringent latency constraints, so the bandwidth-efficient distribution of uniquely fingerprinted copies is crucial. This paper investigates the secure multicast of anticollusion fingerprinted video in streaming applications and analyzes their performance. We first propose a general fingerprint multicast scheme that can be used with most spread spectrum embedding-based multimedia fingerprinting systems. To further improve the bandwidth efficiency, we explore the special structure of the fingerprint design and propose a joint fingerprint design and distribution scheme. From our simulations, the two proposed schemes can reduce the bandwidth requirement by 48% to 87%, depending on the number of users, the characteristics of video sequences, and the network and computation constraints. We also show that under the constraint that all colluders have the same probability of detection, the embedded fingerprints in the two schemes have approximately the same collusion resistance. Finally, we propose a fingerprint drift compensation scheme to improve the quality of the reconstructed sequences at the decoder's side without introducing extra communication overhead.

  6. Simultaneous Wireless Power Transfer and Secure Multicasting in Cooperative Decode-and-Forward Relay Networks.

    Science.gov (United States)

    Lee, Jong-Ho; Sohn, Illsoo; Kim, Yong-Hwa

    2017-05-16

    In this paper, we investigate simultaneous wireless power transfer and secure multicasting via cooperative decode-and-forward (DF) relays in the presence of multiple energy receivers and eavesdroppers. Two scenarios are considered under a total power budget: maximizing the minimum harvested energy among the energy receivers under a multicast secrecy rate constraint; and maximizing the multicast secrecy rate under a minimum harvested energy constraint. For both scenarios, we solve the transmit power allocation and relay beamformer design problems by using semidefinite relaxation and bisection technique. We present numerical results to analyze the energy harvesting and secure multicasting performances in cooperative DF relay networks.

  7. Simultaneous Wireless Power Transfer and Secure Multicasting in Cooperative Decode-and-Forward Relay Networks

    Science.gov (United States)

    Lee, Jong-Ho; Sohn, Illsoo; Kim, Yong-Hwa

    2017-01-01

    In this paper, we investigate simultaneous wireless power transfer and secure multicasting via cooperative decode-and-forward (DF) relays in the presence of multiple energy receivers and eavesdroppers. Two scenarios are considered under a total power budget: maximizing the minimum harvested energy among the energy receivers under a multicast secrecy rate constraint; and maximizing the multicast secrecy rate under a minimum harvested energy constraint. For both scenarios, we solve the transmit power allocation and relay beamformer design problems by using semidefinite relaxation and bisection technique. We present numerical results to analyze the energy harvesting and secure multicasting performances in cooperative DF relay networks. PMID:28509841

  8. Simultaneous Wireless Power Transfer and Secure Multicasting in Cooperative Decode-and-Forward Relay Networks

    Directory of Open Access Journals (Sweden)

    Jong-Ho Lee

    2017-05-01

    Full Text Available In this paper, we investigate simultaneous wireless power transfer and secure multicasting via cooperative decode-and-forward (DF relays in the presence of multiple energy receivers and eavesdroppers. Two scenarios are considered under a total power budget: maximizing the minimum harvested energy among the energy receivers under a multicast secrecy rate constraint; and maximizing the multicast secrecy rate under a minimum harvested energy constraint. For both scenarios, we solve the transmit power allocation and relay beamformer design problems by using semidefinite relaxation and bisection technique. We present numerical results to analyze the energy harvesting and secure multicasting performances in cooperative DF relay networks.

  9. A Secure and Stable Multicast Overlay Network with Load Balancing for Scalable IPTV Services

    Directory of Open Access Journals (Sweden)

    Tsao-Ta Wei

    2012-01-01

    Full Text Available The emerging multimedia Internet application IPTV over P2P network preserves significant advantages in scalability. IPTV media content delivered in P2P networks over public Internet still preserves the issues of privacy and intellectual property rights. In this paper, we use SIP protocol to construct a secure application-layer multicast overlay network for IPTV, called SIPTVMON. SIPTVMON can secure all the IPTV media delivery paths against eavesdroppers via elliptic-curve Diffie-Hellman (ECDH key exchange on SIP signaling and AES encryption. Its load-balancing overlay tree is also optimized from peer heterogeneity and churn of peer joining and leaving to minimize both service degradation and latency. The performance results from large-scale simulations and experiments on different optimization criteria demonstrate SIPTVMON's cost effectiveness in quality of privacy protection, stability from user churn, and good perceptual quality of objective PSNR values for scalable IPTV services over Internet.

  10. Security Enhancement for Multicast over Internet of Things by Dynamically Constructed Fountain Codes

    Directory of Open Access Journals (Sweden)

    Qinghe Du

    2018-01-01

    Full Text Available The Internet of Things (IoT is expected to accommodate every object which exists in this world or likely to exist in the near future. The enormous scale of the objects is challenged by big security concerns, especially for common information dissemination via multicast services, where the reliability assurance for multiple multicast users at the cost of increasing redundancy and/or retransmissions also benefits eavesdroppers in successfully decoding the overheard signals. The objective of this work is to address the security challenge present in IoT multicast applications. Specifically, with the presence of the eavesdropper, an adaptive fountain code design is proposed in this paper to enhance the security for multicast in IoT. The main novel features of the proposed scheme include two folds: (i dynamical encoding scheme which can effectively decrease intercept probability at the eavesdropper; (ii increasing the transmission efficiency compared with the conventional nondynamical design. The analysis and simulation results show that the proposed scheme can effectively enhance information security while achieving higher transmission efficiency with a little accredited complexity, thus facilitating the secured wireless multicast transmissions over IoT.

  11. Authenticated IGMP for Controlling Access to Multicast Distribution Tree

    Science.gov (United States)

    Park, Chang-Seop; Kang, Hyun-Sun

    A receiver access control scheme is proposed to protect the multicast distribution tree from DoS attack induced by unauthorized use of IGMP, by extending the security-related functionality of IGMP. Based on a specific network and business model adopted for commercial deployment of IP multicast applications, a key management scheme is also presented for bootstrapping the proposed access control as well as accounting and billing for CP (Content Provider), NSP (Network Service Provider), and group members.

  12. Secure quantum key distribution

    Science.gov (United States)

    Lo, Hoi-Kwong; Curty, Marcos; Tamaki, Kiyoshi

    2014-08-01

    Secure communication is crucial in the Internet Age, and quantum mechanics stands poised to revolutionize cryptography as we know it today. In this Review, we introduce the motivation and the current state of the art of research in quantum cryptography. In particular, we discuss the present security model together with its assumptions, strengths and weaknesses. After briefly introducing recent experimental progress and challenges, we survey the latest developments in quantum hacking and countermeasures against it.

  13. Security for Key Management Interfaces

    OpenAIRE

    Kremer , Steve; Steel , Graham; Warinschi , Bogdan

    2011-01-01

    International audience; We propose a much-needed formal definition of security for cryptographic key management APIs. The advantages of our definition are that it is general, intuitive, and applicable to security proofs in both symbolic and computational models of cryptography. Our definition relies on an idealized API which allows only the most essential functions for generating, exporting and importing keys, and takes into account dynamic corruption of keys. Based on this we can define the ...

  14. The Key to School Security.

    Science.gov (United States)

    Hotle, Dan

    1993-01-01

    In addition to legislative accessibility requirements, other security issues facing school administrators who select a security system include the following: access control; user friendliness; durability or serviceability; life safety precautions; possibility of vandalism, theft, and tampering; and key control. Offers steps to take in considering…

  15. LKHW: A Directed Diffusion-Based Secure Multicast Scheme for Wireless Sensor Networks

    NARCIS (Netherlands)

    Di Pietro, Roberto; Mancini, Luigi V.; Law, Y.W.; Etalle, Sandro; Havinga, Paul J.M.; Huang, C.H; Ramanujam, J.

    2003-01-01

    We present a mechanism for securing group communications in Wireless Sensor Networks (WSN). First, we derive an extension of Logical Key Hierarchy (LKH). Then we merge the extension with Directed Diffusion (DD). The resulting protocol, LKHW, combines the advantages of both LKH and DD. In particular,

  16. LKHW: A Directed Diffusion-Based Secure Multicast Scheme for Wireless Sensor Networks

    NARCIS (Netherlands)

    Di Pietro, Roberto; Mancini, Luigi V.; Law, Y.W.; Etalle, Sandro; Havinga, Paul J.M.

    In this paper, we present a mechanism for securing group communications in Wireless Sensor Networks (WSN). First, we derive an extension of Logical Key Hierarchy (LKH). Then we merge the extension with directed diffusion. The resulting protocol, LKHW, combines the advantages of both LKH and directed

  17. PVM and IP multicast

    Energy Technology Data Exchange (ETDEWEB)

    Dunigan, T.H.; Hall, K.A.

    1996-12-01

    This report describes a 1994 demonstration implementation of PVM that uses IP multicast. PVM`s one-to-many unicast implementation of its pvm{_}mcast() function is replaced with reliable IP multicast. Performance of PVM using IP multicast over local and wide-area networks is measured and compared with the original unicast implementation. Current limitations of IP multicast are noted.

  18. Cross-Layer Design for Energy-Efficient Secure Multicast Communications in Ad Hoc Networks

    National Research Council Canada - National Science Library

    Lazos, Loukas; Poovendran, Radha

    2004-01-01

    .... They present an analytical formulation of the energy expenditure associated with the communication overhead of key management, and highlight its dependence on network topology and key distribution method...

  19. Secure combination of XML signature application with message aggregation in multicast settings

    DEFF Research Database (Denmark)

    Becker, Andreas; Jensen, Meiko

    2013-01-01

    The similarity-based aggregation of XML documents is a proven method for reducing network traffic. However, when used in conjunction with XML security standards, a lot of pitfalls, but also optimization potentials exist. In this paper, we investigate these issues, showing how to exploit similarity......-based aggregation for rapid distribution of digitally signed XML data. Using our own implementation in two different experimental settings, we provide both a thorough evaluation and a security proof for our approach. By this we prove both feasibility and security, and we illustrate how to achieve a network traffic...

  20. Fundamental quantitative security in quantum key generation

    International Nuclear Information System (INIS)

    Yuen, Horace P.

    2010-01-01

    We analyze the fundamental security significance of the quantitative criteria on the final generated key K in quantum key generation including the quantum criterion d, the attacker's mutual information on K, and the statistical distance between her distribution on K and the uniform distribution. For operational significance a criterion has to produce a guarantee on the attacker's probability of correctly estimating some portions of K from her measurement, in particular her maximum probability of identifying the whole K. We distinguish between the raw security of K when the attacker just gets at K before it is used in a cryptographic context and its composition security when the attacker may gain further information during its actual use to help get at K. We compare both of these securities of K to those obtainable from conventional key expansion with a symmetric key cipher. It is pointed out that a common belief in the superior security of a quantum generated K is based on an incorrect interpretation of d which cannot be true, and the security significance of d is uncertain. Generally, the quantum key distribution key K has no composition security guarantee and its raw security guarantee from concrete protocols is worse than that of conventional ciphers. Furthermore, for both raw and composition security there is an exponential catch-up problem that would make it difficult to quantitatively improve the security of K in a realistic protocol. Some possible ways to deal with the situation are suggested.

  1. Secure Hybrid Encryption from Weakened Key Encapsulation

    NARCIS (Netherlands)

    D. Hofheinz (Dennis); E. Kiltz (Eike); A. Menezes

    2007-01-01

    textabstractWe put forward a new paradigm for building hybrid encryption schemes from constrained chosen-ciphertext secure (CCCA) key-encapsulation mechanisms (KEMs) plus authenticated symmetric encryption. Constrained chosen-ciphertext security is a new security notion for KEMs that we propose. It

  2. Application Layer Multicast

    Science.gov (United States)

    Allani, Mouna; Garbinato, Benoît; Pedone, Fernando

    An increasing number of Peer-to-Peer (P2P) Internet applications rely today on data dissemination as their cornerstone, e.g., audio or video streaming, multi-party games. These applications typically depend on some support for multicast communication, where peers interested in a given data stream can join a corresponding multicast group. As a consequence, the efficiency, scalability, and reliability guarantees of these applications are tightly coupled with that of the underlying multicast mechanism.

  3. Public key infrastructure for DOE security research

    Energy Technology Data Exchange (ETDEWEB)

    Aiken, R.; Foster, I.; Johnston, W.E. [and others

    1997-06-01

    This document summarizes the Department of Energy`s Second Joint Energy Research/Defence Programs Security Research Workshop. The workshop, built on the results of the first Joint Workshop which reviewed security requirements represented in a range of mission-critical ER and DP applications, discussed commonalties and differences in ER/DP requirements and approaches, and identified an integrated common set of security research priorities. One significant conclusion of the first workshop was that progress in a broad spectrum of DOE-relevant security problems and applications could best be addressed through public-key cryptography based systems, and therefore depended upon the existence of a robust, broadly deployed public-key infrastructure. Hence, public-key infrastructure ({open_quotes}PKI{close_quotes}) was adopted as a primary focus for the second workshop. The Second Joint Workshop covered a range of DOE security research and deployment efforts, as well as summaries of the state of the art in various areas relating to public-key technologies. Key findings were that a broad range of DOE applications can benefit from security architectures and technologies built on a robust, flexible, widely deployed public-key infrastructure; that there exists a collection of specific requirements for missing or undeveloped PKI functionality, together with a preliminary assessment of how these requirements can be met; that, while commercial developments can be expected to provide many relevant security technologies, there are important capabilities that commercial developments will not address, due to the unique scale, performance, diversity, distributed nature, and sensitivity of DOE applications; that DOE should encourage and support research activities intended to increase understanding of security technology requirements, and to develop critical components not forthcoming from other sources in a timely manner.

  4. Secure image retrieval with multiple keys

    Science.gov (United States)

    Liang, Haihua; Zhang, Xinpeng; Wei, Qiuhan; Cheng, Hang

    2018-03-01

    This article proposes a secure image retrieval scheme under a multiuser scenario. In this scheme, the owner first encrypts and uploads images and their corresponding features to the cloud; then, the user submits the encrypted feature of the query image to the cloud; next, the cloud compares the encrypted features and returns encrypted images with similar content to the user. To find the nearest neighbor in the encrypted features, an encryption with multiple keys is proposed, in which the query feature of each user is encrypted by his/her own key. To improve the key security and space utilization, global optimization and Gaussian distribution are, respectively, employed to generate multiple keys. The experiments show that the proposed encryption can provide effective and secure image retrieval for each user and ensure confidentiality of the query feature of each user.

  5. Triple symmetric key cryptosystem for data security

    Science.gov (United States)

    Fuzail, C. Md; Norman, Jasmine; Mangayarkarasi, R.

    2017-11-01

    As the technology is getting spreads in the macro seconds of speed and in which the trend changing era from human to robotics the security issue is also getting increased. By means of using machine attacks it is very easy to break the cryptosystems in very less amount of time. Cryptosystem is a process which provides the security in all sorts of processes, communications and transactions to be done securely with the help of electronical mechanisms. Data is one such thing with the expanded implication and possible scraps over the collection of data to secure predominance and achievement, Information Security is the process where the information is protected from invalid and unverified accessibilities and data from mishandling. So the idea of Information Security has risen. Symmetric key which is also known as private key.Whereas the private key is mostly used to attain the confidentiality of data. It is a dynamic topic which can be implemented over different applications like android, wireless censor networks, etc. In this paper, a new mathematical manipulation algorithm along with Tea cryptosystem has been implemented and it can be used for the purpose of cryptography. The algorithm which we proposed is straightforward and more powerful and it will authenticate in harder way and also it will be very difficult to break by someone without knowing in depth about its internal mechanisms.

  6. High Performance Computing Multicast

    Science.gov (United States)

    2012-02-01

    A History of the Virtual Synchrony Replication Model,” in Replication: Theory and Practice, Charron-Bost, B., Pedone, F., and Schiper, A. (Eds...Performance Computing IP / IPv4 Internet Protocol (version 4.0) IPMC Internet Protocol MultiCast LAN Local Area Network MCMD Dr. Multicast MPI

  7. Secure quantum key distribution using squeezed states

    International Nuclear Information System (INIS)

    Gottesman, Daniel; Preskill, John

    2001-01-01

    We prove the security of a quantum key distribution scheme based on transmission of squeezed quantum states of a harmonic oscillator. Our proof employs quantum error-correcting codes that encode a finite-dimensional quantum system in the infinite-dimensional Hilbert space of an oscillator, and protect against errors that shift the canonical variables p and q. If the noise in the quantum channel is weak, squeezing signal states by 2.51 dB (a squeeze factor e r =1.34) is sufficient in principle to ensure the security of a protocol that is suitably enhanced by classical error correction and privacy amplification. Secure key distribution can be achieved over distances comparable to the attenuation length of the quantum channel

  8. Security of practical quantum key distribution systems

    Energy Technology Data Exchange (ETDEWEB)

    Jain, Nitin

    2015-02-24

    This thesis deals with practical security aspects of quantum key distribution (QKD) systems. At the heart of the theoretical model of any QKD system lies a quantum-mechanical security proof that guarantees perfect secrecy of messages - based on certain assumptions. However, in practice, deviations between the theoretical model and the physical implementation could be exploited by an attacker to break the security of the system. These deviations may arise from technical limitations and operational imperfections in the physical implementation and/or unrealistic assumptions and insufficient constraints in the theoretical model. In this thesis, we experimentally investigate in depth several such deviations. We demonstrate the resultant vulnerabilities via proof-of-principle attacks on a commercial QKD system from ID Quantique. We also propose countermeasures against the investigated loopholes to secure both existing and future QKD implementations.

  9. Design of controllable multicast for IPTV over EPON

    Science.gov (United States)

    Zhang, Chuanhao; Liu, Deming; Zhang, Li; Wu, Guangsheng

    2007-11-01

    The character of 1Gbps bandwidth and tree-based structure make EPON very suitable for broadcast or multicast services such as IPTV. In this paper we focus on security mechanisms that should be available to groups that specifically request it, and therefore are willing to pay the extra cost of implementing those mechanisms. We concentrate on two issues: how unauthorized multicast traffic can be prevented by means of multicast transit traffic control; how a group's susceptibility is likely to be reduced by means of multicast group access control. We have proposed a novel scheme that should be available to multicast groups that desire precautionary measures be taken to avert the threats of Invalid source and unauthorized access.

  10. Secure Key Management in the Cloud

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Jakobsen, Thomas Pelle; Nielsen, Jesper Buus

    2013-01-01

    information such as cryptographic keys. Applications like this include many cases where secure multiparty computation is outsourced to the cloud, and in particular a number of online auctions and benchmark computations with confidential inputs. We consider fully autonomous servers that switch between online......We consider applications involving a number of servers in the cloud that go through a sequence of online periods where the servers communicate, separated by offline periods where the servers are idle. During the offline periods, we assume that the servers need to securely store sensitive...... and offline periods without communicating with anyone from outside the cloud, and semi-autonomous servers that need a limited kind of assistance from outside the cloud when doing the transition. We study the levels of security one can – and cannot – obtain in this model, propose light-weight protocols...

  11. Using IGMP V3 for controllable multicast over EPON

    Science.gov (United States)

    Zhang, Chuanhao; Liu, Deming; Zhang, Li; Wu, Guangsheng

    2008-11-01

    The character of 1Gbps bandwidth and tree-based structure make EPON very suitable for broadcast or multicast services such as IPTV. The document proposed a novel scheme, based on the former research for controllable multicast over EPON system, mainly considering system security and maintainability. It can both control the IPTV program source's and the receiver's validity, improving the efficiency and precision. The processing of the two configurations mode is given in detail.

  12. Quantum cryptography to satellites for global secure key distribution

    Science.gov (United States)

    Rarity, John G.; Gorman, Philip M.; Knight, Paul; Wallace, Kotska; Tapster, Paul R.

    2017-11-01

    We have designed and built a free space secure key exchange system using weak laser pulses with polarisation modulation by acousto-optic switching. We have used this system to exchange keys over a 1.2km ground range with absolute security. Building from this initial result we analyse the feasibility of exchanging keys to a low earth orbit satellite.

  13. Group key management

    Energy Technology Data Exchange (ETDEWEB)

    Dunigan, T.; Cao, C.

    1997-08-01

    This report describes an architecture and implementation for doing group key management over a data communications network. The architecture describes a protocol for establishing a shared encryption key among an authenticated and authorized collection of network entities. Group access requires one or more authorization certificates. The implementation includes a simple public key and certificate infrastructure. Multicast is used for some of the key management messages. An application programming interface multiplexes key management and user application messages. An implementation using the new IP security protocols is postulated. The architecture is compared with other group key management proposals, and the performance and the limitations of the implementation are described.

  14. Towards Comprehensive Food Security Measures: Comparing Key ...

    African Journals Online (AJOL)

    Food security is a multi-dimensional issue that has been difficult to measure comprehensively, given the one-dimensional focus of existing indicators. Three indicators dominate the food security measurement debate: Household Food Insecurity Access Scale (HFIAS), Dietary Diversity Score (DDS) and Coping Strategies ...

  15. Infrared: A Key Technology for Security Systems

    OpenAIRE

    Corsi, Carlo

    2012-01-01

    Infrared science and technology has been, since the first applications, mainly dedicated to security and surveillance especially in military field, besides specialized techniques in thermal imaging for medical diagnostic and building structures and recently in energy savings and aerospace context. Till recently the security applications were mainly based on thermal imaging as surveillance and warning military systems. In all these applications the advent of room temperature, more reliable due...

  16. A Secure Network Coding Based on Broadcast Encryption in SDN

    Directory of Open Access Journals (Sweden)

    Yue Chen

    2016-01-01

    Full Text Available By allowing intermediate nodes to encode the received packets before sending them out, network coding improves the capacity and robustness of multicast applications. But it is vulnerable to the pollution attacks. Some signature schemes were proposed to thwart such attacks, but most of them need to be homomorphic that the keys cannot be generated and managed easily. In this paper, we propose a novel fast and secure switch network coding multicast (SSNC on the software defined networks (SDN. In our scheme, the complicated secure multicast management was separated from the fast data transmission based on the SDN. Multiple multicasts will be aggregated to one multicast group according to the requirements of services and the network status. Then, the controller will route aggregated multicast group with network coding; only the trusted switch will be allowed to join the network coding by using broadcast encryption. The proposed scheme can use the traditional cryptography without homomorphy, which greatly reduces the complexity of the computation and improves the efficiency of transmission.

  17. Securing information using optically generated biometric keys

    Science.gov (United States)

    Verma, Gaurav; Sinha, Aloka

    2016-11-01

    In this paper, we present a new technique to obtain biometric keys by using the fingerprint of a person for an optical image encryption system. The key generation scheme uses the fingerprint biometric information in terms of the amplitude mask (AM) and the phase mask (PM) of the reconstructed fingerprint image that is implemented using the digital holographic technique. Statistical tests have been conducted to check the randomness of the fingerprint PM key that enables its usage as an image encryption key. To explore the utility of the generated biometric keys, an optical image encryption system has been further demonstrated based on the phase retrieval algorithm and the double random phase encoding scheme in which keys for the encryption are used as the AM and the PM key. The advantage associated with the proposed scheme is that the biometric keys’ retrieval requires the simultaneous presence of the fingerprint hologram and the correct knowledge of the reconstruction parameters at the decryption stage, which not only verifies the authenticity of the person but also protects the valuable fingerprint biometric features of the keys. Numerical results are carried out to prove the feasibility and the effectiveness of the proposed encryption system.

  18. Secure key distribution by swapping quantum entanglement

    International Nuclear Information System (INIS)

    Song, Daegene

    2004-01-01

    We report two key distribution schemes achieved by swapping quantum entanglement. Using two Bell states, two bits of secret key can be shared between two distant parties that play symmetric and equal roles. We also address eavesdropping attacks against the schemes

  19. Towards understanding the known-key security of block ciphers

    DEFF Research Database (Denmark)

    Andreeva, Elena; Bogdanov, Andrey; Mennink, Bart

    2014-01-01

    ciphers based on ideal components such as random permutations and random functions as well as propose new generic known-key attacks on generalized Feistel ciphers. We introduce the notion of known-key indifferentiability to capture the security of such block ciphers under a known key. To show its...... meaningfulness, we prove that the known-key attacks on block ciphers with ideal primitives to date violate security under known-key indifferentiability. On the other hand, to demonstrate its constructiveness, we prove the balanced Feistel cipher with random functions and the multiple Even-Mansour cipher...... with random permutations known-key indifferentiable for a sufficient number of rounds. We note that known-key indifferentiability is more quickly and tightly attained by multiple Even-Mansour which puts it forward as a construction provably secure against known-key attacks....

  20. VerSAMI: Versatile and Scalable key management for Smart Grid AMI systems

    OpenAIRE

    Benmalek , Mourad; Challal , Yacine; Derhab , Abdelouahid; Bouabdallah , Abdelmadjid

    2018-01-01

    International audience; In this paper, we propose four new key management schemes for Advanced Metering Infrastructure (AMI) to secure data communications in the Smart Grid (SG). The schemes are based on individual and batch rekeying operations using a novel multi-group key graph structure, are also versatile in the sense that they can support broadcast, unicast, as well as multicast communications. Security analysis shows that our schemes satisfy key management security properties. Furthermo...

  1. Multicast Delayed Authentication For Streaming Synchrophasor Data in the Smart Grid.

    Science.gov (United States)

    Câmara, Sérgio; Anand, Dhananjay; Pillitteri, Victoria; Carmo, Luiz

    2016-01-01

    Multicast authentication of synchrophasor data is challenging due to the design requirements of Smart Grid monitoring systems such as low security overhead, tolerance of lossy networks, time-criticality and high data rates. In this work, we propose inf -TESLA, Infinite Timed Efficient Stream Loss-tolerant Authentication, a multicast delayed authentication protocol for communication links used to stream synchrophasor data for wide area control of electric power networks. Our approach is based on the authentication protocol TESLA but is augmented to accommodate high frequency transmissions of unbounded length. inf TESLA protocol utilizes the Dual Offset Key Chains mechanism to reduce authentication delay and computational cost associated with key chain commitment. We provide a description of the mechanism using two different modes for disclosing keys and demonstrate its security against a man-in-the-middle attack attempt. We compare our approach against the TESLA protocol in a 2-day simulation scenario, showing a reduction of 15.82% and 47.29% in computational cost, sender and receiver respectively, and a cumulative reduction in the communication overhead.

  2. A secure key agreement protocol based on chaotic maps

    International Nuclear Information System (INIS)

    Wang Xing-Yuan; Luan Da-Peng

    2013-01-01

    To guarantee the security of communication in the public channel, many key agreement protocols have been proposed. Recently, Gong et al. proposed a key agreement protocol based on chaotic maps with password sharing. In this paper, Gong et al.'s protocol is analyzed, and we find that this protocol exhibits key management issues and potential security problems. Furthermore, the paper presents a new key agreement protocol based on enhanced Chebyshev polynomials to overcome these problems. Through our analysis, our key agreement protocol not only provides mutual authentication and the ability to resist a variety of common attacks, but also solve the problems of key management and security issues existing in Gong et al.'s protocol

  3. Unbelievable security : Matching AES using public key systems

    NARCIS (Netherlands)

    Lenstra, A.K.; Boyd, C.

    2001-01-01

    The Advanced Encryption Standard (AES) provides three levels of security: 128, 192, and 256 bits. Given a desired level of security for the AES, this paper discusses matching public key sizes for RSA and the ElGamal family of protocols. For the latter both traditional multiplicative groups of finite

  4. Key Exchange Trust Evaluation in Peer-to-Peer Sensor Networks With Unconditionally Secure Key Exchange

    Science.gov (United States)

    Gonzalez, Elias; Kish, Laszlo B.

    2016-03-01

    As the utilization of sensor networks continue to increase, the importance of security becomes more profound. Many industries depend on sensor networks for critical tasks, and a malicious entity can potentially cause catastrophic damage. We propose a new key exchange trust evaluation for peer-to-peer sensor networks, where part of the network has unconditionally secure key exchange. For a given sensor, the higher the portion of channels with unconditionally secure key exchange the higher the trust value. We give a brief introduction to unconditionally secured key exchange concepts and mention current trust measures in sensor networks. We demonstrate the new key exchange trust measure on a hypothetical sensor network using both wired and wireless communication channels.

  5. Randomness determines practical security of BB84 quantum key distribution

    Science.gov (United States)

    Li, Hong-Wei; Yin, Zhen-Qiang; Wang, Shuang; Qian, Yong-Jun; Chen, Wei; Guo, Guang-Can; Han, Zheng-Fu

    2015-11-01

    Unconditional security of the BB84 quantum key distribution protocol has been proved by exploiting the fundamental laws of quantum mechanics, but the practical quantum key distribution system maybe hacked by considering the imperfect state preparation and measurement respectively. Until now, different attacking schemes have been proposed by utilizing imperfect devices, but the general security analysis model against all of the practical attacking schemes has not been proposed. Here, we demonstrate that the general practical attacking schemes can be divided into the Trojan horse attack, strong randomness attack and weak randomness attack respectively. We prove security of BB84 protocol under randomness attacking models, and these results can be applied to guarantee the security of the practical quantum key distribution system.

  6. Anticollusion Attack Noninteractive Security Hierarchical Key Agreement Scheme in WHMS

    Directory of Open Access Journals (Sweden)

    Kefei Mao

    2016-01-01

    Full Text Available Wireless Health Monitoring Systems (WHMS have potential to change the way of health care and bring numbers of benefits to patients, physicians, hospitals, and society. However, there are crucial barriers not only to transmit the biometric information but also to protect the privacy and security of the patients’ information. The key agreement between two entities is an essential cryptography operation to clear the barriers. In particular, the noninteractive hierarchical key agreement scheme becomes an attractive direction in WHMS because each sensor node or gateway has limited resources and power. Recently, a noninteractive hierarchical key agreement scheme has been proposed by Kim for WHMS. However, we show that Kim’s cryptographic scheme is vulnerable to the collusion attack if the physicians can be corrupted. Obviously, it is a more practical security condition. Therefore, we proposed an improved key agreement scheme against the attack. Security proof, security analysis, and experimental results demonstrate that our proposed scheme gains enhanced security and more efficiency than Kim’s previous scheme while inheriting its qualities of one-round communication and security properties.

  7. Simple security proof of quantum key distribution based on complementarity

    International Nuclear Information System (INIS)

    Koashi, M

    2009-01-01

    We present an approach to the unconditional security of quantum key distribution protocols based on a complementarity argument. The approach is applicable to, but not limited to, every case that has been treated via the argument by Shor and Preskill based on entanglement distillation, with a benefit of decoupling of the error correction from the privacy amplification. It can also treat cases with uncharacterized apparatuses. We derive a secure key rate for the Bennett-Brassard-1984 protocol with an arbitrary source characterized only by a single parameter representing the basis dependence.

  8. Simultaneous multichannel wavelength multicasting and XOR logic gate multicasting for three DPSK signals based on four-wave mixing in quantum-dot semiconductor optical amplifier.

    Science.gov (United States)

    Qin, Jun; Lu, Guo-Wei; Sakamoto, Takahide; Akahane, Kouichi; Yamamoto, Naokatsu; Wang, Danshi; Wang, Cheng; Wang, Hongxiang; Zhang, Min; Kawanishi, Tetsuya; Ji, Yuefeng

    2014-12-01

    In this paper, we experimentally demonstrate simultaneous multichannel wavelength multicasting (MWM) and exclusive-OR logic gate multicasting (XOR-LGM) for three 10Gbps non-return-to-zero differential phase-shift-keying (NRZ-DPSK) signals in quantum-dot semiconductor optical amplifier (QD-SOA) by exploiting the four-wave mixing (FWM) process. No additional pump is needed in the scheme. Through the interaction of the input three 10Gbps DPSK signal lights in QD-SOA, each channel is successfully multicasted to three wavelengths (1-to-3 for each), totally 3-to-9 MWM, and at the same time, three-output XOR-LGM is obtained at three different wavelengths. All the new generated channels are with a power penalty less than 1.2dB at a BER of 10(-9). Degenerate and non-degenerate FWM components are fully used in the experiment for data and logic multicasting.

  9. Information Security Governanceas as Key Performance Indicator for Financial Institutions

    OpenAIRE

    Krjukovs, D; Strauss, R

    2009-01-01

    Due to their nature financial institutions and their performance are in constant focus of attention from different stakeholder groups. These groups according to their functions and interests are implementing different sets of key performance indicators for financial institution performance assessment. In the proposed paper authors present a hypothesis of information security governance being a financial institution key performance indicator. Authors provide high level overview of ...

  10. Unconditional security of quantum key distribution and the uncertainty principle

    International Nuclear Information System (INIS)

    Koashi, Masato

    2006-01-01

    An approach to the unconditional security of quantum key distribution protocols is presented, which is based on the uncertainty principle. The approach applies to every case that has been treated via the argument by Shor and Preskill, but it is not necessary to find quantum error correcting codes. It can also treat the cases with uncharacterized apparatuses. The proof can be applied to cases where the secret key rate is larger than the distillable entanglement

  11. Minimum Interference Channel Assignment Algorithm for Multicast in a Wireless Mesh Network

    Directory of Open Access Journals (Sweden)

    Sangil Choi

    2016-12-01

    Full Text Available Wireless mesh networks (WMNs have been considered as one of the key technologies for the configuration of wireless machines since they emerged. In a WMN, wireless routers provide multi-hop wireless connectivity between hosts in the network and also allow them to access the Internet via gateway devices. Wireless routers are typically equipped with multiple radios operating on different channels to increase network throughput. Multicast is a form of communication that delivers data from a source to a set of destinations simultaneously. It is used in a number of applications, such as distributed games, distance education, and video conferencing. In this study, we address a channel assignment problem for multicast in multi-radio multi-channel WMNs. In a multi-radio multi-channel WMN, two nearby nodes will interfere with each other and cause a throughput decrease when they transmit on the same channel. Thus, an important goal for multicast channel assignment is to reduce the interference among networked devices. We have developed a minimum interference channel assignment (MICA algorithm for multicast that accurately models the interference relationship between pairs of multicast tree nodes using the concept of the interference factor and assigns channels to tree nodes to minimize interference within the multicast tree. Simulation results show that MICA achieves higher throughput and lower end-to-end packet delay compared with an existing channel assignment algorithm named multi-channel multicast (MCM. In addition, MICA achieves much lower throughput variation among the destination nodes than MCM.

  12. Distributed public key schemes secure against continual leakage

    DEFF Research Database (Denmark)

    Akavia, Adi; Goldwasser, Shafi; Hazay, Carmit

    2012-01-01

    -secure against continual memory leakage. Our DPKE scheme also implies a secure storage system on leaky devices, where a value s can be secretely stored on devices that continually leak information about their internal state to an external attacker. The devices go through a periodic refresh protocol......In this work we study distributed public key schemes secure against continual memory leakage. The secret key will be shared among two computing devices communicating over a public channel, and the decryption operation will be computed by a simple 2-party protocol between the devices. Similarly...... against continual memory leakage, under the Bilinear Decisional Diffie-Hellman and $2$-linear assumptions. Our schemes have the following properties: 1. Our DPKE and DIBE schemes tolerate leakage at all times, including during refresh. During refresh the tolerated leakage is a (1/2-o (1),1)-fraction...

  13. Device calibration impacts security of quantum key distribution.

    Science.gov (United States)

    Jain, Nitin; Wittmann, Christoffer; Lydersen, Lars; Wiechers, Carlos; Elser, Dominique; Marquardt, Christoph; Makarov, Vadim; Leuchs, Gerd

    2011-09-09

    Characterizing the physical channel and calibrating the cryptosystem hardware are prerequisites for establishing a quantum channel for quantum key distribution (QKD). Moreover, an inappropriately implemented calibration routine can open a fatal security loophole. We propose and experimentally demonstrate a method to induce a large temporal detector efficiency mismatch in a commercial QKD system by deceiving a channel length calibration routine. We then devise an optimal and realistic strategy using faked states to break the security of the cryptosystem. A fix for this loophole is also suggested.

  14. The ultimate security bounds of quantum key distribution protocols

    International Nuclear Information System (INIS)

    Nikolopoulos, G.M.; Alber, G.

    2005-01-01

    Full text: Quantum key distribution (QKD) protocols exploit quantum correlations in order to establish a secure key between two legitimate users. Recent work on QKD has revealed a remarkable link between quantum and secret correlations. In this talk we report on recent results concerning the ultimate upper security bounds of various QKD schemes (i.e., the maximal disturbance up to which the two legitimate users share quantum correlations) under the assumption of general coherent attacks. In particular, we derive an analytic expression for the ultimate upper security bound of QKD schemes that use two mutually unbiased bases. As long as the two legitimate users focus on the sifted key and treat each pair of data independently during the post processing, our results are valid for arbitrary dimensions of the information carriers. The bound we have derived is well below the predictions of optimal cloning machines. The possibility of extraction of a secret key beyond entanglement distillation is also discussed. In the case of qutrits we argue that any eavesdropping strategy is equivalent to a symmetric one. For higher dimensions, however, such equivalence is generally no longer valid. (author)

  15. Security by quantum key distribution and IPSEC (SEQKEIP): feasibility

    International Nuclear Information System (INIS)

    Sfaxi, M.A.; Ghernaouti-Helie, S.; Ribordy, G; Gay, O.

    2005-01-01

    Full text: Classical cryptography algorithms are based on mathematical functions. The robustness of a given cryptosystem is based essentially on the secrecy of its (private) key and the difficulty with which the inverse of its one-way function(s) can be calculated. Unfortunately, there is no mathematical proof that will establish whether it is not possible to find the inverse of a given one-way function. On the contrary, quantum cryptography is a method for sharing secret keys, whose security can be formally demonstrated. It is based on the laws of physics. The possible applications of quantum cryptography are mainly linked to telecommunication services that require very high level of security. Quantum cryptography could be integrated in various existing concepts and protocols. One of the possible use of quantum cryptography is within IPSEC. The aim of this paper is to analyse the feasibility of using quantum cryptography in IPSEC and to present the estimated performances of this solution. (author)

  16. Device-independent quantum key distribution secure against collective attacks

    International Nuclear Information System (INIS)

    Pironio, Stefano; Gisin, Nicolas; AcIn, Antonio; Brunner, Nicolas; Massar, Serge; Scarani, Valerio

    2009-01-01

    Device-independent quantum key distribution (DIQKD) represents a relaxation of the security assumptions made in usual quantum key distribution (QKD). As in usual QKD, the security of DIQKD follows from the laws of quantum physics, but contrary to usual QKD, it does not rely on any assumptions about the internal working of the quantum devices used in the protocol. In this paper, we present in detail the security proof for a DIQKD protocol introduced in AcIn et al (2008 Phys. Rev. Lett. 98 230501). This proof exploits the full structure of quantum theory (as opposed to other proofs that exploit only the no-signaling principle), but only holds against collective attacks, where the eavesdropper is assumed to act on the quantum systems of the honest parties independently and identically in each round of the protocol (although she can act coherently on her systems at any time). The security of any DIQKD protocol necessarily relies on the violation of a Bell inequality. We discuss the issue of loopholes in Bell experiments in this context.

  17. Efficient quantum secure communication with a publicly known key

    International Nuclear Information System (INIS)

    Li Chunyan; Li Xihan; Deng Fuguo; Zhou Hongyu

    2008-01-01

    This paper presents a simple way for an eavesdropper to eavesdrop freely the secret message in the experimental realization of quantum communication protocol proposed by Beige et al (2002 Acta Phys. Pol. A 101 357). Moreover, it introduces an efficient quantum secure communication protocol based on a publicly known key with decoy photons and two biased bases by modifying the original protocol. The total efficiency of this new protocol is double that of the original one. With a low noise quantum channel, this protocol can be used for transmitting a secret message. At present, this protocol is good for generating a private key efficiently. (general)

  18. Shared Electronic Health Record Systems: Key Legal and Security Challenges.

    Science.gov (United States)

    Christiansen, Ellen K; Skipenes, Eva; Hausken, Marie F; Skeie, Svein; Østbye, Truls; Iversen, Marjolein M

    2017-11-01

    Use of shared electronic health records opens a whole range of new possibilities for flexible and fruitful cooperation among health personnel in different health institutions, to the benefit of the patients. There are, however, unsolved legal and security challenges. The overall aim of this article is to highlight legal and security challenges that should be considered before using shared electronic cooperation platforms and health record systems to avoid legal and security "surprises" subsequent to the implementation. Practical lessons learned from the use of a web-based ulcer record system involving patients, community nurses, GPs, and hospital nurses and doctors in specialist health care are used to illustrate challenges we faced. Discussion of possible legal and security challenges is critical for successful implementation of shared electronic collaboration systems. Key challenges include (1) allocation of responsibility, (2) documentation routines, (3) and integrated or federated access control. We discuss and suggest how challenges of legal and security aspects can be handled. This discussion may be useful for both current and future users, as well as policy makers.

  19. Protection switching for carrier ethernet multicast

    DEFF Research Database (Denmark)

    Ruepp, Sarah Renée; Wessing, Henrik; Berger, Michael Stübert

    2010-01-01

    This paper addresses network survivability for IPTV multicast transport in Carrier Ethernet networks. The impact of link failures is investigated and suggestions for intelligent multicast resilience schemes are proposed. In particular, functions of the multicast tree are integrated with the Carri...... recovery path length, recovery time, number of branch nodes and operational complexity. The integrated approach therefore shows significant potential to increase the QoE for IPTV users in case of network failures and recovery actions.......This paper addresses network survivability for IPTV multicast transport in Carrier Ethernet networks. The impact of link failures is investigated and suggestions for intelligent multicast resilience schemes are proposed. In particular, functions of the multicast tree are integrated with the Carrier...

  20. Securing quantum key distribution systems using fewer states

    Science.gov (United States)

    Islam, Nurul T.; Lim, Charles Ci Wen; Cahall, Clinton; Kim, Jungsang; Gauthier, Daniel J.

    2018-04-01

    Quantum key distribution (QKD) allows two remote users to establish a secret key in the presence of an eavesdropper. The users share quantum states prepared in two mutually unbiased bases: one to generate the key while the other monitors the presence of the eavesdropper. Here, we show that a general d -dimension QKD system can be secured by transmitting only a subset of the monitoring states. In particular, we find that there is no loss in the secure key rate when dropping one of the monitoring states. Furthermore, it is possible to use only a single monitoring state if the quantum bit error rates are low enough. We apply our formalism to an experimental d =4 time-phase QKD system, where only one monitoring state is transmitted, and obtain a secret key rate of 17.4 ±2.8 Mbits/s at a 4 dB channel loss and with a quantum bit error rate of 0.045 ±0.001 and 0.037 ±0.001 in time and phase bases, respectively, which is 58.4% of the secret key rate that can be achieved with the full setup. This ratio can be increased, potentially up to 100%, if the error rates in time and phase basis are reduced. Our results demonstrate that it is possible to substantially simplify the design of high-dimensional QKD systems, including those that use the spatial or temporal degrees of freedom of the photon, and still outperform qubit-based (d =2 ) protocols.

  1. Optical multicast system for data center networks.

    Science.gov (United States)

    Samadi, Payman; Gupta, Varun; Xu, Junjie; Wang, Howard; Zussman, Gil; Bergman, Keren

    2015-08-24

    We present the design and experimental evaluation of an Optical Multicast System for Data Center Networks, a hardware-software system architecture that uniquely integrates passive optical splitters in a hybrid network architecture for faster and simpler delivery of multicast traffic flows. An application-driven control plane manages the integrated optical and electronic switched traffic routing in the data plane layer. The control plane includes a resource allocation algorithm to optimally assign optical splitters to the flows. The hardware architecture is built on a hybrid network with both Electronic Packet Switching (EPS) and Optical Circuit Switching (OCS) networks to aggregate Top-of-Rack switches. The OCS is also the connectivity substrate of splitters to the optical network. The optical multicast system implementation requires only commodity optical components. We built a prototype and developed a simulation environment to evaluate the performance of the system for bulk multicasting. Experimental and numerical results show simultaneous delivery of multicast flows to all receivers with steady throughput. Compared to IP multicast that is the electronic counterpart, optical multicast performs with less protocol complexity and reduced energy consumption. Compared to peer-to-peer multicast methods, it achieves at minimum an order of magnitude higher throughput for flows under 250 MB with significantly less connection overheads. Furthermore, for delivering 20 TB of data containing only 15% multicast flows, it reduces the total delivery energy consumption by 50% and improves latency by 55% compared to a data center with a sole non-blocking EPS network.

  2. Tunable Sparse Network Coding for Multicast Networks

    DEFF Research Database (Denmark)

    Feizi, Soheil; Roetter, Daniel Enrique Lucani; Sørensen, Chres Wiant

    2014-01-01

    This paper shows the potential and key enabling mechanisms for tunable sparse network coding, a scheme in which the density of network coded packets varies during a transmission session. At the beginning of a transmission session, sparsely coded packets are transmitted, which benefits decoding...... complexity. At the end of a transmission, when receivers have accumulated degrees of freedom, coding density is increased. We propose a family of tunable sparse network codes (TSNCs) for multicast erasure networks with a controllable trade-off between completion time performance to decoding complexity...... a mechanism to perform efficient Gaussian elimination over sparse matrices going beyond belief propagation but maintaining low decoding complexity. Supporting simulation results are provided showing the trade-off between decoding complexity and completion time....

  3. Key on demand (KoD) for software-defined optical networks secured by quantum key distribution (QKD).

    Science.gov (United States)

    Cao, Yuan; Zhao, Yongli; Colman-Meixner, Carlos; Yu, Xiaosong; Zhang, Jie

    2017-10-30

    Software-defined optical networking (SDON) will become the next generation optical network architecture. However, the optical layer and control layer of SDON are vulnerable to cyberattacks. While, data encryption is an effective method to minimize the negative effects of cyberattacks, secure key interchange is its major challenge which can be addressed by the quantum key distribution (QKD) technique. Hence, in this paper we discuss the integration of QKD with WDM optical networks to secure the SDON architecture by introducing a novel key on demand (KoD) scheme which is enabled by a novel routing, wavelength and key assignment (RWKA) algorithm. The QKD over SDON with KoD model follows two steps to provide security: i) quantum key pools (QKPs) construction for securing the control channels (CChs) and data channels (DChs); ii) the KoD scheme uses RWKA algorithm to allocate and update secret keys for different security requirements. To test our model, we define a security probability index which measures the security gain in CChs and DChs. Simulation results indicate that the security performance of CChs and DChs can be enhanced by provisioning sufficient secret keys in QKPs and performing key-updating considering potential cyberattacks. Also, KoD is beneficial to achieve a positive balance between security requirements and key resource usage.

  4. Building Secure Public Key Encryption Scheme from Hidden Field Equations

    Directory of Open Access Journals (Sweden)

    Yuan Ping

    2017-01-01

    Full Text Available Multivariate public key cryptography is a set of cryptographic schemes built from the NP-hardness of solving quadratic equations over finite fields, amongst which the hidden field equations (HFE family of schemes remain the most famous. However, the original HFE scheme was insecure, and the follow-up modifications were shown to be still vulnerable to attacks. In this paper, we propose a new variant of the HFE scheme by considering the special equation x2=x defined over the finite field F3 when x=0,1. We observe that the equation can be used to further destroy the special structure of the underlying central map of the HFE scheme. It is shown that the proposed public key encryption scheme is secure against known attacks including the MinRank attack, the algebraic attacks, and the linearization equations attacks. The proposal gains some advantages over the original HFE scheme with respect to the encryption speed and public key size.

  5. Identifying the Key Weaknesses in Network Security at Colleges.

    Science.gov (United States)

    Olsen, Florence

    2000-01-01

    A new study identifies and ranks the 10 security gaps responsible for most outsider attacks on college computer networks. The list is intended to help campus system administrators establish priorities as they work to increase security. One network security expert urges that institutions utilize multiple security layers. (DB)

  6. A Novel Video Data-Source Authentication Model Based on Digital Watermarking and MAC in Multicast

    Institute of Scientific and Technical Information of China (English)

    ZHAO Anjun; LU Xiangli; GUO Lei

    2006-01-01

    A novel video data authentication model based on digital video watermarking and MAC (message authentication code) in multicast protocol is proposed in this paper. The digital watermarking which composes of the MAC of the significant video content, the key and instant authentication data is embedded into the insignificant video component by the MLUT (modified look-up table) video watermarking technology. We explain a method that does not require storage of each data packet for a time, thus making receiver not vulnerable to DOS (denial of service) attack. So the video packets can be authenticated instantly without large volume buffer in the receivers. TESLA(timed efficient stream loss-tolerant authentication) does not explain how to select the suitable value for d, which is an important parameter in multicast source authentication. So we give a method to calculate the key disclosure delay (number of intervals). Simulation results show that the proposed algorithms improve the performance of data source authentication in multicast.

  7. A Key Generation Model for Improving the Security of Cryptographic ...

    African Journals Online (AJOL)

    Cryptography is a mathematical technique that plays an important role in information security techniques for addressing authentication, interactive proofs, data origination, sender/receiver identity, non-repudiation, secure computation, data integrity and confidentiality, message integrity checking and digital signatures.

  8. Comparative study of key exchange and authentication methods in application, transport and network level security mechanisms

    Science.gov (United States)

    Fathirad, Iraj; Devlin, John; Jiang, Frank

    2012-09-01

    The key-exchange and authentication are two crucial elements of any network security mechanism. IPsec, SSL/TLS, PGP and S/MIME are well-known security approaches in providing security service to network, transport and application layers; these protocols use different methods (based on their requirements) to establish keying materials and authenticates key-negotiation and participated parties. This paper studies and compares the authenticated key negotiation methods in mentioned protocols.

  9. Multisites Coordination in Shared Multicast Trees

    National Research Council Canada - National Science Library

    Dommel, H-P; Garcia-Luna-Aceves, J. J

    1999-01-01

    .... The protocol supports Internet-wide coordination for large and highly interactive groupwork, relying on transmission of coordination directives between group members across a shared end-to-end multicast tree...

  10. Stateless multicast switching in software defined networks

    OpenAIRE

    Reed, Martin J.; Al-Naday, Mays; Thomos, Nikolaos; Trossen, Dirk; Petropoulos, George; Spirou, Spiros

    2016-01-01

    Multicast data delivery can significantly reduce traffic in operators' networks, but has been limited in deployment due to concerns such as the scalability of state management. This paper shows how multicast can be implemented in contemporary software defined networking (SDN) switches, with less state than existing unicast switching strategies, by utilising a Bloom Filter (BF) based switching technique. Furthermore, the proposed mechanism uses only proactive rule insertion, and thus, is not l...

  11. Evaluating multicast resilience in carrier ethernet

    DEFF Research Database (Denmark)

    Ruepp, Sarah Renée; Wessing, Henrik; Zhang, Jiang

    2010-01-01

    This paper gives an overview of the Carrier Ethernet technology with specific focus on resilience. In particular, we show how multicast traffic, which is essential for IPTV can be protected. We detail the ackground for resilience mechanisms and their control and e present Carrier Ethernet...... resilience methods for linear nd ring networks. By simulation we show that the vailability of a multicast connection can be significantly increased by applying protection methods....

  12. On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys

    Directory of Open Access Journals (Sweden)

    Junghyun Nam

    2014-01-01

    Full Text Available Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010: (1 the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2 the protocol cannot protect clients’ passwords against an offline dictionary attack; and (3 the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.

  13. Multicast middleware for performance and topology analysis of multimedia grids

    Directory of Open Access Journals (Sweden)

    Jerry Z. Xie

    2017-04-01

    Full Text Available Since multicast reduces bandwidth consumption in multimedia grid computing, the middleware for monitoring the performance and topology of multicast communications is important to the design and management of multimedia grid applications. However, the current middleware technologies for multicast performance monitoring are still far from attaining the level of maturity and there lacks consistent approaches to obtain the evaluation data for multicast. In this study, to serve a clear guide for the design and implementation of the multicast middleware, two algorithms are developed for organising all constituents in multicast communications and analysing the multicast performance in two topologies – ‘multicast distribution tree’ and ‘clusters distribution’, and a definitive set of corresponding metrics that are comprehensive yet viable for evaluating multicast communications are also presented. Instead of using the inference data from unicast measurements, in the proposed middleware, the measuring data of multicast traffic are obtained directly from multicast protocols in real time. Moreover, this study makes a middleware implementation which is integrated into a real access grid multicast communication infrastructure. The results of the implementation demonstrate the substantial improvements in the accuracy and real time in evaluating the performance and topology of multicast network.

  14. WDM Network and Multicasting Protocol Strategies

    Directory of Open Access Journals (Sweden)

    Pinar Kirci

    2014-01-01

    Full Text Available Optical technology gains extensive attention and ever increasing improvement because of the huge amount of network traffic caused by the growing number of internet users and their rising demands. However, with wavelength division multiplexing (WDM, it is easier to take the advantage of optical networks and optical burst switching (OBS and to construct WDM networks with low delay rates and better data transparency these technologies are the best choices. Furthermore, multicasting in WDM is an urgent solution for bandwidth-intensive applications. In the paper, a new multicasting protocol with OBS is proposed. The protocol depends on a leaf initiated structure. The network is composed of source, ingress switches, intermediate switches, edge switches, and client nodes. The performance of the protocol is examined with Just Enough Time (JET and Just In Time (JIT reservation protocols. Also, the paper involves most of the recent advances about WDM multicasting in optical networks. WDM multicasting in optical networks is given as three common subtitles: Broadcast and-select networks, wavelength-routed networks, and OBS networks. Also, in the paper, multicast routing protocols are briefly summarized and optical burst switched WDM networks are investigated with the proposed multicast schemes.

  15. Scalable Multicasting over Next-Generation Internet Design, Analysis and Applications

    CERN Document Server

    Tian, Xiaohua

    2013-01-01

    Next-generation Internet providers face high expectations, as contemporary users worldwide expect high-quality multimedia functionality in a landscape of ever-expanding network applications. This volume explores the critical research issue of turning today’s greatly enhanced hardware capacity to good use in designing a scalable multicast  protocol for supporting large-scale multimedia services. Linking new hardware to improved performance in the Internet’s next incarnation is a research hot-spot in the computer communications field.   The methodical presentation deals with the key questions in turn: from the mechanics of multicast protocols to current state-of-the-art designs, and from methods of theoretical analysis of these protocols to applying them in the ns2 network simulator, known for being hard to extend. The authors’ years of research in the field inform this thorough treatment, which covers details such as applying AOM (application-oriented multicast) protocol to IPTV provision and resolving...

  16. Multicast Performance Analysis for High-Speed Torus Networks

    National Research Council Canada - National Science Library

    Oral, S; George, A

    2002-01-01

    ... for unicast-based and path-based multicast communication on high-speed torus networks. Software-based multicast performance results of selected algorithms on a 16-node Scalable Coherent Interface (SCI) torus are given...

  17. Merging Network Coding with Feedback Management in Multicast Streaming

    DEFF Research Database (Denmark)

    Moreira, André; Almeida, Luis; Roetter, Daniel Enrique Lucani

    2015-01-01

    Reliable multicast over wireless poses interesting challenges arising from the unreliable nature of the wireless medium. Recovering lost packets is particularly challenging in multicast scenarios since different receivers lose different packets. For this reason, simply retransmitting packets does...

  18. All-optical broadcast and multicast technologies based on PPLN waveguide

    DEFF Research Database (Denmark)

    Ye, Lingyun; Wang, Ju; Hu, Hao

    2013-01-01

    All-optical 1×4 broadcast and 1×3 multicast experiments of a 40-Gb/s return-to-zero on-off keying (RZ-OOK) signal based on a periodically poled lithium niobate (PPLN) waveguide are demonstrated in this letter. Clear opened eye diagrams and error-free performance are achieved for the broadcast...

  19. A Dynamic Active Multicast Group Access Control Framework Based on Trust Management System

    Institute of Scientific and Technical Information of China (English)

    YANG Chang; CHEN Xiaolin; ZHANG Huanguo

    2006-01-01

    The current multicast model provides no access control mechanism. Any host can send data directly to a multicast address or join a multicast group to become a member, which brings safety problems to multicast. In this paper, we present a new active multicast group access control mechanism that is founded on trust management. This structure can solve the problem that exists in multicast members' access control and distributing authorization of traditional IP multicast.

  20. Resource Allocation Management for Broadcast/Multicast Services

    OpenAIRE

    Fuente Iglesias, Alejandro de la; Pérez Leal, Raquel; García-Armada, Ana

    2015-01-01

    Ponencia presentada en: XXX Simposium Nacional de la Unión Científica Internacional de Radio, los dias 2 y 4 septiembre 2015, en Pamplona (españa). Video services are expected to become more than 70% of the mobile traffic in 2020. Broadcast and multicast service is the most efficient mechanism to deliver the same content to many users. Not only focusing on venue casting, but also distributing many other media such as software updates and breaking news, 5G broadcasting is a key driver to a...

  1. Report: Improvements Needed in Key EPA Information System Security Practices

    Science.gov (United States)

    Report #10-P-0146, June 15, 2010. Williams Adley found that EPA program offices lacked evidence that they planned and executed tests of information system security controls as required by federal requirements.

  2. Implementing Resource-aware Multicast Forwarding in Software Defined Networks

    DEFF Research Database (Denmark)

    Poderys, Justas; Sunny, Anjusha; Soler, José

    2018-01-01

    Using multicast data transmissions, data can be eciently distributed to a high number of network users. However, in order to ef-ciently stream multimedia using multicast communication, multicast routing protocols must have knowledge of all network links and their available bandwidth. In Software...

  3. On the security of Y-00 under fast correlation and other attacks on the key

    Science.gov (United States)

    Yuen, Horace P.; Nair, Ranjith

    2007-04-01

    The security of the Y-00 direct encryption protocol under correlation attack is addressed. A Y-00 configuration that is more secure than AES under known-plaintext attack is presented. It is shown that under any ciphertext-only attack, full information-theoretic security on the Y-00 seed key is obtained for any encryption box ENC with proper deliberate signal randomization.

  4. On the security of Y-00 under fast correlation and other attacks on the key

    International Nuclear Information System (INIS)

    Yuen, Horace P.; Nair, Ranjith

    2007-01-01

    The security of the Y-00 direct encryption protocol under correlation attack is addressed. A Y-00 configuration that is more secure than AES under known-plaintext attack is presented. It is shown that under any ciphertext-only attack, full information-theoretic security on the Y-00 seed key is obtained for any encryption box ENC with proper deliberate signal randomization

  5. A high performance totally ordered multicast protocol

    Science.gov (United States)

    Montgomery, Todd; Whetten, Brian; Kaplan, Simon

    1995-01-01

    This paper presents the Reliable Multicast Protocol (RMP). RMP provides a totally ordered, reliable, atomic multicast service on top of an unreliable multicast datagram service such as IP Multicasting. RMP is fully and symmetrically distributed so that no site bears un undue portion of the communication load. RMP provides a wide range of guarantees, from unreliable delivery to totally ordered delivery, to K-resilient, majority resilient, and totally resilient atomic delivery. These QoS guarantees are selectable on a per packet basis. RMP provides many communication options, including virtual synchrony, a publisher/subscriber model of message delivery, an implicit naming service, mutually exclusive handlers for messages, and mutually exclusive locks. It has commonly been held that a large performance penalty must be paid in order to implement total ordering -- RMP discounts this. On SparcStation 10's on a 1250 KB/sec Ethernet, RMP provides totally ordered packet delivery to one destination at 842 KB/sec throughput and with 3.1 ms packet latency. The performance stays roughly constant independent of the number of destinations. For two or more destinations on a LAN, RMP provides higher throughput than any protocol that does not use multicast or broadcast.

  6. Unconditionally secure key distillation from multi-photons in a single-photon polarization based quantum key distribution

    CERN Document Server

    Tamaki, K

    2005-01-01

    In this presentation, we show some counter-examples to a naive belief that the security of QKD is based on no-cloning theorem. One example is shown by explicitly proving that one can indeed generate an unconditionally secure key from Alice's two-photon emission part in "SARG04 protocol" proposed by V. Scarani et al, in Phys. Rev. Lett. 92, 057901 (2004). This protocol differs from BB84 only in the classical communication. It is, thus, interesting to see how only the classical communication of QKD protocol might qualitatively change its security. We also show that one can generate an unconditionally secure key from the single to the four-photon part in a generalized SARG04 that uses six states. Finally, we also compare the bit error rate threshold of these protocols with the one in BB84 and the original six-state protocol assuming a depolarizing channel.

  7. Security of differential-phase-shift quantum key distribution against individual attacks

    International Nuclear Information System (INIS)

    Waks, Edo; Takesue, Hiroki; Yamamoto, Yoshihisa

    2006-01-01

    We derive a proof of security for the differential-phase-shift quantum key distribution protocol under the assumption that Eve is restricted to individual attacks. The security proof is derived by bounding the average collision probability, which leads directly to a bound on Eve's mutual information on the final key. The security proof applies to realistic sources based on pulsed coherent light. We then compare individual attacks to sequential attacks and show that individual attacks are more powerful

  8. Interferometric key readable security holograms with secrete-codes

    Indian Academy of Sciences (India)

    2Department of Applied Physics, Guru Jambheshwar University of Science & Technology,. Hisar 125 001, India. *E-mail: aka1945@rediffmail.com. MS received 21 ... A new method is described to create secrete-codes in the security holograms for enhancing ... ing, or falsification of the valuable products and documents.

  9. Interferometric key readable security holograms with secrete-codes

    Indian Academy of Sciences (India)

    A new method is described to create secrete-codes in the security holograms for enhancing their anti-counterfeiting characteristics. ... Scientific Instruments Organisation, Sector 30, Chandigarh 160 030, India; Department of Applied Physics, Guru Jambheshwar University of Science & Technology, Hisar 125 001, India ...

  10. Managing climatic risks for enhanced food security: Key information capabilities

    NARCIS (Netherlands)

    Balaghi, R.; Badjeck, M.C.; Bakari, D.; Pauw, de E.D.; Wit, de A.J.W.; Defourny, P.; Donato, S.; Gommes, R.; Jlibene, M.; Ravelo, A.C.; Sivakumar, M.V.K.; Telahigue, N.; Tychon, B.

    2010-01-01

    Food security is expected to face increasing challenges from climatic risks that are more and more exacerbated by climate change, especially in the developing world. This document lists some of the main capabilities that have been recently developed, especially in the area of operational

  11. Secure multi-party communication with quantum key distribution managed by trusted authority

    Science.gov (United States)

    Nordholt, Jane Elizabeth; Hughes, Richard John; Peterson, Charles Glen

    2013-07-09

    Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution ("QKD") are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD are extended to multi-party communication scenarios. In addition, the protocols can retain benefit of QKD even when a trusted authority is offline or a large group seeks to establish secure communication within the group.

  12. Secure multi-party communication with quantum key distribution managed by trusted authority

    Science.gov (United States)

    Hughes, Richard John; Nordholt, Jane Elizabeth; Peterson, Charles Glen

    2017-06-14

    Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution ("QKD") are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD are extended to multi-party communication scenarios. In addition, the protocols can retain benefit of QKD even when a trusted authority is offline or a large group seeks to establish secure communication within the group.

  13. Security Issues of the Digital Certificates within Public Key Infrastructures

    Directory of Open Access Journals (Sweden)

    2009-01-01

    Full Text Available The paper presents the basic byte level interpretation of an X.509 v3 digital certificate according to ASN.1 DER/BER encoding. The reasons for byte level analysis are various and important. For instance, a research paper has mentioned how a PKI security may be violated by MD5 collision over information from the certificates. In order to develop further studies on the topic a serious knowledge about certificate structure is necessary.

  14. Why nurses can be key partners in securing philanthropic investments.

    Science.gov (United States)

    Rivet, Nicole

    2014-01-01

    Fund-raisers can truly benefit from collaborating with nurses when they are seeking philanthropic support for their health care systems. Fund-raising is about developing new relationships with potential prospects and strengthening those with current donors. Nurses frequently have some of the best relationships with patients, and they often lead efforts to improve the quality of care in their hospitals. Their professional experience and their ability to connect with people are invaluable skills that can help secure philanthropic investments.

  15. Experimental aspects of deterministic secure quantum key distribution

    Energy Technology Data Exchange (ETDEWEB)

    Walenta, Nino; Korn, Dietmar; Puhlmann, Dirk; Felbinger, Timo; Hoffmann, Holger; Ostermeyer, Martin [Universitaet Potsdam (Germany). Institut fuer Physik; Bostroem, Kim [Universitaet Muenster (Germany)

    2008-07-01

    Most common protocols for quantum key distribution (QKD) use non-deterministic algorithms to establish a shared key. But deterministic implementations can allow for higher net key transfer rates and eavesdropping detection rates. The Ping-Pong coding scheme by Bostroem and Felbinger[1] employs deterministic information encoding in entangled states with its characteristic quantum channel from Bob to Alice and back to Bob. Based on a table-top implementation of this protocol with polarization-entangled photons fundamental advantages as well as practical issues like transmission losses, photon storage and requirements for progress towards longer transmission distances are discussed and compared to non-deterministic protocols. Modifications of common protocols towards a deterministic quantum key distribution are addressed.

  16. Secret-Key-Aided Scheme for Securing Untrusted DF Relaying Networks

    KAUST Repository

    Shafie, Ahmed El

    2017-06-12

    This paper proposes a new scheme to secure the transmissions in an untrusted decode-and-forward (DF) relaying network. A legitimate source node, Alice, sends her data to a legitimate destination node, Bob, with the aid of an untrusted DF relay node, Charlie. To secure the transmissions from Charlie during relaying time slots, each data codeword is secured using a secret-key codeword that has been previously shared between Alice and Bob during the perfectly secured time slots (i.e., when the channel secrecy rate is positive). The secret-key bits exchanged between Alice and Bob are stored in a finite-length buffer and are used to secure data transmission whenever needed. We model the secret-key buffer as a queueing system and analyze its Markov chain. Our numerical results show the gains of our proposed scheme relative to benchmarks. Moreover, the proposed scheme achieves an upper bound on the secure throughput.

  17. Secret-Key-Aided Scheme for Securing Untrusted DF Relaying Networks

    KAUST Repository

    Shafie, Ahmed El; Salem, Ahmed Sultan; Mabrouk, Asma; Tourki, Kamel; Al-Dhahir, Naofal

    2017-01-01

    This paper proposes a new scheme to secure the transmissions in an untrusted decode-and-forward (DF) relaying network. A legitimate source node, Alice, sends her data to a legitimate destination node, Bob, with the aid of an untrusted DF relay node, Charlie. To secure the transmissions from Charlie during relaying time slots, each data codeword is secured using a secret-key codeword that has been previously shared between Alice and Bob during the perfectly secured time slots (i.e., when the channel secrecy rate is positive). The secret-key bits exchanged between Alice and Bob are stored in a finite-length buffer and are used to secure data transmission whenever needed. We model the secret-key buffer as a queueing system and analyze its Markov chain. Our numerical results show the gains of our proposed scheme relative to benchmarks. Moreover, the proposed scheme achieves an upper bound on the secure throughput.

  18. Secure Clustering and Symmetric Key Establishment in Heterogeneous Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Azarderskhsh Reza

    2011-01-01

    Full Text Available Information security in infrastructureless wireless sensor networks (WSNs is one of the most important research challenges. In these networks, sensor nodes are typically sprinkled liberally in the field in order to monitor, gather, disseminate, and provide the sensed data to the command node. Various studies have focused on key establishment schemes in homogeneous WSNs. However, recent research has shown that achieving survivability in WSNs requires a hierarchy and heterogeneous infrastructure. In this paper, to address security issues in the heterogeneous WSNs, we propose a secure clustering scheme along with a deterministic pairwise key management scheme based on public key cryptography. The proposed security mechanism guarantees that any two sensor nodes located in the same cluster and routing path can directly establish a pairwise key without disclosing any information to other nodes. Through security performance evaluation, it is shown that the proposed scheme guarantees node-to-node authentication, high resiliency against node capture, and minimum memory space requirement.

  19. An Encryption Key for Secure Authentication: The Dynamic Solution

    Directory of Open Access Journals (Sweden)

    Zubayr Khalid

    2017-06-01

    Full Text Available In modern day technology, the Information Society is at risk. Passwords are a multi-user computer systems usual first line of defence against intrusion. A password may be textual with any combination of alphanumeric characters or biometric or 3-D. But no authentication protocol is fully secured against todays hackers as all of them are Static in type. Dynamic authentication protocol is still a theoretical concept. In this paper, we are focusing on a concept of authentication technique which is actually dynamic in genre, i.e. the password here will change in t time (where t is as small as possible. This technique comprises of both hardware and software part. In this paper, we have covered the idea of generating an efficient algorithm that can work as the final in the Dynamic Password Authentication system. We have used standard deviation within statistics to generalize the possible password which is further secured by Feistel Block Cipher and Advanced Encryption Standard technique (AES, leading and following the said mathematics respectively. In order to allow the system to create variable password in the least time interval possible, we must make sure our process is not much complex.

  20. Strategies for Overcoming Key Barriers to Development of a National Security Workforce

    Energy Technology Data Exchange (ETDEWEB)

    None

    2008-06-30

    This report documents the strategies for overcoming identified key barriers to development of an adequate national security workforce as part of the National Security Preparedness Project (NSPP) being performed under a Department of Energy (DOE) National Nuclear Security Administration (NNSA) grant. Many barriers currently exist that prevent the development of an adequate number of properly trained national security personnel. The identified strategies to address the barriers will focus on both short-term and long-term efforts, as well as strategies to capture legacy knowledge of retiring national security workforce personnel.

  1. Secure networking quantum key distribution schemes with Greenberger-Horne-Zeilinger states

    Energy Technology Data Exchange (ETDEWEB)

    Guo, Ying; Shi, Ronghua [School of Information Science and Engineering, Central South University, Changsha 410083 (China); Zeng, Guihua [Department of Electronic Engineering, Shanghai Jiaotong University, Shanghai 200030 (China)], E-mail: sdguoying@gmail.com, E-mail: rhshi@mail.edu.com, E-mail: ghzeng@sjtu.edu.cn

    2010-04-15

    A novel approach to quantum cryptography to be called NQKD, networking quantum key distribution, has been developed for secure quantum communication schemes on the basis of the complementary relations of entanglement Greenberger-Horne-Zeilinger (GHZ) triplet states. One scheme distributes the private key among legal participants in a probabilistic manner, while another transmits the deterministic message with some certainty. Some decoy photons are employed for preventing a potential eavesdropper from attacking quantum channels. The present schemes are efficient as there exists an elegant method for key distributions. The security of the proposed schemes is exactly guaranteed by the entanglement of the GHZ quantum system, which is illustrated in security analysis.

  2. Secure networking quantum key distribution schemes with Greenberger-Horne-Zeilinger states

    International Nuclear Information System (INIS)

    Guo, Ying; Shi, Ronghua; Zeng, Guihua

    2010-01-01

    A novel approach to quantum cryptography to be called NQKD, networking quantum key distribution, has been developed for secure quantum communication schemes on the basis of the complementary relations of entanglement Greenberger-Horne-Zeilinger (GHZ) triplet states. One scheme distributes the private key among legal participants in a probabilistic manner, while another transmits the deterministic message with some certainty. Some decoy photons are employed for preventing a potential eavesdropper from attacking quantum channels. The present schemes are efficient as there exists an elegant method for key distributions. The security of the proposed schemes is exactly guaranteed by the entanglement of the GHZ quantum system, which is illustrated in security analysis.

  3. Improved security proofs and constructions for public-key cryptography

    OpenAIRE

    Pan, Jiaxin (M. Sc.)

    2016-01-01

    Diese Arbeit verbessert die Sicherheitsanalyse und Konstruktierbarkeit von Public-Key-Kryptographie: Der erste Teil der Arbeit schlägt einen vereinfachten Sicherheitsbeweis für digitale Signaturverfahren von kanonischen Identifikationsschemata über die klassischen Fiat-Shamir-Transformation im Random Oracle Modell vor. Der zweite Teil der Arbeit schlägt eine neue Variante der Message Authentication Codes (MACs) vor, die sogenannten affinen MACs. Außerdem wird eine generische Transform...

  4. Information security system based on virtual-optics imaging methodology and public key infrastructure

    Science.gov (United States)

    Peng, Xiang; Zhang, Peng; Cai, Lilong

    In this paper, we present a virtual-optical based information security system model with the aid of public-key-infrastructure (PKI) techniques. The proposed model employs a hybrid architecture in which our previously published encryption algorithm based on virtual-optics imaging methodology (VOIM) can be used to encipher and decipher data while an asymmetric algorithm, for example RSA, is applied for enciphering and deciphering the session key(s). For an asymmetric system, given an encryption key, it is computationally infeasible to determine the decryption key and vice versa. The whole information security model is run under the framework of PKI, which is on basis of public-key cryptography and digital signatures. This PKI-based VOIM security approach has additional features like confidentiality, authentication, and integrity for the purpose of data encryption under the environment of network.

  5. Providing resilience for carrier ethernet multicast traffic

    DEFF Research Database (Denmark)

    Ruepp, Sarah Renée; Wessing, Henrik; Zhang, Jiang

    2009-01-01

    This paper presents an overview of the Carrier Ethernet technology with specific focus on resilience. In particular, we detail how multicast traffic, which is essential for e.g. IPTV can be protected. We present Carrier Ethernet resilience methods for linear and ring networks and show by simulation...

  6. Blockchain-based Public Key Infrastructure for Inter-Domain Secure Routing

    OpenAIRE

    de la Rocha Gómez-Arevalillo , Alfonso; Papadimitratos , Panos

    2017-01-01

    International audience; A gamut of secure inter-domain routing protocols has been proposed in the literature. They use traditional PGP-like and centralized Public Key Infrastructures for trust management. In this paper, we propose our alternative approach for managing security associations, Secure Blockchain Trust Management (SBTM), a trust management system that instantiates a blockchain-based PKI for the operation of securerouting protocols. A main motivation for SBTM is to facilitate gradu...

  7. Public Key Infrastructure (PKI) Interoperability: A Security Services Approach to Support Transfer of Trust

    National Research Council Canada - National Science Library

    Hansen, Anthony

    1999-01-01

    Public key infrastructure (PKI) technology is at a primitive stage characterized by deployment of PKIs that are engineered to support the provision of security services within individual enterprises, and are not able to support...

  8. Ancestors protocol for scalable key management

    Directory of Open Access Journals (Sweden)

    Dieter Gollmann

    2010-06-01

    Full Text Available Group key management is an important functional building block for secure multicast architecture. Thereby, it has been extensively studied in the literature. The main proposed protocol is Adaptive Clustering for Scalable Group Key Management (ASGK. According to ASGK protocol, the multicast group is divided into clusters, where each cluster consists of areas of members. Each cluster uses its own Traffic Encryption Key (TEK. These clusters are updated periodically depending on the dynamism of the members during the secure session. The modified protocol has been proposed based on ASGK with some modifications to balance the number of affected members and the encryption/decryption overhead with any number of the areas when a member joins or leaves the group. This modified protocol is called Ancestors protocol. According to Ancestors protocol, every area receives the dynamism of the members from its parents. The main objective of the modified protocol is to reduce the number of affected members during the leaving and joining members, then 1 affects n overhead would be reduced. A comparative study has been done between ASGK protocol and the modified protocol. According to the comparative results, it found that the modified protocol is always outperforming the ASGK protocol.

  9. A General Construction of IND-CCA2 Secure Public Key Encryption

    DEFF Research Database (Denmark)

    Kiltz, Eike; Malone-Lee, John

    2003-01-01

    We propose a general construction for public key encryption schemes that are IND-CCA2 secure in the random oracle model. We show that the scheme proposed in [1, 2] fits our general framework and moreover that our method of analysis leads to a more efficient security reduction....

  10. A Novel Re-keying Function Protocol (NRFP For Wireless Sensor Network Security

    Directory of Open Access Journals (Sweden)

    Naif Alsharabi

    2008-12-01

    Full Text Available This paper describes a novel re-keying function protocol (NRFP for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs, covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding in-network processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks.

  11. A Novel Re-keying Function Protocol (NRFP) For Wireless Sensor Network Security

    Science.gov (United States)

    Abdullah, Maan Younis; Hua, Gui Wei; Alsharabi, Naif

    2008-01-01

    This paper describes a novel re-keying function protocol (NRFP) for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs), covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding innetwork processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks. PMID:27873963

  12. A Novel Re-keying Function Protocol (NRFP) For Wireless Sensor Network Security.

    Science.gov (United States)

    Abdullah, Maan Younis; Hua, Gui Wei; Alsharabi, Naif

    2008-12-04

    This paper describes a novel re-keying function protocol (NRFP) for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs), covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding in-network processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks.

  13. Symmetric Link Key Management for Secure Neighbor Discovery in a Decentralized Wireless Sensor Network

    Science.gov (United States)

    2017-09-01

    KEY MANAGEMENT FOR SECURE NEIGHBOR DISCOVERY IN A DECENTRALIZED WIRELESS SENSOR NETWORK by Kelvin T. Chew September 2017 Thesis Advisor...and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188) Washington, DC 20503. 1. AGENCY USE ONLY (Leave blank) 2. REPORT...DATE September 2017 3. REPORT TYPE AND DATES COVERED Master’s thesis 4. TITLE AND SUBTITLE SYMMETRIC LINK KEY MANAGEMENT FOR SECURE NEIGHBOR

  14. Security of a single-state semi-quantum key distribution protocol

    Science.gov (United States)

    Zhang, Wei; Qiu, Daowen; Mateus, Paulo

    2018-06-01

    Semi-quantum key distribution protocols are allowed to set up a secure secret key between two users. Compared with their full quantum counterparts, one of the two users is restricted to perform some "classical" or "semi-quantum" operations, which potentially makes them easily realizable by using less quantum resource. However, the semi-quantum key distribution protocols mainly rely on a two-way quantum channel. The eavesdropper has two opportunities to intercept the quantum states transmitted in the quantum communication stage. It may allow the eavesdropper to get more information and make the security analysis more complicated. In the past ten years, many semi-quantum key distribution protocols have been proposed and proved to be robust. However, there are few works concerning their unconditional security. It is doubted that how secure the semi-quantum ones are and how much noise they can tolerate to establish a secure secret key. In this paper, we prove the unconditional security of a single-state semi-quantum key distribution protocol proposed by Zou et al. (Phys Rev A 79:052312, 2009). We present a complete proof from information theory aspect by deriving a lower bound of the protocol's key rate in the asymptotic scenario. Using this bound, we figure out an error threshold value such that for all error rates that are less than this threshold value, the secure secret key can be established between the legitimate users definitely. Otherwise, the users should abort the protocol. We make an illustration of the protocol under the circumstance that the reverse quantum channel is a depolarizing one with parameter q. Additionally, we compare the error threshold value with some full quantum protocols and several existing semi-quantum ones whose unconditional security proofs have been provided recently.

  15. Understanding security failures of two authentication and key agreement schemes for telecare medicine information systems.

    Science.gov (United States)

    Mishra, Dheerendra

    2015-03-01

    Smart card based authentication and key agreement schemes for telecare medicine information systems (TMIS) enable doctors, nurses, patients and health visitors to use smart cards for secure login to medical information systems. In recent years, several authentication and key agreement schemes have been proposed to present secure and efficient solution for TMIS. Most of the existing authentication schemes for TMIS have either higher computation overhead or are vulnerable to attacks. To reduce the computational overhead and enhance the security, Lee recently proposed an authentication and key agreement scheme using chaotic maps for TMIS. Xu et al. also proposed a password based authentication and key agreement scheme for TMIS using elliptic curve cryptography. Both the schemes provide better efficiency from the conventional public key cryptography based schemes. These schemes are important as they present an efficient solution for TMIS. We analyze the security of both Lee's scheme and Xu et al.'s schemes. Unfortunately, we identify that both the schemes are vulnerable to denial of service attack. To understand the security failures of these cryptographic schemes which are the key of patching existing schemes and designing future schemes, we demonstrate the security loopholes of Lee's scheme and Xu et al.'s scheme in this paper.

  16. Key-Insulated Undetachable Digital Signature Scheme and Solution for Secure Mobile Agents in Electronic Commerce

    Directory of Open Access Journals (Sweden)

    Yang Shi

    2016-01-01

    Full Text Available Considering the security of both the customers’ hosts and the eShops’ servers, we introduce the idea of a key-insulated undetachable digital signature, enabling mobile agents to generate undetachable digital signatures on remote hosts with the key-insulated property of the original signer’s signing key. From the theoretical perspective, we provide the formal definition and security notion of a key-insulated undetachable digital signature. From the practical perspective, we propose a concrete scheme to secure mobile agents in electronic commerce. The scheme is mainly focused on protecting the signing key from leakage and preventing the misuse of the signature algorithm on malicious servers. Agents do not carry the signing key when they generate digital signatures on behalf of the original signer, so the key is protected on remote servers. Furthermore, if a hacker gains the signing key of the original signer, the hacker is still unable to forge a signature for any time period other than the key being accessed. In addition, the encrypted function is combined with the original signer’s requirement to prevent the misuse of signing algorithm. The scheme is constructed on gap Diffie–Hellman groups with provable security, and the performance testing indicates that the scheme is efficient.

  17. Security bound of continuous-variable quantum key distribution with noisy coherent states and channel

    International Nuclear Information System (INIS)

    Shen Yong; Yang Jian; Guo Hong

    2009-01-01

    Security of a continuous-variable quantum key distribution protocol based on noisy coherent states and channel is analysed. Assuming that the noise of coherent states is induced by Fred, a neutral party relative to others, we prove that the prepare-and-measurement scheme (P and M) and entanglement-based scheme (E-B) are equivalent. Then, we show that this protocol is secure against Gaussian collective attacks even if the channel is lossy and noisy, and, further, a lower bound to the secure key rate is derived.

  18. Continuous-variable quantum authentication of physical unclonable keys: Security against an emulation attack

    Science.gov (United States)

    Nikolopoulos, Georgios M.

    2018-01-01

    We consider a recently proposed entity authentication protocol in which a physical unclonable key is interrogated by random coherent states of light, and the quadratures of the scattered light are analyzed by means of a coarse-grained homodyne detection. We derive a sufficient condition for the protocol to be secure against an emulation attack in which an adversary knows the challenge-response properties of the key and moreover, he can access the challenges during the verification. The security analysis relies on Holevo's bound and Fano's inequality, and suggests that the protocol is secure against the emulation attack for a broad range of physical parameters that are within reach of today's technology.

  19. Security bound of continuous-variable quantum key distribution with noisy coherent states and channel

    Energy Technology Data Exchange (ETDEWEB)

    Shen Yong; Yang Jian; Guo Hong, E-mail: hongguo@pku.edu.c [CREAM Group, State Key Laboratory of Advanced Optical Communication Systems and Networks (Peking University) and Institute of Quantum Electronics, School of Electronics Engineering and Computer Science, Peking University, Beijing 100871 (China)

    2009-12-14

    Security of a continuous-variable quantum key distribution protocol based on noisy coherent states and channel is analysed. Assuming that the noise of coherent states is induced by Fred, a neutral party relative to others, we prove that the prepare-and-measurement scheme (P and M) and entanglement-based scheme (E-B) are equivalent. Then, we show that this protocol is secure against Gaussian collective attacks even if the channel is lossy and noisy, and, further, a lower bound to the secure key rate is derived.

  20. Semi-device-independent security of one-way quantum key distribution

    OpenAIRE

    Pawlowski, Marcin; Brunner, Nicolas

    2011-01-01

    By testing nonlocality, the security of entanglement-based quantum key distribution (QKD) can be enhanced to being 'device-independent'. Here we ask whether such a strong form of security could also be established for one-way (prepare and measure) QKD. While fully device-independent security is impossible, we show that security can be guaranteed against individual attacks in a semi-device-independent scenario. In the latter, the devices used by the trusted parties are non-characterized, but t...

  1. [Principles and methodology for ecological rehabilitation and security pattern design in key project construction].

    Science.gov (United States)

    Chen, Li-Ding; Lu, Yi-He; Tian, Hui-Ying; Shi, Qian

    2007-03-01

    Global ecological security becomes increasingly important with the intensive human activities. The function of ecological security is influenced by human activities, and in return, the efficiency of human activities will also be affected by the patterns of regional ecological security. Since the 1990s, China has initiated the construction of key projects "Yangtze Three Gorges Dam", "Qinghai-Tibet Railway", "West-to-East Gas Pipeline", "West-to-East Electricity Transmission" and "South-to-North Water Transfer" , etc. The interaction between these projects and regional ecological security has particularly attracted the attention of Chinese government. It is not only important for the regional environmental protection, but also of significance for the smoothly implementation of various projects aimed to develop an ecological rehabilitation system and to design a regional ecological security pattern. This paper made a systematic analysis on the types and characteristics of key project construction and their effects on the environment, and on the basis of this, brought forward the basic principles and methodology for ecological rehabilitation and security pattern design in this construction. It was considered that the following issues should be addressed in the implementation of a key project: 1) analysis and evaluation of current regional ecological environment, 2) evaluation of anthropogenic disturbances and their ecological risk, 3) regional ecological rehabilitation and security pattern design, 4) scenario analysis of environmental benefits of regional ecological security pattern, 5) re-optimization of regional ecological system framework, and 6) establishment of regional ecosystem management plan.

  2. Efficient KDM-CCA Secure Public-Key Encryption via Auxiliary-Input Authenticated Encryption

    Directory of Open Access Journals (Sweden)

    Shuai Han

    2017-01-01

    Full Text Available KDM[F]-CCA security of public-key encryption (PKE ensures the privacy of key-dependent messages f(sk which are closely related to the secret key sk, where f∈F, even if the adversary is allowed to make decryption queries. In this paper, we study the design of KDM-CCA secure PKE. To this end, we develop a new primitive named Auxiliary-Input Authenticated Encryption (AIAE. For AIAE, we introduce two related-key attack (RKA security notions, including IND-RKA and weak-INT-RKA. We present a generic construction of AIAE from tag-based hash proof system (HPS and one-time secure authenticated encryption (AE and give an instantiation of AIAE under the Decisional Diffie-Hellman (DDH assumption. Using AIAE as an essential building block, we give two constructions of efficient KDM-CCA secure PKE based on the DDH and the Decisional Composite Residuosity (DCR assumptions. Specifically, (i our first PKE construction is the first one achieving KDM[Faff]-CCA security for the set of affine functions and compactness of ciphertexts simultaneously. (ii Our second PKE construction is the first one achieving KDM[Fpolyd]-CCA security for the set of polynomial functions and almost compactness of ciphertexts simultaneously. Our PKE constructions are very efficient; in particular, they are pairing-free and NIZK-free.

  3. Implementing Resource-aware Multicast Forwarding in Software Defined Networks

    DEFF Research Database (Denmark)

    Poderys, Justas; Sunny, Anjusha; Soler, José

    2018-01-01

    Using multicast data transmissions, data can be eciently distributed to a high number of network users. However, in order to ef-ciently stream multimedia using multicast communication, multicast routing protocols must have knowledge of all network links and their available bandwidth. In Software......-Karp algorithm, by taking into account network topology and links load information. This paper presents the algorithm, implementation details, and an analysis of the testing results....

  4. Physical Layer Secret-Key Generation Scheme for Transportation Security Sensor Network.

    Science.gov (United States)

    Yang, Bin; Zhang, Jianfeng

    2017-06-28

    Wireless Sensor Networks (WSNs) are widely used in different disciplines, including transportation systems, agriculture field environment monitoring, healthcare systems, and industrial monitoring. The security challenge of the wireless communication link between sensor nodes is critical in WSNs. In this paper, we propose a new physical layer secret-key generation scheme for transportation security sensor network. The scheme is based on the cooperation of all the sensor nodes, thus avoiding the key distribution process, which increases the security of the system. Different passive and active attack models are analyzed in this paper. We also prove that when the cooperative node number is large enough, even when the eavesdropper is equipped with multiple antennas, the secret-key is still secure. Numerical results are performed to show the efficiency of the proposed scheme.

  5. Efficient and Security Enhanced Anonymous Authentication with Key Agreement Scheme in Wireless Sensor Networks.

    Science.gov (United States)

    Jung, Jaewook; Moon, Jongho; Lee, Donghoon; Won, Dongho

    2017-03-21

    At present, users can utilize an authenticated key agreement protocol in a Wireless Sensor Network (WSN) to securely obtain desired information, and numerous studies have investigated authentication techniques to construct efficient, robust WSNs. Chang et al. recently presented an authenticated key agreement mechanism for WSNs and claimed that their authentication mechanism can both prevent various types of attacks, as well as preserve security properties. However, we have discovered that Chang et al's method possesses some security weaknesses. First, their mechanism cannot guarantee protection against a password guessing attack, user impersonation attack or session key compromise. Second, the mechanism results in a high load on the gateway node because the gateway node should always maintain the verifier tables. Third, there is no session key verification process in the authentication phase. To this end, we describe how the previously-stated weaknesses occur and propose a security-enhanced version for WSNs. We present a detailed analysis of the security and performance of our authenticated key agreement mechanism, which not only enhances security compared to that of related schemes, but also takes efficiency into consideration.

  6. A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity.

    Science.gov (United States)

    Amin, Ruhul; Biswas, G P

    2015-08-01

    Telecare medical information system (TMIS) makes an efficient and convenient connection between patient(s)/user(s) and doctor(s) over the insecure internet. Therefore, data security, privacy and user authentication are enormously important for accessing important medical data over insecure communication. Recently, many user authentication protocols for TMIS have been proposed in the literature and it has been observed that most of the protocols cannot achieve complete security requirements. In this paper, we have scrutinized two (Mishra et al., Xu et al.) remote user authentication protocols using smart card and explained that both the protocols are suffering against several security weaknesses. We have then presented three-factor user authentication and key agreement protocol usable for TMIS, which fix the security pitfalls of the above mentioned schemes. The informal cryptanalysis makes certain that the proposed protocol provides well security protection on the relevant security attacks. Furthermore, the simulator AVISPA tool confirms that the protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The security functionalities and performance comparison analysis confirm that our protocol not only provide strong protection on security attacks, but it also achieves better complexities along with efficient login and password change phase as well as session key verification property.

  7. Cross-Layer Optimal Rate Allocation for Heterogeneous Wireless Multicast

    Directory of Open Access Journals (Sweden)

    Amr Mohamed

    2009-01-01

    Full Text Available Heterogeneous multicast is an efficient communication scheme especially for multimedia applications running over multihop networks. The term heterogeneous refers to the phenomenon when multicast receivers in the same session require service at different rates commensurate with their capabilities. In this paper, we address the problem of resource allocation for a set of heterogeneous multicast sessions over multihop wireless networks. We propose an iterative algorithm that achieves the optimal rates for a set of heterogeneous multicast sessions such that the aggregate utility for all sessions is maximized. We present the formulation of the multicast resource allocation problem as a nonlinear optimization model and highlight the cross-layer framework that can solve this problem in a distributed ad hoc network environment with asynchronous computations. Our simulations show that the algorithm achieves optimal resource utilization, guarantees fairness among multicast sessions, provides flexibility in allocating rates over different parts of the multicast sessions, and adapts to changing conditions such as dynamic channel capacity and node mobility. Our results show that the proposed algorithm not only provides flexibility in allocating resources across multicast sessions, but also increases the aggregate system utility and improves the overall system throughput by almost 30% compared to homogeneous multicast.

  8. A Survey of Public Key Infrastructure-Based Security for Mobile Communication Systems

    Directory of Open Access Journals (Sweden)

    Mohammed Ramadan

    2016-08-01

    Full Text Available Mobile communication security techniques are employed to guard the communication between the network entities. Mobile communication cellular systems have become one of the most important communication systems in recent times and are used by millions of people around the world. Since the 1990s, considerable efforts have been taken to improve both the communication and security features of the mobile communications systems. However, these improvements divide the mobile communications field into different generations according to the communication and security techniques such as A3, A5 and A8 algorithms for 2G-GSM cellular system, 3G-authentication and key agreement (AKA, evolved packet system-authentication and key agreement (EPS-AKA, and long term evolution-authentication and key agreement (LTE-AKA algorithms for 3rd generation partnership project (3GPP systems. Furthermore, these generations have many vulnerabilities, and huge security work is involved to solve such problems. Some of them are in the field of the public key cryptography (PKC which requires a high computational cost and more network flexibility to be achieved. As such, the public key infrastructure (PKI is more compatible with the modern generations due to the superior communications features. This paper surveys the latest proposed works on the security of GSM, CDMA, and LTE cellular systems using PKI. Firstly, we present the security issues for each generation of mobile communication systems, then we study and analyze the latest proposed schemes and give some comparisons. Finally, we introduce some new directions for the future scope. This paper classifies the mobile communication security schemes according to the techniques used for each cellular system and covers some of the PKI-based security techniques such as authentication, key agreement, and privacy preserving.

  9. One-time pad, complexity of verification of keys, and practical security of quantum cryptography

    Energy Technology Data Exchange (ETDEWEB)

    Molotkov, S. N., E-mail: sergei.molotkov@gmail.com [Russian Academy of Sciences, Institute of Solid State Physics (Russian Federation)

    2016-11-15

    A direct relation between the complexity of the complete verification of keys, which is one of the main criteria of security in classical systems, and a trace distance used in quantum cryptography is demonstrated. Bounds for the minimum and maximum numbers of verification steps required to determine the actual key are obtained.

  10. One-time pad, complexity of verification of keys, and practical security of quantum cryptography

    International Nuclear Information System (INIS)

    Molotkov, S. N.

    2016-01-01

    A direct relation between the complexity of the complete verification of keys, which is one of the main criteria of security in classical systems, and a trace distance used in quantum cryptography is demonstrated. Bounds for the minimum and maximum numbers of verification steps required to determine the actual key are obtained.

  11. Virtual-optical information security system based on public key infrastructure

    Science.gov (United States)

    Peng, Xiang; Zhang, Peng; Cai, Lilong; Niu, Hanben

    2005-01-01

    A virtual-optical based encryption model with the aid of public key infrastructure (PKI) is presented in this paper. The proposed model employs a hybrid architecture in which our previously published encryption method based on virtual-optics scheme (VOS) can be used to encipher and decipher data while an asymmetric algorithm, for example RSA, is applied for enciphering and deciphering the session key(s). The whole information security model is run under the framework of international standard ITU-T X.509 PKI, which is on basis of public-key cryptography and digital signatures. This PKI-based VOS security approach has additional features like confidentiality, authentication, and integrity for the purpose of data encryption under the environment of network. Numerical experiments prove the effectiveness of the method. The security of proposed model is briefly analyzed by examining some possible attacks from the viewpoint of a cryptanalysis.

  12. Security of public key encryption technique based on multiple chaotic systems

    International Nuclear Information System (INIS)

    Wang Kai; Pei Wenjiang; Zou Liuhua; Cheung Yiuming; He Zhenya

    2006-01-01

    Recently, a new public key encryption technique based on multiple chaotic systems has been proposed [B. Ranjan, Phys. Rev. Lett. 95 (2005) 098702]. This scheme employs m-chaotic systems and a set of linear functions for key exchange over an insecure channel. Security of the proposed algorithm grows as (NP) m , where N, P are the size of the key and the computational complexity of the linear functions respectively. In this Letter, the fundamental weakness of the cryptosystem is pointed out and a successful attack is described. Given the public keys and the initial vector, one can calculate the secret key based on Parseval's theorem. Both theoretical and experimental results show that the attacker can access to the secret key without difficulty. The lack of security discourages the use of such algorithm for practical applications

  13. Integrating security in a group oriented distributed system

    Science.gov (United States)

    Reiter, Michael; Birman, Kenneth; Gong, LI

    1992-01-01

    A distributed security architecture is proposed for incorporation into group oriented distributed systems, and in particular, into the Isis distributed programming toolkit. The primary goal of the architecture is to make common group oriented abstractions robust in hostile settings, in order to facilitate the construction of high performance distributed applications that can tolerate both component failures and malicious attacks. These abstractions include process groups and causal group multicast. Moreover, a delegation and access control scheme is proposed for use in group oriented systems. The focus is the security architecture; particular cryptosystems and key exchange protocols are not emphasized.

  14. Fault recovery in the reliable multicast protocol

    Science.gov (United States)

    Callahan, John R.; Montgomery, Todd L.; Whetten, Brian

    1995-01-01

    The Reliable Multicast Protocol (RMP) provides a unique, group-based model for distributed programs that need to handle reconfiguration events at the application layer. This model, called membership views, provides an abstraction in which events such as site failures, network partitions, and normal join-leave events are viewed as group reformations. RMP provides access to this model through an application programming interface (API) that notifies an application when a group is reformed as the result of a some event. RMP provides applications with reliable delivery of messages using an underlying IP Multicast (12, 5) media to other group members in a distributed environment even in the case of reformations. A distributed application can use various Quality of Service (QoS) levels provided by RMP to tolerate group reformations. This paper explores the implementation details of the mechanisms in RMP that provide distributed applications with membership view information and fault recovery capabilities.

  15. A Secure Key Establishment Protocol for ZigBee Wireless Sensor Networks

    DEFF Research Database (Denmark)

    Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

    2009-01-01

    ZigBee is a wireless sensor network standard that defines network and application layers on top of IEEE 802.15.4’s physical and medium access control layers. In the latest version of ZigBee, enhancements are prescribed for the security sublayer but we show in this paper that problems persist....... In particular we show that the End-to-End Application Key Establishment Protocol is flawed and we propose a secure protocol instead. We do so by using formal verification techniques based on static program analysis and process algebras. We present a way of using formal methods in wireless network security......, and propose a secure key establishment protocol for ZigBee networks....

  16. On the security of a novel key agreement protocol based on chaotic maps

    International Nuclear Information System (INIS)

    Xiang Tao; Wong, K.-W.; Liao Xiaofeng

    2009-01-01

    Recently, Xiao et al. proposed a novel key agreement protocol based on Chebyshev chaotic map. In this paper, the security of the protocol is analyzed, and two attack methods can be found in different scenarios. The essential principle of Xiao et al.'s scheme is summarized. It is also pointed out with proof that any attempt along this line to improve the security of Chebyshev map is redundant.

  17. Semi-device-independent security of one-way quantum key distribution

    International Nuclear Information System (INIS)

    Pawlowski, Marcin; Brunner, Nicolas

    2011-01-01

    By testing nonlocality, the security of entanglement-based quantum key distribution (QKD) can be enhanced to being ''device-independent.'' Here we ask whether such a strong form of security could also be established for one-way (prepare and measure) QKD. While fully device-independent security is impossible, we show that security can be guaranteed against individual attacks in a semi-device-independent scenario. In the latter, the devices used by the trusted parties are noncharacterized, but the dimensionality of the quantum systems used in the protocol is assumed to be bounded. Our security proof relies on the analogies between one-way QKD, dimension witnesses, and random-access codes.

  18. Asynchronous Group Key Distribution on top of the CC2420 Security Mechanisms for Sensor Networks

    DEFF Research Database (Denmark)

    Hansen, Morten Tranberg

    2009-01-01

    scheme with no time synchronization requirements. The scheme decreases the number of key updates by providing them on an as needed basis according to the amount of network traffic. We evaluate the CC2420 radio security mechanism and show how to use it as a basis to implement secure group communication......A sensor network is a network consisting of small, inexpensive, low-powered sensor nodes that communicate to complete a common task. Sensor nodes are characterized by having limited communication and computation capabilities, energy, and storage. They often are deployed in hostile environments...... creating a demand for encryption and authentication of the messages sent between them. Due to severe resource constraints on the sensor nodes, efficient key distribution schemes and secure communication protocols with low overhead are desired. In this paper we present an asynchronous group key distribution...

  19. Enhancing LoRaWAN Security through a Lightweight and Authenticated Key Management Approach.

    Science.gov (United States)

    Sanchez-Iborra, Ramon; Sánchez-Gómez, Jesús; Pérez, Salvador; Fernández, Pedro J; Santa, José; Hernández-Ramos, José L; Skarmeta, Antonio F

    2018-06-05

    Luckily, new communication technologies and protocols are nowadays designed considering security issues. A clear example of this can be found in the Internet of Things (IoT) field, a quite recent area where communication technologies such as ZigBee or IPv6 over Low power Wireless Personal Area Networks (6LoWPAN) already include security features to guarantee authentication, confidentiality and integrity. More recent technologies are Low-Power Wide-Area Networks (LP-WAN), which also consider security, but present initial approaches that can be further improved. An example of this can be found in Long Range (LoRa) and its layer-two supporter LoRa Wide Area Network (LoRaWAN), which include a security scheme based on pre-shared cryptographic material lacking flexibility when a key update is necessary. Because of this, in this work, we evaluate the security vulnerabilities of LoRaWAN in the area of key management and propose different alternative schemes. Concretely, the application of an approach based on the recently specified Ephemeral Diffie⁻Hellman Over COSE (EDHOC) is found as a convenient solution, given its flexibility in the update of session keys, its low computational cost and the limited message exchanges needed. A comparative conceptual analysis considering the overhead of different security schemes for LoRaWAN is carried out in order to evaluate their benefits in the challenging area of LP-WAN.

  20. Enhancing LoRaWAN Security through a Lightweight and Authenticated Key Management Approach

    Directory of Open Access Journals (Sweden)

    Ramon Sanchez-Iborra

    2018-06-01

    Full Text Available Luckily, new communication technologies and protocols are nowadays designed considering security issues. A clear example of this can be found in the Internet of Things (IoT field, a quite recent area where communication technologies such as ZigBee or IPv6 over Low power Wireless Personal Area Networks (6LoWPAN already include security features to guarantee authentication, confidentiality and integrity. More recent technologies are Low-Power Wide-Area Networks (LP-WAN, which also consider security, but present initial approaches that can be further improved. An example of this can be found in Long Range (LoRa and its layer-two supporter LoRa Wide Area Network (LoRaWAN, which include a security scheme based on pre-shared cryptographic material lacking flexibility when a key update is necessary. Because of this, in this work, we evaluate the security vulnerabilities of LoRaWAN in the area of key management and propose different alternative schemes. Concretely, the application of an approach based on the recently specified Ephemeral Diffie–Hellman Over COSE (EDHOC is found as a convenient solution, given its flexibility in the update of session keys, its low computational cost and the limited message exchanges needed. A comparative conceptual analysis considering the overhead of different security schemes for LoRaWAN is carried out in order to evaluate their benefits in the challenging area of LP-WAN.

  1. Semi-quantum communication: protocols for key agreement, controlled secure direct communication and dialogue

    Science.gov (United States)

    Shukla, Chitra; Thapliyal, Kishore; Pathak, Anirban

    2017-12-01

    Semi-quantum protocols that allow some of the users to remain classical are proposed for a large class of problems associated with secure communication and secure multiparty computation. Specifically, first-time semi-quantum protocols are proposed for key agreement, controlled deterministic secure communication and dialogue, and it is shown that the semi-quantum protocols for controlled deterministic secure communication and dialogue can be reduced to semi-quantum protocols for e-commerce and private comparison (socialist millionaire problem), respectively. Complementing with the earlier proposed semi-quantum schemes for key distribution, secret sharing and deterministic secure communication, set of schemes proposed here and subsequent discussions have established that almost every secure communication and computation tasks that can be performed using fully quantum protocols can also be performed in semi-quantum manner. Some of the proposed schemes are completely orthogonal-state-based, and thus, fundamentally different from the existing semi-quantum schemes that are conjugate coding-based. Security, efficiency and applicability of the proposed schemes have been discussed with appropriate importance.

  2. Password-only authenticated three-party key exchange with provable security in the standard model.

    Science.gov (United States)

    Nam, Junghyun; Choo, Kim-Kwang Raymond; Kim, Junghwan; Kang, Hyun-Kyu; Kim, Jinsoo; Paik, Juryon; Won, Dongho

    2014-01-01

    Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

  3. Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model

    Directory of Open Access Journals (Sweden)

    Junghyun Nam

    2014-01-01

    Full Text Available Protocols for password-only authenticated key exchange (PAKE in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000, which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

  4. Multi-area layered multicast scheme for MPLS networks

    Science.gov (United States)

    Ma, Yajie; Yang, Zongkai; Wang, Yuming; Chen, Jingwen

    2005-02-01

    Multi-protocol label switching (MPLS) is multiprotocols both at layer 2 and layer 3. It is suggested to overcome the shortcomings of performing complex longest prefix matching in layer 3 routing by using short, fixed length labels. The MPLS community has put more effort into the label switching of unicast IP traffic, but less in the MPLS multicast mechanism. The reasons are the higher label consumption, the dynamical mapping of L3 multicast tree to L2 LSPs and the 20-bit shim header which is much fewer than the IPv4 IP header. On the other hand, heterogeneity of node capability degrades total performance of a multicast group. In order to achieve the scalability as well as the heterogeneity in MPLS networks, a novel scheme of MPLS-based Multi-area Layered Multicast Scheme (MALM) is proposed. Unlike the existing schemes which focus on aggregating the multicast stream, we construct the multicast tree based on the virtual topology aggregation. The MPLS area is divided into different sub-areas to form the hierarchical virtual topology and the multicast group is reconstructed into multiple layers according to the node capability. At the same time, the label stack is used to save the label space. For stability of the MALM protocol, a multi-layer protection scheme is also discussed. The experiment results show that the proposed scheme saves label space and decrease the Multicast Forwarding Table in much degree.

  5. Information theoretically secure, enhanced Johnson noise based key distribution over the smart grid with switched filters.

    Science.gov (United States)

    Gonzalez, Elias; Kish, Laszlo B; Balog, Robert S; Enjeti, Prasad

    2013-01-01

    We introduce a protocol with a reconfigurable filter system to create non-overlapping single loops in the smart power grid for the realization of the Kirchhoff-Law-Johnson-(like)-Noise secure key distribution system. The protocol is valid for one-dimensional radial networks (chain-like power line) which are typical of the electricity distribution network between the utility and the customer. The speed of the protocol (the number of steps needed) versus grid size is analyzed. When properly generalized, such a system has the potential to achieve unconditionally secure key distribution over the smart power grid of arbitrary geometrical dimensions.

  6. Study on the security of discrete-variable quantum key distribution over non-Markovian channels

    International Nuclear Information System (INIS)

    Huang Peng; Zhu Jun; He Guangqiang; Zeng Guihua

    2012-01-01

    The dynamic of the secret key rate of the discrete-variable quantum key distribution (QKD) protocol over the non-Markovian quantum channel is investigated. In particular, we calculate the secret key rate for the six-state protocol over non-Markovian depolarizing channels with coloured noise and Markovian depolarizing channels with Gaussian white noise, respectively. We find that the secure secret key rate for the non-Markovian depolarizing channel will be larger than the Markovian one under the same conditions even when their upper bounds of tolerable quantum bit error rate are equal. This indicates that this coloured noise in the non-Markovian depolarizing channel can enhance the security of communication. Moreover, we show that the secret key rate fluctuates near the secure point when the coupling strength of the system with the environment is high. The results demonstrate that the non-Markovian effects of the transmission channel can have a positive impact on the security of discrete-variable QKD. (paper)

  7. Security of a practical semi-device-independent quantum key distribution protocol against collective attacks

    International Nuclear Information System (INIS)

    Wang Yang; Bao Wan-Su; Li Hong-Wei; Zhou Chun; Li Yuan

    2014-01-01

    Similar to device-independent quantum key distribution (DI-QKD), semi-device-independent quantum key distribution (SDI-QKD) provides secure key distribution without any assumptions about the internal workings of the QKD devices. The only assumption is that the dimension of the Hilbert space is bounded. But SDI-QKD can be implemented in a one-way prepare-and-measure configuration without entanglement compared with DI-QKD. We propose a practical SDI-QKD protocol with four preparation states and three measurement bases by considering the maximal violation of dimension witnesses and specific processes of a QKD protocol. Moreover, we prove the security of the SDI-QKD protocol against collective attacks based on the min-entropy and dimension witnesses. We also show a comparison of the secret key rate between the SDI-QKD protocol and the standard QKD. (general)

  8. Multi-party quantum key agreement protocol secure against collusion attacks

    Science.gov (United States)

    Wang, Ping; Sun, Zhiwei; Sun, Xiaoqiang

    2017-07-01

    The fairness of a secure multi-party quantum key agreement (MQKA) protocol requires that all involved parties are entirely peer entities and can equally influence the outcome of the protocol to establish a shared key wherein no one can decide the shared key alone. However, it is found that parts of the existing MQKA protocols are sensitive to collusion attacks, i.e., some of the dishonest participants can collaborate to predetermine the final key without being detected. In this paper, a multi-party QKA protocol resisting collusion attacks is proposed. Different from previous QKA protocol resisting N-1 coconspirators or resisting 1 coconspirators, we investigate the general circle-type MQKA protocol which can be secure against t dishonest participants' cooperation. Here, t < N. We hope the results of the presented paper will be helpful for further research on fair MQKA protocols.

  9. Symmetric Stream Cipher using Triple Transposition Key Method and Base64 Algorithm for Security Improvement

    Science.gov (United States)

    Nurdiyanto, Heri; Rahim, Robbi; Wulan, Nur

    2017-12-01

    Symmetric type cryptography algorithm is known many weaknesses in encryption process compared with asymmetric type algorithm, symmetric stream cipher are algorithm that works on XOR process between plaintext and key, to improve the security of symmetric stream cipher algorithm done improvisation by using Triple Transposition Key which developed from Transposition Cipher and also use Base64 algorithm for encryption ending process, and from experiment the ciphertext that produced good enough and very random.

  10. An Efficient and Secure Arbitrary N-Party Quantum Key Agreement Protocol Using Bell States

    Science.gov (United States)

    Liu, Wen-Jie; Xu, Yong; Yang, Ching-Nung; Gao, Pei-Pei; Yu, Wen-Bin

    2018-01-01

    Two quantum key agreement protocols using Bell states and Bell measurement were recently proposed by Shukla et al. (Quantum Inf. Process. 13(11), 2391-2405, 2014). However, Zhu et al. pointed out that there are some security flaws and proposed an improved version (Quantum Inf. Process. 14(11), 4245-4254, 2015). In this study, we will show Zhu et al.'s improvement still exists some security problems, and its efficiency is not high enough. For solving these problems, we utilize four Pauli operations { I, Z, X, Y} to encode two bits instead of the original two operations { I, X} to encode one bit, and then propose an efficient and secure arbitrary N-party quantum key agreement protocol. In the protocol, the channel checking with decoy single photons is introduced to avoid the eavesdropper's flip attack, and a post-measurement mechanism is used to prevent against the collusion attack. The security analysis shows the present protocol can guarantee the correctness, security, privacy and fairness of quantum key agreement.

  11. Password-only authenticated three-party key exchange proven secure against insider dictionary attacks.

    Science.gov (United States)

    Nam, Junghyun; Choo, Kim-Kwang Raymond; Paik, Juryon; Won, Dongho

    2014-01-01

    While a number of protocols for password-only authenticated key exchange (PAKE) in the 3-party setting have been proposed, it still remains a challenging task to prove the security of a 3-party PAKE protocol against insider dictionary attacks. To the best of our knowledge, there is no 3-party PAKE protocol that carries a formal proof, or even definition, of security against insider dictionary attacks. In this paper, we present the first 3-party PAKE protocol proven secure against both online and offline dictionary attacks as well as insider and outsider dictionary attacks. Our construct can be viewed as a protocol compiler that transforms any 2-party PAKE protocol into a 3-party PAKE protocol with 2 additional rounds of communication. We also present a simple and intuitive approach of formally modelling dictionary attacks in the password-only 3-party setting, which significantly reduces the complexity of proving the security of 3-party PAKE protocols against dictionary attacks. In addition, we investigate the security of the well-known 3-party PAKE protocol, called GPAKE, due to Abdalla et al. (2005, 2006), and demonstrate that the security of GPAKE against online dictionary attacks depends heavily on the composition of its two building blocks, namely a 2-party PAKE protocol and a 3-party key distribution protocol.

  12. Securing Metering Infrastructure of Smart Grid: A Machine Learning and Localization Based Key Management Approach

    Directory of Open Access Journals (Sweden)

    Imtiaz Parvez

    2016-08-01

    Full Text Available In smart cities, advanced metering infrastructure (AMI of the smart grid facilitates automated metering, control and monitoring of power distribution by employing a wireless network. Due to this wireless nature of communication, there exist potential threats to the data privacy in AMI. Decoding the energy consumption reading, injecting false data/command signals and jamming the networks are some hazardous measures against this technology. Since a smart meter possesses limited memory and computational capability, AMI demands a light, but robust security scheme. In this paper, we propose a localization-based key management system for meter data encryption. Data are encrypted by the key associated with the coordinate of the meter and a random key index. The encryption keys are managed and distributed by a trusted third party (TTP. Localization of the meter is proposed by a method based on received signal strength (RSS using the maximum likelihood estimator (MLE. The received packets are decrypted at the control center with the key mapped with the key index and the meter’s coordinates. Additionally, we propose the k-nearest neighbors (kNN algorithm for node/meter authentication, capitalizing further on data transmission security. Finally, we evaluate the security strength of a data packet numerically for our method.

  13. Quantum-Secure Symmetric-Key Cryptography Based on Hidden Shifts

    DEFF Research Database (Denmark)

    Alagic, Gorjan; Russell, Alexander

    2017-01-01

    Recent results of Kaplan et al., building on work by Kuwakado and Morii, have shown that a wide variety of classically-secure symmetric-key cryptosystems can be completely broken by quantum chosen-plaintext attacks (qCPA). In such an attack, the quantum adversary has the ability to query the cryp...

  14. Efficient secure-channel free public key encryption with keyword search for EMRs in cloud storage.

    Science.gov (United States)

    Guo, Lifeng; Yau, Wei-Chuen

    2015-02-01

    Searchable encryption is an important cryptographic primitive that enables privacy-preserving keyword search on encrypted electronic medical records (EMRs) in cloud storage. Efficiency of such searchable encryption in a medical cloud storage system is very crucial as it involves client platforms such as smartphones or tablets that only have constrained computing power and resources. In this paper, we propose an efficient secure-channel free public key encryption with keyword search (SCF-PEKS) scheme that is proven secure in the standard model. We show that our SCF-PEKS scheme is not only secure against chosen keyword and ciphertext attacks (IND-SCF-CKCA), but also secure against keyword guessing attacks (IND-KGA). Furthermore, our proposed scheme is more efficient than other recent SCF-PEKS schemes in the literature.

  15. Security proof of continuous-variable quantum key distribution using three coherent states

    Science.gov (United States)

    Brádler, Kamil; Weedbrook, Christian

    2018-02-01

    We introduce a ternary quantum key distribution (QKD) protocol and asymptotic security proof based on three coherent states and homodyne detection. Previous work had considered the binary case of two coherent states and here we nontrivially extend this to three. Our motivation is to leverage the practical benefits of both discrete and continuous (Gaussian) encoding schemes creating a best-of-both-worlds approach; namely, the postprocessing of discrete encodings and the hardware benefits of continuous ones. We present a thorough and detailed security proof in the limit of infinite signal states which allows us to lower bound the secret key rate. We calculate this is in the context of collective eavesdropping attacks and reverse reconciliation postprocessing. Finally, we compare the ternary coherent state protocol to other well-known QKD schemes (and fundamental repeaterless limits) in terms of secret key rates and loss.

  16. Provably-Secure Authenticated Group Diffie-Hellman KeyExchange

    Energy Technology Data Exchange (ETDEWEB)

    Bresson, Emmanuel; Chevassut, Olivier; Pointcheval, David

    2007-01-01

    Authenticated key exchange protocols allow two participantsA and B, communicating over a public network and each holding anauthentication means, to exchange a shared secret value. Methods designedto deal with this cryptographic problem ensure A (resp. B) that no otherparticipants aside from B (resp. A) can learn any information about theagreed value, and often also ensure A and B that their respective partnerhas actually computed this value. A natural extension to thiscryptographic method is to consider a pool of participants exchanging ashared secret value and to provide a formal treatment for it. Startingfrom the famous 2-party Diffie-Hellman (DH) key exchange protocol, andfrom its authenticated variants, security experts have extended it to themulti-party setting for over a decade and completed a formal analysis inthe framework of modern cryptography in the past few years. The presentpaper synthesizes this body of work on the provably-secure authenticatedgroup DH key exchange.

  17. Secure Trust Based Key Management Routing Framework for Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Jugminder Kaur

    2016-01-01

    Full Text Available Security is always a major concern in wireless sensor networks (WSNs. Several trust based routing protocols are designed that play an important role in enhancing the performance of a wireless network. However they still have some disadvantages like limited energy resources, susceptibility to physical capture, and little protection against various attacks due to insecure wireless communication channels. This paper presents a secure trust based key management (STKF routing framework that establishes a secure trustworthy route depending upon the present and past node to node interactions. This route is then updated by isolating the malicious or compromised nodes from the route, if any, and a dedicated link is created between every pair of nodes in the selected route with the help of “q” composite random key predistribution scheme (RKPS to ensure data delivery from source to destination. The performance of trust aware secure routing framework (TSRF is compared with the proposed routing scheme. The results indicate that STKF provides an effective mechanism for finding out a secure route with better trustworthiness than TSRF which avoids the data dropping, thereby increasing the data delivery ratio. Also the distance required to reach the destination in the proposed protocol is less hence effectively utilizing the resources.

  18. An Economic Case for End System Multicast

    Science.gov (United States)

    Analoui, Morteza; Rezvani, Mohammad Hossein

    This paper presents a non-strategic model for the end-system multicast networks based on the concept of replica exchange economy. We believe that microeconomics is a good candidate to investigate the problem of selfishness of the end-users (peers) in order to maximize the aggregate throughput. In this solution concept, the decisions that a peer might make, does not affect the actions of the other peers at all. The proposed mechanism tunes the price of the service in such a way that general equilibrium holds.

  19. Meta-Key: A Secure Data-Sharing Protocol under Blockchain-Based Decentralised Storage Architecture

    OpenAIRE

    Fu, Yue

    2017-01-01

    In this paper a secure data-sharing protocol under blockchain-based decentralised storage architecture is proposed, which fulfils users who need to share their encrypted data on-cloud. It implements a remote data-sharing mechanism that enables data owners to share their encrypted data to other users without revealing the original key. Nor do they have to download on-cloud data with re-encryption and re-uploading. Data security as well as efficiency are ensured by symmetric encryption, whose k...

  20. Multicast traffic grooming in flexible optical WDM networks

    Science.gov (United States)

    Patel, Ankitkumar N.; Ji, Philip N.; Jue, Jason P.; Wang, Ting

    2012-12-01

    In Metropolitan Area Networks (MANs), point-to-multipoint applications, such as IPTV, video-on-demand, distance learning, and content distribution, can be efficiently supported through light-tree-based multicastcommunications instead of lightpath-based unicast-communications. The application of multicasting for such traffic is justified by its inherent benefits of reduced control and management overhead and elimination of redundant resource provisioning. Supporting such multicast traffic in Flexible optical WDM (FWDM) networks that can provision light-trees using optimum amount of spectrum within flexible channel spacing leads to higher wavelength and spectral efficiencies compared to the conventional ITU-T fixed grid networks. However, in spite of such flexibility, the residual channel capacity of stranded channels may not be utilized if the network does not offer channels with arbitrary line rates. Additionally, the spectrum allocated to guard bands used to isolate finer granularity channels remains unutilized. These limitations can be addressed by using traffic grooming in which low-rate multicast connections are aggregated and switched over high capacity light-trees. In this paper, we address the multicast traffic grooming problem in FWDM networks, and propose a novel auxiliary graph-based algorithm for the first time. The performance of multicast traffic grooming is evaluated in terms of spectral, cost, and energy efficiencies compared to lightpath-based transparent FWDM networks, lightpathbased traffic grooming-capable FWDM networks, multicast-enabled transparent FWDM networks, and multicast traffic grooming-capable fixed grid networks. Simulation results demonstrate that multicast traffic grooming in FWDM networks not only improves spectral efficiency, but also cost, and energy efficiencies compared to other multicast traffic provisioning approaches of FWDM and fixed grid networks.

  1. An Enhanced Secure Identity-Based Certificateless Public Key Authentication Scheme for Vehicular Sensor Networks

    Science.gov (United States)

    Li, Congcong; Zhang, Xi; Wang, Haiping; Li, Dongfeng

    2018-01-01

    Vehicular sensor networks have been widely applied in intelligent traffic systems in recent years. Because of the specificity of vehicular sensor networks, they require an enhanced, secure and efficient authentication scheme. Existing authentication protocols are vulnerable to some problems, such as a high computational overhead with certificate distribution and revocation, strong reliance on tamper-proof devices, limited scalability when building many secure channels, and an inability to detect hardware tampering attacks. In this paper, an improved authentication scheme using certificateless public key cryptography is proposed to address these problems. A security analysis of our scheme shows that our protocol provides an enhanced secure anonymous authentication, which is resilient against major security threats. Furthermore, the proposed scheme reduces the incidence of node compromise and replication attacks. The scheme also provides a malicious-node detection and warning mechanism, which can quickly identify compromised static nodes and immediately alert the administrative department. With performance evaluations, the scheme can obtain better trade-offs between security and efficiency than the well-known available schemes. PMID:29324719

  2. Simple proof of the unconditional security of the Bennett 1992 quantum key distribution protocol

    International Nuclear Information System (INIS)

    Zhang Quan; Tang Chaojing

    2002-01-01

    It is generally accepted that quantum key distribution (QKD) could supply legitimate users with unconditional security during their communication. Quite a lot of satisfactory efforts have been achieved on experimentations with quantum cryptography. However, when the eavesdropper has extra-powerful computational ability, has access to a quantum computer, for example, and can carry into execution any eavesdropping measurement that is allowed by the laws of physics, the security against such attacks has not been widely studied and rigorously proved for most QKD protocols. Quite recently, Shor and Preskill proved concisely the unconditional security of the Bennett-Brassard 1984 (BB84) protocol. Their method is highly valued for its clarity of concept and concision of form. In order to take advantage of the Shor-Preskill technique in their proof of the unconditional security of the BB84 QKD protocol, we introduced in this paper a transformation that can translate the Bennett 1992 (B92) protocol into the BB84 protocol. By proving that the transformation leaks no more information to the eavesdropper, we proved the unconditional security of the B92 protocol. We also settled the problem proposed by Lo about how to prove the unconditional security of the B92 protocol with the Shor-Preskill method

  3. An Enhanced Secure Identity-Based Certificateless Public Key Authentication Scheme for Vehicular Sensor Networks.

    Science.gov (United States)

    Li, Congcong; Zhang, Xi; Wang, Haiping; Li, Dongfeng

    2018-01-11

    Vehicular sensor networks have been widely applied in intelligent traffic systems in recent years. Because of the specificity of vehicular sensor networks, they require an enhanced, secure and efficient authentication scheme. Existing authentication protocols are vulnerable to some problems, such as a high computational overhead with certificate distribution and revocation, strong reliance on tamper-proof devices, limited scalability when building many secure channels, and an inability to detect hardware tampering attacks. In this paper, an improved authentication scheme using certificateless public key cryptography is proposed to address these problems. A security analysis of our scheme shows that our protocol provides an enhanced secure anonymous authentication, which is resilient against major security threats. Furthermore, the proposed scheme reduces the incidence of node compromise and replication attacks. The scheme also provides a malicious-node detection and warning mechanism, which can quickly identify compromised static nodes and immediately alert the administrative department. With performance evaluations, the scheme can obtain better trade-offs between security and efficiency than the well-known available schemes.

  4. Cooperative relay-based multicasting for energy and delay minimization

    KAUST Repository

    Atat, Rachad

    2012-08-01

    Relay-based multicasting for the purpose of cooperative content distribution is studied. Optimized relay selection is performed with the objective of minimizing the energy consumption or the content distribution delay within a cluster of cooperating mobiles. Two schemes are investigated. The first consists of the BS sending the data only to the relay, and the second scheme considers the scenario of threshold-based multicasting by the BS, where a relay is selected to transmit the data to the mobiles that were not able to receive the multicast data. Both schemes show significant superiority compared to the non-cooperative scenarios, in terms of energy consumption and delay reduction. © 2012 IEEE.

  5. An adaptive secret key-directed cryptographic scheme for secure transmission in wireless sensor networks

    International Nuclear Information System (INIS)

    Muhammad, K.; Jan, Z.; Khan, Z

    2015-01-01

    Wireless Sensor Networks (WSNs) are memory and bandwidth limited networks whose main goals are to maximize the network lifetime and minimize the energy consumption and transmission cost. To achieve these goals, different techniques of compression and clustering have been used. However, security is an open and major issue in WSNs for which different approaches are used, both in centralized and distributed WSNs' environments. This paper presents an adaptive cryptographic scheme for secure transmission of various sensitive parameters, sensed by wireless sensors to the fusion center for further processing in WSNs such as military networks. The proposed method encrypts the sensitive captured data of sensor nodes using various encryption procedures (bitxor operation, bits shuffling, and secret key based encryption) and then sends it to the fusion center. At the fusion center, the received encrypted data is decrypted for taking further necessary actions. The experimental results with complexity analysis, validate the effectiveness and feasibility of the proposed method in terms of security in WSNs. (author)

  6. Device independent quantum key distribution secure against coherent attacks with memoryless measurement devices

    International Nuclear Information System (INIS)

    McKague, Matthew

    2009-01-01

    Device independent quantum key distribution (QKD) aims to provide a higher degree of security than traditional QKD schemes by reducing the number of assumptions that need to be made about the physical devices used. The previous proof of security by Pironio et al (2009 New J. Phys. 11 045021) applies only to collective attacks where the state is identical and independent and the measurement devices operate identically for each trial in the protocol. We extend this result to a more general class of attacks where the state is arbitrary and the measurement devices have no memory. We accomplish this by a reduction of arbitrary adversary strategies to qubit strategies and a proof of security for qubit strategies based on the previous proof by Pironio et al and techniques adapted from Renner.

  7. Security Analysis of Measurement-Device-Independent Quantum Key Distribution in Collective-Rotation Noisy Environment

    Science.gov (United States)

    Li, Na; Zhang, Yu; Wen, Shuang; Li, Lei-lei; Li, Jian

    2018-01-01

    Noise is a problem that communication channels cannot avoid. It is, thus, beneficial to analyze the security of MDI-QKD in noisy environment. An analysis model for collective-rotation noise is introduced, and the information theory methods are used to analyze the security of the protocol. The maximum amount of information that Eve can eavesdrop is 50%, and the eavesdropping can always be detected if the noise level ɛ ≤ 0.68. Therefore, MDI-QKD protocol is secure as quantum key distribution protocol. The maximum probability that the relay outputs successful results is 16% when existing eavesdropping. Moreover, the probability that the relay outputs successful results when existing eavesdropping is higher than the situation without eavesdropping. The paper validates that MDI-QKD protocol has better robustness.

  8. Practical security analysis of continuous-variable quantum key distribution with jitter in clock synchronization

    Science.gov (United States)

    Xie, Cailang; Guo, Ying; Liao, Qin; Zhao, Wei; Huang, Duan; Zhang, Ling; Zeng, Guihua

    2018-03-01

    How to narrow the gap of security between theory and practice has been a notoriously urgent problem in quantum cryptography. Here, we analyze and provide experimental evidence of the clock jitter effect on the practical continuous-variable quantum key distribution (CV-QKD) system. The clock jitter is a random noise which exists permanently in the clock synchronization in the practical CV-QKD system, it may compromise the system security because of its impact on data sampling and parameters estimation. In particular, the practical security of CV-QKD with different clock jitter against collective attack is analyzed theoretically based on different repetition frequencies, the numerical simulations indicate that the clock jitter has more impact on a high-speed scenario. Furthermore, a simplified experiment is designed to investigate the influence of the clock jitter.

  9. SOME NOTES ON COST ALLOCATION IN MULTICASTING

    Directory of Open Access Journals (Sweden)

    Darko Skorin-Kapov

    2012-12-01

    Full Text Available We analyze the cost allocation strategies with the problef of broadcasting information from some source to a number of communication network users. A multicast routing chooses a minimum cost tree network that spans the source and all the receivers. The cost of such a network is distributed among its receivers who may be individuals or organizations with possibly conflicting interests. Providing network developers, users and owners with practical computable 'fair' cost allocation solution procedures is of great importance for network mamagement. Consequently, this multidisciplinary problem was extensively studied by Operational Researchers, Economists, Mathematicians and Computer Scientists. The fairness of various proposed solutions was even argued in US courts. This presentation overviews some previously published, as well as some recent results, in the development of algorithmic mechanisms to efficiently compute 'attractive' cost allocation solutions for multicast networks. Specifically, we will analyze cooperative game theory based cost allocation models that avoid cross subsidies and/or are distance and population monotonic. We will also present some related open cost allocation problems and the potential contribution that such models might make to this problem in the future.

  10. Security bound of two-basis quantum-key-distribution protocols using qudits

    International Nuclear Information System (INIS)

    Nikolopoulos, Georgios M.; Alber, Gernot

    2005-01-01

    We investigate the security bounds of quantum-cryptographic protocols using d-level systems. In particular, we focus on schemes that use two mutually unbiased bases, thus extending the Bennett-Brassard 1984 quantum-key-distribution scheme to higher dimensions. Under the assumption of general coherent attacks, we derive an analytic expression for the ultimate upper security bound of such quantum-cryptography schemes. This bound is well below the predictions of optimal cloning machines. The possibility of extraction of a secret key beyond entanglement distillation is discussed. In the case of qutrits we argue that any eavesdropping strategy is equivalent to a symmetric one. For higher dimensions such an equivalence is generally no longer valid

  11. Fast and secure key distribution using mesoscopic coherent states of light

    International Nuclear Information System (INIS)

    Barbosa, Geraldo A.

    2003-01-01

    This work shows how two parties A and B can securely share unlimited sequences of random bits at optical speeds. A and B possess true-random physical sources and exchange random bits by using a random sequence received to cipher the following one to be sent. A starting shared secret key is used and the method can be described as a one-time-pad unlimited extender. It is demonstrated that the minimum probability of error in signal determination by the eavesdropper can be set arbitrarily close to the pure guessing level. Being based on the M-ry encryption protocol this method also allows for optical amplification without security degradation, offering practical advantages over the Bennett-Brassard 1984 protocol for key distribution

  12. Identifying Regional Key Eco-Space to Maintain Ecological Security Using GIS

    Directory of Open Access Journals (Sweden)

    Hualin Xie

    2014-02-01

    Full Text Available Ecological security and environmental sustainability are the foundations of sustainable development. With the acceleration of urbanization, increasing human activities have promoted greater impacts on the eco-spaces that maintain ecological security. Regional key eco-space has become the primary need to maintain environmental sustainability and can offer society with continued ecosystem services. In this paper, considering the security of water resources, biodiversity conservation, disaster avoidance and protection and natural recreation, an integrated index of eco-space importance was established and a method for identifying key eco-space was created using GIS, with Lanzhou City, China as a case study. The results show that the area of core eco-space in the Lanzhou City is approximately 50,908.7 hm2, accounting for 40% of the region’s total area. These areas mainly consist of geological hazard protection zones and the core zones of regional river systems, wetlands, nature reserves, forest parks and scenic spots. The results of this study provide some guidance for the management of ecological security, ecological restoration and environmental sustainability.

  13. Wireless Physical Layer Security: On the Performance Limit of Secret-Key Agreement

    KAUST Repository

    Zorgui, Marwen

    2015-05-01

    Physical layer security (PLS) is a new paradigm aiming at securing communications between legitimate parties at the physical layer. Conventionally, achieving confidentiality in communication networks relies on cryptographic techniques such as public-key cryptography, secret-key distribution and symmetric encryption. Such techniques are deemed secure based on the assumption of limited computational abilities of a wiretapper. Given the relentless progress in computational capacities and the dynamic topology and proliferation of modern wireless networks, the relevance of the previous techniques in securing communications is more and more questionable and less and less reliable. In contrast to this paradigm, PLS does not assume a specific computational power at any eavesdropper, its premise to guarantee provable security via employing channel coding techniques at the physical layer exploiting the inherent randomness in most communication systems. In this dissertation, we investigate a particular aspect of PLS, which is secret-key agreement, also known as secret-sharing. In this setup, two legitimate parties try to distill a secret-key via the observation of correlated signals through a noisy wireless channel, in the presence of an eavesdropper who must be kept ignorant of the secret-key. Additionally, a noiseless public channel is made available to the legitimate parties to exchange public messages that are also accessible to the eavesdropper. Recall that key agreement is an important aspect toward realizing secure communications in the sense that the key can be used in a one-time pad scheme to send the confidential message. In the first part, our focus is on secret-sharing over Rayleigh fading quasi-static channels. We study the fundamental relationship relating the probability of error and a given target secret-key rate in the high power regime. This is characterized through the diversity multiplexing tradeoff (DMT) concept, that we define for our model and then

  14. Improving the security of a parallel keyed hash function based on chaotic maps

    Energy Technology Data Exchange (ETDEWEB)

    Xiao Di, E-mail: xiaodi_cqu@hotmail.co [College of Computer Science and Engineering, Chongqing University, Chongqing 400044 (China); Liao Xiaofeng [College of Computer Science and Engineering, Chongqing University, Chongqing 400044 (China); Wang Yong [College of Computer Science and Engineering, Chongqing University, Chongqing 400044 (China)] [College of Economy and Management, Chongqing University of Posts and Telecommunications, Chongqing 400065 (China)

    2009-11-23

    In this Letter, we analyze the cause of vulnerability of the original parallel keyed hash function based on chaotic maps in detail, and then propose the corresponding enhancement measures. Theoretical analysis and computer simulation indicate that the modified hash function is more secure than the original one. At the same time, it can keep the parallel merit and satisfy the other performance requirements of hash function.

  15. Improving the security of a parallel keyed hash function based on chaotic maps

    International Nuclear Information System (INIS)

    Xiao Di; Liao Xiaofeng; Wang Yong

    2009-01-01

    In this Letter, we analyze the cause of vulnerability of the original parallel keyed hash function based on chaotic maps in detail, and then propose the corresponding enhancement measures. Theoretical analysis and computer simulation indicate that the modified hash function is more secure than the original one. At the same time, it can keep the parallel merit and satisfy the other performance requirements of hash function.

  16. A Dual Key-Based Activation Scheme for Secure LoRaWAN

    Directory of Open Access Journals (Sweden)

    Jaehyu Kim

    2017-01-01

    Full Text Available With the advent of the Internet of Things (IoT era, we are experiencing rapid technological progress. Billions of devices are connected to each other, and our homes, cities, hospitals, and schools are getting smarter and smarter. However, to realize the IoT, several challenging issues such as connecting resource-constrained devices to the Internet must be resolved. Recently introduced Low Power Wide Area Network (LPWAN technologies have been devised to resolve this issue. Among many LPWAN candidates, the Long Range (LoRa is one of the most promising technologies. The Long Range Wide Area Network (LoRaWAN is a communication protocol for LoRa that provides basic security mechanisms. However, some security loopholes exist in LoRaWAN’s key update and session key generation. In this paper, we propose a dual key-based activation scheme for LoRaWAN. It resolves the problem of key updates not being fully supported. In addition, our scheme facilitates each layer in generating its own session key directly, which ensures the independence of all layers. Real-world experimental results compared with the original scheme show that the proposed scheme is totally feasible in terms of delay and battery consumption.

  17. Multicasting in Wireless Communications (Ad-Hoc Networks): Comparison against a Tree-Based Approach

    Science.gov (United States)

    Rizos, G. E.; Vasiliadis, D. C.

    2007-12-01

    We examine on-demand multicasting in ad hoc networks. The Core Assisted Mesh Protocol (CAMP) is a well-known protocol for multicast routing in ad-hoc networks, generalizing the notion of core-based trees employed for internet multicasting into multicast meshes that have much richer connectivity than trees. On the other hand, wireless tree-based multicast routing protocols use much simpler structures for determining route paths, using only parent-child relationships. In this work, we compare the performance of the CAMP protocol against the performance of wireless tree-based multicast routing protocols, in terms of two important factors, namely packet delay and ratio of dropped packets.

  18. Security of Continuous-Variable Quantum Key Distribution via a Gaussian de Finetti Reduction

    Science.gov (United States)

    Leverrier, Anthony

    2017-05-01

    Establishing the security of continuous-variable quantum key distribution against general attacks in a realistic finite-size regime is an outstanding open problem in the field of theoretical quantum cryptography if we restrict our attention to protocols that rely on the exchange of coherent states. Indeed, techniques based on the uncertainty principle are not known to work for such protocols, and the usual tools based on de Finetti reductions only provide security for unrealistically large block lengths. We address this problem here by considering a new type of Gaussian de Finetti reduction, that exploits the invariance of some continuous-variable protocols under the action of the unitary group U (n ) (instead of the symmetric group Sn as in usual de Finetti theorems), and by introducing generalized S U (2 ,2 ) coherent states. Crucially, combined with an energy test, this allows us to truncate the Hilbert space globally instead as at the single-mode level as in previous approaches that failed to provide security in realistic conditions. Our reduction shows that it is sufficient to prove the security of these protocols against Gaussian collective attacks in order to obtain security against general attacks, thereby confirming rigorously the widely held belief that Gaussian attacks are indeed optimal against such protocols.

  19. On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems.

    Science.gov (United States)

    Arshad, Hamed; Teymoori, Vahid; Nikooghadam, Morteza; Abbassi, Hassan

    2015-08-01

    Telecare medicine information systems (TMISs) aim to deliver appropriate healthcare services in an efficient and secure manner to patients. A secure mechanism for authentication and key agreement is required to provide proper security in these systems. Recently, Bin Muhaya demonstrated some security weaknesses of Zhu's authentication and key agreement scheme and proposed a security enhanced authentication and key agreement scheme for TMISs. However, we show that Bin Muhaya's scheme is vulnerable to off-line password guessing attacks and does not provide perfect forward secrecy. Furthermore, in order to overcome the mentioned weaknesses, we propose a new two-factor anonymous authentication and key agreement scheme using the elliptic curve cryptosystem. Security and performance analyses demonstrate that the proposed scheme not only overcomes the weaknesses of Bin Muhaya's scheme, but also is about 2.73 times faster than Bin Muhaya's scheme.

  20. Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics.

    Science.gov (United States)

    Choi, Younsung; Nam, Junghyun; Lee, Donghoon; Kim, Jiye; Jung, Jaewook; Won, Dongho

    2014-01-01

    An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user's biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen's scheme.

  1. Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics

    Directory of Open Access Journals (Sweden)

    Younsung Choi

    2014-01-01

    Full Text Available An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user’s biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen’s scheme.

  2. On distributed key distribution centers and unconditionally secure proactive verifiable secret sharing schemes based on general access structure

    NARCIS (Netherlands)

    Nikov, V.S.; Nikova, S.I.; Preneel, B.; Vandewalle, J.; Menezes, A.; Sarkar, P.

    2002-01-01

    A Key Distribution Center of a network is a server enabling private communications within groups of users. A Distributed Key Distribution Center is a set of servers that jointly realizes a Key Distribution Center. In this paper we build a robust Distributed Key Distribution Center Scheme secure

  3. Mobile Multicast in Hierarchical Proxy Mobile IPV6

    Science.gov (United States)

    Hafizah Mohd Aman, Azana; Hashim, Aisha Hassan A.; Mustafa, Amin; Abdullah, Khaizuran

    2013-12-01

    Mobile Internet Protocol Version 6 (MIPv6) environments have been developing very rapidly. Many challenges arise with the fast progress of MIPv6 technologies and its environment. Therefore the importance of improving the existing architecture and operations increases. One of the many challenges which need to be addressed is the need for performance improvement to support mobile multicast. Numerous approaches have been proposed to improve mobile multicast performance. This includes Context Transfer Protocol (CXTP), Hierarchical Mobile IPv6 (HMIPv6), Fast Mobile IPv6 (FMIPv6) and Proxy Mobile IPv6 (PMIPv6). This document describes multicast context transfer in hierarchical proxy mobile IPv6 (H-PMIPv6) to provide better multicasting performance in PMIPv6 domain.

  4. Empirical Evaluation of Superposition Coded Multicasting for Scalable Video

    KAUST Repository

    Chun Pong Lau; Shihada, Basem; Pin-Han Ho

    2013-01-01

    In this paper we investigate cross-layer superposition coded multicast (SCM). Previous studies have proven its effectiveness in exploiting better channel capacity and service granularities via both analytical and simulation approaches. However

  5. Transmission techniques for emergent multicast and broadcast systems

    CERN Document Server

    da Silva, Mario Marques; Dinis, Rui; Souto, Nuno; Silva, Joao Carlos

    2010-01-01

    Describing efficient transmission schemes for broadband wireless systems, Transmission Techniques for Emergent Multicast and Broadcast Systems examines advances in transmission techniques and receiver designs capable of supporting the emergent wireless needs for multimedia broadcast and multicast service (MBMS) requirements. It summarizes the research and development taking place in wireless communications for multimedia MBMS and addresses the means to improved spectral efficiency to allow for increased user bit rate, as well as increased capacity of the digital cellular radio network.The text

  6. Detector-device-independent quantum key distribution: Security analysis and fast implementation

    International Nuclear Information System (INIS)

    Boaron, Alberto; Korzh, Boris; Boso, Gianluca; Martin, Anthony; Zbinden, Hugo; Houlmann, Raphael; Lim, Charles Ci Wen

    2016-01-01

    One of the most pressing issues in quantum key distribution (QKD) is the problem of detector side-channel attacks. To overcome this problem, researchers proposed an elegant “time-reversal” QKD protocol called measurement-device-independent QKD (MDI-QKD), which is based on time-reversed entanglement swapping. However, MDI-QKD is more challenging to implement than standard point-to-point QKD. Recently, an intermediary QKD protocol called detector-device-independent QKD (DDI-QKD) has been proposed to overcome the drawbacks of MDI-QKD, with the hope that it would eventually lead to a more efficient detector side-channel-free QKD system. Here, we analyze the security of DDI-QKD and elucidate its security assumptions. We find that DDI-QKD is not equivalent to MDI-QKD, but its security can be demonstrated with reasonable assumptions. On the more practical side, we consider the feasibility of DDI-QKD and present a fast experimental demonstration (clocked at 625 MHz), capable of secret key exchange up to more than 90 km.

  7. Reliability of Calderbank-Shor-Steane codes and security of quantum key distribution

    International Nuclear Information System (INIS)

    Hamada, Mitsuru

    2004-01-01

    After Mayers (1996 Advances in Cryptography: Proc. Crypto'96 pp 343-57; 2001 J. Assoc. Comput. Mach. 48 351-406) gave a proof of the security of the Bennett-Brassard (1984 Proc. IEEE Int. Conf. on Computers, Systems and Signal Processing (Bangalore, India) pp 175-9) (BB84) quantum key distribution protocol, Shor and Preskill (2000 Phys. Rev. Lett. 85 441-4) made a remarkable observation that a Calderbank-Shor-Steane (CSS) code had been implicitly used in the BB84 protocol, and suggested its security could be proved by bounding the fidelity, say F n , of the incorporated CSS code of length n in the form 1-F n ≤ exp[-nE + o(n)] for some positive number E. This work presents such a number E = E(R) as a function of the rate of codes R, and a threshold R 0 such that E(R) > 0 whenever R 0 , which is larger than the achievable rate based on the Gilbert-Varshamov bound that is essentially given by Shor and Preskill. The codes in the present work are robust against fluctuations of channel parameters, which fact is needed to establish the security rigorously and was not proved for rates above the Gilbert-Varshamov rate before in the literature. As a byproduct, the security of a modified BB84 protocol against any joint (coherent) attacks is proved quantitatively

  8. Network coding for multi-resolution multicast

    DEFF Research Database (Denmark)

    2013-01-01

    A method, apparatus and computer program product for utilizing network coding for multi-resolution multicast is presented. A network source partitions source content into a base layer and one or more refinement layers. The network source receives a respective one or more push-back messages from one...... or more network destination receivers, the push-back messages identifying the one or more refinement layers suited for each one of the one or more network destination receivers. The network source computes a network code involving the base layer and the one or more refinement layers for at least one...... of the one or more network destination receivers, and transmits the network code to the one or more network destination receivers in accordance with the push-back messages....

  9. A Scalable and Fault-Tolerant Architecture for Internet Multicasting Using Meshes

    National Research Council Canada - National Science Library

    Garcia-Luna-Aceves, J. J; Balasubramaniyan, Saravanan; Balakrishnan, Ramesh

    2002-01-01

    ... communication within a group. A new protocol is presented for the creation and management of multicast meshes that substitute for the traditional multicast trees as the underlying routing structure for multipoint communication within groups...

  10. Experimental characterization of a new multicasting node architecture based on space splitters and wavelength converters

    Science.gov (United States)

    He, Hao; Su, Yikai; Hu, Peigang; Hu, Weisheng

    2005-11-01

    IPTV-based broadband services such as interactive multimedia and video conferencing are considered as promising revenue-adding services, and multicast is proven to be a good supplier to support these applications for its reduced consumption of network bandwidth. Generally there are two approaches to implement optical layer multicast. One is space-domain multicast using space-splitter which is low cost but has wavelength continuity constraint, the other is frequency-domain multicast using wavelength converter which resolves the wavelength continuity but with high costs. A new multicasting node which adopts both space-domain multicast and frequency-domain multicast is recently discussed. In this paper we present an experimental demonstration of the new multicasting node architecture based on space splitters and wavelength converters, measurements to characterize such a node are provided.

  11. A secure smart-card based authentication and key agreement scheme for telecare medicine information systems.

    Science.gov (United States)

    Lee, Tian-Fu; Liu, Chuan-Ming

    2013-06-01

    A smart-card based authentication scheme for telecare medicine information systems enables patients, doctors, nurses, health visitors and the medicine information systems to establish a secure communication platform through public networks. Zhu recently presented an improved authentication scheme in order to solve the weakness of the authentication scheme of Wei et al., where the off-line password guessing attacks cannot be resisted. This investigation indicates that the improved scheme of Zhu has some faults such that the authentication scheme cannot execute correctly and is vulnerable to the attack of parallel sessions. Additionally, an enhanced authentication scheme based on the scheme of Zhu is proposed. The enhanced scheme not only avoids the weakness in the original scheme, but also provides users' anonymity and authenticated key agreements for secure data communications.

  12. Security analysis of the decoy method with the Bennett–Brassard 1984 protocol for finite key lengths

    International Nuclear Information System (INIS)

    Hayashi, Masahito; Nakayama, Ryota

    2014-01-01

    This paper provides a formula for the sacrifice bit-length for privacy amplification with the Bennett–Brassard 1984 protocol for finite key lengths, when we employ the decoy method. Using the formula, we can guarantee the security parameter for a realizable quantum key distribution system. The key generation rates with finite key lengths are numerically evaluated. The proposed method improves the existing key generation rate even in the asymptotic setting. (paper)

  13. Optical code division multiple access secure communications systems with rapid reconfigurable polarization shift key user code

    Science.gov (United States)

    Gao, Kaiqiang; Wu, Chongqing; Sheng, Xinzhi; Shang, Chao; Liu, Lanlan; Wang, Jian

    2015-09-01

    An optical code division multiple access (OCDMA) secure communications system scheme with rapid reconfigurable polarization shift key (Pol-SK) bipolar user code is proposed and demonstrated. Compared to fix code OCDMA, by constantly changing the user code, the performance of anti-eavesdropping is greatly improved. The Pol-SK OCDMA experiment with a 10 Gchip/s user code and a 1.25 Gb/s user data of payload has been realized, which means this scheme has better tolerance and could be easily realized.

  14. Backup key generation model for one-time password security protocol

    Science.gov (United States)

    Jeyanthi, N.; Kundu, Sourav

    2017-11-01

    The use of one-time password (OTP) has ushered new life into the existing authentication protocols used by the software industry. It introduced a second layer of security to the traditional username-password authentication, thus coining the term, two-factor authentication. One of the drawbacks of this protocol is the unreliability of the hardware token at the time of authentication. This paper proposes a simple backup key model that can be associated with the real world applications’user database, which would allow a user to circumvent the second authentication stage, in the event of unavailability of the hardware token.

  15. Training on Transport Security of Nuclear/Radioactive Materials for Key Audiences

    Energy Technology Data Exchange (ETDEWEB)

    Pope, Ronald; Liu, Yung; Shuler, J.M.

    2016-01-01

    development of the relevant teaching materials for the course have largely been completed, tailoring the course for targeted audiences becomes a relatively easy task, requiring less effort and providing more flexibility for both the lecturers and future participants. One-day or two-day courses with focus specifically on the U.S. transport security requirements can be delivered, at locations away from Argonne, by one or two principal lecturers to targeted audiences such as regulators, shippers, carriers, state and local law enforcement personnel, and emergency responders. This paper will highlight the lessons learned in hosting previous one-week courses and discuss the development of options for detailed and/or customized courses/workshops for targeted key audiences.

  16. Security of subcarrier wave quantum key distribution against the collective beam-splitting attack.

    Science.gov (United States)

    Miroshnichenko, G P; Kozubov, A V; Gaidash, A A; Gleim, A V; Horoshko, D B

    2018-04-30

    We consider a subcarrier wave quantum key distribution (QKD) system, where quantum encoding is carried out at weak sidebands generated around a coherent optical beam as a result of electro-optical phase modulation. We study security of two protocols, B92 and BB84, against one of the most powerful attacks for this class of systems, the collective beam-splitting attack. Our analysis includes the case of high modulation index, where the sidebands are essentially multimode. We demonstrate numerically and experimentally that a subcarrier wave QKD system with realistic parameters is capable of distributing cryptographic keys over large distances in presence of collective attacks. We also show that BB84 protocol modification with discrimination of only one state in each basis performs not worse than the original BB84 protocol in this class of QKD systems, thus significantly simplifying the development of cryptographic networks using the considered QKD technique.

  17. Common-signal-induced synchronization in photonic integrated circuits and its application to secure key distribution.

    Science.gov (United States)

    Sasaki, Takuma; Kakesu, Izumi; Mitsui, Yusuke; Rontani, Damien; Uchida, Atsushi; Sunada, Satoshi; Yoshimura, Kazuyuki; Inubushi, Masanobu

    2017-10-16

    We experimentally achieve common-signal-induced synchronization in two photonic integrated circuits with short external cavities driven by a constant-amplitude random-phase light. The degree of synchronization can be controlled by changing the optical feedback phase of the two photonic integrated circuits. The change in the optical feedback phase leads to a significant redistribution of the spectral energy of optical and RF spectra, which is a unique characteristic of PICs with the short external cavity. The matching of the RF and optical spectra is necessary to achieve synchronization between the two PICs, and stable synchronization can be obtained over an hour in the presence of optical feedback. We succeed in generating information-theoretic secure keys and achieving the final key generation rate of 184 kb/s using the PICs.

  18. Shor-Preskill-type security proof for quantum key distribution without public announcement of bases

    International Nuclear Information System (INIS)

    Hwang, Won-Young; Wang Xiangbin; Matsumoto, Keiji; Kim, Jaewan; Lee, Hai-Woong

    2003-01-01

    We give a Shor-Preskill-type security proof to quantum key distribution without public announcement of bases [W.Y. Hwang et al., Phys. Lett. A 244, 489 (1998)]. First, we modify the Lo-Chau protocol once more so that it finally reduces to the quantum key distribution without public announcement of bases. Then we show how we can estimate the error rate in the code bits based on that in the checked bits in the proposed protocol, which is the central point of the proof. We discuss the problem of imperfect sources and that of large deviation in the error rate distributions. We discuss when the bases sequence must be discarded

  19. Notes on recent approaches concerning the Kirchhoff-law-Johnson-noise-based secure key exchange

    Science.gov (United States)

    Kish, Laszlo B.; Horvath, Tamas

    2009-08-01

    We critically analyze the results and claims in [P.-L. Liu, Phys. Lett. A 373 (2009) 901]. We show that the strong security leak appeared in the simulations is only an artifact and not caused by “multiple reflections”. Since no wave modes exist at cable length of 5% of the shortest wavelength of the signal, no wave is present to reflect it. In the high wave impedance limit, the conditions used in the simulations are heavily unphysical (requiring cable diameters up to 28000 times greater than the measured size of the known universe) and the results are modeling artifacts due to the unphysical values. At the low cable impedance limit, the observed artifacts are due to violating the recommended (and tested) conditions by neglecting the cable capacitance restrictions and using about 100 times longer cable than recommended without cable capacitance compensation arrangement. We implement and analyze the general circuitry of Liu's circulator [P.-L. Liu, Phys. Lett. A 373 (2009) 901] and confirm that they are conceptually secure against passive attacks. We introduce an asymmetric, more robust version without feedback loop. Then we crack all these systems by an active attack: a circulator-based man-in-the middle attack. Finally, we analyze the proposed method to increase security by dropping only high-risk bits. We point out the differences between different types of high-risk bits and show the shortage of this strategy for some simple key exchange protocols.

  20. Security analysis of an untrusted source for quantum key distribution: passive approach

    International Nuclear Information System (INIS)

    Zhao Yi; Qi Bing; Lo, H-K; Qian Li

    2010-01-01

    We present a passive approach to the security analysis of quantum key distribution (QKD) with an untrusted source. A complete proof of its unconditional security is also presented. This scheme has significant advantages in real-life implementations as it does not require fast optical switching or a quantum random number generator. The essential idea is to use a beam splitter to split each input pulse. We show that we can characterize the source using a cross-estimate technique without active routing of each pulse. We have derived analytical expressions for the passive estimation scheme. Moreover, using simulations, we have considered four real-life imperfections: additional loss introduced by the 'plug and play' structure, inefficiency of the intensity monitor noise of the intensity monitor, and statistical fluctuation introduced by finite data size. Our simulation results show that the passive estimate of an untrusted source remains useful in practice, despite these four imperfections. Also, we have performed preliminary experiments, confirming the utility of our proposal in real-life applications. Our proposal makes it possible to implement the 'plug and play' QKD with the security guaranteed, while keeping the implementation practical.

  1. Notes on recent approaches concerning the Kirchhoff-law-Johnson-noise-based secure key exchange

    International Nuclear Information System (INIS)

    Kish, Laszlo B.; Horvath, Tamas

    2009-01-01

    We critically analyze the results and claims in [P.-L. Liu, Phys. Lett. A 373 (2009) 901]. We show that the strong security leak appeared in the simulations is only an artifact and not caused by 'multiple reflections'. Since no wave modes exist at cable length of 5% of the shortest wavelength of the signal, no wave is present to reflect it. In the high wave impedance limit, the conditions used in the simulations are heavily unphysical (requiring cable diameters up to 28000 times greater than the measured size of the known universe) and the results are modeling artifacts due to the unphysical values. At the low cable impedance limit, the observed artifacts are due to violating the recommended (and tested) conditions by neglecting the cable capacitance restrictions and using about 100 times longer cable than recommended without cable capacitance compensation arrangement. We implement and analyze the general circuitry of Liu's circulator [P.-L. Liu, Phys. Lett. A 373 (2009) 901] and confirm that they are conceptually secure against passive attacks. We introduce an asymmetric, more robust version without feedback loop. Then we crack all these systems by an active attack: a circulator-based man-in-the middle attack. Finally, we analyze the proposed method to increase security by dropping only high-risk bits. We point out the differences between different types of high-risk bits and show the shortage of this strategy for some simple key exchange protocols.

  2. Notes on recent approaches concerning the Kirchhoff-law-Johnson-noise-based secure key exchange

    Energy Technology Data Exchange (ETDEWEB)

    Kish, Laszlo B., E-mail: Laszlo.Kish@ece.tamu.ed [Department of Electrical and Computer Engineering, Texas A and M University, College Station, TX 77843-3128 (United States); Horvath, Tamas, E-mail: tamas.horvath@iais.fraunhofer.d [Department of Computer Science, University of Bonn (Germany); Fraunhofer IAIS, Schloss Birlinghoven, D-53754 Sankt Augustin (Germany)

    2009-08-03

    We critically analyze the results and claims in [P.-L. Liu, Phys. Lett. A 373 (2009) 901]. We show that the strong security leak appeared in the simulations is only an artifact and not caused by 'multiple reflections'. Since no wave modes exist at cable length of 5% of the shortest wavelength of the signal, no wave is present to reflect it. In the high wave impedance limit, the conditions used in the simulations are heavily unphysical (requiring cable diameters up to 28000 times greater than the measured size of the known universe) and the results are modeling artifacts due to the unphysical values. At the low cable impedance limit, the observed artifacts are due to violating the recommended (and tested) conditions by neglecting the cable capacitance restrictions and using about 100 times longer cable than recommended without cable capacitance compensation arrangement. We implement and analyze the general circuitry of Liu's circulator [P.-L. Liu, Phys. Lett. A 373 (2009) 901] and confirm that they are conceptually secure against passive attacks. We introduce an asymmetric, more robust version without feedback loop. Then we crack all these systems by an active attack: a circulator-based man-in-the middle attack. Finally, we analyze the proposed method to increase security by dropping only high-risk bits. We point out the differences between different types of high-risk bits and show the shortage of this strategy for some simple key exchange protocols.

  3. Information-theoretic security proof for quantum-key-distribution protocols

    International Nuclear Information System (INIS)

    Renner, Renato; Gisin, Nicolas; Kraus, Barbara

    2005-01-01

    We present a technique for proving the security of quantum-key-distribution (QKD) protocols. It is based on direct information-theoretic arguments and thus also applies if no equivalent entanglement purification scheme can be found. Using this technique, we investigate a general class of QKD protocols with one-way classical post-processing. We show that, in order to analyze the full security of these protocols, it suffices to consider collective attacks. Indeed, we give new lower and upper bounds on the secret-key rate which only involve entropies of two-qubit density operators and which are thus easy to compute. As an illustration of our results, we analyze the Bennett-Brassard 1984, the six-state, and the Bennett 1992 protocols with one-way error correction and privacy amplification. Surprisingly, the performance of these protocols is increased if one of the parties adds noise to the measurement data before the error correction. In particular, this additional noise makes the protocols more robust against noise in the quantum channel

  4. Information-theoretic security proof for quantum-key-distribution protocols

    Science.gov (United States)

    Renner, Renato; Gisin, Nicolas; Kraus, Barbara

    2005-07-01

    We present a technique for proving the security of quantum-key-distribution (QKD) protocols. It is based on direct information-theoretic arguments and thus also applies if no equivalent entanglement purification scheme can be found. Using this technique, we investigate a general class of QKD protocols with one-way classical post-processing. We show that, in order to analyze the full security of these protocols, it suffices to consider collective attacks. Indeed, we give new lower and upper bounds on the secret-key rate which only involve entropies of two-qubit density operators and which are thus easy to compute. As an illustration of our results, we analyze the Bennett-Brassard 1984, the six-state, and the Bennett 1992 protocols with one-way error correction and privacy amplification. Surprisingly, the performance of these protocols is increased if one of the parties adds noise to the measurement data before the error correction. In particular, this additional noise makes the protocols more robust against noise in the quantum channel.

  5. Security analysis on some experimental quantum key distribution systems with imperfect optical and electrical devices

    Science.gov (United States)

    Liang, Lin-Mei; Sun, Shi-Hai; Jiang, Mu-Sheng; Li, Chun-Yan

    2014-10-01

    In general, quantum key distribution (QKD) has been proved unconditionally secure for perfect devices due to quantum uncertainty principle, quantum noncloning theorem and quantum nondividing principle which means that a quantum cannot be divided further. However, the practical optical and electrical devices used in the system are imperfect, which can be exploited by the eavesdropper to partially or totally spy the secret key between the legitimate parties. In this article, we first briefly review the recent work on quantum hacking on some experimental QKD systems with respect to imperfect devices carried out internationally, then we will present our recent hacking works in details, including passive faraday mirror attack, partially random phase attack, wavelength-selected photon-number-splitting attack, frequency shift attack, and single-photon-detector attack. Those quantum attack reminds people to improve the security existed in practical QKD systems due to imperfect devices by simply adding countermeasure or adopting a totally different protocol such as measurement-device independent protocol to avoid quantum hacking on the imperfection of measurement devices [Lo, et al., Phys. Rev. Lett., 2012, 108: 130503].

  6. IP over optical multicasting for large-scale video delivery

    Science.gov (United States)

    Jin, Yaohui; Hu, Weisheng; Sun, Weiqiang; Guo, Wei

    2007-11-01

    In the IPTV systems, multicasting will play a crucial role in the delivery of high-quality video services, which can significantly improve bandwidth efficiency. However, the scalability and the signal quality of current IPTV can barely compete with the existing broadcast digital TV systems since it is difficult to implement large-scale multicasting with end-to-end guaranteed quality of service (QoS) in packet-switched IP network. China 3TNet project aimed to build a high performance broadband trial network to support large-scale concurrent streaming media and interactive multimedia services. The innovative idea of 3TNet is that an automatic switched optical networks (ASON) with the capability of dynamic point-to-multipoint (P2MP) connections replaces the conventional IP multicasting network in the transport core, while the edge remains an IP multicasting network. In this paper, we will introduce the network architecture and discuss challenges in such IP over Optical multicasting for video delivery.

  7. IMPLEMENTASI IP V 6 MULTICAST DALAM JARINGAN WIRELESS

    Directory of Open Access Journals (Sweden)

    Dessyanto Boedi Prasetyo

    2015-04-01

    Full Text Available Teleconferencing is a media technology to create a long-distance communication of audio data and video can also be data. With teleconferencing you can perform a communication with another person that much with a relatively low cost. At this time the use of computers in a network more complex. Some time ago has developed a new network protocol, the IPv6 is a solution to overcome the deficiencies found on previous generation protocol is IPv4 Multicast is a communication mechanism of one-to-many, or point-to-multipoint. In IPv6 technology, multicast is a basic feature and has become the standard specification of every router. In the implementation is done using IPv6 multicast teleconferencing application on the LAN network topology. At the teleconference has been observed with the amount of traffic parameters that occurred during the last teleconference. Used in this study SDR and RAT teleconferencing applications. SDR (Session Directory Tool and RAT (Robust Audio Tool used for teleconferencing, which is part of the MBone tools. Protocol MLD (Multicast Listener Directory is also used in this study for multicast signaling can run well.

  8. Securing Body Sensor Networks with Biometric Methods: A New Key Negotiation Method and a Key Sampling Method for Linear Interpolation Encryption

    OpenAIRE

    Zhao, Huawei; Chen, Chi; Hu, Jiankun; Qin, Jing

    2015-01-01

    We present two approaches that exploit biometric data to address security problems in the body sensor networks: a new key negotiation scheme based on the fuzzy extractor technology and an improved linear interpolation encryption method. The first approach designs two attack games to give the formal definition of fuzzy negotiation that forms a new key negotiation scheme based on fuzzy extractor technology. According to the definition, we further define a concrete structure of fuzzy negotiation...

  9. A Contents Encryption Mechanism Using Reused Key in IPTV

    Science.gov (United States)

    Jeong, Yoon-Su; Kim, Yong-Tae; Cho, Young-Bok; Lee, Ki-Jeong; Park, Gil-Cheol; Lee, Sang-Ho

    Recently IPTV is being spotlighted as a new stream service to stably provide video, audio and control signals to subscribers through the application of IP protocol. However, the IPTV system is facing more security threats than the traditional TV. This study proposes a multicasting encryption mechanism for secure transmission of the contents of IPTV by which the content provider encrypts their contents and send the encrypted contents and the key used for encryption of the contents to the user. In order to reduce the time and cost of Head-End, the proposed mechanism encrypts the media contents at the Head-End, embeds the code of the IPTV terminal used at the Head-End in the media contents for user tracking, and performs desynchronization for protection of the media contents from various attacks.

  10. A SURVEY ON MULTICAST ROUTING PROTOCOLS FOR PERFORMANCE EVALUATION IN WIRELESS SENSOR NETWORK

    Directory of Open Access Journals (Sweden)

    A. Suruliandi

    2015-03-01

    Full Text Available Multicast is a process used to transfer same message to multiple receivers at the same time. This paper presents the simulation and analysis of the performance of six different multicast routing protocols for Wireless Sensor Network (WSN. They are On Demand Multicast Routing Protocol (ODMRP, Protocol for Unified Multicasting through Announcement (PUMA, Multicast Adhoc On demand Distance Vector Protocol (MAODV, Overlay Boruvka-based Adhoc Multicast Protocol (OBAMP, Application Layer Multicast Algorithm (ALMA and enhanced version of ALMA (ALMA-H for WSN. Among them, ODMRP, MAODV and PUMA are reactive protocols while OBAMP, ALMA and ALMA-H are proactive protocols. This paper compares the performance of these protocols with common parameters such as Throughput, Reliability, End-to-End delay and Packet Delivery Ratio (PDR with increasing the numbers of nodes and increasing the speed of the nodes. The main objective of this work is to select the efficient multicast routing protocol for WSN among six multicast routing protocol based on relative strength and weakness of each protocol. The summary of above six multicast routing protocols is presented with a table of different performance characteristics. Experimental result shows that ODMRP attains higher throughput, reliability and higher packet delivery ratio than other multicast routing protocol, while incurring far less end-to-end delay.

  11. Security of Color Image Data Designed by Public-Key Cryptosystem Associated with 2D-DWT

    Science.gov (United States)

    Mishra, D. C.; Sharma, R. K.; Kumar, Manish; Kumar, Kuldeep

    2014-08-01

    In present times the security of image data is a major issue. So, we have proposed a novel technique for security of color image data by public-key cryptosystem or asymmetric cryptosystem. In this technique, we have developed security of color image data using RSA (Rivest-Shamir-Adleman) cryptosystem with two-dimensional discrete wavelet transform (2D-DWT). Earlier proposed schemes for security of color images designed on the basis of keys, but this approach provides security of color images with the help of keys and correct arrangement of RSA parameters. If the attacker knows about exact keys, but has no information of exact arrangement of RSA parameters, then the original information cannot be recovered from the encrypted data. Computer simulation based on standard example is critically examining the behavior of the proposed technique. Security analysis and a detailed comparison between earlier developed schemes for security of color images and proposed technique are also mentioned for the robustness of the cryptosystem.

  12. Reliable multicast for the Grid: a case study in experimental computer science.

    Science.gov (United States)

    Nekovee, Maziar; Barcellos, Marinho P; Daw, Michael

    2005-08-15

    In its simplest form, multicast communication is the process of sending data packets from a source to multiple destinations in the same logical multicast group. IP multicast allows the efficient transport of data through wide-area networks, and its potentially great value for the Grid has been highlighted recently by a number of research groups. In this paper, we focus on the use of IP multicast in Grid applications, which require high-throughput reliable multicast. These include Grid-enabled computational steering and collaborative visualization applications, and wide-area distributed computing. We describe the results of our extensive evaluation studies of state-of-the-art reliable-multicast protocols, which were performed on the UK's high-speed academic networks. Based on these studies, we examine the ability of current reliable multicast technology to meet the Grid's requirements and discuss future directions.

  13. A Novel OBDD-Based Reliability Evaluation Algorithm for Wireless Sensor Networks on the Multicast Model

    Directory of Open Access Journals (Sweden)

    Zongshuai Yan

    2015-01-01

    Full Text Available The two-terminal reliability calculation for wireless sensor networks (WSNs is a #P-hard problem. The reliability calculation of WSNs on the multicast model provides an even worse combinatorial explosion of node states with respect to the calculation of WSNs on the unicast model; many real WSNs require the multicast model to deliver information. This research first provides a formal definition for the WSN on the multicast model. Next, a symbolic OBDD_Multicast algorithm is proposed to evaluate the reliability of WSNs on the multicast model. Furthermore, our research on OBDD_Multicast construction avoids the problem of invalid expansion, which reduces the number of subnetworks by identifying the redundant paths of two adjacent nodes and s-t unconnected paths. Experiments show that the OBDD_Multicast both reduces the complexity of the WSN reliability analysis and has a lower running time than Xing’s OBDD- (ordered binary decision diagram- based algorithm.

  14. Fluctuations of Internal Transmittance in Security of Measurement-Device-Independent Quantum Key Distribution with an Untrusted Source*

    International Nuclear Information System (INIS)

    Wang Yang; Bao Wan-Su; Chen Rui-Ke; Zhou Chun; Jiang Mu-Sheng; Li Hong-Wei

    2017-01-01

    Measurement-device-independent quantum key distribution (MDI-QKD) is immune to detector side channel attacks, which is a crucial security loophole problem in traditional QKD. In order to relax a key assumption that the sources are trusted in MDI-QKD, an MDI-QKD protocol with an untrusted source has been proposed. For the security of MDI-QKD with an untrusted source, imperfections in the practical experiment should also be taken into account. In this paper, we analyze the effects of fluctuations of internal transmittance on the security of a decoy-state MDI-QKD protocol with an untrusted source. Our numerical results show that both the secret key rate and the maximum secure transmission distance decrease when taken fluctuations of internal transmittance into consideration. Especially, they are more sensitive when Charlie’s mean photon number per pulse is smaller. Our results emphasize that the stability of correlative optical devices is important for practical implementations . (paper)

  15. Decentralized Cloud Method For Multicasting Media Stream

    Directory of Open Access Journals (Sweden)

    D M B N Bandara

    2015-08-01

    Full Text Available With the advancement of Information technology the concept of idea sharing has advanced. Mostly on presentations personal computer and projector have become essentials. But on most occasions for connecting these equipment cables and physical devices are used. This is inefficient and time consuming. If a problem occurs someone with technical knowledge is necessary to solve the situation. The objective of this research is to use the wireless technology to reduce the manual configuration and build up a platform where one can easily share files a visuals media and feedback. A system has been developed to detect all the devices over a network and upon granted permission will share video audio and access controls. Final outcome of the research was a collaborative software bundle which work together on a network. One part of the system is a Desktop Network Software. And other is a Mobile Application. Desktop application can detect all other devices in the network which provides the same facility and if required can allocate a group and share its screen files and have a message stream to each device using multicasting. Mobile application can act as a mobile remote to the host computer of the group which can detect any input from user and pass it to the system.

  16. Optimization of multicast optical networks with genetic algorithm

    Science.gov (United States)

    Lv, Bo; Mao, Xiangqiao; Zhang, Feng; Qin, Xi; Lu, Dan; Chen, Ming; Chen, Yong; Cao, Jihong; Jian, Shuisheng

    2007-11-01

    In this letter, aiming to obtain the best multicast performance of optical network in which the video conference information is carried by specified wavelength, we extend the solutions of matrix games with the network coding theory and devise a new method to solve the complex problems of multicast network switching. In addition, an experimental optical network has been testified with best switching strategies by employing the novel numerical solution designed with an effective way of genetic algorithm. The result shows that optimal solutions with genetic algorithm are accordance with the ones with the traditional fictitious play method.

  17. Empirical Evaluation of Superposition Coded Multicasting for Scalable Video

    KAUST Repository

    Chun Pong Lau

    2013-03-01

    In this paper we investigate cross-layer superposition coded multicast (SCM). Previous studies have proven its effectiveness in exploiting better channel capacity and service granularities via both analytical and simulation approaches. However, it has never been practically implemented using a commercial 4G system. This paper demonstrates our prototype in achieving the SCM using a standard 802.16 based testbed for scalable video transmissions. In particular, to implement the superposition coded (SPC) modulation, we take advantage a novel software approach, namely logical SPC (L-SPC), which aims to mimic the physical layer superposition coded modulation. The emulation results show improved throughput comparing with generic multicast method.

  18. Deploying Next Generation Multicast-enabled Applications Label Switched Multicast for MPLS VPNs, VPLS, and Wholesale Ethernet

    CERN Document Server

    Joseph, Vinod

    2011-01-01

    The growth, scale, and prominence of video applications over the years have placed emphasis on the most scalable and efficient way to deliver multi-play content (voice, video and data) to the end user. Multicast is the most effective and efficient carrier of video applications from a network standpoint. Financial organizations deploy large-scale multicast infrastructures to enable trading and e-commerce. The introduction of 4G and beyond makes this technology even more indispensible since mobile operators need an efficient mechanism to deliver repetitive content to many a handset, and multicas

  19. Hybrid digital-analog video transmission in wireless multicast and multiple-input multiple-output system

    Science.gov (United States)

    Liu, Yu; Lin, Xiaocheng; Fan, Nianfei; Zhang, Lin

    2016-01-01

    Wireless video multicast has become one of the key technologies in wireless applications. But the main challenge of conventional wireless video multicast, i.e., the cliff effect, remains unsolved. To overcome the cliff effect, a hybrid digital-analog (HDA) video transmission framework based on SoftCast, which transmits the digital bitstream with the quantization residuals, is proposed. With an effective power allocation algorithm and appropriate parameter settings, the residual gains can be maximized; meanwhile, the digital bitstream can assure transmission of a basic video to the multicast receiver group. In the multiple-input multiple-output (MIMO) system, since nonuniform noise interference on different antennas can be regarded as the cliff effect problem, ParCast, which is a variation of SoftCast, is also applied to video transmission to solve it. The HDA scheme with corresponding power allocation algorithms is also applied to improve video performance. Simulations show that the proposed HDA scheme can overcome the cliff effect completely with the transmission of residuals. What is more, it outperforms the compared WSVC scheme by more than 2 dB when transmitting under the same bandwidth, and it can further improve performance by nearly 8 dB in MIMO when compared with the ParCast scheme.

  20. VMCast: A VM-Assisted Stability Enhancing Solution for Tree-Based Overlay Multicast.

    Directory of Open Access Journals (Sweden)

    Weidong Gu

    Full Text Available Tree-based overlay multicast is an effective group communication method for media streaming applications. However, a group member's departure causes all of its descendants to be disconnected from the multicast tree for some time, which results in poor performance. The above problem is difficult to be addressed because overlay multicast tree is intrinsically instable. In this paper, we proposed a novel stability enhancing solution, VMCast, for tree-based overlay multicast. This solution uses two types of on-demand cloud virtual machines (VMs, i.e., multicast VMs (MVMs and compensation VMs (CVMs. MVMs are used to disseminate the multicast data, whereas CVMs are used to offer streaming compensation. The used VMs in the same cloud datacenter constitute a VM cluster. Each VM cluster is responsible for a service domain (VMSD, and each group member belongs to a specific VMSD. The data source delivers the multicast data to MVMs through a reliable path, and MVMs further disseminate the data to group members along domain overlay multicast trees. The above approach structurally improves the stability of the overlay multicast tree. We further utilized CVM-based streaming compensation to enhance the stability of the data distribution in the VMSDs. VMCast can be used as an extension to existing tree-based overlay multicast solutions, to provide better services for media streaming applications. We applied VMCast to two application instances (i.e., HMTP and HCcast. The results show that it can obviously enhance the stability of the data distribution.

  1. An Optical Multicast Routing with Minimal Network Coding Operations in WDM Networks

    Directory of Open Access Journals (Sweden)

    Huanlin Liu

    2014-01-01

    Full Text Available Network coding can improve the optical multicast routing performance in terms of network throughput, bandwidth utilization, and traffic load balance. But network coding needs high encoding operations costs in all-optical WDM networks due to shortage of optical RAM. In the paper, the network coding operation is defined to evaluate the number of network coding operation cost in the paper. An optical multicast routing algorithm based on minimal number of network coding operations is proposed to improve the multicast capacity. Two heuristic criteria are designed to establish the multicast routing with low network coding cost and high multicast capacity. One is to select one path from the former K shortest paths with the least probability of dropping the multicast maximal capacity. The other is to select the path with lowest potential coding operations with the highest link shared degree among the multiple wavelength disjoint paths cluster from source to each destination. Comparing with the other multicast routing based on network coding, simulation results show that the proposed multicast routing algorithm can effectively reduce the times of network coding operations, can improve the probability of reaching multicast maximal capacity, and can keep the less multicast routing link cost for optical WDM networks.

  2. A secure effective dynamic group password-based authenticated key agreement scheme for the integrated EPR information system

    Directory of Open Access Journals (Sweden)

    Vanga Odelu

    2016-01-01

    Full Text Available With the rapid growth of the Internet, a lot of electronic patient records (EPRs have been developed for e-medicine systems. The security and privacy issues of EPRs are important for the patients in order to understand how the hospitals control the use of their personal information, such as name, address, e-mail, medical records, etc. of a particular patient. Recently, Lee et al. proposed a simple group password-based authenticated key agreement protocol for the integrated EPR information system (SGPAKE. However, in this paper, we show that Lee et al.’s protocol is vulnerable to the off-line weak password guessing attack and as a result, their scheme does not provide users’ privacy. To withstand this security weakness found in Lee et al.’s scheme, we aim to propose an effective dynamic group password-based authenticated key exchange scheme for the integrated EPR information system, which retains the original merits of Lee et al.’s scheme. Through the informal and formal security analysis, we show that our scheme provides users’ privacy, perfect forward security and known-key security, and also protects online and offline password guessing attacks. Furthermore, our scheme efficiently supports the dynamic group password-based authenticated key agreement for the integrated EPR information system. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications tool and show that our scheme is secure against passive and active attacks.

  3. Experimental Evaluation of Unicast and Multicast CoAP Group Communication

    Directory of Open Access Journals (Sweden)

    Isam Ishaq

    2016-07-01

    Full Text Available The Internet of Things (IoT is expanding rapidly to new domains in which embedded devices play a key role and gradually outnumber traditionally-connected devices. These devices are often constrained in their resources and are thus unable to run standard Internet protocols. The Constrained Application Protocol (CoAP is a new alternative standard protocol that implements the same principals as the Hypertext Transfer Protocol (HTTP, but is tailored towards constrained devices. In many IoT application domains, devices need to be addressed in groups in addition to being addressable individually. Two main approaches are currently being proposed in the IoT community for CoAP-based group communication. The main difference between the two approaches lies in the underlying communication type: multicast versus unicast. In this article, we experimentally evaluate those two approaches using two wireless sensor testbeds and under different test conditions. We highlight the pros and cons of each of them and propose combining these approaches in a hybrid solution to better suit certain use case requirements. Additionally, we provide a solution for multicast-based group membership management using CoAP.

  4. Dynamic multicast routing scheme in WDM optical network

    Science.gov (United States)

    Zhu, Yonghua; Dong, Zhiling; Yao, Hong; Yang, Jianyong; Liu, Yibin

    2007-11-01

    During the information era, the Internet and the service of World Wide Web develop rapidly. Therefore, the wider and wider bandwidth is required with the lower and lower cost. The demand of operation turns out to be diversified. Data, images, videos and other special transmission demands share the challenge and opportunity with the service providers. Simultaneously, the electrical equipment has approached their limit. So the optical communication based on the wavelength division multiplexing (WDM) and the optical cross-connects (OXCs) shows great potentials and brilliant future to build an optical network based on the unique technical advantage and multi-wavelength characteristic. In this paper, we propose a multi-layered graph model with inter-path between layers to solve the problem of multicast routing wavelength assignment (RWA) contemporarily by employing an efficient graph theoretic formulation. And at the same time, an efficient dynamic multicast algorithm named Distributed Message Copying Multicast (DMCM) mechanism is also proposed. The multicast tree with minimum hops can be constructed dynamically according to this proposed scheme.

  5. WDM Multicast Tree Construction Algorithms and Their Comparative Evaluations

    Science.gov (United States)

    Makabe, Tsutomu; Mikoshi, Taiju; Takenaka, Toyofumi

    We propose novel tree construction algorithms for multicast communication in photonic networks. Since multicast communications consume many more link resources than unicast communications, effective algorithms for route selection and wavelength assignment are required. We propose a novel tree construction algorithm, called the Weighted Steiner Tree (WST) algorithm and a variation of the WST algorithm, called the Composite Weighted Steiner Tree (CWST) algorithm. Because these algorithms are based on the Steiner Tree algorithm, link resources among source and destination pairs tend to be commonly used and link utilization ratios are improved. Because of this, these algorithms can accept many more multicast requests than other multicast tree construction algorithms based on the Dijkstra algorithm. However, under certain delay constraints, the blocking characteristics of the proposed Weighted Steiner Tree algorithm deteriorate since some light paths between source and destinations use many hops and cannot satisfy the delay constraint. In order to adapt the approach to the delay-sensitive environments, we have devised the Composite Weighted Steiner Tree algorithm comprising the Weighted Steiner Tree algorithm and the Dijkstra algorithm for use in a delay constrained environment such as an IPTV application. In this paper, we also give the results of simulation experiments which demonstrate the superiority of the proposed Composite Weighted Steiner Tree algorithm compared with the Distributed Minimum Hop Tree (DMHT) algorithm, from the viewpoint of the light-tree request blocking.

  6. Design, Implementation, and Verification of the Reliable Multicast Protocol. Thesis

    Science.gov (United States)

    Montgomery, Todd L.

    1995-01-01

    This document describes the Reliable Multicast Protocol (RMP) design, first implementation, and formal verification. RMP provides a totally ordered, reliable, atomic multicast service on top of an unreliable multicast datagram service. RMP is fully and symmetrically distributed so that no site bears an undue portion of the communications load. RMP provides a wide range of guarantees, from unreliable delivery to totally ordered delivery, to K-resilient, majority resilient, and totally resilient atomic delivery. These guarantees are selectable on a per message basis. RMP provides many communication options, including virtual synchrony, a publisher/subscriber model of message delivery, a client/server model of delivery, mutually exclusive handlers for messages, and mutually exclusive locks. It has been commonly believed that total ordering of messages can only be achieved at great performance expense. RMP discounts this. The first implementation of RMP has been shown to provide high throughput performance on Local Area Networks (LAN). For two or more destinations a single LAN, RMP provides higher throughput than any other protocol that does not use multicast or broadcast technology. The design, implementation, and verification activities of RMP have occurred concurrently. This has allowed the verification to maintain a high fidelity between design model, implementation model, and the verification model. The restrictions of implementation have influenced the design earlier than in normal sequential approaches. The protocol as a whole has matured smoother by the inclusion of several different perspectives into the product development.

  7. Lossless Multicast Handovers in Proxy Fast Mobile IPv6 Networks

    NARCIS (Netherlands)

    Meijerink, Berend Jan; Heijenk, Geert

    2015-01-01

    There is a demand in the Public Protection and Disaster Relief (PPDR) community for high bandwidth services on mobile devices. Group communication is an important aspect of PPDR networks. In IP based networks multicast is the preferred method to efficiently transmit data to more than one receiver

  8. An efficient mechanism for dynamic survivable multicast traffic grooming

    Science.gov (United States)

    Yu, Xiaojun; Xiao, Gaoxi; Cheng, Tee Hiang

    2015-06-01

    Recent advances in wavelength division multiplexing (WDM) networks have helped enhance the popularity of multicasting services. However, as a single network failure may disrupt the information transmission to multiple end-users, protecting multicast requests against network failures becomes an important issue in network operation. This paper investigates the sub-wavelength level protection for dynamic multicast traffic grooming. A new method named lightpath-fragmentation based segment shared protection (LF-SSP) scheme is proposed. By carefully splitting primary/backup lightpaths into segments to improve resource sharing for both traffic grooming and protection, LF-SSP aims to minimize the network resources allocated for request protection. Extensive simulations are carried out to compare the performance of LF-SSP to some existing approaches, on sub-wavelength-level as well as wavelength-level multicast protections in different cases. Results show that LF-SSP steadily outperforms these existing methods as long as the network resources are not too limited. Influences of the add/drop port resources and the average number of destinations per connection request on the LF-SSP performance are also evaluated.

  9. Cooperative relay-based multicasting for energy and delay minimization

    KAUST Repository

    Atat, Rachad; Yaacoub, Elias E.; Alouini, Mohamed-Slim; Abu-Dayya, Adnan A.

    2012-01-01

    mobiles. Two schemes are investigated. The first consists of the BS sending the data only to the relay, and the second scheme considers the scenario of threshold-based multicasting by the BS, where a relay is selected to transmit the data to the mobiles

  10. Business opportunities for aquaculture in Kenya; With special reference to food security : Key findings & Recommendations

    NARCIS (Netherlands)

    Rothuis, A.J.; Duijn, van A.P.; Rijsingen, J.C.M.; Pijl, van der W.; Rurangwa, E.

    2011-01-01

    This study aims to assess the potential role of aquaculture in improving food security in Kenya. It addresses current bottlenecks that prevent aquaculture from achieving its food security objectives and identifies possible interventions. This study furthermore explores business opportunities for

  11. Wireless Physical Layer Security: On the Performance Limit of Secret-Key Agreement

    KAUST Repository

    Zorgui, Marwen

    2015-01-01

    Physical layer security (PLS) is a new paradigm aiming at securing communications between legitimate parties at the physical layer. Conventionally, achieving confidentiality in communication networks relies on cryptographic techniques such as public

  12. Common Criteria for Information Technology Security Evaluation: Department of Defense Public Key Infrastructure and Key Management Infrastructure Token Protection Profile (Medium Robustness)

    Science.gov (United States)

    2002-03-22

    may be derived from detailed inspection of the IC itself or from illicit appropriation of design information. Counterfeit smart cards can be mass...Infrastructure (PKI) as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair...interference devices (SQDIS), electrical testing, and electron beam testing. • Other attacks, such as UV or X-rays or high temperatures, could cause erasure

  13. Computer Security: Your iPhone as a key-logger

    CERN Multimedia

    Computer Security Team

    2014-01-01

    In the past, we have repeatedly elaborated on the computer security risk of using smartphones. Today, something new for the paranoid: did you know your smart phone can be used to spy on your PC’s keyboard?!    In fact, the tiny accelerometer, gyroscope and orientation sensors that your smartphone uses to determine its tilt and movements can also determine the letters you type on your computer. Thus, it acts as a hardware “key-logger”! It only requires your smartphone to be put close to your computer keyboard and to run a corresponding, malicious app. The rest is done by the highly precise sensors which can record keyboard vibrations and subsequently the letters you type. In a dedicated study, students of the Georgia Tech College of Computing were able to decipher complete sentences with up to 80 percent accuracy using an iPhone*. In a nice twist, the same feature can also be used to “to infer the occurrence of tap events on the touchscreen as w...

  14. Key Based Mutual Authentication (KBMA Mechanism for Secured Access in MobiCloud Environment

    Directory of Open Access Journals (Sweden)

    Donald A. Cecil

    2016-01-01

    Full Text Available Mobile Cloud Computing (MCC fuels innovation in Mobile Computing and opens new pathways between mobile devices and infrastructures. There are several issues in MCC environment as it integrates various technologies. Among all issues, security lies on the top where many users are not willing to adopt the cloud services. This paper focuses on the authentication. The objective of this paper is to provide a mechanism for authenticating all the entities involved in accessing the cloud services. A mechanism called Key Based Mutual Authentication (KBMA is proposed which is divided into two processes namely registration and authentication. Registration is a one-time process where the users are registered for accessing the cloud services by giving the desired unique information. Authentication process is carried out mutually to verify the identities of Device and Cloud Service Provider (CSP. Scyther tool is used for analysing the vulnerability in terms of attacks. The result claims show that the proposed mechanism is resilient against various attacks.

  15. Exploring the Key Challenges: Adaptability, Sustainability, Interoperability and Security to M-payment

    Directory of Open Access Journals (Sweden)

    Rashmi Mantri

    2011-04-01

    Full Text Available Abstract: Any payment which uses mobile device as payment method is called M-payment whether it is proximity or remote and online or point of sale. Since it has been identified that mobile phone is everywhere and ever-present essential consumer device, and could be used for payment offline or online, Mobile payment has been hyped significantly. However early market adoption is facing some challenges and in need of the unanimous effort of all key players (manufacturers, mobile operators, merchants and customers of value chain in order to accept mobile payment method and achieve standard and sustainable business model. Achieving one business model is important for user convenience and reachability, resulting in increased market opportunities. The main focus of this research proposal is that why cohesive technologies are needed and how it could be achieved? Some M-payment ventures are successfully working in Japan, US and Asian countries such as NTTDoCoMo and PayPal M-payments. The main reason of M-payment adoption among consumers in those countries is that their security issues are dealt carefully and solved to acceptable level. This paper is presented in the form of research proposal and overview looking into various challenging issues which are preventing the higher success in UK.

  16. An Energy-Efficient Secure Routing and Key Management Scheme for Mobile Sinks in Wireless Sensor Networks Using Deployment Knowledge

    Directory of Open Access Journals (Sweden)

    Le Xuan Hung

    2008-12-01

    Full Text Available For many sensor network applications such as military or homeland security, it is essential for users (sinks to access the sensor network while they are moving. Sink mobility brings new challenges to secure routing in large-scale sensor networks. Previous studies on sink mobility have mainly focused on efficiency and effectiveness of data dissemination without security consideration. Also, studies and experiences have shown that considering security during design time is the best way to provide security for sensor network routing. This paper presents an energy-efficient secure routing and key management for mobile sinks in sensor networks, called SCODEplus. It is a significant extension of our previous study in five aspects: (1 Key management scheme and routing protocol are considered during design time to increase security and efficiency; (2 The network topology is organized in a hexagonal plane which supports more efficiency than previous square-grid topology; (3 The key management scheme can eliminate the impacts of node compromise attacks on links between non-compromised nodes; (4 Sensor node deployment is based on Gaussian distribution which is more realistic than uniform distribution; (5 No GPS or like is required to provide sensor node location information. Our security analysis demonstrates that the proposed scheme can defend against common attacks in sensor networks including node compromise attacks, replay attacks, selective forwarding attacks, sinkhole and wormhole, Sybil attacks, HELLO flood attacks. Both mathematical and simulation-based performance evaluation show that the SCODEplus significantly reduces the communication overhead, energy consumption, packet delivery latency while it always delivers more than 97 percent of packets successfully.

  17. Flexible and re-configurable optical three-input XOR logic gate of phase-modulated signals with multicast functionality for potential application in optical physical-layer network coding.

    Science.gov (United States)

    Lu, Guo-Wei; Qin, Jun; Wang, Hongxiang; Ji, XuYuefeng; Sharif, Gazi Mohammad; Yamaguchi, Shigeru

    2016-02-08

    Optical logic gate, especially exclusive-or (XOR) gate, plays important role in accomplishing photonic computing and various network functionalities in future optical networks. On the other hand, optical multicast is another indispensable functionality to efficiently deliver information in optical networks. In this paper, for the first time, we propose and experimentally demonstrate a flexible optical three-input XOR gate scheme for multiple input phase-modulated signals with a 1-to-2 multicast functionality for each XOR operation using four-wave mixing (FWM) effect in single piece of highly-nonlinear fiber (HNLF). Through FWM in HNLF, all of the possible XOR operations among input signals could be simultaneously realized by sharing a single piece of HNLF. By selecting the obtained XOR components using a followed wavelength selective component, the number of XOR gates and the participant light in XOR operations could be flexibly configured. The re-configurability of the proposed XOR gate and the function integration of the optical logic gate and multicast in single device offer the flexibility in network design and improve the network efficiency. We experimentally demonstrate flexible 3-input XOR gate for four 10-Gbaud binary phase-shift keying signals with a multicast scale of 2. Error-free operations for the obtained XOR results are achieved. Potential application of the integrated XOR and multicast function in network coding is also discussed.

  18. Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks

    DEFF Research Database (Denmark)

    Gehring, Tobias; Haendchen, Vitus; Duhme, Joerg

    2015-01-01

    Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State......-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our...... with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components....

  19. A Secure and Robust User Authenticated Key Agreement Scheme for Hierarchical Multi-medical Server Environment in TMIS.

    Science.gov (United States)

    Das, Ashok Kumar; Odelu, Vanga; Goswami, Adrijit

    2015-09-01

    The telecare medicine information system (TMIS) helps the patients to gain the health monitoring facility at home and access medical services over the Internet of mobile networks. Recently, Amin and Biswas presented a smart card based user authentication and key agreement security protocol usable for TMIS system using the cryptographic one-way hash function and biohashing function, and claimed that their scheme is secure against all possible attacks. Though their scheme is efficient due to usage of one-way hash function, we show that their scheme has several security pitfalls and design flaws, such as (1) it fails to protect privileged-insider attack, (2) it fails to protect strong replay attack, (3) it fails to protect strong man-in-the-middle attack, (4) it has design flaw in user registration phase, (5) it has design flaw in login phase, (6) it has design flaw in password change phase, (7) it lacks of supporting biometric update phase, and (8) it has flaws in formal security analysis. In order to withstand these security pitfalls and design flaws, we aim to propose a secure and robust user authenticated key agreement scheme for the hierarchical multi-server environment suitable in TMIS using the cryptographic one-way hash function and fuzzy extractor. Through the rigorous security analysis including the formal security analysis using the widely-accepted Burrows-Abadi-Needham (BAN) logic, the formal security analysis under the random oracle model and the informal security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The simulation results show that our scheme is also secure. Our scheme is more efficient in computation and communication as compared to Amin-Biswas's scheme and other related schemes. In addition, our scheme supports extra functionality features as compared to

  20. Biometric Methods for Secure Communications in Body Sensor Networks: Resource-Efficient Key Management and Signal-Level Data Scrambling

    Science.gov (United States)

    Bui, Francis Minhthang; Hatzinakos, Dimitrios

    2007-12-01

    As electronic communications become more prevalent, mobile and universal, the threats of data compromises also accordingly loom larger. In the context of a body sensor network (BSN), which permits pervasive monitoring of potentially sensitive medical data, security and privacy concerns are particularly important. It is a challenge to implement traditional security infrastructures in these types of lightweight networks since they are by design limited in both computational and communication resources. A key enabling technology for secure communications in BSN's has emerged to be biometrics. In this work, we present two complementary approaches which exploit physiological signals to address security issues: (1) a resource-efficient key management system for generating and distributing cryptographic keys to constituent sensors in a BSN; (2) a novel data scrambling method, based on interpolation and random sampling, that is envisioned as a potential alternative to conventional symmetric encryption algorithms for certain types of data. The former targets the resource constraints in BSN's, while the latter addresses the fuzzy variability of biometric signals, which has largely precluded the direct application of conventional encryption. Using electrocardiogram (ECG) signals as biometrics, the resulting computer simulations demonstrate the feasibility and efficacy of these methods for delivering secure communications in BSN's.

  1. Biometric Methods for Secure Communications in Body Sensor Networks: Resource-Efficient Key Management and Signal-Level Data Scrambling

    Directory of Open Access Journals (Sweden)

    Dimitrios Hatzinakos

    2008-03-01

    Full Text Available As electronic communications become more prevalent, mobile and universal, the threats of data compromises also accordingly loom larger. In the context of a body sensor network (BSN, which permits pervasive monitoring of potentially sensitive medical data, security and privacy concerns are particularly important. It is a challenge to implement traditional security infrastructures in these types of lightweight networks since they are by design limited in both computational and communication resources. A key enabling technology for secure communications in BSN's has emerged to be biometrics. In this work, we present two complementary approaches which exploit physiological signals to address security issues: (1 a resource-efficient key management system for generating and distributing cryptographic keys to constituent sensors in a BSN; (2 a novel data scrambling method, based on interpolation and random sampling, that is envisioned as a potential alternative to conventional symmetric encryption algorithms for certain types of data. The former targets the resource constraints in BSN's, while the latter addresses the fuzzy variability of biometric signals, which has largely precluded the direct application of conventional encryption. Using electrocardiogram (ECG signals as biometrics, the resulting computer simulations demonstrate the feasibility and efficacy of these methods for delivering secure communications in BSN's.

  2. Increase in Multicast OFDM Data Rate in PLC Network using Adaptive LP-OFDM

    OpenAIRE

    Maiga , Ali; Baudais , Jean-Yves; Hélard , Jean-François

    2009-01-01

    ISBN: 978-1-4244-3523-4; International audience; Linear precoding (LP) technique applied to OFDM systems has already proved its ability to significantly increase the system throughput in a powerline communication (PLC) context. In this paper, we propose resource allocation algorithms based on the LP technique to increase the multicast OFDM systems bit rate. The conventional multicast capacity is limited by the user which experiences the worst channel conditions. To increase the multicast bit ...

  3. Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks.

    Science.gov (United States)

    Kim, Jiye; Lee, Donghoon; Jeon, Woongryul; Lee, Youngsook; Won, Dongho

    2014-04-09

    User authentication and key management are two important security issues in WSNs (Wireless Sensor Networks). In WSNs, for some applications, the user needs to obtain real-time data directly from sensors and several user authentication schemes have been recently proposed for this case. We found that a two-factor mutual authentication scheme with key agreement in WSNs is vulnerable to gateway node bypassing attacks and user impersonation attacks using secret data stored in sensor nodes or an attacker's own smart card. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in unique ciphertext form in each node. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in a WSN operate with resource constraints such as limited power, computation, and storage space. Therefore, we also analyze the performance of the proposed scheme by comparing its computation and communication costs with those of other schemes.

  4. Security of supply in liberated electricity markets - key issues and experiences in OECD countries (work in progress)

    International Nuclear Information System (INIS)

    Stridbaek, Ulrik

    2005-06-01

    Security of supply of electricity could in principle refer to any parts of the value chain from fuel input to delivery of electricity to the final costumer with the expected quality. Concerns about security of supply are usually focused on three aspects: Timely and adequate supply of the input fuel for electricity generation is a prerequisite - security of energy supply. There has to be timely and adequate infrastructure in place to transform the input fuel into electricity and transport it to the final costumer - adequacy of generation and transmission capacity. Finally, it is an operational challenge to make the electricity system work and deliver at the expected quality - secure operation of the electricity system. Security of supply becomes relevant in a policy context from concerns about market failures in any parts of the value chain or, indeed, from the perspective that policy will set the framework for markets to serve as an instrument to secure the supply. This paper discusses some of the experiences with security of supply concerns and market failures in these three basic segments of the value chain; fuel input, adequate generation and transmission capacity and secure operation of the system, with an emphasis on the role of the market to serve as an efficient instrument. In the aftermath of the large black outs of electricity systems in North America, Italy and Sweden/Denmark IEA initiated a project on 'Transmission Reliability and Power System Security in Competitive Electricity Markets'. The results of this work will be published towards the end of 2005. After a decade with liberalised electricity markets in some pioneer regions, IEA now also finds it timely to analyse some of the lessons in a forthcoming publication. Recent and ongoing IEA-work thereby covers all the main aspects of security of supply. This paper summarises the key findings and messages, with a focus on the work in progress on lessons from liberalisation

  5. Shor-Preskill-type security proof for concatenated Bennett-Brassard 1984 quantum-key-distribution protocol

    International Nuclear Information System (INIS)

    Hwang, Won-Young; Matsumoto, Keiji; Imai, Hiroshi; Kim, Jaewan; Lee, Hai-Woong

    2003-01-01

    We discuss a long code problem in the Bennett-Brassard 1984 (BB84) quantum-key-distribution protocol and describe how it can be overcome by concatenation of the protocol. Observing that concatenated modified Lo-Chau protocol finally reduces to the concatenated BB84 protocol, we give the unconditional security of the concatenated BB84 protocol

  6. Evaluation of 90nm 6T-SRAM as physical unclonable function for secure key generation in wireless sensor nodes

    NARCIS (Netherlands)

    Selimis, G.; Konijnenburg, M.; Ashouei, M.; Huisken, J.; de Groot, H.; van der Leest, V.; Schrijen, G.-J.; van Hulst, M.; Tuyls, P.

    2011-01-01

    Due to the unattended nature of WSN (Wireless Sensor Network) deployment, each sensor can be subject to physical capture, cloning and unauthorized device alteration. In this paper, we use the embedded SRAM, often available on a wireless sensor node, for secure data (cryptographic keys, IDs)

  7. Energy-efficient key distribution using electrocardiograph biometric set for secure communications in wireless body healthcare networks.

    Science.gov (United States)

    Shi, Jinyang; Lam, Kwok-Yan; Gu, Ming; Li, Mingze; Chung, Siu-Leung

    2011-10-01

    Wireless body sensor network (WBSN) has gained significant interests as an important infrastructure for real-time biomedical healthcare systems, while the security of the sensitive health information becomes one of the main challenges. Due to the constraints of limited power, traditional cryptographic key distribution schemes are not suitable for WBSN. This paper proposes a novel energy-efficient approach, BodyKey, which can distribute the keys using the electrocardiograph biometrics. BodyKey represents the biometric features as ordered set, and deals with the biometric variations using set reconciliation. In this way, only limited necessary information needs to be communicated for key agreement, and the total energy consumption for key distribution can thus be reduced. Experiments on the PhysioBank Database show that BodyKey can perform an energy consumption rate of 0.01 mJ/bit with an equal accuracy rate of 97.28%, allowing the system to be used as an energy-efficient key distribution scheme for secure communications in WBSN.

  8. Maximization Network Throughput Based on Improved Genetic Algorithm and Network Coding for Optical Multicast Networks

    Science.gov (United States)

    Wei, Chengying; Xiong, Cuilian; Liu, Huanlin

    2017-12-01

    Maximal multicast stream algorithm based on network coding (NC) can improve the network's throughput for wavelength-division multiplexing (WDM) networks, which however is far less than the network's maximal throughput in terms of theory. And the existing multicast stream algorithms do not give the information distribution pattern and routing in the meantime. In the paper, an improved genetic algorithm is brought forward to maximize the optical multicast throughput by NC and to determine the multicast stream distribution by hybrid chromosomes construction for multicast with single source and multiple destinations. The proposed hybrid chromosomes are constructed by the binary chromosomes and integer chromosomes, while the binary chromosomes represent optical multicast routing and the integer chromosomes indicate the multicast stream distribution. A fitness function is designed to guarantee that each destination can receive the maximum number of decoding multicast streams. The simulation results showed that the proposed method is far superior over the typical maximal multicast stream algorithms based on NC in terms of network throughput in WDM networks.

  9. Integration of look-ahead multicast and unicast scheduling for input-queued cell switches

    DEFF Research Database (Denmark)

    Yu, Hao; Ruepp, Sarah Renée; Berger, Michael Stübert

    2012-01-01

    This paper presents an integration of multicast and unicast traffic scheduling algorithms for input-queued cell switches. The multi-level round-robin multicast scheduling (ML-RRMS) algorithm with the look-ahead (LA) mechanism provides a highly scalable architecture and is able to reduce the head...... module that filters out the conflicting requests to ensure fairness. Simulation results show that comparing with the scheme using WBA for the multicast scheduling, the scheme proposed in this paper reduces the HOL blocking problem for multicast traffic and provides a significant improvement in terms...

  10. A novel WDM passive optical network architecture supporting two independent multicast data streams

    Science.gov (United States)

    Qiu, Yang; Chan, Chun-Kit

    2012-01-01

    We propose a novel scheme to perform optical multicast overlay of two independent multicast data streams on a wavelength-division-multiplexed (WDM) passive optical network. By controlling a sinusoidal clock signal and shifting the wavelength at the optical line terminal (OLT), the delivery of the two multicast data, being carried by the generated optical tones, can be independently and flexibly controlled. Simultaneous transmission of 10-Gb/s unicast downstream and upstream data as well as two independent 10-Gb/s multicast data was successfully demonstrated.

  11. Construction of Light-trees for WDM Multicasting under Splitting Capability Constraints

    DEFF Research Database (Denmark)

    Zsigri, Anikó; Guitton, A.; Molnár, M.

    2003-01-01

    Communication systems with all-optical multicasting have better performance than those using optical/electrical/optical conversion. Multicast protocols assume that all nodes in the network can forward the signal from one input to several outputs. Since fabrication of an optical switch with splitt......Communication systems with all-optical multicasting have better performance than those using optical/electrical/optical conversion. Multicast protocols assume that all nodes in the network can forward the signal from one input to several outputs. Since fabrication of an optical switch...

  12. Connectivity-Based Reliable Multicast MAC Protocol for IEEE 802.11 Wireless LANs

    Directory of Open Access Journals (Sweden)

    Woo-Yong Choi

    2009-01-01

    Full Text Available We propose the efficient reliable multicast MAC protocol based on the connectivity information among the recipients. Enhancing the BMMM (Batch Mode Multicast MAC protocol, the reliable multicast MAC protocol significantly reduces the RAK (Request for ACK frame transmissions in a reasonable computational time and enhances the MAC performance. By the analytical performance analysis, the throughputs of the BMMM protocol and our proposed MAC protocol are derived. Numerical examples show that our proposed MAC protocol increases the reliable multicast MAC performance for IEEE 802.11 wireless LANs.

  13. Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems.

    Science.gov (United States)

    Sutrala, Anil Kumar; Das, Ashok Kumar; Odelu, Vanga; Wazid, Mohammad; Kumari, Saru

    2016-10-01

    Information and communication and technology (ICT) has changed the entire paradigm of society. ICT facilitates people to use medical services over the Internet, thereby reducing the travel cost, hospitalization cost and time to a greater extent. Recent advancements in Telecare Medicine Information System (TMIS) facilitate users/patients to access medical services over the Internet by gaining health monitoring facilities at home. Amin and Biswas recently proposed a RSA-based user authentication and session key agreement protocol usable for TMIS, which is an improvement over Giri et al.'s RSA-based user authentication scheme for TMIS. In this paper, we show that though Amin-Biswas's scheme considerably improves the security drawbacks of Giri et al.'s scheme, their scheme has security weaknesses as it suffers from attacks such as privileged insider attack, user impersonation attack, replay attack and also offline password guessing attack. A new RSA-based user authentication scheme for TMIS is proposed, which overcomes the security pitfalls of Amin-Biswas's scheme and also preserves user anonymity property. The careful formal security analysis using the two widely accepted Burrows-Abadi-Needham (BAN) logic and the random oracle models is done. Moreover, the informal security analysis of the scheme is also done. These security analyses show the robustness of our new scheme against the various known attacks as well as attacks found in Amin-Biswas's scheme. The simulation of the proposed scheme using the widely accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is also done. We present a new user authentication and session key agreement scheme for TMIS, which fixes the mentioned security pitfalls found in Amin-Biswas's scheme, and we also show that the proposed scheme provides better security than other existing schemes through the rigorous security analysis and verification tool. Furthermore, we present the formal security

  14. Key management schemes using routing information frames in secure wireless sensor networks

    Science.gov (United States)

    Kamaev, V. A.; Finogeev, A. G.; Finogeev, A. A.; Parygin, D. S.

    2017-01-01

    The article considers the problems and objectives of key management for data encryption in wireless sensor networks (WSN) of SCADA systems. The structure of the key information in the ZigBee network and methods of keys obtaining are discussed. The use of a hybrid key management schemes is most suitable for WSN. The session symmetric key is used to encrypt the sensor data, asymmetric keys are used to encrypt the session key transmitted from the routing information. Three algorithms of hybrid key management using routing information frames determined by routing methods and the WSN topology are presented.

  15. Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

    NARCIS (Netherlands)

    Chockalingam, Sabarathinam; Hadziosmanovic, D.; Pieters, Wolter; Texeira, Andre; van Gelder, Pieter

    2016-01-01

    Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by

  16. Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks.

    Science.gov (United States)

    Gehring, Tobias; Händchen, Vitus; Duhme, Jörg; Furrer, Fabian; Franz, Torsten; Pacher, Christoph; Werner, Reinhard F; Schnabel, Roman

    2015-10-30

    Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our implementation is based on the distribution of continuous-variable Einstein-Podolsky-Rosen entangled light. It is one-sided device independent, which means the security of the generated key is independent of any memoryfree attacks on the remote detector. Since continuous-variable encoding is compatible with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components.

  17. Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks

    Science.gov (United States)

    Gehring, Tobias; Händchen, Vitus; Duhme, Jörg; Furrer, Fabian; Franz, Torsten; Pacher, Christoph; Werner, Reinhard F.; Schnabel, Roman

    2015-10-01

    Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our implementation is based on the distribution of continuous-variable Einstein-Podolsky-Rosen entangled light. It is one-sided device independent, which means the security of the generated key is independent of any memoryfree attacks on the remote detector. Since continuous-variable encoding is compatible with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components.

  18. A Comparative Evaluation of Algorithms in the Implementation of an Ultra-Secure Router-to-Router Key Exchange System

    Directory of Open Access Journals (Sweden)

    Nishaal J. Parmar

    2017-01-01

    Full Text Available This paper presents a comparative evaluation of possible encryption algorithms for use in a self-contained, ultra-secure router-to-router communication system, first proposed by El Rifai and Verma. The original proposal utilizes a discrete logarithm-based encryption solution, which will be compared in this paper to RSA, AES, and ECC encryption algorithms. RSA certificates are widely used within the industry but require a trusted key generation and distribution architecture. AES and ECC provide advantages in key length, processing requirements, and storage space, also maintaining an arbitrarily high level of security. This paper modifies each of the four algorithms for use within the self-contained router-to-router environment system and then compares them in terms of features offered, storage space and data transmission needed, encryption/decryption efficiency, and key generation requirements.

  19. A Bypass-Ring Scheme for a Fault Tolerant Multicast

    Directory of Open Access Journals (Sweden)

    V. Dynda

    2003-01-01

    Full Text Available We present a fault tolerant scheme for recovery from single or multiple node failures in multi-directional multicast trees. The scheme is based on cyclic structures providing alternative paths to eliminate faulty nodes and reroute the traffic. Our scheme is independent of message source and direction in the tree, provides a basis for on-the-fly repair and can be used as a platform for various strategies for reconnecting tree partitions. It only requires an underlying infrastructure to provide a reliable routing service. Although it is described in the context of a message multicast, the scheme can be used universally in all systems using tree-based overlay networks for communication among components.

  20. Multicasting based optical inverse multiplexing in elastic optical network.

    Science.gov (United States)

    Guo, Bingli; Xu, Yingying; Zhu, Paikun; Zhong, Yucheng; Chen, Yuanxiang; Li, Juhao; Chen, Zhangyuan; He, Yongqi

    2014-06-16

    Optical multicasting based inverse multiplexing (IM) is introduced in spectrum allocation of elastic optical network to resolve the spectrum fragmentation problem, where superchannels could be split and fit into several discrete spectrum blocks in the intermediate node. We experimentally demonstrate it with a 1-to-7 optical superchannel multicasting module and selecting/coupling components. Also, simulation results show that, comparing with several emerging spectrum defragmentation solutions (e.g., spectrum conversion, split spectrum), IM could reduce blocking performance significantly but without adding too much system complexity as split spectrum. On the other hand, service fairness for traffic with different granularity of these schemes is investigated for the first time and it shows that IM performs better than spectrum conversion and almost as well as split spectrum, especially for smaller size traffic under light traffic intensity.

  1. Secured Session-key Distribution using control Vector Encryption / Decryption Process

    International Nuclear Information System (INIS)

    Ismail Jabiullah, M.; Abdullah Al-Shamim; Khaleqdad Khan, ANM; Lutfar Rahman, M.

    2006-01-01

    Frequent key changes are very much desirable for the secret communications and are thus in high demand. A session-key distribution technique has been designed and implemented using the programming language C on which the communication between the end-users is encrypted is used for the duration of a logical connection. Each session-key is obtained from the key distribution center (KDC) over the same networking facilities used for end-user communication. The control vector is cryptographically coupled with the session-key at the time of key generation in the KDC. For this, the generated hash function, master key and the session-key are used for producing the encrypted session-key, which has to be transferred. All the operations have been performed using the C programming language. This process can be widely applicable to all sorts of electronic transactions online or offline; commercially and academically.(authors)

  2. Design of an IPTV Multicast System for Internet Backbone Networks

    Directory of Open Access Journals (Sweden)

    T. H. Szymanski

    2010-01-01

    Full Text Available The design of an IPTV multicast system for the Internet backbone network is presented and explored through extensive simulations. In the proposed system, a resource reservation algorithm such as RSVP, IntServ, or DiffServ is used to reserve resources (i.e., bandwidth and buffer space in each router in an IP multicast tree. Each router uses an Input-Queued, Output-Queued, or Crosspoint-Queued switch architecture with unity speedup. A recently proposed Recursive Fair Stochastic Matrix Decomposition algorithm used to compute near-perfect transmission schedules for each IP router. The IPTV traffic is shaped at the sources using Application-Specific Token Bucker Traffic Shapers, to limit the burstiness of incoming network traffic. The IPTV traffic is shaped at the destinations using Application-Specific Playback Queues, to remove residual network jitter and reconstruct the original bursty IPTV video streams at each destination. All IPTV traffic flows are regenerated at the destinations with essentially zero delay jitter and essentially-perfect QoS. The destination nodes deliver the IPTV streams to the ultimate end users using the same IPTV multicast system over a regional Metropolitan Area Network. It is shown that all IPTV traffic is delivered with essentially-perfect end-to-end QoS, with deterministic bounds on the maximum delay and jitter on each video frame. Detailed simulations of an IPTV distribution system, multicasting several hundred high-definition IPTV video streams over several essentially saturated IP backbone networks are presented.

  3. Adaptive Modulation for a Downlink Multicast Channel in OFDMA Systems

    DEFF Research Database (Denmark)

    Wang, Haibo; Schwefel, Hans-Peter; Toftegaard, Thomas Skjødeberg

    2007-01-01

    In this paper we focus on adaptive modulation strategies for multicast service in orthogonal frequency division multiple access systems. A reward function has been defined as the optimization target, which includes both the average user throughput and bit error rate. We also developed an adaptive...... modulation strategy, namely local best reward strategy, to maximize this reward function. The performance of different modulation strategies are compared in different SNR distribution scenarios, and the optimum strategy in each scenario is suggested....

  4. Public Key Infrastructure (PKI) Interoperability: A Security Services Approach to Support Transfer of Trust

    National Research Council Canada - National Science Library

    Hansen, Anthony

    1999-01-01

    .... This thesis defines interoperability as the capacity to support trust through retention of security services across PKI domains at a defined level of assurance and examines the elements of PKI...

  5. Out-of-Sequence Preventative Cell Dispatching for Multicast Input-Queued Space-Memory-Memory Clos-Network

    DEFF Research Database (Denmark)

    Yu, Hao; Ruepp, Sarah Renée; Berger, Michael Stübert

    2011-01-01

    This paper proposes two out-of-sequence (OOS) preventative cell dispatching algorithms for the multicast input-queued space-memory-memory (IQ-SMM) Clos-network switch architecture, i.e. the multicast flow-based DSRR (MF-DSRR) and the multicast flow-based round-robin (MFRR). Treating each cell...

  6. Security as the Key Factor in Contemporary Tourism: Specificities Identified Through the Analysis of Responders’ Attitudes

    OpenAIRE

    Penić, Josipa; Kurečić, Petar

    2017-01-01

    The paper represents a product of mentor- graduate student cooperation, developed at the graduate study of Business Economics, major Tourism. Following the latest threatening events and having in mind those yet to come, we can conclude that no country can benefit from the tourism industry if at the same time does not develop its security system as an integral part of the standard tourist offer. Analyzing the trends in contemporary tourism, the safety and security issues became the decisive fa...

  7. When to Reset Your Keys: Optimal Timing of Security Updates via Learning

    OpenAIRE

    Zheng, Zizhan; Shroff, Ness B.; Mohapatra, Prasant

    2016-01-01

    Cybersecurity is increasingly threatened by advanced and persistent attacks. As these attacks are often designed to disable a system (or a critical resource, e.g., a user account) repeatedly, it is crucial for the defender to keep updating its security measures to strike a balance between the risk of being compromised and the cost of security updates. Moreover, these decisions often need to be made with limited and delayed feedback due to the stealthy nature of advanced attacks. In addition t...

  8. Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

    OpenAIRE

    Chockalingam, Sabarathinam; Hadziosmanovic, Dina; Pieters, Wolter; Teixeira, Andre; van Gelder, Pieter

    2017-01-01

    Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However, an overarching overview of these methods, systematizing the characteristics of such methods, is missing. In this paper, we conduct a systematic l...

  9. Adaptive live multicast video streaming of SVC with UEP FEC

    Science.gov (United States)

    Lev, Avram; Lasry, Amir; Loants, Maoz; Hadar, Ofer

    2014-09-01

    Ideally, video streaming systems should provide the best quality video a user's device can handle without compromising on downloading speed. In this article, an improved video transmission system is presented which dynamically enhances the video quality based on a user's current network state and repairs errors from data lost in the video transmission. The system incorporates three main components: Scalable Video Coding (SVC) with three layers, multicast based on Receiver Layered Multicast (RLM) and an UnEqual Forward Error Correction (FEC) algorithm. The SVC provides an efficient method for providing different levels of video quality, stored as enhancement layers. In the presented system, a proportional-integral-derivative (PID) controller was implemented to dynamically adjust the video quality, adding or subtracting quality layers as appropriate. In addition, an FEC algorithm was added to compensate for data lost in transmission. A two dimensional FEC was used. The FEC algorithm came from the Pro MPEG code of practice #3 release 2. Several bit errors scenarios were tested (step function, cosine wave) with different bandwidth size and error values were simulated. The suggested scheme which includes SVC video encoding with 3 layers over IP Multicast with Unequal FEC algorithm was investigated under different channel conditions, variable bandwidths and different bit error rates. The results indicate improvement of the video quality in terms of PSNR over previous transmission schemes.

  10. An Advanced Temporal Credential-Based Security Scheme with Mutual Authentication and Key Agreement for Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Chun-Ta Li

    2013-07-01

    Full Text Available Wireless sensor networks (WSNs can be quickly and randomly deployed in any harsh and unattended environment and only authorized users are allowed to access reliable sensor nodes in WSNs with the aid of gateways (GWNs. Secure authentication models among the users, the sensor nodes and GWN are important research issues for ensuring communication security and data privacy in WSNs. In 2013, Xue et al. proposed a temporal-credential-based mutual authentication and key agreement scheme for WSNs. However, in this paper, we point out that Xue et al.’s scheme cannot resist stolen-verifier, insider, off-line password guessing, smart card lost problem and many logged-in users’ attacks and these security weaknesses make the scheme inapplicable to practical WSN applications. To tackle these problems, we suggest a simple countermeasure to prevent proposed attacks while the other merits of Xue et al.’s authentication scheme are left unchanged.

  11. An advanced temporal credential-based security scheme with mutual authentication and key agreement for wireless sensor networks.

    Science.gov (United States)

    Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

    2013-07-24

    Wireless sensor networks (WSNs) can be quickly and randomly deployed in any harsh and unattended environment and only authorized users are allowed to access reliable sensor nodes in WSNs with the aid of gateways (GWNs). Secure authentication models among the users, the sensor nodes and GWN are important research issues for ensuring communication security and data privacy in WSNs. In 2013, Xue et al. proposed a temporal-credential-based mutual authentication and key agreement scheme for WSNs. However, in this paper, we point out that Xue et al.'s scheme cannot resist stolen-verifier, insider, off-line password guessing, smart card lost problem and many logged-in users' attacks and these security weaknesses make the scheme inapplicable to practical WSN applications. To tackle these problems, we suggest a simple countermeasure to prevent proposed attacks while the other merits of Xue et al.'s authentication scheme are left unchanged.

  12. Practical and Secure Recovery of Disk Encryption Key Using Smart Cards

    Science.gov (United States)

    Omote, Kazumasa; Kato, Kazuhiko

    In key-recovery methods using smart cards, a user can recover the disk encryption key in cooperation with the system administrator, even if the user has lost the smart card including the disk encryption key. However, the disk encryption key is known to the system administrator in advance in most key-recovery methods. Hence user's disk data may be read by the system administrator. Furthermore, if the disk encryption key is not known to the system administrator in advance, it is difficult to achieve a key authentication. In this paper, we propose a scheme which enables to recover the disk encryption key when the user's smart card is lost. In our scheme, the disk encryption key is not preserved anywhere and then the system administrator cannot know the key before key-recovery phase. Only someone who has a user's smart card and knows the user's password can decrypt that user's disk data. Furthermore, we measured the processing time required for user authentication in an experimental environment using a virtual machine monitor. As a result, we found that this processing time is short enough to be practical.

  13. An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System.

    Science.gov (United States)

    Jung, Jaewook; Kang, Dongwoo; Lee, Donghoon; Won, Dongho

    2017-01-01

    Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency.

  14. An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System.

    Directory of Open Access Journals (Sweden)

    Jaewook Jung

    Full Text Available Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency.

  15. Design of a Secure Authentication and Key Agreement Scheme Preserving User Privacy Usable in Telecare Medicine Information Systems.

    Science.gov (United States)

    Arshad, Hamed; Rasoolzadegan, Abbas

    2016-11-01

    Authentication and key agreement schemes play a very important role in enhancing the level of security of telecare medicine information systems (TMISs). Recently, Amin and Biswas demonstrated that the authentication scheme proposed by Giri et al. is vulnerable to off-line password guessing attacks and privileged insider attacks and also does not provide user anonymity. They also proposed an improved authentication scheme, claiming that it resists various security attacks. However, this paper demonstrates that Amin and Biswas's scheme is defenseless against off-line password guessing attacks and replay attacks and also does not provide perfect forward secrecy. This paper also shows that Giri et al.'s scheme not only suffers from the weaknesses pointed out by Amin and Biswas, but it also is vulnerable to replay attacks and does not provide perfect forward secrecy. Moreover, this paper proposes a novel authentication and key agreement scheme to overcome the mentioned weaknesses. Security and performance analyses show that the proposed scheme not only overcomes the mentioned security weaknesses, but also is more efficient than the previous schemes.

  16. An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System

    Science.gov (United States)

    Kang, Dongwoo; Lee, Donghoon; Won, Dongho

    2017-01-01

    Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency. PMID:28046075

  17. Design, Implementation, and Performance Evaluation of Efficient PMIPv6 Based Mobile Multicast Sender Support Schemes

    Directory of Open Access Journals (Sweden)

    Lili Wang

    2015-01-01

    Full Text Available Proxy Mobile IPv6 (PMIPv6 is proposed as a promising network-based mobility management protocol, which does not need any participation of mobile nodes. PMIPv6 does not support the multicast well and most of the current research concentrates on the mobile multicast receiver. However, the mobile multicast sender is also very important and challenging, which has not been addressed well. Therefore, in this paper we propose two efficient PMIPv6 based mobile multicast sender support schemes which are PMIP bidirectional tunneling (PMIP-BT and PMIP direct routing (PMIP-DR. In the PMIP-BT, the multicast traffic can be delivered through the PMIPv6 bidirectional tunnel, while, in the PMIP-DR, the multicast data can be transmitted via an optimized direct multicast routing. Both of them can support the multicast sender mobility transparently enabled in the PMIPv6 networks. We evaluate the performance of the proposed schemes by theoretical analysis, and the numerical results show that the proposed schemes have a better performance in terms of the signaling cost than the current schemes. Meanwhile, the proposed schemes are also implemented on the test bed, and the experimental results not only verify the validity and feasibility of our proposed schemes, but also conclude the different scenarios to which they are applicable.

  18. Quantum-to-the-Home: Achieving Gbits/s Secure Key Rates via Commercial Off-the-Shelf Telecommunication Equipment

    Directory of Open Access Journals (Sweden)

    Rameez Asif

    2017-01-01

    Full Text Available There is current significant interest in Fiber-to-the-Home (FTTH networks, that is, end-to-end optical connectivity. Currently, it may be limited due to the presence of last-mile copper wire connections. However, in near future, it is envisaged that FTTH connections will exist, and a key offering would be the possibility of optical encryption that can best be implemented using Quantum Key Distribution (QKD. However, it is very important that the QKD infrastructure is compatible with the already existing networks for a smooth transition and integration with the classical data traffic. In this paper, we report the feasibility of using off-the-shelf telecommunication components to enable high performance Continuous Variable-Quantum Key Distribution (CV-QKD systems that can yield secure key rates in the range of 100 Mbits/s under practical operating conditions. Multilevel phase modulated signals (m-PSK are evaluated in terms of secure key rates and transmission distances. The traditional receiver is discussed, aided by the phase noise cancellation based digital signal processing module for detecting the complex quantum signals. Furthermore, we have discussed the compatibility of multiplexers and demultiplexers for wavelength division multiplexed Quantum-to-the-Home (QTTH network and the impact of splitting ratio is analyzed. The results are thoroughly compared with the commercially available high-cost encryption modules.

  19. A Secure Dynamic Identity and Chaotic Maps Based User Authentication and Key Agreement Scheme for e-Healthcare Systems.

    Science.gov (United States)

    Li, Chun-Ta; Lee, Cheng-Chi; Weng, Chi-Yao; Chen, Song-Jhih

    2016-11-01

    Secure user authentication schemes in many e-Healthcare applications try to prevent unauthorized users from intruding the e-Healthcare systems and a remote user and a medical server can establish session keys for securing the subsequent communications. However, many schemes does not mask the users' identity information while constructing a login session between two or more parties, even though personal privacy of users is a significant topic for e-Healthcare systems. In order to preserve personal privacy of users, dynamic identity based authentication schemes are hiding user's real identity during the process of network communications and only the medical server knows login user's identity. In addition, most of the existing dynamic identity based authentication schemes ignore the inputs verification during login condition and this flaw may subject to inefficiency in the case of incorrect inputs in the login phase. Regarding the use of secure authentication mechanisms for e-Healthcare systems, this paper presents a new dynamic identity and chaotic maps based authentication scheme and a secure data protection approach is employed in every session to prevent illegal intrusions. The proposed scheme can not only quickly detect incorrect inputs during the phases of login and password change but also can invalidate the future use of a lost/stolen smart card. Compared the functionality and efficiency with other authentication schemes recently, the proposed scheme satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for e-Healthcare systems.

  20. Security Standards and Best Practice Considerations for Quantum Key Distribution (QKD)

    Science.gov (United States)

    2012-03-01

    Establishment France Direction Centrale de la Sécurité des Systèmes d’Information Germany Bundesamt für Sicherheit in der Informationstechnik Japan...Information Technology Promotion Agency Netherlands National Communications Security Agency Spain Ministerio de Administraciones Públicas and Centro

  1. Diversification of oil import sources and energy security. A key strategy or an elusive objective?

    International Nuclear Information System (INIS)

    Vivoda, Vlado

    2009-01-01

    This paper explores the relationship between the diversification of sources of imported oil and energy security of oil-importing countries. It examines the importance of diversification policy for oil importers, explains why oil importers implement oil diversification policy, and contextualizes the oil import diversification strategy in the overall energy security policy of oil importers. The paper analyzes the factors and the contexts that affect the level of importance assigned to oil import diversification policy in oil-importing countries, and the limitations that may affect the successful implication of oil import diversification policy. The examples are drawn from the world's top three oil importers, the United States, Japan, and China. The policymakers in these and other oil-importing countries place much importance on energy security. The diversification of oil import sources is used as one of the strategies to enhance energy security in oil-importing countries. This paper is important for policymakers in oil-importing countries as it provides them with a qualitative conceptual framework with which to evaluate the need to diversify their countries' sources of imported oil, and with which to identify the likely limitations to the successful implementation of oil import diversification policy. (author)

  2. A Secure Key Establishment Protocol for ZigBee Wireless Sensor Networks

    DEFF Research Database (Denmark)

    Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

    2010-01-01

    ZigBee is a wireless sensor network standard that defines network and application layers on top of IEEE 802.15.4's physical and medium access control layers. In the latest version of ZigBee, enhancements are prescribed for the security sublayer but we show in this paper that problems persist...

  3. THE CYBERSECURITY OF AUTOMATED CONTROL SYSTEMS AS A KEY COMPONENT OF NATIONAL SECURITY

    Directory of Open Access Journals (Sweden)

    Galin R. Ivanov

    2016-10-01

    Full Text Available This article focuses on the current problems raised by the necessity to provide and ensure national cybersecurity. Moreover, it suggests measures for adequate counteraction to present-day cyber threats to automated control systems employed in the sector of national security.

  4. An optimized encoding method for secure key distribution by swapping quantum entanglement and its extension

    International Nuclear Information System (INIS)

    Gao Gan

    2015-01-01

    Song [Song D 2004 Phys. Rev. A 69 034301] first proposed two key distribution schemes with the symmetry feature. We find that, in the schemes, the private channels which Alice and Bob publicly announce the initial Bell state or the measurement result through are not needed in discovering keys, and Song’s encoding methods do not arrive at the optimization. Here, an optimized encoding method is given so that the efficiencies of Song’s schemes are improved by 7/3 times. Interestingly, this optimized encoding method can be extended to the key distribution scheme composed of generalized Bell states. (paper)

  5. Taking aim at medical identity theft. Document security key element to comply with government regulations.

    Science.gov (United States)

    Raymond, Colette

    2010-01-01

    Sensitive paper documents, such as patient records, customer data, and legal information, must be securely stored and destroyed when no longer needed. This is not only a good business practice that reduces costs and protects reputations, but also a legal and regulatory imperative. According to some experts, medical identity theft is the fastest-growing form of identity theft in North America. The Federal Trade Commission's Red Flags Rule, due to take effect June 1, 2010, requires banks; credit card companies; and, in some situations, retailers, hospitals, insurance companies, health clinics, and other organizations to store confidential personal information that can expose consumers to significant identity theft risks. This also includes healthcare providers and other organizations that are considered creditors according to their billing/payment procedures. This article highlights the steps healthcare providers must take to ensure data security.

  6. Security analysis of orthogonal-frequency-division-multiplexing-based continuous-variable quantum key distribution with imperfect modulation

    Science.gov (United States)

    Zhang, Hang; Mao, Yu; Huang, Duan; Li, Jiawei; Zhang, Ling; Guo, Ying

    2018-05-01

    We introduce a reliable scheme for continuous-variable quantum key distribution (CV-QKD) by using orthogonal frequency division multiplexing (OFDM). As a spectrally efficient multiplexing technique, OFDM allows a large number of closely spaced orthogonal subcarrier signals used to carry data on several parallel data streams or channels. We place emphasis on modulator impairments which would inevitably arise in the OFDM system and analyze how these impairments affect the OFDM-based CV-QKD system. Moreover, we also evaluate the security in the asymptotic limit and the Pirandola-Laurenza-Ottaviani-Banchi upper bound. Results indicate that although the emergence of imperfect modulation would bring about a slight decrease in the secret key bit rate of each subcarrier, the multiplexing technique combined with CV-QKD results in a desirable improvement on the total secret key bit rate which can raise the numerical value about an order of magnitude.

  7. The Key Conceptions of Social Security: the International Practice and Ukraine

    Directory of Open Access Journals (Sweden)

    Dluhopolska Tetiana I.

    2017-02-01

    Full Text Available The world-wide globalization processes and the political-military conflicts have exacerbated the problem of social security of the people of various world countries, which is usually seen from the perspective of both the State and the individual citizen. The article is aimed at analyzing the existing conceptions of social security from different perspectives – political, economic efficiency, and narrative. An analysis of political theories of social security (majority rational voting; pressure groups has determined that they are based on the redistribution processes, and winning of the individual economic agents is achieved in the political struggle for various «social prizes». An analysis of theories of efficiency (optimal redistribution; optimal retirement insurance; prodigal father; misguided Keynesian; longevity insurance; government economizes on administration costs; return on human capital investment has determined that they rely on market «fiasco» and can help in understanding which from the social protection programs minimize market failures. An analysis of the descriptive (narrative theories (chain letters; lump of labor; monopoly capitalism; nearly rational policy has determined that they are difficult subject to the mathematical interpretation and partially repeat ideas of the previous concepts.

  8. Rising food costs & global food security: Key issues & relevance for India

    Science.gov (United States)

    Gustafson, Daniel J.

    2013-01-01

    Rising food costs can have major impact on vulnerable households, pushing those least able to cope further into poverty and hunger. On the other hand, provided appropriate policies and infrastructure are in place, higher agricultural prices can also raise farmers’ incomes and rural wages, improve rural economies and stimulate investment for longer-term economic growth. High food prices since 2007 have had both short-term impacts and long-term consequences, both good and bad. This article reviews the evidence of how rising costs have affected global food security since the food price crisis of 2007-2008, and their impact on different categories of households and countries. In light of recent studies, we know more about how households, and countries, cope or not with food price shocks but a number of contentious issues remain. These include the adequacy of current estimates and the interpretation of national and household food and nutrition security indicators. India is a particularly important country in this regard, given the high number of food insecure, the relative weight of India in global estimates of food and nutrition insecurity, and the puzzles that remain concerning the country's reported declining per capita calorie consumption. Competing explanations for what is behind it are not in agreement, but these all point to the importance of policy and programme innovation and greater investment necessary to reach the achievable goal of food and nutrition security for all. PMID:24135190

  9. Rising food costs & global food security: Key issues & relevance for India

    Directory of Open Access Journals (Sweden)

    Daniel J Gustafson

    2013-01-01

    Full Text Available Rising food costs can have major impact on vulnerable households, pushing those least able to cope further into poverty and hunger. On the other hand, provided appropriate policies and infrastructure are in place, higher agricultural prices can also raise farmers′ incomes and rural wages, improve rural economies and stimulate investment for longer-term economic growth. High food prices since 2007 have had both short-term impacts and long-term consequences, both good and bad. This article reviews the evidence of how rising costs have affected global food security since the food price crisis of 2007-2008, and their impact on different categories of households and countries. In light of recent studies, we know more about how households, and countries, cope or not with food price shocks but a number of contentious issues remain. These include the adequacy of current estimates and the interpretation of national and household food and nutrition security indicators. India is a particularly important country in this regard, given the high number of food insecure, the relative weight of India in global estimates of food and nutrition insecurity, and the puzzles that remain concerning the country′s reported declining per capita calorie consumption. Competing explanations for what is behind it are not in agreement, but these all point to the importance of policy and programme innovation and greater investment necessary to reach the achievable goal of food and nutrition security for all.

  10. Rising food costs & global food security: key issues & relevance for India.

    Science.gov (United States)

    Gustafson, Daniel J

    2013-09-01

    Rising food costs can have major impact on vulnerable households, pushing those least able to cope further into poverty and hunger. On the other hand, provided appropriate policies and infrastructure are in place, higher agricultural prices can also raise farmers' incomes and rural wages, improve rural economies and stimulate investment for longer-term economic growth. High food prices since 2007 have had both short-term impacts and long-term consequences, both good and bad. This article reviews the evidence of how rising costs have affected global food security since the food price crisis of 2007-2008, and their impact on different categories of households and countries. In light of recent studies, we know more about how households, and countries, cope or not with food price shocks but a number of contentious issues remain. These include the adequacy of current estimates and the interpretation of national and household food and nutrition security indicators. India is a particularly important country in this regard, given the high number of food insecure, the relative weight of India in global estimates of food and nutrition insecurity, and the puzzles that remain concerning the country's reported declining per capita calorie consumption. Competing explanations for what is behind it are not in agreement, but these all point to the importance of policy and programme innovation and greater investment necessary to reach the achievable goal of food and nutrition security for all.

  11. An improved chaos-based secure communication technique using a novel encryption function with an embedded cipher key

    Energy Technology Data Exchange (ETDEWEB)

    Zaher, Ashraf A. [Physics Department, Science College, Kuwait University, P.O. Box 5969, Safat 13060 (Kuwait)], E-mail: ashraf.zaher@ku.edu.kw

    2009-12-15

    In this paper, a secure communication technique, using a chaotic system with a single adjustable parameter and a single observable time series, is proposed. The chosen chaotic system, which is a variant of the famous Rikitake model, has a special structure for which the adjustable parameter appears in the dynamic equation of the observable time series. This particular structure is used to build a synchronization-based state observer that is decoupled from the adaptive parameter identifier. A local Lyapunov function is used to design the parameter identifier, with an adjustable convergence rate that guarantees the stability of the overall system. A two-channel transmission method is used to exemplify the suggested technique where the secret message is encoded using a nonlinear function of both the chaotic states and the adjustable parameter of the chaotic system that acts as a secret key. Simulations show that, at the receiver, the signal can be efficiently retrieved only if the secret key is known, even when both the receiver and the transmitter are in perfect synchronization. The proposed technique is demonstrated to have improved security and privacy against intruders, when compared to other techniques reported in the literature, while being simple to implement using both analog and digital hardware. In addition, the chosen chaotic system is shown to be flexible in accommodating the transmission of signals with variable bandwidths, which promotes the superiority and versatility of the suggested secure communication technique.

  12. Security Analysis and Improvements of Two-Factor Mutual Authentication with Key Agreement in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Jiye Kim

    2014-04-01

    Full Text Available User authentication and key management are two important security issues in WSNs (Wireless Sensor Networks. In WSNs, for some applications, the user needs to obtain real-time data directly from sensors and several user authentication schemes have been recently proposed for this case. We found that a two-factor mutual authentication scheme with key agreement in WSNs is vulnerable to gateway node bypassing attacks and user impersonation attacks using secret data stored in sensor nodes or an attacker’s own smart card. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in unique ciphertext form in each node. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in a WSN operate with resource constraints such as limited power, computation, and storage space. Therefore, we also analyze the performance of the proposed scheme by comparing its computation and communication costs with those of other schemes.

  13. An improved chaos-based secure communication technique using a novel encryption function with an embedded cipher key

    International Nuclear Information System (INIS)

    Zaher, Ashraf A.

    2009-01-01

    In this paper, a secure communication technique, using a chaotic system with a single adjustable parameter and a single observable time series, is proposed. The chosen chaotic system, which is a variant of the famous Rikitake model, has a special structure for which the adjustable parameter appears in the dynamic equation of the observable time series. This particular structure is used to build a synchronization-based state observer that is decoupled from the adaptive parameter identifier. A local Lyapunov function is used to design the parameter identifier, with an adjustable convergence rate that guarantees the stability of the overall system. A two-channel transmission method is used to exemplify the suggested technique where the secret message is encoded using a nonlinear function of both the chaotic states and the adjustable parameter of the chaotic system that acts as a secret key. Simulations show that, at the receiver, the signal can be efficiently retrieved only if the secret key is known, even when both the receiver and the transmitter are in perfect synchronization. The proposed technique is demonstrated to have improved security and privacy against intruders, when compared to other techniques reported in the literature, while being simple to implement using both analog and digital hardware. In addition, the chosen chaotic system is shown to be flexible in accommodating the transmission of signals with variable bandwidths, which promotes the superiority and versatility of the suggested secure communication technique.

  14. Secure and Efficient Key Coordination Algorithm for Line Topology Network Maintenance for Use in Maritime Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Walid Elgenaidi

    2016-12-01

    Full Text Available There has been a significant increase in the proliferation and implementation of Wireless Sensor Networks (WSNs in different disciplines, including the monitoring of maritime environments, healthcare systems, and industrial sectors. It has now become critical to address the security issues of data communication while considering sensor node constraints. There are many proposed schemes, including the scheme being proposed in this paper, to ensure that there is a high level of security in WSNs. This paper presents a symmetric security scheme for a maritime coastal environment monitoring WSN. The scheme provides security for travelling packets via individually encrypted links between authenticated neighbors, thus avoiding a reiteration of a global rekeying process. Furthermore, this scheme proposes a dynamic update key based on a trusted node configuration, called a leader node, which works as a trusted third party. The technique has been implemented in real time on a Waspmote test bed sensor platform and the results from both field testing and indoor bench testing environments are discussed in this paper.

  15. Secure and Efficient Key Coordination Algorithm for Line Topology Network Maintenance for Use in Maritime Wireless Sensor Networks.

    Science.gov (United States)

    Elgenaidi, Walid; Newe, Thomas; O'Connell, Eoin; Toal, Daniel; Dooly, Gerard

    2016-12-21

    There has been a significant increase in the proliferation and implementation of Wireless Sensor Networks (WSNs) in different disciplines, including the monitoring of maritime environments, healthcare systems, and industrial sectors. It has now become critical to address the security issues of data communication while considering sensor node constraints. There are many proposed schemes, including the scheme being proposed in this paper, to ensure that there is a high level of security in WSNs. This paper presents a symmetric security scheme for a maritime coastal environment monitoring WSN. The scheme provides security for travelling packets via individually encrypted links between authenticated neighbors, thus avoiding a reiteration of a global rekeying process. Furthermore, this scheme proposes a dynamic update key based on a trusted node configuration, called a leader node, which works as a trusted third party. The technique has been implemented in real time on a Waspmote test bed sensor platform and the results from both field testing and indoor bench testing environments are discussed in this paper.

  16. Security of continuous-variable quantum key distribution: towards a de Finetti theorem for rotation symmetry in phase space

    International Nuclear Information System (INIS)

    Leverrier, A; Karpov, E; Cerf, N J; Grangier, P

    2009-01-01

    Proving the unconditional security of quantum key distribution (QKD) is a highly challenging task as one needs to determine the most efficient attack compatible with experimental data. This task is even more demanding for continuous-variable QKD as the Hilbert space where the protocol is described is infinite dimensional. A possible strategy to address this problem is to make an extensive use of the symmetries of the protocol. In this paper, we investigate a rotation symmetry in phase space that is particularly relevant to continuous-variable QKD, and explore the way towards a new quantum de Finetti theorem that would exploit this symmetry and provide a powerful tool to assess the security of continuous-variable protocols. As a first step, a single-party asymptotic version of this quantum de Finetti theorem in phase space is derived.

  17. New Secure E-mail System Based on Bio-Chaos Key Generation and Modified AES Algorithm

    Science.gov (United States)

    Hoomod, Haider K.; Radi, A. M.

    2018-05-01

    The E-mail messages exchanged between sender’s Mailbox and recipient’s Mailbox over the open systems and insecure Networks. These messages may be vulnerable to eavesdropping and itself poses a real threat to the privacy and data integrity from unauthorized persons. The E-mail Security includes the following properties (Confidentiality, Authentication, Message integrity). We need a safe encryption algorithm to encrypt Email messages such as the algorithm Advanced Encryption Standard (AES) or Data Encryption Standard DES, as well as biometric recognition and chaotic system. The proposed E-mail system security uses modified AES algorithm and uses secret key-bio-chaos that consist of biometric (Fingerprint) and chaotic system (Lu and Lorenz). This modification makes the proposed system more sensitive and random. The execution time for both encryption and decryption of the proposed system is much less from original AES, in addition to being compatible with all Mail Servers.

  18. Best-Practice Criteria for Practical Security of Self-Differencing Avalanche Photodiode Detectors in Quantum Key Distribution

    Science.gov (United States)

    Koehler-Sidki, A.; Dynes, J. F.; Lucamarini, M.; Roberts, G. L.; Sharpe, A. W.; Yuan, Z. L.; Shields, A. J.

    2018-04-01

    Fast-gated avalanche photodiodes (APDs) are the most commonly used single photon detectors for high-bit-rate quantum key distribution (QKD). Their robustness against external attacks is crucial to the overall security of a QKD system, or even an entire QKD network. We investigate the behavior of a gigahertz-gated, self-differencing (In,Ga)As APD under strong illumination, a tactic Eve often uses to bring detectors under her control. Our experiment and modeling reveal that the negative feedback by the photocurrent safeguards the detector from being blinded through reducing its avalanche probability and/or strengthening the capacitive response. Based on this finding, we propose a set of best-practice criteria for designing and operating fast-gated APD detectors to ensure their practical security in QKD.

  19. A Family of Key Agreement Mechanisms for Mission Critical Communications for Secure Mobile Ad Hoc and Wireless Mesh Internetworking

    Directory of Open Access Journals (Sweden)

    Tryfonas Theo

    2011-01-01

    Full Text Available Future wireless networks like mobile ad hoc networks and wireless mesh networks are expected to play important role in demanding communications such as mission critical communications. MANETs are ideal for emergency cases where the communication infrastructure has been completely destroyed and there is a need for quick set up of communications among the rescue/emergency workers. In such emergency scenarios wireless mesh networks may be employed in a later phase for providing advanced communications and services acting as a backbone network in the affected area. Internetworking of both types of future networks will provide a broad range of mission critical applications. While offering many advantages, such as flexibility, easy of deployment and low cost, MANETs and mesh networks face important security and resilience threats, especially for such demanding applications. We introduce a family of key agreement methods based on weak to strong authentication associated with several multiparty contributory key establishment methods. We examine the attributes of each key establishment method and how each method can be better applied in different scenarios. The proposed protocols support seamlessly both types of networks and consider system and application requirements such as efficient and secure internetworking, dynamicity of network topologies and support of thin clients.

  20. An Efficient SDN Multicast Architecture for Dynamic Industrial IoT Environments

    Directory of Open Access Journals (Sweden)

    Hyeong-Su Kim

    2018-01-01

    Full Text Available Large-scale industrial IoT services appear in smart factory domains such as factory clouds which integrate distributed small factories into a large virtual factory with dynamic combination based on orders of consumers. A smart factory has so many industrial elements including various sensors/actuators, gateways, controllers, application servers, and IoT clouds. Since there are complex connections and relations, it is hard to handle them in point-to-point manner. In addition, many duplicated traffics are exchanged between them through the Internet. Multicast is believed as an effective many-to-many communication mechanism by establishing multicast trees between sources and receivers. There are, however, some issues for adopting multicast to large-scale industrial IoT services in terms of QoS. In this paper, we propose a novel software-defined network multicast based on group shared tree which includes near-receiver rendezvous point selection algorithm and group shared tree switching mechanism. As a result, the proposed multicast mechanism can reduce the packet loss by 90% compared to the legacy methods under severe congestion condition. GST switching method obtains to decreased packet delay effect, respectively, 2%, 20% better than the previously studied multicast and the legacy SDN multicast.

  1. A Multicast Sparse-Grooming Algorithm Based on Network Coding in WDM Networks

    Science.gov (United States)

    Zhang, Shengfeng; Peng, Han; Sui, Meng; Liu, Huanlin

    2015-03-01

    To improve the limited number of wavelength utilization and decrease the traffic blocking probability in sparse-grooming wavelength-division multiplexing (WDM) networks, a multicast sparse-grooming algorithm based on network coding (MCSA-NC) is put forward to solve the routing problem for dynamic multicast requests in this paper. In the proposed algorithm, a traffic partition strategy, that the coarse-granularity multicast request with grooming capability on the source node is split into several fine-granularity multicast requests, is designed so as to increase the probability for traffic grooming successfully in MCSA-NC. Besides considering that multiple destinations should receive the data from source of the multicast request at the same time, the traditional transmission mechanism is improved by constructing edge-disjoint paths for each split multicast request. Moreover, in order to reduce the number of wavelengths required and further decrease the traffic blocking probability, a light-tree reconfiguration mechanism is presented in the MCSA-NC, which can select a minimal cost light tree from the established edge-disjoint paths for a new multicast request.

  2. The MIM web gateway to IP multicast e-meetings

    Science.gov (United States)

    Parviainen, Roland; Parnes, Peter

    2003-12-01

    As video conferencing and e-meeting systems are used more and more on the Internet and in businesses it becomes increasingly important to be able to participate from any computer at any location. Often this is impossible, since these systems requires often special software that are not available everywhere or impossible to install for administrative reasons. Many locations also lack the necessary network infrastructure such as IP multicast. This paper presents a WWW gateway system that enables users to participate using only a standard web browser. The design and architecture of the system are described and performance tests that show the scalability of the system are also presented.

  3. Ruteo multicast mediante algoritmos genéticos

    OpenAIRE

    Klenzi, Raúl O.; Sánchez Tores, Héctor A.; Ortega, Manuel Oscar; Naranjo, Viviana; Espósito, Gabriela

    2000-01-01

    Los sistemas o redes de comunicación construidos teniendo en cuenta el modelo de referencia OSI (Open Systems lnterconection) o la arquitectura de Internet, fueron diseñados para soportar servicios o comunicaciones punto a punto, donde la información fluye entre dos usuarios únicamente. Uno de los tópicos en el cual las redes de computadoras actuales están poniendo mucho énfasis, proviene de las aplicaciones multicast o de grupo. Estas involucran más de dos usuarios (estos usuarios definen...

  4. Temporal steering and security of quantum key distribution with mutually unbiased bases against individual attacks

    Czech Academy of Sciences Publication Activity Database

    Bartkiewicz, K.; Černoch, Antonín; Lemr, K.; Miranowicz, A.; Nori, F.

    2016-01-01

    Roč. 93, č. 6 (2016), 1-7, č. článku 062345. ISSN 2469-9926 R&D Projects: GA ČR GAP205/12/0382 Institutional support: RVO:68378271 Keywords : quantum key distribution * Einstein-Podolsky-Rosen steering * temporal quantum correlations Subject RIV: BH - Optics, Masers, Lasers Impact factor: 2.925, year: 2016

  5. Peak Phosphorus: Clarifying the Key Issues of a Vigorous Debate about Long-Term Phosphorus Security

    Directory of Open Access Journals (Sweden)

    Stuart White

    2011-10-01

    Full Text Available This paper reviews the latest information and perspectives on global phosphorus scarcity. Phosphorus is essential for food production and modern agriculture currently sources phosphorus fertilizers from finite phosphate rock. The 2008 food and phosphate fertilizer price spikes triggered increased concerns regarding the depletion timeline of phosphate rock reserves. While estimates range from 30 to 300 years and are shrouded by lack of publicly available data and substantial uncertainty, there is a general consensus that the quality and accessibility of remaining reserves are decreasing and costs will increase. This paper clarifies common sources of misunderstandings about phosphorus scarcity and identifies areas of consensus. It then asks, despite some persistent uncertainty, what would it take to achieve global phosphorus security? What would a ‘hard-landing’ response look like and how could preferred ‘soft-landing’ responses be achieved?

  6. Evaluation of Key Dependent S-Box Based Data Security Algorithm using Hamming Distance and Balanced Output

    Directory of Open Access Journals (Sweden)

    Balajee Maram K.

    2016-02-01

    Full Text Available Data security is a major issue because of rapid evolution of data communication over unsecured internetwork. Here the proposed system is concerned with the problem of randomly generated S-box. The generation of S-box depends on Pseudo-Random-Number-Generators and shared-secret-key. The process of Pseudo-Random-Number-Generator depends on large prime numbers. All Pseudo-Random-Numbers are scrambled according to shared-secret-key. After scrambling, the S-box is generated. In this research, large prime numbers are the inputs to the Pseudo-Random-Number-Generator. The proposed S-box will reduce the complexity of S-box generation. Based on S-box parameters, it experimentally investigates the quality and robustness of the proposed algorithm which was tested. It yields better results with the S-box parameters like Hamming Distance, Balanced Output and Avalanche Effect and can be embedded to popular cryptography algorithms

  7. Kochen-Specker theorem as a precondition for secure quantum key distribution

    International Nuclear Information System (INIS)

    Nagata, Koji

    2005-01-01

    We show that (1) the violation of the Ekert 1991 inequality is a sufficient condition for certification of the Kochen-Specker (KS) theorem, and (2) the violation of the Bennett-Brassard-Mermin 1992 (BBM92) inequality is, also, a sufficient condition for certification of the KS theorem. Therefore the success in each quantum key distribution protocol reveals the nonclassical feature of quantum theory, in the sense that the KS realism is violated. Further, it turned out that the Ekert inequality and the BBM inequality are depictured by distillable entanglement witness inequalities. Here, we connect the success in these two key distribution processes into the no-hidden-variables theorem and into witness on distillable entanglement. We also discuss the explicit difference between the KS realism and Bell's local realism in the Hilbert space formalism of quantum theory

  8. Desynchronization Chaos Shift Keying Method Based on the Error Second Derivative and Its Security Analysis

    Czech Academy of Sciences Publication Activity Database

    Čelikovský, Sergej; Lynnyk, Volodymyr

    2012-01-01

    Roč. 22, č. 9 (2012), 1250231-1-1250231-11 ISSN 0218-1274 R&D Projects: GA ČR(CZ) GAP103/12/1794 Institutional support: RVO:67985556 Keywords : Nonlinear system * desynchronization * chaos shift keying * generalized Lorenz system Subject RIV: BC - Control Systems Theory Impact factor: 0.921, year: 2012 http://library.utia.cas.cz/separaty/2012/TR/celikovsky-0381701.pdf

  9. Exploring the Key Challenges: Adaptability, Sustainability, Interoperability and Security to M-payment

    OpenAIRE

    Rashmi Mantri; Junkang Feng

    2011-01-01

    Abstract: Any payment which uses mobile device as payment method is called M-payment whether it is proximity or remote and online or point of sale. Since it has been identified that mobile phone is everywhere and ever-present essential consumer device, and could be used for payment offline or online, Mobile payment has been hyped significantly. However early market adoption is facing some challenges and in need of the unanimous effort of all key players (manufacturers, mobile operators, merch...

  10. Development of a real-time monitoring system and integration of different computer system in LHD experiments using IP multicast

    International Nuclear Information System (INIS)

    Emoto, Masahiko; Nakamura, Yukio; Teramachi, Yasuaki; Okumura, Haruhiko; Yamaguchi, Satarou

    2002-01-01

    There are several different computer systems in LHD (Large Helical Device) experiment, and therefore the coalition of these computers is a key to perform the experiment. Real-time monitoring system is also important because the long discharge is needed in the LHD experiment. In order to achieve these two requirements, the technique of IP multicast is adopted. The authors have developed three new systems, the first one is the real-time monitoring system, the next one is the delivery system of the shot number and the last one is the real-time notification system of the plasma data registration. The first system can deliver the real-time monitoring data to the LHD experimental LAN through the firewall of the LHD control LAN in NIFS. The other two systems are used to realize high coalition of the different computers in the LHD plasma experiment. We can conclude that IP multicast is very useful both in the LHD experiment and a future large plasma experiment from various experiences. (author)

  11. IPTV multicast with peer-assisted lossy error control

    Science.gov (United States)

    Li, Zhi; Zhu, Xiaoqing; Begen, Ali C.; Girod, Bernd

    2010-07-01

    Emerging IPTV technology uses source-specific IP multicast to deliver television programs to end-users. To provide reliable IPTV services over the error-prone DSL access networks, a combination of multicast forward error correction (FEC) and unicast retransmissions is employed to mitigate the impulse noises in DSL links. In existing systems, the retransmission function is provided by the Retransmission Servers sitting at the edge of the core network. In this work, we propose an alternative distributed solution where the burden of packet loss repair is partially shifted to the peer IP set-top boxes. Through Peer-Assisted Repair (PAR) protocol, we demonstrate how the packet repairs can be delivered in a timely, reliable and decentralized manner using the combination of server-peer coordination and redundancy of repairs. We also show that this distributed protocol can be seamlessly integrated with an application-layer source-aware error protection mechanism called forward and retransmitted Systematic Lossy Error Protection (SLEP/SLEPr). Simulations show that this joint PARSLEP/ SLEPr framework not only effectively mitigates the bottleneck experienced by the Retransmission Servers, thus greatly enhancing the scalability of the system, but also efficiently improves the resistance to the impulse noise.

  12. Security and skills: the two key issues in health worker migration

    Directory of Open Access Journals (Sweden)

    Posy Bidwell

    2014-07-01

    concerns over security, crime, and racial tensions are resolved. However, good working conditions in the private sector in South Africa provide an occupational incentive to return if security did improve. Potential migrants should be made more aware of the risks of losing skills while working abroad that might prejudice return. In addition, re-skilling initiatives should be encouraged.

  13. Security and skills: the two key issues in health worker migration.

    Science.gov (United States)

    Bidwell, Posy; Laxmikanth, Pallavi; Blacklock, Claire; Hayward, Gail; Willcox, Merlin; Peersman, Wim; Moosa, Shabir; Mant, David

    2014-01-01

    Migration of health workers from Africa continues to undermine the universal provision of quality health care. South Africa is an epicentre for migration--it exports more health workers to high-income countries than any other African country and imports health workers from its lower-income neighbours to fill the gap. Although an inter-governmental agreement in 2003 reduced the very high numbers migrating from South Africa to the United Kingdom, migration continues to other high-income English-speaking countries and few workers seem to return although the financial incentive to work abroad has lessened. A deeper understanding of reasons for migration from South Africa and post-migration experiences is therefore needed to underpin policy which is developed in order to improve retention within source countries and encourage return. Semi-structured interviews were conducted with 16 South African doctors and nurses who had migrated to the United Kingdom. Interviews explored factors influencing the decision to migrate and post-migration experiences. Salary, career progression, and poor working conditions were not major push factors for migration. Many health workers reported that they had previously overcome these issues within the South African healthcare system by migrating to the private sector. Overwhelmingly, the major push factors were insecurity, high levels of crime, and racial tension. Although the wish to work and train in what was perceived to be a first-class care system was a pull factor to migrate to the United Kingdom, many were disappointed by the experience. Instead of obtaining new skills, many (particularly nurses) felt they had become 'de-skilled'. Many also felt that working conditions and opportunities for them in the UK National Health Service (NHS) compared unfavourably with the private sector in South Africa. Migration from South Africa seems unlikely to diminish until the major concerns over security, crime, and racial tensions are resolved

  14. Optimización multiobjetivo para enrutamiento multicast en overlay networks utilizando algoritmos evolutivos Multiobjective Optimization for Multicast Routing in Overlay Networks using Evolutionary Algorithms

    Directory of Open Access Journals (Sweden)

    Juan Carlos Montoya M.

    2008-06-01

    Full Text Available Multicast juega un papel muy importante para soportar una nueva generación de aplicaciones. En la actualidad y por diferentes razones, técnicas y no técnicas, multicast IP no ha sido totalmente adoptado en Internet. Durante los últimos a˜nos, un área de investigación activa es la de implementar este tipo de tráfico desde la perspectiva del nivel de aplicación, donde la funcionalidad de multicast no es responsabilidad de los enrutadores sino de los hosts, a lo que se le conoce como Multicast Overlay Network (MON. En este artículo se plantea el enrutamiento en MON como un problema de Optimización Multiobjetivo (MOP donde se optimizan dos funciones: 1 el retardo total extremo a extremo del árbol multicast, y 2 la máxima utilización de los enlaces. La optimización simultánea de estas dos funciones es un problema NP completo y para resolverlo se propone utilizar Algoritmos Evolutivos Multiobjetivos (MOEA, específicamente NSGAIMulticast plays an important role in supporting a new generation of applications. At present and for different reasons, technical and non–technical, multicast IP hasn’t yet been totally adopted for Internet. During recent years, an active area of research is that of implementing this kind of traffic in the application layer where the multicast functionality isn´t a responsibility of the routers but that of the hosts, which we know as Multicast Overlay Networks (MON. In this article, routing in an MON is put forward as a multiobjective optimization problem (MOP where two functions are optimized: 1 the total end to end delay of the multicast tree and 2 the maximum link utilization. The simultaneous optimization of these two functions is an NP–Complete problem and to solve this we suggest using Multiobjective Evolutionary Algorithms (MOEA, specifically NSGA–II.

  15. Throughput, Energy and Overhead of Multicast Device-to-Device Communications with Network Coded Cooperation

    DEFF Research Database (Denmark)

    Hernandez, Nestor; Heide, Janus; Roetter, Daniel Enrique Lucani

    2017-01-01

    , this assumes that the throughput gains and energy savings in multicasting are much larger between devices than the base station to the receivers. However, current mobile networks suffer from many different issues varying the performance in data rates, which calls into question these assumptions. Therefore......, a first objective of this work is to assess the operating regions where employing cooperation results in higher throughput and/or energy savings. We consider multicast scenarios with network coded mechanisms employing Random Linear Network Coding (RLNC). However, although RLNC is good for low amount...... of transmissions in multicast, it has an inherent overhead from extreme high or low field related caveats. Thus, as a second objective, we review and propose the application of new network codes that posses low overhead for multicasting, by having a short representation and low dependence probability. We provide...

  16. Dynamic segment shared protection for multicast traffic in meshed wavelength-division-multiplexing optical networks

    Science.gov (United States)

    Liao, Luhua; Li, Lemin; Wang, Sheng

    2006-12-01

    We investigate the protection approach for dynamic multicast traffic under shared risk link group (SRLG) constraints in meshed wavelength-division-multiplexing optical networks. We present a shared protection algorithm called dynamic segment shared protection for multicast traffic (DSSPM), which can dynamically adjust the link cost according to the current network state and can establish a primary light-tree as well as corresponding SRLG-disjoint backup segments for a dependable multicast connection. A backup segment can efficiently share the wavelength capacity of its working tree and the common resources of other backup segments based on SRLG-disjoint constraints. The simulation results show that DSSPM not only can protect the multicast sessions against a single-SRLG breakdown, but can make better use of the wavelength resources and also lower the network blocking probability.

  17. Efficient round-robin multicast scheduling for input-queued switches

    DEFF Research Database (Denmark)

    Rasmussen, Anders; Yu, Hao; Ruepp, Sarah Renée

    2014-01-01

    The input-queued (IQ) switch architecture is favoured for designing multicast high-speed switches because of its scalability and low implementation complexity. However, using the first-in-first-out (FIFO) queueing discipline at each input of the switch may cause the head-of-line (HOL) blocking...... problem. Using a separate queue for each output port at an input to reduce the HOL blocking, that is, the virtual output queuing discipline, increases the implementation complexity, which limits the scalability. Given the increasing link speed and network capacity, a low-complexity yet efficient multicast...... by means of queue look-ahead. Simulation results demonstrate that this FIFO-based IQ multicast architecture is able to achieve significant improvements in terms of multicast latency requirements by searching through a small number of cells beyond the HOL cells in the input queues. Furthermore, hardware...

  18. Reliable Multicast MAC Protocol for IEEE 802.11 Wireless LANs with Extended Service Range

    Science.gov (United States)

    Choi, Woo-Yong

    2011-11-01

    In this paper, we propose the efficient reliable multicast MAC protocol by which the AP (Access Point) can transmit reliably its multicast data frames to the recipients in the AP's one-hop or two-hop transmission range. The AP uses the STAs (Stations) that are directly associated with itself as the relays for the data delivery to the remote recipients that cannot be reached directly from itself. Based on the connectivity information among the recipients, the reliable multicast MAC protocol optimizes the number of the RAK (Request for ACK) frame transmissions in a reasonable computational time. Numerical examples show that our proposed MAC protocol significantly enhances the MAC performance compared with the BMMM (Batch Mode Multicast MAC) protocol that is extended to support the recipients that are in the AP's one-hop or two-hop transmission range in IEEE 802.11 wireless LANs.

  19. Corrections to "Connectivity-Based Reliable Multicast MAC Protocol for IEEE 802.11 Wireless LANs"

    Directory of Open Access Journals (Sweden)

    Choi Woo-Yong

    2010-01-01

    Full Text Available We have found the errors in the throughput formulae presented in our paper "Connectivity-based reliable multicast MAC protocol for IEEE 802.11 wireless LANs". We provide the corrected formulae and numerical results.

  20. Food Supply Security and Import Substitution as the Key Strategic Objectives of the Modern Agricultural Policy

    Directory of Open Access Journals (Sweden)

    Anatoly Ivanovich Altukhov

    2015-09-01

    Full Text Available A crucially new social- and economic situation has shaped up by now in the rural areas and agricultural sphere; in its many instances such situation does not fit in the national agricultural policy in effect called upon to be a long-term instrument for economic adjustment of the agro-food market and state support of the agricultural sphere, most significantly, its foundation — the farming sector. Ensuring of food supply security by import substitution in the age of the national farm product markets globalization is possible in the macro-economic conditions promoting the development of the agricultural sector. The main reason that retards this sector development is inequitable cross-sector exchange at sacrifice of the agricultural industry. The article sets forward and approbates the author’s method of simple assessment procedure of how the price cross-sector relations and state financial support (in the form of subsidies of the agricultural enterprises influence their profitability generation. Further to the assessment, the following conclusions have been made: — in view of the tangible contribution of the agricultural sector to the country economy, this sector is self-reliant for its own development, i.e. the state is reasonably in a position to increase expenses for eliminating negative consequences of inequitable crosssector exchange; — the amount of expenses for state financial support is supposed to enable the agricultural commodity producers to generate profitability to the level that can stimulate the farm workers’ labour efficiency and build up a system of affordable credit facilities for the objects of techno-engineering modernization necessary to produce competitive products. — the issue of improving the competitiveness of agricultural production should be addressed in the first place at the federal level. Among the essential factors to increase the competitiveness of specific types of domestic food products and

  1. Pseudo-Cycle-Based Multicast Routing in Wormhole-Routed Networks

    Institute of Scientific and Technical Information of China (English)

    SONG JianPing (宋建平); HOU ZiFeng (侯紫峰); XU Ming (许铭)

    2003-01-01

    This paper addresses the problem of fault-tolerant multicast routing in wormholerouted multicomputers. A new pseudo-cycle-based routing method is presented for constructing deadlock-free multicast routing algorithms. With at most two virtual channels this technique can be applied to any connected networks with arbitrary topologies. Simulation results show that this technique results in negligible performance degradation even in the presence of a large number of faulty nodes.

  2. Bit rate maximization for multicast LP-OFDM systems in PLC context

    OpenAIRE

    Maiga , Ali; Baudais , Jean-Yves; Hélard , Jean-François

    2009-01-01

    ISBN: 978-88-900984-8-2.; International audience; In this paper, we propose a new resource allocation algorithm based on linear precoding technique for multicast OFDM systems. Linear precoding technique applied to OFDM systems has already proved its ability to significantly increase the system throughput in a powerline communication (PLC) context. Simulations through PLC channels show that this algorithm outperforms the classical multicast method (up to 7.3% bit rate gain) and gives better pe...

  3. History-based Adaptive Modulation for a Downlink Multicast Channel in OFDMA systems

    DEFF Research Database (Denmark)

    Wang, Haibo; Schwefel, Hans-Peter; Toftegaard, Thomas Skjødeberg

    2008-01-01

    In this paper we investigated the adaptive modulation strategies for Multicast service in orthogonal frequency division multiple access systems. We defined a Reward function as the performance optimization target and developed adaptive modulation strategies to maximize this Reward function....... The proposed optimization algorithm varied the instantaneous BER constraint of each mobile Multicast receiver according to its individual cumulated BER, which resulted in a significant Reward gain....

  4. A Multicast Protocol Utilizing On-demand Routing Strategy for MPRN

    Institute of Scientific and Technical Information of China (English)

    2002-01-01

    This paper proposes a multicast protocol utilizing ondemand routing strategy for mobile packet radio network. It does not maintain permanent route tables with full topological views. Instead, multicast senders apply on-demand procedures to dynamically discover routes and build forwarding group in this protocol. The data packets are propagated by each forwarding group member via scoped flooding, so the protocol can reduce network bandwidth overhead and avoid the propagation of potentially large routing updates throughout the network.

  5. Polarization Insensitive One-to-Six WDM Multicasting in a Silicon Nanowire

    DEFF Research Database (Denmark)

    Pu, Minhao; Hu, Hao; Peucheret, Christophe

    2012-01-01

    We present polarization insensitive one-to-six WDM multicasting based on nondegenerate four-wave mixing in a silicon nanowire with angled-pump scheme. Bit-error rate measurements are performed and error-free operation is achieved.......We present polarization insensitive one-to-six WDM multicasting based on nondegenerate four-wave mixing in a silicon nanowire with angled-pump scheme. Bit-error rate measurements are performed and error-free operation is achieved....

  6. QoS Supported IPTV Service Architecture over Hybrid-Tree-Based Explicit Routed Multicast Network

    Directory of Open Access Journals (Sweden)

    Chih-Chao Wen

    2012-01-01

    Full Text Available With the rapid advance in multimedia streaming and multicast transport technology, current IP multicast protocols, especially PIM-SM, become the major channel delivery mechanism for IPTV system over Internet. The goals for IPTV service are to provide two-way interactive services for viewers to select popular program channel with high quality for watching during fast channel surfing period. However, existing IP multicast protocol cannot meet above QoS requirements for IPTV applications between media server and subscribers. Therefore, we propose a cooperative scheme of hybrid-tree based on explicit routed multicast, called as HT-ERM to combine the advantages of shared tree and source tree for QoS-supported IPTV service. To increase network utilization, the constrained shortest path first (CSPF routing algorithm is designed for construction of hybrid tree to deliver the high-quality video stream over watching channel and standard quality over surfing channel. Furthermore, the Resource Reservation Protocol- Traffic Engineering (RSVP-TE is used as signaling mechanism to set up QoS path for multicast channel admission control. Our simulation results demonstrated that the proposed HT-ERM scheme outperforms other multicast QoS-based delivery scheme in terms of channel switching delay, resource utilization, and blocking ratio for IPTV service.

  7. Multicast routing for wavelength-routed WDM networks with dynamic membership

    Science.gov (United States)

    Huang, Nen-Fu; Liu, Te-Lung; Wang, Yao-Tzung; Li, Bo

    2000-09-01

    Future broadband networks must support integrated services and offer flexible bandwidth usage. In our previous work, we explore the optical link control layer on the top of optical layer that enables the possibility of bandwidth on-demand service directly over wavelength division multiplexed (WDM) networks. Today, more and more applications and services such as video-conferencing software and Virtual LAN service require multicast support over the underlying networks. Currently, it is difficult to provide wavelength multicast over the optical switches without optical/electronic conversions although the conversion takes extra cost. In this paper, based on the proposed wavelength router architecture (equipped with ATM switches to offer O/E and E/O conversions when necessary), a dynamic multicast routing algorithm is proposed to furnish multicast services over WDM networks. The goal is to joint a new group member into the multicast tree so that the cost, including the link cost and the optical/electronic conversion cost, is kept as less as possible. The effectiveness of the proposed wavelength router architecture as well as the dynamic multicast algorithm is evaluated by simulation.

  8. Enhancing Critical Infrastructure and Key Resources (CIKR) Level-0 Physical Process Security Using Field Device Distinct Native Attribute Features

    Energy Technology Data Exchange (ETDEWEB)

    Lopez, Juan [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Liefer, Nathan C. [Wright-Patterson AFB, Dayton, OH (United States); Busho, Colin R. [Wright-Patterson AFB, Dayton, OH (United States); Temple, Michael A. [Wright-Patterson AFB, Dayton, OH (United States)

    2017-12-04

    Here, the need for improved Critical Infrastructure and Key Resource (CIKR) security is unquestioned and there has been minimal emphasis on Level-0 (PHY Process) improvements. Wired Signal Distinct Native Attribute (WS-DNA) Fingerprinting is investigated here as a non-intrusive PHY-based security augmentation to support an envisioned layered security strategy. Results are based on experimental response collections from Highway Addressable Remote Transducer (HART) Differential Pressure Transmitter (DPT) devices from three manufacturers (Yokogawa, Honeywell, Endress+Hauer) installed in an automated process control system. Device discrimination is assessed using Time Domain (TD) and Slope-Based FSK (SB-FSK) fingerprints input to Multiple Discriminant Analysis, Maximum Likelihood (MDA/ML) and Random Forest (RndF) classifiers. For 12 different classes (two devices per manufacturer at two distinct set points), both classifiers performed reliably and achieved an arbitrary performance benchmark of average cross-class percent correct of %C > 90%. The least challenging cross-manufacturer results included near-perfect %C ≈ 100%, while the more challenging like-model (serial number) discrimination results included 90%< %C < 100%, with TD Fingerprinting marginally outperforming SB-FSK Fingerprinting; SB-FSK benefits from having less stringent response alignment and registration requirements. The RndF classifier was most beneficial and enabled reliable selection of dimensionally reduced fingerprint subsets that minimize data storage and computational requirements. The RndF selected feature sets contained 15% of the full-dimensional feature sets and only suffered a worst case %CΔ = 3% to 4% performance degradation.

  9. Security of quantum key distribution with a laser reference coherent state, resistant to loss in the communication channel

    International Nuclear Information System (INIS)

    Molotkov, S N; Potapova, T A

    2015-01-01

    The problem of quantum key distribution security in channels with large losses is still open. Quasi-single-photon sources of quantum states with losses in the quantum communication channel open up the possibility of attacking with unambiguous state discrimination (USD) measurements, resulting in a loss of privacy. In this letter, the problem is solved by counting the classic reference pulses. Conservation of the number of counts of intense coherent pulses makes it impossible to conduct USD measurements. Moreover, the losses in the communication channel are considered to be unknown in advance and are subject to change throughout the series parcels. Unlike other protocols, differential phase shift (Inoue et al 2002 Phys. Rev. Lett. 89 037902, Inoue et al 2003 Phys. Rev. A 68 022317, Takesue et al 2007 Nat. Photon. 1 343, Wen et al 2009 Phys. Rev. Lett. 103 170503) and coherent one way (Stucki et al 2005 Appl. Phys. Lett. 87 194108, Branciard et al 2005 Appl. Phys. Lett. 87 194108, Branciard et al 2008 New J. Phys. 10 013031, Stucki et al 2008 Opt. Express 17 13326), the simplicity of the protocol makes it possible to carry out a complete analysis of its security. (letter)

  10. Simulation-Based Performance Evaluation of Predictive-Hashing Based Multicast Authentication Protocol

    Directory of Open Access Journals (Sweden)

    Seonho Choi

    2012-12-01

    Full Text Available A predictive-hashing based Denial-of-Service (DoS resistant multicast authentication protocol was proposed based upon predictive-hashing, one-way key chain, erasure codes, and distillation codes techniques [4, 5]. It was claimed that this new scheme should be more resistant to various types of DoS attacks, and its worst-case resource requirements were derived in terms of coarse-level system parameters including CPU times for signature verification and erasure/distillation decoding operations, attack levels, etc. To show the effectiveness of our approach and to analyze exact resource requirements in various attack scenarios with different parameter settings, we designed and implemented an attack simulator which is platformindependent. Various attack scenarios may be created with different attack types and parameters against a receiver equipped with the predictive-hashing based protocol. The design of the simulator is explained, and the simulation results are presented with detailed resource usage statistics. In addition, resistance level to various types of DoS attacks is formulated with a newly defined resistance metric. By comparing these results to those from another approach, PRABS [8], we show that the resistance level of our protocol is greatly enhanced even in the presence of many attack streams.

  11. Optimal Caching in Multicast 5G Networks with Opportunistic Spectrum Access

    KAUST Repository

    Emara, Mostafa

    2018-01-15

    Cache-enabled small base station (SBS) densification is foreseen as a key component of 5G cellular networks. This architecture enables storing popular files at the network edge (i.e., SBS caches), which empowers local communication and alleviates traffic congestions at the core/backhaul network. This paper develops a mathematical framework, based on stochastic geometry, to characterize the hit probability of a cache-enabled multicast 5G network with SBS multi-channel capabilities and opportunistic spectrum access. To this end, we first derive the hit probability by characterizing opportunistic spectrum access success probabilities, service distance distributions, and coverage probabilities. The optimal caching distribution to maximize the hit probability is then computed. The performance and trade-offs of the derived optimal caching distributions are then assessed and compared with two widely employed caching distribution schemes, namely uniform and Zipf caching, through numerical results and extensive simulations. It is shown that the Zipf caching almost optimal only in scenarios with large number of available channels and large cache sizes.

  12. Security and gain improvement of a practical quantum key distribution using a gated single-photon source and probabilistic photon-number resolution

    International Nuclear Information System (INIS)

    Horikiri, Tomoyuki; Sasaki, Hideki; Wang, Haibo; Kobayashi, Takayoshi

    2005-01-01

    We propose a high security quantum key distribution (QKD) scheme utilizing one mode of spontaneous parametric downconversion gated by a photon number resolving detector. This photon number measurement is possible by using single-photon detectors operating at room temperature and optical fibers. By post selection, the multiphoton probability in this scheme can be reduced to lower than that of a scheme using an attenuated coherent light resulting in improvement of security. Furthermore, if distillation protocol (error correction and privacy amplification) is performed, the gain will be increased. Hence a QKD system with higher security and bit rate than the laser-based QKD system can be attained using present available technologies

  13. Preventing Out-of-Sequence for Multicast Input-Queued Space-Memory-Memory Clos-Network

    DEFF Research Database (Denmark)

    Yu, Hao; Ruepp, Sarah Renée; Berger, Michael Stübert

    2011-01-01

    This paper proposes an out-of-sequence (OOS) preventative cell dispatching algorithm, the multicast flow-based round robin (MFRR), for multicast input-queued space-memory-memory (IQ-SMM) Clos-network architecture. Independently treating each incoming cell, such as the desynchronized static round...

  14. Link importance incorporated failure probability measuring solution for multicast light-trees in elastic optical networks

    Science.gov (United States)

    Li, Xin; Zhang, Lu; Tang, Ying; Huang, Shanguo

    2018-03-01

    The light-tree-based optical multicasting (LT-OM) scheme provides a spectrum- and energy-efficient method to accommodate emerging multicast services. Some studies focus on the survivability technologies for LTs against a fixed number of link failures, such as single-link failure. However, a few studies involve failure probability constraints when building LTs. It is worth noting that each link of an LT plays different important roles under failure scenarios. When calculating the failure probability of an LT, the importance of its every link should be considered. We design a link importance incorporated failure probability measuring solution (LIFPMS) for multicast LTs under independent failure model and shared risk link group failure model. Based on the LIFPMS, we put forward the minimum failure probability (MFP) problem for the LT-OM scheme. Heuristic approaches are developed to address the MFP problem in elastic optical networks. Numerical results show that the LIFPMS provides an accurate metric for calculating the failure probability of multicast LTs and enhances the reliability of the LT-OM scheme while accommodating multicast services.

  15. Many-to-Many Multicast Routing Schemes under a Fixed Topology

    Directory of Open Access Journals (Sweden)

    Wei Ding

    2013-01-01

    Full Text Available Many-to-many multicast routing can be extensively applied in computer or communication networks supporting various continuous multimedia applications. The paper focuses on the case where all users share a common communication channel while each user is both a sender and a receiver of messages in multicasting as well as an end user. In this case, the multicast tree appears as a terminal Steiner tree (TeST. The problem of finding a TeST with a quality-of-service (QoS optimization is frequently NP-hard. However, we discover that it is a good idea to find a many-to-many multicast tree with QoS optimization under a fixed topology. In this paper, we are concerned with three kinds of QoS optimization objectives of multicast tree, that is, the minimum cost, minimum diameter, and maximum reliability. All of three optimization problems are distributed into two types, the centralized and decentralized version. This paper uses the dynamic programming method to devise an exact algorithm, respectively, for the centralized and decentralized versions of each optimization problem.

  16. Double random phase spread spectrum spread space technique for secure parallel optical multiplexing with individual encryption key

    Science.gov (United States)

    Hennelly, B. M.; Javidi, B.; Sheridan, J. T.

    2005-09-01

    A number of methods have been recently proposed in the literature for the encryption of 2-D information using linear optical systems. In particular the double random phase encoding system has received widespread attention. This system uses two Random Phase Keys (RPK) positioned in the input spatial domain and the spatial frequency domain and if these random phases are described by statistically independent white noises then the encrypted image can be shown to be a white noise. Decryption only requires knowledge of the RPK in the frequency domain. The RPK may be implemented using a Spatial Light Modulators (SLM). In this paper we propose and investigate the use of SLMs for secure optical multiplexing. We show that in this case it is possible to encrypt multiple images in parallel and multiplex them for transmission or storage. The signal energy is effectively spread in the spatial frequency domain. As expected the number of images that can be multiplexed together and recovered without loss is proportional to the ratio of the input image and the SLM resolution. Many more images may be multiplexed with some loss in recovery. Furthermore each individual encryption is more robust than traditional double random phase encoding since decryption requires knowledge of both RPK and a lowpass filter in order to despread the spectrum and decrypt the image. Numerical simulations are presented and discussed.

  17. An Expressive, Lightweight and Secure Construction of Key Policy Attribute-Based Cloud Data Sharing Access Control

    Science.gov (United States)

    Lin, Guofen; Hong, Hanshu; Xia, Yunhao; Sun, Zhixin

    2017-10-01

    Attribute-based encryption (ABE) is an interesting cryptographic technique for flexible cloud data sharing access control. However, some open challenges hinder its practical application. In previous schemes, all attributes are considered as in the same status while they are not in most of practical scenarios. Meanwhile, the size of access policy increases dramatically with the raise of its expressiveness complexity. In addition, current research hardly notices that mobile front-end devices, such as smartphones, are poor in computational performance while too much bilinear pairing computation is needed for ABE. In this paper, we propose a key-policy weighted attribute-based encryption without bilinear pairing computation (KP-WABE-WB) for secure cloud data sharing access control. A simple weighted mechanism is presented to describe different importance of each attribute. We introduce a novel construction of ABE without executing any bilinear pairing computation. Compared to previous schemes, our scheme has a better performance in expressiveness of access policy and computational efficiency.

  18. Enhanced first-in-first-out-based round-robin multicast scheduling algorithm for input-queued switches

    DEFF Research Database (Denmark)

    Yu, Hao; Ruepp, Sarah Renée; Berger, Michael Stübert

    2011-01-01

    This study focuses on the multicast scheduling for M × N input-queued switches. An enhanced first-in-first-out -based round-robin multicast scheduling algorithm is proposed with a function of searching deeper into queues to reduce the head-of-line (HOL) blocking problem and thereby the multicast...... out on the decision matrix to reduce the number of transmission for each cell. To reduce the HOL blocking problem, a complement matrix is constructed based on the traffic matrix and the decision matrix, and a process of searching deeper into the queues is carried out to find cells that can be sent...... to the idle outputs. Simulation results show that the proposed function of searching deeper into the queues can alleviate the HOL blocking and as a result reduce the multicast latency significantly. Under both balanced and unbalanced multicast traffic, the proposed algorithm is able to maintain a stable...

  19. On-Chip SDM Switching for Unicast, Multicast and Traffic Grooming in Data Center Networks

    DEFF Research Database (Denmark)

    Kamchevska, Valerija; Ding, Yunhong; Dalgaard, Kjeld

    2017-01-01

    This paper reports on the use of a novel photonic integrated circuit that facilitates multicast and grooming in an optical data center architecture. The circuit allows for on-chip spatial multiplexing and demultiplexing as well as fiber core switching. Using this device, we experimentally verify...... that multicast and/or grooming can be successfully performed along the full range of output ports, for different group size and different power ratio. Moreover, we experimentally demonstrate SDM transmission and 5 Tbit/s switching using the on-chip fiber switch with integrated fan-in/fan-out devices and achieve...... errorfree performance (BER≤10-9) for a network scenario including simultaneous unicast/multicast switching and traffic grooming....

  20. A Grooming Nodes Optimal Allocation Method for Multicast in WDM Networks

    Directory of Open Access Journals (Sweden)

    Chengying Wei

    2016-01-01

    Full Text Available The grooming node has the capability of grooming multicast traffic with the small granularity into established light at high cost of complexity and node architecture. In the paper, a grooming nodes optimal allocation (GNOA method is proposed to optimize the allocation of the grooming nodes constraint by the blocking probability for multicast traffic in sparse WDM networks. In the proposed GNOA method, the location of each grooming node is determined by the SCLD strategy. The improved smallest cost largest degree (SCLD strategy is designed to select the nongrooming nodes in the proposed GNOA method. The simulation results show that the proposed GNOA method can reduce the required number of grooming nodes and decrease the cost of constructing a network to guarantee a certain request blocking probability when the wavelengths per fiber and transmitter/receiver ports per node are sufficient for the optical multicast in WDM networks.

  1. An FEC Adaptive Multicast MAC Protocol for Providing Reliability in WLANs

    Science.gov (United States)

    Basalamah, Anas; Sato, Takuro

    For wireless multicast applications like multimedia conferencing, voice over IP and video/audio streaming, a reliable transmission of packets within short delivery delay is needed. Moreover, reliability is crucial to the performance of error intolerant applications like file transfer, distributed computing, chat and whiteboard sharing. Forward Error Correction (FEC) is frequently used in wireless multicast to enhance Packet Error Rate (PER) performance, but cannot assure full reliability unless coupled with Automatic Repeat Request forming what is knows as Hybrid-ARQ. While reliable FEC can be deployed at different levels of the protocol stack, it cannot be deployed on the MAC layer of the unreliable IEEE802.11 WLAN due to its inability to exchange ACKs with multiple recipients. In this paper, we propose a Multicast MAC protocol that enhances WLAN reliability by using Adaptive FEC and study it's performance through mathematical analysis and simulation. Our results show that our protocol can deliver high reliability and throughput performance.

  2. The specification-based validation of reliable multicast protocol: Problem Report. M.S. Thesis

    Science.gov (United States)

    Wu, Yunqing

    1995-01-01

    Reliable Multicast Protocol (RMP) is a communication protocol that provides an atomic, totally ordered, reliable multicast service on top of unreliable IP multicasting. In this report, we develop formal models for RMP using existing automated verification systems, and perform validation on the formal RMP specifications. The validation analysis help identifies some minor specification and design problems. We also use the formal models of RMP to generate a test suite for conformance testing of the implementation. Throughout the process of RMP development, we follow an iterative, interactive approach that emphasizes concurrent and parallel progress of implementation and verification processes. Through this approach, we incorporate formal techniques into our development process, promote a common understanding for the protocol, increase the reliability of our software, and maintain high fidelity between the specifications of RMP and its implementation.

  3. Multicast backup reprovisioning problem for Hamiltonian cycle-based protection on WDM networks

    Science.gov (United States)

    Din, Der-Rong; Huang, Jen-Shen

    2014-03-01

    As networks grow in size and complexity, the chance and the impact of failures increase dramatically. The pre-allocated backup resources cannot provide 100% protection guarantee when continuous failures occur in a network. In this paper, the multicast backup re-provisioning problem (MBRP) for Hamiltonian cycle (HC)-based protection on WDM networks for the link-failure case is studied. We focus on how to recover the protecting capabilities of Hamiltonian cycle against the subsequent link-failures on WDM networks for multicast transmissions, after recovering the multicast trees affected by the previous link-failure. Since this problem is a hard problem, an algorithm, which consists of several heuristics and a genetic algorithm (GA), is proposed to solve it. The simulation results of the proposed method are also given. Experimental results indicate that the proposed algorithm can solve this problem efficiently.

  4. Analysis and Optimization of Sparse Random Linear Network Coding for Reliable Multicast Services

    DEFF Research Database (Denmark)

    Tassi, Andrea; Chatzigeorgiou, Ioannis; Roetter, Daniel Enrique Lucani

    2016-01-01

    Point-to-multipoint communications are expected to play a pivotal role in next-generation networks. This paper refers to a cellular system transmitting layered multicast services to a multicast group of users. Reliability of communications is ensured via different random linear network coding (RLNC......) techniques. We deal with a fundamental problem: the computational complexity of the RLNC decoder. The higher the number of decoding operations is, the more the user's computational overhead grows and, consequently, the faster the battery of mobile devices drains. By referring to several sparse RLNC...... techniques, and without any assumption on the implementation of the RLNC decoder in use, we provide an efficient way to characterize the performance of users targeted by ultra-reliable layered multicast services. The proposed modeling allows to efficiently derive the average number of coded packet...

  5. Design alternatives for process group membership and multicast

    Science.gov (United States)

    Birman, Kenneth P.; Cooper, Robert; Gleeson, Barry

    1991-01-01

    Process groups are a natural tool for distributed programming, and are increasingly important in distributed computing environments. However, there is little agreement on the most appropriate semantics for process group membership and group communication. These issues are of special importance in the Isis system, a toolkit for distributed programming. Isis supports several styles of process group, and a collection of group communication protocols spanning a range of atomicity and ordering properties. This flexibility makes Isis adaptable to a variety of applications, but is also a source of complexity that limits performance. This paper reports on a new architecture that arose from an effort to simplify Isis process group semantics. Our findings include a refined notion of how the clients of a group should be treated, what the properties of a multicast primitive should be when systems contain large numbers of overlapping groups, and a new construct called the casuality domain. As an illustration, we apply the architecture to the problem of converting processes into fault-tolerant process groups in a manner that is 'transparent' to other processes in the system.

  6. Opportunistic Relay Selection in Multicast Relay Networks using Compressive Sensing

    KAUST Repository

    Elkhalil, Khalil

    2014-12-01

    Relay selection is a simple technique that achieves spatial diversity in cooperative relay networks. However, for relay selection algorithms to make a selection decision, channel state information (CSI) from all cooperating relays is usually required at a central node. This requirement poses two important challenges. Firstly, CSI acquisition generates a great deal of feedback overhead (air-time) that could result in significant transmission delays. Secondly, the fed back channel information is usually corrupted by additive noise. This could lead to transmission outages if the central node selects the set of cooperating relays based on inaccurate feedback information. In this paper, we introduce a limited feedback relay selection algorithm for a multicast relay network. The proposed algorithm exploits the theory of compressive sensing to first obtain the identity of the “strong” relays with limited feedback. Following that, the CSI of the selected relays is estimated using linear minimum mean square error estimation. To minimize the effect of noise on the fed back CSI, we introduce a back-off strategy that optimally backs-off on the noisy estimated CSI. For a fixed group size, we provide closed form expressions for the scaling law of the maximum equivalent SNR for both Decode and Forward (DF) and Amplify and Forward (AF) cases. Numerical results show that the proposed algorithm drastically reduces the feedback air-time and achieves a rate close to that obtained by selection algorithms with dedicated error-free feedback channels.

  7. Multicast in Femtocell Networks: A Successive Interference Cancellation Approach

    Directory of Open Access Journals (Sweden)

    Donglin Hu

    2014-09-01

    Full Text Available A femtocell is a small cellular base station (BS, typically used for serving approved users within a small coverage. In this paper, we investigate the problem of data multicast in femtocell networks that incorporates superposition coding (SC and successive interference cancellation (SIC. The problem is to decide the transmission schedule for each BS, as well as the power allocation for the SC layers, to achieve a sufficiently large SNR for each layer to be decodable with SIC at each user. Minimizing the total BS power consumption achieves the goal of “green” communications. We formulate a Mixed Integer Nonlinear Programming (MINLP problem, and then reformulate the problem into a simpler form. Upper and lower performance bounds on the total BS power consumption are derived. Finally, we consider three typical connection scenarios, and develop optimal and nearoptimal algorithms for the three scenarios. The proposed algorithms have low computational complexity, and outperform a heuristic scheme with considerable gains in our simulation study.

  8. A multicast tree aggregation algorithm in wavelength-routed WDM networks

    Science.gov (United States)

    Cheng, Hsu-Chen; Kuo, Chin-Chun; Lin, Frank Y.

    2005-02-01

    Wavelength division multiplexing (WDM) has been considered a promising transmission technology in optical communication networks. With the continuous advance in optical technology, WDM network will play an important role in wide area backbone networks. Optical wavelength switching, compared with optical packet switching, is a more mature and more cost-effective choice for optical switching technologies. Besides, the technology of time division multiplexing in optical communication networks has been working smoothly for a long time. In the proposed research, the problem of multicast groups aggregation and multicast routing and wavelength assignment in wavelength-routed WDM network is studied. The optical cross connect switches in the problem are assumed to have limited optical multicast/splitting and TDM functionalities. Given the physical network topology and capacity, the objective is to maximize the total revenue by means of utmost merging multicast groups into larger macro-groups. The groups in the same macro-group will share a multicast tree to conduct data transmission. The problem is formulated as an optimization problem, where the objective function is to maximize the total revenue subject to capacity constraints of components in the optical network, wavelength continuity constraints, and tree topology constraints. The decision variables in the formulations include the merging results between groups, multicast tree routing assignment and wavelength assignment. The basic approach to the algorithm development for this model is Lagrangean relaxation in conjunction with a number of optimization techniques. In computational experiments, the proposed algorithms are evaluated on different network topologies and perform efficiently and effectively according to the experiment results.

  9. Linear and non-linear video and TV applications using IPv6 and IPv6 multicast

    CERN Document Server

    Minoli, Daniel

    2012-01-01

    Provides options for implementing IPv6 and IPv6 multicast in service provider networks New technologies, viewing paradigms, and content distribution approaches are taking the TV/video services industry by storm. Linear and Nonlinear Video and TV Applications: Using IPv6 and IPv6 Multicast identifies five emerging trends in next-generation delivery of entertainment-quality video. These trends are observable and can be capitalized upon by progressive service providers, telcos, cable operators, and ISPs. This comprehensive guide explores these evolving directions in the TV/v

  10. A no-key-exchange secure image sharing scheme based on Shamir's three-pass cryptography protocol and the multiple-parameter fractional Fourier transform.

    Science.gov (United States)

    Lang, Jun

    2012-01-30

    In this paper, we propose a novel secure image sharing scheme based on Shamir's three-pass protocol and the multiple-parameter fractional Fourier transform (MPFRFT), which can safely exchange information with no advance distribution of either secret keys or public keys between users. The image is encrypted directly by the MPFRFT spectrum without the use of phase keys, and information can be shared by transmitting the encrypted image (or message) three times between users. Numerical simulation results are given to verify the performance of the proposed algorithm.

  11. Critical analysis of the Bennett-Riedel attack on secure cryptographic key distributions via the Kirchhoff-Law-Johnson-noise scheme.

    Directory of Open Access Journals (Sweden)

    Laszlo B Kish

    Full Text Available Recently, Bennett and Riedel (BR (http://arxiv.org/abs/1303.7435v1 argued that thermodynamics is not essential in the Kirchhoff-law-Johnson-noise (KLJN classical physical cryptographic exchange method in an effort to disprove the security of the KLJN scheme. They attempted to demonstrate this by introducing a dissipation-free deterministic key exchange method with two batteries and two switches. In the present paper, we first show that BR's scheme is unphysical and that some elements of its assumptions violate basic protocols of secure communication. All our analyses are based on a technically unlimited Eve with infinitely accurate and fast measurements limited only by the laws of physics and statistics. For non-ideal situations and at active (invasive attacks, the uncertainly principle between measurement duration and statistical errors makes it impossible for Eve to extract the key regardless of the accuracy or speed of her measurements. To show that thermodynamics and noise are essential for the security, we crack the BR system with 100% success via passive attacks, in ten different ways, and demonstrate that the same cracking methods do not function for the KLJN scheme that employs Johnson noise to provide security underpinned by the Second Law of Thermodynamics. We also present a critical analysis of some other claims by BR; for example, we prove that their equations for describing zero security do not apply to the KLJN scheme. Finally we give mathematical security proofs for each BR-attack against the KLJN scheme and conclude that the information theoretic (unconditional security of the KLJN method has not been successfully challenged.

  12. Critical analysis of the Bennett-Riedel attack on secure cryptographic key distributions via the Kirchhoff-Law-Johnson-noise scheme.

    Science.gov (United States)

    Kish, Laszlo B; Abbott, Derek; Granqvist, Claes G

    2013-01-01

    Recently, Bennett and Riedel (BR) (http://arxiv.org/abs/1303.7435v1) argued that thermodynamics is not essential in the Kirchhoff-law-Johnson-noise (KLJN) classical physical cryptographic exchange method in an effort to disprove the security of the KLJN scheme. They attempted to demonstrate this by introducing a dissipation-free deterministic key exchange method with two batteries and two switches. In the present paper, we first show that BR's scheme is unphysical and that some elements of its assumptions violate basic protocols of secure communication. All our analyses are based on a technically unlimited Eve with infinitely accurate and fast measurements limited only by the laws of physics and statistics. For non-ideal situations and at active (invasive) attacks, the uncertainly principle between measurement duration and statistical errors makes it impossible for Eve to extract the key regardless of the accuracy or speed of her measurements. To show that thermodynamics and noise are essential for the security, we crack the BR system with 100% success via passive attacks, in ten different ways, and demonstrate that the same cracking methods do not function for the KLJN scheme that employs Johnson noise to provide security underpinned by the Second Law of Thermodynamics. We also present a critical analysis of some other claims by BR; for example, we prove that their equations for describing zero security do not apply to the KLJN scheme. Finally we give mathematical security proofs for each BR-attack against the KLJN scheme and conclude that the information theoretic (unconditional) security of the KLJN method has not been successfully challenged.

  13. An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system.

    Science.gov (United States)

    Das, Ashok Kumar; Bruhadeshwar, Bezawada

    2013-10-01

    Recently Lee and Liu proposed an efficient password based authentication and key agreement scheme using smart card for the telecare medicine information system [J. Med. Syst. (2013) 37:9933]. In this paper, we show that though their scheme is efficient, their scheme still has two security weaknesses such as (1) it has design flaws in authentication phase and (2) it has design flaws in password change phase. In order to withstand these flaws found in Lee-Liu's scheme, we propose an improvement of their scheme. Our improved scheme keeps also the original merits of Lee-Liu's scheme. We show that our scheme is efficient as compared to Lee-Liu's scheme. Further, through the security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our scheme is secure against passive and active attacks.

  14. 4 × 10 Gb s−1 wavelength multicasting with tunable NRZ-to-RZ format conversion using nonlinear polarization rotation in an SOA

    International Nuclear Information System (INIS)

    Liu, S; Fu, S; Tang, M; Shum, P; Liu, D

    2013-01-01

    We experimentally demonstrate simultaneous 4 × 10 Gb s −1 all-optical wavelength multicasting and non-return-to-zero (NRZ)-on-off-keying (OOK) to return-to-zero (RZ)-OOK format conversion with a tunable duty cycle using nonlinear polarization rotation in a semiconductor optical amplifier (SOA). The experimental results show that the duty cycle of four converted RZ-OOK signals can be tuned by adjusting the orientation of a polarizer placed at the SOA output. Four-channel NRZ-OOK-to-RZ-OOK conversion with a full width at half maximum of 33–67 ps can be simultaneously obtained with an extinction ratio over 10 dB. Moreover, it is experimentally verified that such a wavelength multicasting scheme with simultaneous NRZ-OOK-to-RZ-OOK conversion is insensitive to the wavelength of the input signal, indicating that such a scheme can be operated in the whole C-band with less than 0.18 dB power penalty at a bit error ratio level of 10 −9 . The device can facilitate the cross-connection between optical transmission networks employing different modulation formats. (paper)

  15. QoS and QoE Aware N-Screen Multicast Service

    Directory of Open Access Journals (Sweden)

    Ghulam Sarwar

    2016-01-01

    Full Text Available The paper focuses on ensuring the quality-of-service (QoS and quality-of-experience (QoE requirements of users having heterogeneous devices in a multicast session. QoS parameters such as bit rate, delays, and packet losses are good indicators for optimizing network services but fall short in characterizing user perception (QoE. In N-Screen service, the users have different devices with heterogeneous attributes like screen size, resolution, and access network interface, and the users have different QoE on N-Screen devices with the same QoS parameters. We formulate the objective function of the N-Screen multicast grouping to ensure the minimum user’s QoE with smaller bandwidth requirement. We propose a dynamic user reassignment scheme to maintain and satisfy the QoE by adapting the user’s membership to the varying network conditions. The proposed schemes combine the available bandwidth and multimedia visual quality to ensure the QoS and QoE. In the network architecture, we introduce the functions of the QoS and QoE aware multicast group management and the estimation schemes for the QoS and QoE parameters. The simulation results show that the proposed multicast service ensures the network QoS and guarantees the QoE of users in the varying network conditions.

  16. Joint NC-ARQ and AMC for QoS-Guaranteed Mobile Multicast

    DEFF Research Database (Denmark)

    Toftegaard, Thomas Skjødeberg; Wang, Haibo; Schwefel, Hans-Peter

    2010-01-01

    the scalability problem of applying ARQ in multicast. Then we propose two joint NC-ARQ-AMC schemes, namely, the Average PER-based AMC (AvgPER-AMC) with Opt-ARQ and AvgPER-AMC with SubOpt-ARQ in a cross-layer design framework to maximize the average spectral efficiency per receiver under specific QoS constraints...

  17. Almost optimal distributed M2M multicasting in wireless mesh networks

    DEFF Research Database (Denmark)

    Xin, Qin; Manne, Fredrik; Zhang, Yan

    2012-01-01

    Wireless Mesh Networking (WMN) is an emerging communication paradigm to enable resilient, cost-efficient and reliable services for the future-generation wireless networks. In this paper, we study the problem of multipoint-to- multipoint (M2M) multicasting in a WMN which aims to use the minimum nu...

  18. Delay Bounded Multi-Source Multicast in Software-Defined Networking

    Directory of Open Access Journals (Sweden)

    Thabo Semong

    2018-01-01

    Full Text Available Software-Defined Networking (SDN is the next generation network architecture with exciting application prospects. The control function in SDN is decoupled from the data forwarding plane, hence it provides a new centralized architecture with flexible network resource management. Although SDN is attracting much attention from both industry and research, its advantage over the traditional networks has not been fully utilized. Multicast is designed to deliver content to multiple destinations. The current traffic engineering in SDN focuses mainly on unicast, however, multicast can effectively reduce network resource consumption by serving multiple clients. This paper studies a novel delay-bounded multi-source multicast SDN problem, in which among the set of potential sources, we select a source to build the multicast-tree, under the constraint that the transmission delay for every destination is bounded. This problem is more difficult than the traditional Steiner minimum tree (SMT problem, since it needs to find a source from the set of all potential sources. We model the problem as a mixed-integer linear programming (MILP and prove its NP-Hardness. To solve the problem, a delay bounded multi-source (DBMS scheme is proposed, which includes a DBMS algorithm to build a minimum delay cost DBMS-Forest. Through a MATLAB experiment, we demonstrate that DBMS is significantly more efficient and outperforms other existing algorithms in the literature.

  19. Exploiting the In-Network Capabilities of Multicast to Discover Proximate IPTV Channels

    Directory of Open Access Journals (Sweden)

    William Donnelly

    2010-09-01

    Full Text Available IPTV has become the next generation of television due, in part, to its ability to support features that have been lacking in conventional broadcasting—for example, end-user interactivity, personalisation and localisation. Providers are also searching for the most efficient delivery methods to provide the greatest amount of contents at the lowest cost. At present IPTV uses IP multicast to deliver live TV channels in an over-provisioned walled-garden network due to issues of deploying multicast and QoS challenges in the public Internet. However, IPTV is likely to shift into some parts of the public Internet in the future as a managed service. Multicast routing is performed on a per-session destination-address basis so each router maintains a table of all of the multicast addresses to which the content is being forwarded. We exploit this information to discover and join the in-progress channels of geographically proximate users and to create a new incentivised premium service in future IPTV networks called ProxyTV. This approach is expected to minimise network bandwidth requirements as it enables ISPs to optimise bandwidth on their edge networks. This becomes increasingly significant as TV content consumes more and more bandwidth, especially with the onset of HD and 3D capabilities. In this paper, we have presented in detail the concept with the results of a survey and an analysis of network traffic to justify the proposed approach.

  20. Energy-minimized design in all-optical networks using unicast/multicast traffic grooming

    Science.gov (United States)

    Puche, William S.; Amaya, Ferney O.; Sierra, Javier E.

    2013-09-01

    The increased bandwidth required by applications, tends to raise the amount of optical equipment, for this reason, it is essential to maintain a balance between the wavelength allocation, available capacity and number of optical devices to achieve the lowest power consumption. You could say that we propose a model that minimizes energy consumption, using unicast / multicast traffic grooming in optical networks.

  1. National Computer Security Conference (13th) Held in Washington, DC on 1-4 October, 1990. Procedings. Volume 1: Information Systems Security: Standards - The Key to the Future

    Science.gov (United States)

    1990-10-04

    Parker II, The MITRE Corporation 307 Trusted MINIX : A Worked Example Albert Donaldson, ESCOM Corporation John Taylor Jr., General Electric M&DSO...Corporation 306 Trusted MINIX : A Worked Example Albert L. Donaldson John W. Taylor, Jr. David M. Chizmadia ESCOM Corporation General Electric M&DSO...G. Meade, MD 20755 ABSTRACT The Trusted MINIX system is being developed to provide a worked example of C2 security mechanisms and assurances based

  2. A Security Solution for IEEE 802.11's Ad-hoc Mode:Password-Authentication and Group Diffie-Hellman Key Exchange

    Energy Technology Data Exchange (ETDEWEB)

    Emmanuel, Bresson; Olivier, Chevassut; David, Pointcheval

    2005-10-01

    The IEEE 802 standards ease the deployment of networkinginfrastructures and enable employers to accesscorporate networks whiletraveling. These standards provide two modes of communication calledinfrastructure and ad-hoc modes. A security solution for the IEEE802.11's infrastructure mode took several years to reach maturity andfirmware are still been upgraded, yet a solution for the ad-hoc modeneeds to be specified. The present paper is a first attempt in thisdirection. It leverages the latest developments in the area ofpassword-based authentication and (group) Diffie-Hellman key exchange todevelop a provably-secure key-exchange protocol for IEEE 802.11's ad-hocmode. The protocol allows users to securely join and leave the wirelessgroup at time, accommodates either a single-shared password orpairwise-shared passwords among the group members, or at least with acentral server; achieves security against dictionary attacks in theideal-hash model (i.e. random-oracles). This is, to the best of ourknowledge, the first such protocol to appear in the cryptographicliterature.

  3. Presentation of various types of electronic business available on the Internet, Advantages, Disadvantages, Key Requirements and Security, Implementation Model of an Electronic Business

    OpenAIRE

    Andreea A.S. Ionescu; Raul Serban

    2012-01-01

    This paper speaks about the advantages, disadvantages, key requirements necessary of an electronic business, the infrastructure of the Internet, the existing main networks on the Internet, standards used to develop electronic business and the security of an e-business environment. As we know in an organization the information is an asset that has value and should be protected and diversified. We also propose an implementation model of an electronic business that interconnects two concepts: ER...

  4. Demonstration of flexible multicasting and aggregation functionality for TWDM-PON

    Science.gov (United States)

    Chen, Yuanxiang; Li, Juhao; Zhu, Paikun; Zhu, Jinglong; Tian, Yu; Wu, Zhongying; Peng, Huangfa; Xu, Yongchi; Chen, Jingbiao; He, Yongqi; Chen, Zhangyuan

    2017-06-01

    The time- and wavelength-division multiplexed passive optical network (TWDM-PON) has been recognized as an attractive solution to provide broadband access for the next-generation networks. In this paper, we propose flexible service multicasting and aggregation functionality for TWDM-PON utilizing multiple-pump four-wave-mixing (FWM) and cyclic arrayed waveguide grating (AWG). With the proposed scheme, multiple TWDM-PON links share a single optical line terminal (OLT), which can greatly reduce the network deployment expense and achieve efficient network resource utilization by load balancing among different optical distribution networks (ODNs). The proposed scheme is compatible with existing TDM-PON infrastructure with fixed-wavelength OLT transmitter, thus smooth service upgrade can be achieved. Utilizing the proposed scheme, we demonstrate a proof-of-concept experiment with 10-Gb/s OOK and 10-Gb/s QPSK orthogonal frequency division multiplexing (OFDM) signal multicasting and aggregating to seven PON links. Compared with back-to-back (BTB) channel, the newly generated multicasting OOK signal and OFDM signal have power penalty of 1.6 dB and 2 dB at the BER of 10-3, respectively. For the aggregation of multiple channels, no obvious power penalty is observed. What is more, to verify the flexibility of the proposed scheme, we reconfigure the wavelength selective switch (WSS) and adjust the number of pumps to realize flexible multicasting functionality. One to three, one to seven, one to thirteen and one to twenty-one multicasting are achieved without modifying OLT structure.

  5. Resource management in energy-limited, bandwidth-limited, transceiver-limited wireless networks for session-based multicasting

    National Research Council Canada - National Science Library

    Wieselthier, Jeffrey E; Nguyen, Gam D; Ephremides, Anthony

    2001-01-01

    In this paper we consider source-initiated multicast session traffic in an ad hoc wireless network, operating under hard constraints on the available transmission energy as well as on bandwidth and transceiver resources...

  6. Near-field self-interference cancellation and quality of service multicast beamforming in full-duplex

    Science.gov (United States)

    Wu, Fei; Shao, Shihai; Tang, Youxi

    2016-10-01

    To enable simultaneous multicast downlink transmit and receive operations on the same frequency band, also known as full-duplex links between an access point and mobile users. The problem of minimizing the total power of multicast transmit beamforming is considered from the viewpoint of ensuring the suppression amount of near-field line-of-sight self-interference and guaranteeing prescribed minimum signal-to-interference-plus-noise-ratio (SINR) at each receiver of the multicast groups. Based on earlier results for multicast groups beamforming, the joint problem is easily shown to be NP-hard. A semidefinite relaxation (SDR) technique with linear program power adjust method is proposed to solve the NP-hard problem. Simulation shows that the proposed method is feasible even when the local receive antenna in nearfield and the mobile user in far-filed are in the same direction.

  7. Response to Scheuer-Yariv: 'A classical key-distribution system based on Johnson (like) noise-how secure?'

    International Nuclear Information System (INIS)

    Kish, L.B.

    2006-01-01

    We point out that the claims in the comment-paper of Scheuer and Yariv are either irrelevant or incorrect. The idealized Kirchoff-loop-Johnson-like-noise (KLJN) scheme is totally secure therefore it is more secure than idealized quantum communication schemes which can never be totally secure because of the inherent noise processes in those communication schemes and the statistical nature of eavesdropper detection based on error statistics. On the other hand, with sufficient resources, a practical/non-ideal realization of the KLJN cipher can arbitrarily approach the idealized limit and outperform even the idealized quantum communicator schemes because the non-ideality-effects are determined and controlled by the design. The cable resistance issue analyzed by Scheuer and Yariv is a good example for that because the eavesdropper has insufficient time window to build a sufficient statistics and the actual information leak can be designed. We show that Scheuer's and Yariv's numerical result of 1% voltage drop supports higher security than that of quantum communicators. Moreover, choosing thicker or shorter wires can arbitrarily reduce this voltage drop further; the same conclusion holds even according to the equations of Scheuer and Yariv

  8. Energy-Efficient Multicast Transmission for Underlay Device-to-Device Communications: A Social-Aware Perspective

    Directory of Open Access Journals (Sweden)

    Fan Jiang

    2017-01-01

    Full Text Available In this paper, by utilizing the social relationships among mobile users, we present a framework of energy-efficient cluster formation and resource allocation for multicast D2D transmission. In particular, we first deal with D2D multicast cluster/group formation strategy from both physical distance and social trust level. Then we aim to maximize the overall energy-efficiency of D2D multicast groups through resource allocation and power control scheme, which considers the quality-of-service (QoS requirements of both cellular user equipment and D2D groups. A heuristic algorithm is proposed to solve above energy-efficiency problem with less complexity. After that, considering the limited battery capacity of mobile users, we propose an energy and social aware cluster head update algorithm, which incorporates both the energy constraint and social centrality measurement. Numerical results indicate that the proposed social-tie based D2D multicast group formation and update algorithm form a multicast group in an energy efficient way. Moreover, the proposed resource and power allocation scheme achieves better energy efficiency in terms of throughput per energy consumption. These results show that, by exploiting social domain information, underlay D2D multicast transmission has high practical potential in saving the source on wireless links and in the backhaul.

  9. A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems.

    Science.gov (United States)

    Li, Chun-Ta; Lee, Cheng-Chi; Weng, Chi-Yao

    2014-09-01

    Telecare medicine information system (TMIS) is widely used for providing a convenient and efficient communicating platform between patients at home and physicians at medical centers or home health care (HHC) organizations. To ensure patient privacy, in 2013, Hao et al. proposed a chaotic map based authentication scheme with user anonymity for TMIS. Later, Lee showed that Hao et al.'s scheme is in no provision for providing fairness in session key establishment and gave an efficient user authentication and key agreement scheme using smart cards, in which only few hashing and Chebyshev chaotic map operations are required. In addition, Jiang et al. discussed that Hao et al.'s scheme can not resist stolen smart card attack and they further presented an improved scheme which attempts to repair the security pitfalls found in Hao et al.'s scheme. In this paper, we found that both Lee's and Jiang et al.'s authentication schemes have a serious security problem in that a registered user's secret parameters may be intentionally exposed to many non-registered users and this problem causing the service misuse attack. Therefore, we propose a slight modification on Lee's scheme to prevent the shortcomings. Compared with previous schemes, our improved scheme not only inherits the advantages of Lee's and Jiang et al.'s authentication schemes for TMIS but also remedies the serious security weakness of not being able to withstand service misuse attack.

  10. Analysis of an Attenuator Artifact in an Experimental Attack by Gunn-Allison-Abbott Against the Kirchhoff-Law-Johnson-Noise (KLJN) Secure Key Exchange System

    Science.gov (United States)

    Kish, Laszlo B.; Gingl, Zoltan; Mingesz, Robert; Vadai, Gergely; Smulko, Janusz; Granqvist, Claes-Göran

    2015-12-01

    A recent paper by Gunn-Allison-Abbott (GAA) [L. J. Gunn et al., Scientific Reports 4 (2014) 6461] argued that the Kirchhoff-law-Johnson-noise (KLJN) secure key exchange system could experience a severe information leak. Here we refute their results and demonstrate that GAA's arguments ensue from a serious design flaw in their system. Specifically, an attenuator broke the single Kirchhoff-loop into two coupled loops, which is an incorrect operation since the single loop is essential for the security in the KLJN system, and hence GAA's asserted information leak is trivial. Another consequence is that a fully defended KLJN system would not be able to function due to its built-in current-comparison defense against active (invasive) attacks. In this paper we crack GAA's scheme via an elementary current-comparison attack which yields negligible error probability for Eve even without averaging over the correlation time of the noise.

  11. Energy-Efficient Resource and Power Allocation for Underlay Multicast Device-to-Device Transmission

    Directory of Open Access Journals (Sweden)

    Fan Jiang

    2017-11-01

    Full Text Available In this paper, we present an energy-efficient resource allocation and power control scheme for D2D (Device-to-Device multicasting transmission. The objective is to maximize the overall energy-efficiency of D2D multicast clusters through effective resource allocation and power control schemes, while considering the quality of service (QoS requirements of both cellular users (CUs and D2D clusters. We first build the optimization model and a heuristic resource and power allocation algorithm is then proposed to solve the energy-efficiency problem with less computational complexity. Numerical results indicate that the proposed algorithm outperforms existing schemes in terms of throughput per energy consumption.

  12. Specification and Design of a Fault Recovery Model for the Reliable Multicast Protocol

    Science.gov (United States)

    Montgomery, Todd; Callahan, John R.; Whetten, Brian

    1996-01-01

    The Reliable Multicast Protocol (RMP) provides a unique, group-based model for distributed programs that need to handle reconfiguration events at the application layer. This model, called membership views, provides an abstraction in which events such as site failures, network partitions, and normal join-leave events are viewed as group reformations. RMP provides access to this model through an application programming interface (API) that notifies an application when a group is reformed as the result of a some event. RMP provides applications with reliable delivery of messages using an underlying IP Multicast media to other group members in a distributed environment even in the case of reformations. A distributed application can use various Quality of Service (QoS) levels provided by RMP to tolerate group reformations. This paper explores the implementation details of the mechanisms in RMP that provide distributed applications with membership view information and fault recovery capabilities.

  13. Optimizing Energy and Modulation Selection in Multi-Resolution Modulation For Wireless Video Broadcast/Multicast

    KAUST Repository

    She, James

    2009-11-01

    Emerging technologies in Broadband Wireless Access (BWA) networks and video coding have enabled high-quality wireless video broadcast/multicast services in metropolitan areas. Joint source-channel coded wireless transmission, especially using hierarchical/superposition coded modulation at the channel, is recognized as an effective and scalable approach to increase the system scalability while tackling the multi-user channel diversity problem. The power allocation and modulation selection problem, however, is subject to a high computational complexity due to the nonlinear formulation and huge solution space. This paper introduces a dynamic programming framework with conditioned parsing, which significantly reduces the search space. The optimized result is further verified with experiments using real video content. The proposed approach effectively serves as a generalized and practical optimization framework that can gauge and optimize a scalable wireless video broadcast/multicast based on multi-resolution modulation in any BWA network.

  14. Optimizing Energy and Modulation Selection in Multi-Resolution Modulation For Wireless Video Broadcast/Multicast

    KAUST Repository

    She, James; Ho, Pin-Han; Shihada, Basem

    2009-01-01

    Emerging technologies in Broadband Wireless Access (BWA) networks and video coding have enabled high-quality wireless video broadcast/multicast services in metropolitan areas. Joint source-channel coded wireless transmission, especially using hierarchical/superposition coded modulation at the channel, is recognized as an effective and scalable approach to increase the system scalability while tackling the multi-user channel diversity problem. The power allocation and modulation selection problem, however, is subject to a high computational complexity due to the nonlinear formulation and huge solution space. This paper introduces a dynamic programming framework with conditioned parsing, which significantly reduces the search space. The optimized result is further verified with experiments using real video content. The proposed approach effectively serves as a generalized and practical optimization framework that can gauge and optimize a scalable wireless video broadcast/multicast based on multi-resolution modulation in any BWA network.

  15. End-to-End Mechanisms for Rate-Adaptive Multicast Streaming over the Internet

    OpenAIRE

    Rimac, Ivica

    2005-01-01

    Continuous media applications over packet-switched networks are becoming more and more popular. Radio stations, for example, already use streaming technology to disseminate their content to users on the Internet, and video streaming services are expected to experience similar popularity. In contrast to traditional television and radio broadcast systems, however, prevalent Internet streaming solutions are based on unicast communication and raise scalability and efficiency issues. Multicast com...

  16. Integer-linear-programing optimization in scalable video multicast with adaptive modulation and coding in wireless networks.

    Science.gov (United States)

    Lee, Dongyul; Lee, Chaewoo

    2014-01-01

    The advancement in wideband wireless network supports real time services such as IPTV and live video streaming. However, because of the sharing nature of the wireless medium, efficient resource allocation has been studied to achieve a high level of acceptability and proliferation of wireless multimedia. Scalable video coding (SVC) with adaptive modulation and coding (AMC) provides an excellent solution for wireless video streaming. By assigning different modulation and coding schemes (MCSs) to video layers, SVC can provide good video quality to users in good channel conditions and also basic video quality to users in bad channel conditions. For optimal resource allocation, a key issue in applying SVC in the wireless multicast service is how to assign MCSs and the time resources to each SVC layer in the heterogeneous channel condition. We formulate this problem with integer linear programming (ILP) and provide numerical results to show the performance under 802.16 m environment. The result shows that our methodology enhances the overall system throughput compared to an existing algorithm.

  17. Integer-Linear-Programing Optimization in Scalable Video Multicast with Adaptive Modulation and Coding in Wireless Networks

    Directory of Open Access Journals (Sweden)

    Dongyul Lee

    2014-01-01

    Full Text Available The advancement in wideband wireless network supports real time services such as IPTV and live video streaming. However, because of the sharing nature of the wireless medium, efficient resource allocation has been studied to achieve a high level of acceptability and proliferation of wireless multimedia. Scalable video coding (SVC with adaptive modulation and coding (AMC provides an excellent solution for wireless video streaming. By assigning different modulation and coding schemes (MCSs to video layers, SVC can provide good video quality to users in good channel conditions and also basic video quality to users in bad channel conditions. For optimal resource allocation, a key issue in applying SVC in the wireless multicast service is how to assign MCSs and the time resources to each SVC layer in the heterogeneous channel condition. We formulate this problem with integer linear programming (ILP and provide numerical results to show the performance under 802.16 m environment. The result shows that our methodology enhances the overall system throughput compared to an existing algorithm.

  18. Optimal multicasting in a multi-line-rate ethernet-over-WDM network

    Science.gov (United States)

    Harve, Shruthi; Batayneh, Marwan; Mukherjee, Biswanath

    2009-11-01

    Ethernet is the dominant transport technology for Local Area Networks. Efforts are now under way to use carrier-grade Ethernet in backbone networks of different service providers. With the advent of applications such as IPTV and Videoon- Demand, there is need for techniques to route multicast traffic over the Ethernet backbone networks. Here, we address the problem of Routing and Wavelength Assignment (RWA) of a set of multicast requests in a Multi-Line-Rate Ethernet backbone network with the objective of minimizing the cost of setting up the network, in terms of the Service Provider's Capital Expenditure (CAPEX). We present an Auxiliary Graph based heuristic algorithm that routes each multicast request on a light-tree structure, and assigns minimum cost wavelengths along the route. We compare the properties of the algorithm to the optimal solution given by a mathematical model formulated as an Integer Linear Program (ILP), and show that they compare very well. We also find that the algorithm is most cost-effective when the incoming requests are processed in descending order of their bandwidth requirements.

  19. Source Authentication for Multicast in Mobile Ad Hoc Networks

    National Research Council Canada - National Science Library

    Ramachandran, Prabha

    2003-01-01

    Recent emergence and popularity of mobile ad hoc networks in a host of current-day applications has instigated a suite of research challenges, primarily in routing and security issues for such networks...

  20. One-to-six WDM multicasting of DPSK signals based on dual-pump four-wave mixing in a silicon waveguide

    DEFF Research Database (Denmark)

    Pu, Minhao; Hu, Hao; Ji, Hua

    2011-01-01

    We present WDM multicasting based on dual-pump four-wave mixing in a 3-mm long dispersion engineered silicon waveguide. One-to-six phase-preserving WDM multicasting of 10-Gb/s differential phase-shiftkeying (DPSK) data is experimentally demonstrated with bit-error rate measurements. All the six...

  1. Tunable Photonic RF Generator for Dynamic Allocation and Multicast of 1.25 Gbps Channels in the 60 GHz Unlicensed Band

    DEFF Research Database (Denmark)

    Lebedev, Alexander; Pang, Xiaodan; Vegas Olmos, Juan José

    2013-01-01

    ) or in the central office (CO). At the RN, we perform the replication of the original channel suitable for closely spaced multicast applications such as high definition (HD) video delivery where RN serves as a photonic radio frequency (RF) generator for both channel allocation and multicast. Experimental...

  2. Evaluación de ancho de banda en transmisiones multicast sparse mode implementadas en redes IPV6

    OpenAIRE

    Pineda Ancco, Ferdinand; Directora Asociada de Investigación, Universidad Peruana Unión. Lima; Cruz de la Cruz, José; Mamani Pari, David

    2017-01-01

    En el trabajo de investigación se describió el diseño e implementación del protocolo multicast de tipo Sparsemode con el objetivo de mejorar el tráfico de datos en redes que transporten información unidireccional. Eldiseño se realiza sobre una red que implementa IPV6 como protocolo de capa 3 del modelo de referencia OSI.Para validar el método, la evaluación del tráfico se realizó analizando el ancho de banda, retardos y cantidad debits enviados por el protocolo multicast Sparse mode cursado e...

  3. Secure PVM

    Energy Technology Data Exchange (ETDEWEB)

    Dunigan, T.H.; Venugopal, N.

    1996-09-01

    This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

  4. Social-Aware Relay Selection for Cooperative Multicast Device-to-Device Communications

    Directory of Open Access Journals (Sweden)

    Francesco Chiti

    2017-12-01

    Full Text Available The increasing use of social networks such as Facebook, Twitter, and Instagram to share photos, video streaming, and music among friends has generated a huge increase in the amount of data traffic over wireless networks. This social behavior has triggered new communication paradigms such as device-to-device (D2D and relaying communication schemes, which are both considered as strong drivers for the next fifth-generation (5G cellular systems. Recently, the social-aware layer and its relationship to and influence on the physical communications layer have gained great attention as emerging focus points. We focus here on the case of relaying communications to pursue the multicast data dissemination to a group of users forming a social community through a relay node, according to the extension of the D2D mode to the case of device-to-many devices. Moreover, in our case, the source selects the device to act as the relay among different users of the multicast group by taking into account both the propagation link conditions and the relay social-trust level with the constraint of minimizing the end-to-end content delivery delay. An optimization procedure is also proposed in order to achieve the best performance. Finally, numerical results are provided to highlight the advantages of considering the impact of social level on the end-to-end delivery delay in the integrated social–physical network in comparison with the classical relay-assisted multicast communications for which the relay social-trust level is not considered.

  5. Error Control Techniques for Efficient Multicast Streaming in UMTS Networks: Proposals andPerformance Evaluation

    Directory of Open Access Journals (Sweden)

    Michele Rossi

    2004-06-01

    Full Text Available In this paper we introduce techniques for efficient multicast video streaming in UMTS networks where a video content has to be conveyed to multiple users in the same cell. Efficient multicast data delivery in UMTS is still an open issue. In particular, suitable solutions have to be found to cope with wireless channel errors, while maintaining both an acceptable channel utilization and a controlled delivery delay over the wireless link between the serving base station and the mobile terminals. Here, we first highlight that standard solutions such as unequal error protection (UEP of the video flow are ineffective in the UMTS systems due to its inherent large feedback delay at the link layer (Radio Link Control, RLC. Subsequently, we propose a local approach to solve errors directly at the UMTS link layer while keeping a reasonably high channel efficiency and saving, as much as possible, system resources. The solution that we propose in this paper is based on the usage of the common channel to serve all the interested users in a cell. In this way, we can save resources with respect to the case where multiple dedicated channels are allocated for every user. In addition to that, we present a hybrid ARQ (HARQ proactive protocol that, at the cost of some redundancy (added to the link layer flow, is able to consistently improve the channel efficiency with respect to the plain ARQ case, by therefore making the use of a single common channel for multicast data delivery feasible. In the last part of the paper we give some hints for future research, by envisioning the usage of the aforementioned error control protocols with suitably encoded video streams.

  6. Real-time video streaming system for LHD experiment using IP multicast

    International Nuclear Information System (INIS)

    Emoto, Masahiko; Yamamoto, Takashi; Yoshida, Masanobu; Nagayama, Yoshio; Hasegawa, Makoto

    2009-01-01

    In order to accomplish smooth cooperation research, remote participation plays an important role. For this purpose, the authors have been developing various applications for remote participation for the LHD (Large Helical Device) experiments, such as Web interface for visualization of acquired data. The video streaming system is one of them. It is useful to grasp the status of the ongoing experiment remotely, and we provide the video images displayed in the control room to the remote users. However, usual streaming servers cannot send video images without delay. The delay changes depending on how to send the images, but even a little delay might become critical if the researchers use the images to adjust the diagnostic devices. One of the main causes of delay is the procedure of compressing and decompressing the images. Furthermore, commonly used video compression method is lossy; it removes less important information to reduce the size. However, lossy images cannot be used for physical analysis because the original information is lost. Therefore, video images for remote participation should be sent without compression in order to minimize the delay and to supply high quality images durable for physical analysis. However, sending uncompressed video images requires large network bandwidth. For example, sending 5 frames of 16bit color SXGA images a second requires 100Mbps. Furthermore, the video images must be sent to several remote sites simultaneously. It is hard for a server PC to handle such a large data. To cope with this problem, the authors adopted IP multicast to send video images to several remote sites at once. Because IP multicast packets are sent only to the network on which the clients want the data; the load of the server does not depend on the number of clients and the network load is reduced. In this paper, the authors discuss the feasibility of high bandwidth video streaming system using IP multicast. (author)

  7. MeshTree: A Delay optimised Overlay Multicast Tree Building Protocol

    OpenAIRE

    Tan, Su-Wei; Waters, A. Gill; Crawford, John

    2005-01-01

    We study decentralised low delay degree-constrained overlay multicast tree construction for single source real-time applications. This optimisation problem is NP-hard even if computed centrally. We identify two problems in traditional distributed solutions, namely the greedy problem and delay-cost trade-off. By offering solutions to these problems, we propose a new self-organising distributed tree building protocol called MeshTree. The main idea is to embed the delivery tree in a degree-bound...

  8. Performance Evaluation of Multicast Video Distribution using LTE-A in Vehicular Environments

    OpenAIRE

    Thota, Jayashree; Bulut, Berna; Doufexi, Angela; Armour, Simon; Nix, Andrew

    2017-01-01

    Application Layer Forward Error Correction (AL-FEC) based on Raptor codes has been employed in Multimedia Broadcast/Multicast Services (MBMS) to improve reliability. This paper considers a cross-layer system based on the latest Raptor Q codes for transmitting high data rate video. Multiple Input Multiple Output (MIMO) channels in a realistic outdoor environment for a user moving at 50kmph in an LTE-A system is considered. A link adaptation model with optimized cross-layer parameters is propos...

  9. Hybrid ARQ Scheme with Autonomous Retransmission for Multicasting in Wireless Sensor Networks.

    Science.gov (United States)

    Jung, Young-Ho; Choi, Jihoon

    2017-02-25

    A new hybrid automatic repeat request (HARQ) scheme for multicast service for wireless sensor networks is proposed in this study. In the proposed algorithm, the HARQ operation is combined with an autonomous retransmission method that ensure a data packet is transmitted irrespective of whether or not the packet is successfully decoded at the receivers. The optimal number of autonomous retransmissions is determined to ensure maximum spectral efficiency, and a practical method that adjusts the number of autonomous retransmissions for realistic conditions is developed. Simulation results show that the proposed method achieves higher spectral efficiency than existing HARQ techniques.

  10. Hybrid ARQ Scheme with Autonomous Retransmission for Multicasting in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Young-Ho Jung

    2017-02-01

    Full Text Available A new hybrid automatic repeat request (HARQ scheme for multicast service for wireless sensor networks is proposed in this study. In the proposed algorithm, the HARQ operation is combined with an autonomous retransmission method that ensure a data packet is transmitted irrespective of whether or not the packet is successfully decoded at the receivers. The optimal number of autonomous retransmissions is determined to ensure maximum spectral efficiency, and a practical method that adjusts the number of autonomous retransmissions for realistic conditions is developed. Simulation results show that the proposed method achieves higher spectral efficiency than existing HARQ techniques.

  11. Secure key storage with PUFs

    NARCIS (Netherlands)

    Tuyls, P.T.; Schrijen, G.J.; Willems, F.M.J.; Ignatenko, T.; Skoric, B.; Tuyls, P.T.; Skoric, B.; Kevenaar, T.A.M.

    2007-01-01

    Nowadays, people carry around devices (cell phones, PDAs, bank passes, etc.) that have a high value. That value is often contained in the data stored in it or lies in the services the device can grant access to (by using secret identification information stored in it). These devices often operate in

  12. Secure Key Storage with PUFs

    Science.gov (United States)

    Skoric, Boris; Schrijen, Geert-Jan; Tuyls, Pim; Ignatenko, Tanya; Willems, Frans

    Nowadays, people carry around devices (cell phones, PDAs, bank passes, etc.) that have a high value. That value is often contained in the data stored in it or lies in the services the device can grant access to (by using secret identification information stored in it). These devices often operate in hostile environments and their protection level is not adequate to deal with that situation. Bank passes and credit cards contain a magnetic stripe where identification information is stored. In the case of bank passes, a PIN is additionally required to withdraw money from an ATM (Automated Teller Machine). At various occasions, it has been shown that by placing a small coil in the reader, the magnetic information stored in the stripe can easily be copied and used to produce a cloned card. Together with eavesdropping the PIN (by listening to the keypad or recording it with a camera), an attacker can easily impersonate the legitimate owner of the bank pass by using the cloned card in combination with the eavesdropped PIN.

  13. Out-of-Sequence Prevention for Multicast Input-Queuing Space-Memory-Memory Clos-Network

    DEFF Research Database (Denmark)

    Yu, Hao; Ruepp, Sarah; Berger, Michael Stübert

    2011-01-01

    This paper proposes two cell dispatching algorithms for the input-queuing space-memory-memory (IQ-SMM) Closnetwork to reduce out-of-sequence (OOS) for multicast traffic. The frequent connection pattern change of DSRR results in a severe OOS problem. Based on the principle of DSRR, MFDSRR is able ...

  14. The Impact of Packet Loss Behavior in 802.11g on the Cooperation Gain in Reliable Multicast

    DEFF Research Database (Denmark)

    Heide, Janus; Vingelmann, Peter; Pedersen, Morten Videbæk

    2012-01-01

    In group-oriented applications for wireless networks, reliable multicast strategies are important in order to efficiently distribute data, e.g. in Wireless Mesh Networks (WMNs) and Mobile Ad-hoc NETworks (MANETs). To ensure that developed protocols and systems will operate as expected when deploy...

  15. Energy-efficient multicast traffic grooming strategy based on light-tree splitting for elastic optical networks

    Science.gov (United States)

    Liu, Huanlin; Yin, Yarui; Chen, Yong

    2017-07-01

    In order to address the problem of optimizing the spectrum resources and power consumption in elastic optical networks (EONs), we investigate the potential gains by jointly employing the light-tree splitting and traffic grooming for multicast requests. An energy-efficient multicast traffic grooming strategy based on light-tree splitting (EED-MTGS-LS) is proposed in this paper. Firstly, we design a traffic pre-processing mechanism to decide the multicast requests' routing order, which considers the request's bandwidth requirement and physical hops synthetically. Then, by dividing a light-tree to some sub-light-trees and grooming the request to these sub-light-trees, the light-tree sharing ratios of multicast requests can be improved. What's more, a priority scheduling vector is constructed, which aims to improve the success rate of spectrum assignment for grooming requests. Finally, a grooming strategy is designed to optimize the total power consumption by reducing the use of transponders and IP routers during routing. Simulation results show that the proposed strategy can significantly improve the spectrum utilization and save the power consumption.

  16. Biometry, the safe key

    Directory of Open Access Journals (Sweden)

    María Fraile-Hurtado

    2010-12-01

    Full Text Available Biometry is the next step in authentication, why do not we take this stepforward in our communication security systems? Keys are the main disadvantage in the cryptography, what if we were our own key?

  17. Key Management Laboratory

    Data.gov (United States)

    Federal Laboratory Consortium — FUNCTION: Provides a secure environment to research and develop advanced electronic key management and networked key distribution technologies for the Navy and DoD....

  18. An Improved MOEA/D for QoS Oriented Multimedia Multicasting with Network Coding

    Directory of Open Access Journals (Sweden)

    Zhaoyuan Wang

    2015-08-01

    Full Text Available Recent years witness a significant growth in multimedia applications. Among them, a stream of applications is real-time and requires one-to-many fast data transmission with stringent quality-of-service (QoS requirements, where multicast is an important supporting technology. In particular, with more and more mobile end users requesting real-time broadband multimedia applications, it is of vital importance to provide them with satisfied quality of experience. As network coding can offer higher bandwidth to users and accommodate more flows for networks than traditional routing, this paper studies the multicast routing problem with network coding and formulates it as a multi-objective optimization problem. As delay and packet loss ratio (PLR are two important performance indicators for QoS, we consider them as the two objectives for minimization. To address the problem above, we present a multi-objective evolutionary algorithm based on decomposition (MOEA/D, where an all population updating rule is devised to address the problem of lacking feasible solutions in the search space. Experimental results demonstrate the effectiveness of the proposed algorithm and it outperforms a number of state-of-the-art algorithms.

  19. An efficient mechanism for dynamic multicast traffic grooming in overlay IP/MPLS over WDM networks

    Science.gov (United States)

    Yu, Xiaojun; Xiao, Gaoxi; Cheng, Tee Hiang

    2014-08-01

    This paper proposes an efficient overlay multicast provisioning (OMP) mechanism for dynamic multicast traffic grooming in overlay IP/MPLS over WDM networks. To facilitate request provisioning, OMP jointly utilizes a data learning (DL) scheme on the IP/MPLS layer for logical link cost estimation, and a lightpath fragmentation (LPF) based method on the WDM layer for improving resource sharing in grooming process. Extensive simulations are carried out to evaluate the performance of OMP mechanism under different traffic loads, with either limited or unlimited port resources. Simulation results demonstrate that OMP significantly outperforms the existing methods. To evaluate the respective influences of the DL scheme and the LPF method on OMP performance, provisioning mechanisms only utilizing either the IP/MPLS layer DL scheme or the WDM layer LPF method are also devised. Comparison results show that both DL and LPF methods help improve OMP blocking performance, and contribution from the DL scheme is more significant when the fixed routing and first-fit wavelength assignment (RWA) strategy is adopted on the WDM layer. Effects of a few other factors, including definition of connection cost to be reported by the WDM layer to the IP/MPLS layer and WDM-layer routing method, on OMP performance are also evaluated.

  20. Securing Hadoop

    CERN Document Server

    Narayanan, Sudheesh

    2013-01-01

    This book is a step-by-step tutorial filled with practical examples which will focus mainly on the key security tools and implementation techniques of Hadoop security.This book is great for Hadoop practitioners (solution architects, Hadoop administrators, developers, and Hadoop project managers) who are looking to get a good grounding in what Kerberos is all about and who wish to learn how to implement end-to-end Hadoop security within an enterprise setup. It's assumed that you will have some basic understanding of Hadoop as well as be familiar with some basic security concepts.

  1. Multicast Services of QoS-Aware Active Queue Management over IP Multimedia Applications

    Science.gov (United States)

    Hwang, I.-Shyan; Hwang, Bor-Jiunn; Chang, Pen-Ming

    2010-10-01

    Recently, the multimedia services such as IPTV, video conference emerges to be the main traffic source. When UDP coexists with TCP, it induces not only congestion collapse but also unfairness problem. In this paper, a new Active Queue Management (AQM) algorithm, called Traffic Sensitive Active Queue Management (TSAQM), is proposed for providing multimedia services. The TSAQM comprise Dynamic Weight Allocate Scheme (DWAS) and Service Guarantee Scheme (SGS), the purpose of DWAS is to allocate resource with fairness and high end-user utility, and the purpose of SGS is to determine the satisfactory threshold (TH) and threshold region (TR). Several objectives of this proposed scheme include achieving high end-user utility for video service, considering the multicast as well as unicast proprieties to meet inter-class fairness and achieving the QoS requirement by adjusting the thresholds adaptively based on traffic situations.

  2. Dynamic Programming Optimization of Multi-rate Multicast Video-Streaming Services

    Directory of Open Access Journals (Sweden)

    Nestor Michael Caños Tiglao

    2010-06-01

    Full Text Available In large scale IP Television (IPTV and Mobile TV distributions, the video signal is typically encoded and transmitted using several quality streams, over IP Multicast channels, to several groups of receivers, which are classified in terms of their reception rate. As the number of video streams is usually constrained by both the number of TV channels and the maximum capacity of the content distribution network, it is necessary to find the selection of video stream transmission rates that maximizes the overall user satisfaction. In order to efficiently solve this problem, this paper proposes the Dynamic Programming Multi-rate Optimization (DPMO algorithm. The latter was comparatively evaluated considering several user distributions, featuring different access rate patterns. The experimental results reveal that DPMO is significantly more efficient than exhaustive search, while presenting slightly higher execution times than the non-optimal Multi-rate Step Search (MSS algorithm.

  3. Admission and Preventive Load Control for Delivery of Multicast and Broadcast Services via S-UMTS

    Science.gov (United States)

    Angelou, E.; Koutsokeras, N.; Andrikopoulos, I.; Mertzanis, I.; Karaliopoulos, M.; Henrio, P.

    2003-07-01

    An Admission Control strategy is proposed for unidirectional satellite systems delivering multicast and broadcast services to mobile users. In such systems, both the radio interface and the targeted services impose particular requirements on the RRM task. We briefly discuss the RRM requirements that stem from the services point of view and from the features of the SATIN access scheme that differentiate it from the conventional T-UMTS radio interface. The main functional entities of RRM and the alternative modes of operation are outlined and the proposed Admission Control algorithm is described in detail. The results from the simulation study that demonstrate its performance for a number of different scenarios are finally presented and conclusions derived.

  4. Energy Effective Congestion Control for Multicast with Network Coding in Wireless Ad Hoc Network

    Directory of Open Access Journals (Sweden)

    Chuanxin Zhao

    2014-01-01

    Full Text Available In order to improve network throughput and reduce energy consumption, we propose in this paper a cross-layer optimization design that is able to achieve multicast utility maximization and energy consumption minimization. The joint optimization of congestion control and power allocation is formulated to be a nonlinear nonconvex problem. Using dual decomposition, a distributed optimization algorithm is proposed to avoid the congestion by control flow rate at the source node and eliminate the bottleneck by allocating the power at the intermediate node. Simulation results show that the cross-layer algorithm can increase network performance, reduce the energy consumption of wireless nodes and prolong the network lifetime, while keeping network throughput basically unchanged.

  5. Joint Power Allocation for Multicast Systems with Physical-Layer Network Coding

    Directory of Open Access Journals (Sweden)

    Zhu Wei-Ping

    2010-01-01

    Full Text Available This paper addresses the joint power allocation issue in physical-layer network coding (PLNC of multicast systems with two sources and two destinations communicating via a large number of distributed relays. By maximizing the achievable system rate, a constrained optimization problem is first formulated to jointly allocate powers for the source and relay terminals. Due to the nonconvex nature of the cost function, an iterative algorithm with guaranteed convergence is developed to solve the joint power allocation problem. As an alternative, an upper bound of the achievable rate is also derived to modify the original cost function in order to obtain a convex optimization solution. This approximation is shown to be asymptotically optimal in the sense of maximizing the achievable rate. It is confirmed through Monte Carlo simulations that the proposed joint power allocation schemes are superior to the existing schemes in terms of achievable rate and cumulative distribution function (CDF.

  6. Enhancing On-Demand Multicast Routing Protocols using Mobility Prediction in Mobile Ad-hoc Network

    Directory of Open Access Journals (Sweden)

    Nermin Makhlouf

    2014-08-01

    Full Text Available A Mobile Ad hoc Network (MANET is a self-organizing wireless communication network in which mobile devices are based on no infrastructure like base stations or access points. Minimal configuration and quick deployment make ad hoc networks suitable for emergency situations like disaster recovery or military conflict. Since node mobility may cause links to be broken frequently, a very important issue for routing in MANETs is how to set reliable paths which can last as long as possible. To solve this problem, non-random behaviors for the mobility patterns that mobile users exhibit are exploited. This paper introduces a scheme to improve On-Demand Multicast Routing Protocol (ODMRP performances by using mobility prediction. 

  7. Efficiency Intra-Cluster Device-to-Device Relay Selection for Multicast Services Based on Combinatorial Auction

    Directory of Open Access Journals (Sweden)

    Yong Zhang

    2015-12-01

    Full Text Available In Long Term Evolution-Advanced (LTE-A networks, Device-to-device (D2D communications can be utilized to enhance the performance of multicast services by leveraging D2D relays to serve nodes with worse channel conditions within a cluster. For traditional D2D relay schemes, D2D links with poor channel condition may be the bottleneck of system sum data rate. In this paper, to optimize the throughput of D2D communications, we introduce an iterative combinatorial auction algorithm for efficient D2D relay selection. In combinatorial auctions, the User Equipments (UEs that fails to correctly receive multicast data from eNodeB (eNB are viewed as bidders that compete for D2D relays, while the eNB is treated as the auctioneer. We also give properties of convergency and low-complexity and present numerical simulations to verify the efficiency of the proposed algorithm.

  8. A Low-Complexity Subgroup Formation with QoS-Aware for Enhancing Multicast Services in LTE Networks

    Science.gov (United States)

    Algharem, M.; Omar, M. H.; Rahmat, R. F.; Budiarto, R.

    2018-03-01

    The high demand of Multimedia services on in Long Term Evolution (LTE) and beyond networks forces the networks operators to find a solution that can handle the huge traffic. Along with this, subgroup formation techniques are introduced to overcome the limitations of the Conventional Multicast Scheme (CMS) by splitting the multicast users into several subgroups based on the users’ channels quality signal. However, finding the best subgroup configuration with low complexity is need more investigations. In this paper, an efficient and simple subgroup formation mechanisms are proposed. The proposed mechanisms take the transmitter MAC queue in account. The effectiveness of the proposed mechanisms is evaluated and compared with CMS in terms of throughput, fairness, delay, Block Error Rate (BLER).

  9. Information security foundations, technologies and applications

    CERN Document Server

    Awad, Ali Ismail; Fairhurst, Michael

    2018-01-01

    This book outlines key emerging trends in information security from the foundations and technologies in biometrics, cybersecurity, and big data security to applications in hardware and embedded systems security, computer forensics, the Internet of Things security, and network security.

  10. Strengthening Local Safety Nets as a Key to Enhancing the Food Security of Pastoralists in East Africa: A Case Study of the Rendille of Northern Kenya

    OpenAIRE

    SUN, Xiaogang

    2017-01-01

    The increase in climate-change-related natural disasters presents a major threat to the food security of pastoralists in East Africa. This paper explores ways of reducing the dependence on food aid and enhancing the food security of pastoralists through a case study of the Rendille in Northern Kenya. Current Rendille food systems have resulted from adapted livestock herding strategies and loss of nomadic lifestyles, as well as dependence on food aid. Although food aid is included in the livel...

  11. Multi-Objective Resource Allocation Scheme for D2D Multicast with QoS Guarantees in Cellular Networks

    Directory of Open Access Journals (Sweden)

    Fangmin Li

    2016-09-01

    Full Text Available Device-to-device (D2D multicast communication can greatly improve the spectrum utilization in a content delivery scenario. However, the co-channel interference and power consumption brought by D2D bring new challenges. All the D2D multicast groups expect to achieve a higher system capacity with less extra energy cost. In this paper, we investigate the uplink resource allocation issue when D2D multicast groups share the resources with other cellular uses (CUs, while guaranteeing a certain level of quality of service (QoS to CUs and D2D users. Firstly we address a flexible tradeoff framework in which the system power consumption and the system capacity (i.e., the number of admitted D2D links are assigned with different weight factors so that these two objectives are jointly considered. Then we propose an efficient resource optimization scheme, which comprises sub-channel allocation and signal-to-interference- plus-noise ratio (SINR assignment. Numerical results validate the effectiveness of the proposed framework, and demonstrate the advantages in dealing with the proposed multi-objective optimization problem.

  12. Security infrastructures: towards the INDECT system security

    OpenAIRE

    Stoianov, Nikolai; Urueña, Manuel; Niemiec, Marcin; Machník, Petr; Maestro, Gema

    2012-01-01

    This paper provides an overview of the security infrastructures being deployed inside the INDECT project. These security infrastructures can be organized in five main areas: Public Key Infrastructure, Communication security, Cryptography security, Application security and Access control, based on certificates and smartcards. This paper presents the new ideas and deployed testbeds for these five areas. In particular, it explains the hierarchical architecture of the INDECT PKI...

  13. Quantum key management

    Energy Technology Data Exchange (ETDEWEB)

    Hughes, Richard John; Thrasher, James Thomas; Nordholt, Jane Elizabeth

    2016-11-29

    Innovations for quantum key management harness quantum communications to form a cryptography system within a public key infrastructure framework. In example implementations, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a Merkle signature scheme (using Winternitz one-time digital signatures or other one-time digital signatures, and Merkle hash trees) to constitute a cryptography system. More generally, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a hash-based signature scheme. This provides a secure way to identify, authenticate, verify, and exchange secret cryptographic keys. Features of the quantum key management innovations further include secure enrollment of users with a registration authority, as well as credential checking and revocation with a certificate authority, where the registration authority and/or certificate authority can be part of the same system as a trusted authority for quantum key distribution.

  14. INFORMATION SYSTEM SECURITY (CYBER SECURITY

    Directory of Open Access Journals (Sweden)

    Muhammad Siddique Ansari

    2016-03-01

    Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

  15. Security management

    International Nuclear Information System (INIS)

    Adams, H.W.

    1990-01-01

    Technical progress is moving more and more quickly and the systems thus produced are so complex and have become so unclear to the individual that he can no longer estimate the consequences: Faith in progress has given way to deep mistrust. Companies have adjusted to this change in consciousness. An interesting tendency can be identified: technical security is already available - now the organization of security has become an important objective for companies. The key message of the book is: If outworn technical systems are no longer adequate, the organization must be thoroughly overhauled. Five chapters deal with the following themes: organization as an aspect of society; risk control; aspects of security; is there security in ADP; the broader concept of security. (orig./HP) [de

  16. Key Considerations in Providing a Free Appropriate Public Education for Youth with Disabilities in Juvenile Justice Secure Care Facilities. Issue Brief

    Science.gov (United States)

    Gagnon, Joseph C.; Read, Nicholas W.; Gonsoulin, Simon

    2015-01-01

    Access to high-quality education for youth is critical to their long-term success as adults. Youth in juvenile justice secure care facilities, however, too often do not have access to the high-quality education and related supports and services that they need, particularly youth with disabilities residing in such facilities. This brief discusses…

  17. 33 CFR 165.761 - Security Zones; Port of Palm Beach, Port Everglades, Port of Miami, and Port of Key West, Florida.

    Science.gov (United States)

    2010-07-01

    ... of the law enforcement boats and cruise ship tenders which will mark a transit lane in channel. (ii... east of the law enforcement vessels and cruise ship tenders, which will mark a transit lane in the..., tug boats and contracted security vessels may assist the Coast Guard Captain of the Port under the...

  18. Network connectivity enhancement by exploiting all optical multicast in semiconductor ring laser

    Science.gov (United States)

    Siraj, M.; Memon, M. I.; Shoaib, M.; Alshebeili, S.

    2015-03-01

    The use of smart phone and tablet applications will provide the troops for executing, controlling and analyzing sophisticated operations with the commanders providing crucial documents directly to troops wherever and whenever needed. Wireless mesh networks (WMNs) is a cutting edge networking technology which is capable of supporting Joint Tactical radio System (JTRS).WMNs are capable of providing the much needed bandwidth for applications like hand held radios and communication for airborne and ground vehicles. Routing management tasks can be efficiently handled through WMNs through a central command control center. As the spectrum space is congested, cognitive radios are a much welcome technology that will provide much needed bandwidth. They can self-configure themselves, can adapt themselves to the user requirement, provide dynamic spectrum access for minimizing interference and also deliver optimal power output. Sometimes in the indoor environment, there are poor signal issues and reduced coverage. In this paper, a solution utilizing (CR WMNs) over optical network is presented by creating nanocells (PCs) inside the indoor environment. The phenomenon of four-wave mixing (FWM) is exploited to generate all-optical multicast using semiconductor ring laser (SRL). As a result same signal is transmitted at different wavelengths. Every PC is assigned a unique wavelength. By using CR technology in conjunction with PC will not only solve network coverage issue but will provide a good bandwidth to the secondary users.

  19. Zaštićena komunikacija putem infrastrukture sa javnim ključevima / Secure communication via public key infrastructure

    Directory of Open Access Journals (Sweden)

    Đuro Alfirević

    2007-01-01

    Full Text Available Jedan tok informacija u okviru računarskih sistema ostvaruje se slanjem elektronske pošte. Međutim, da bi se ispunili zahtevi za kvalitativnost informacije koju ta pošta prenosi, neophodno je da računarska mreža ispunjava osnovna četiri bezbednosna servisa: zaštitu tajnosti, integritet podataka autentikaciju i neporecivost. Ovaj rad predstavlja jedno od mogućih rešenja zaštićene komunikacije, primenom zaštićenog e-mail klijenta, sa prednostima koje donosi PKCS standard. / One of the information flows in a computer communication domain is accomplished by sending an e-mail, but in order to accomplish demands for information qualitativity that the e-mail contains, it's necessary for a computer network to provide the major four security services confidentiality, data integrity, authentication and non-repudiation. This work represents one of the possible solutions of secured communication applying a secured e-mail client with advantages that PKCS standard brings.

  20. Digital security technology simplified.

    Science.gov (United States)

    Scaglione, Bernard J

    2007-01-01

    Digital security technology is making great strides in replacing analog and other traditional security systems including CCTV card access, personal identification and alarm monitoring applications. Like any new technology, the author says, it is important to understand its benefits and limitations before purchasing and installing, to ensure its proper operation and effectiveness. This article is a primer for security directors on how digital technology works. It provides an understanding of the key components which make up the foundation for digital security systems, focusing on three key aspects of the digital security world: the security network, IP cameras and IP recorders.

  1. New directions for African security

    NARCIS (Netherlands)

    Haastrup, Toni; Dijkstra, Hylke

    2017-01-01

    African security, particularly conflict-related political violence, is a key concern in international relations. This forum seeks to advance existing research agendas by addressing four key themes: domestic politics and peacekeeping; security sector reform programs; peace enforcement; and the

  2. Center for computer security: Computer Security Group conference. Summary

    Energy Technology Data Exchange (ETDEWEB)

    None

    1982-06-01

    Topics covered include: computer security management; detection and prevention of computer misuse; certification and accreditation; protection of computer security, perspective from a program office; risk analysis; secure accreditation systems; data base security; implementing R and D; key notarization system; DOD computer security center; the Sandia experience; inspector general's report; and backup and contingency planning. (GHT)

  3. A Lightweight Protocol for Secure Video Streaming.

    Science.gov (United States)

    Venčkauskas, Algimantas; Morkevicius, Nerijus; Bagdonas, Kazimieras; Damaševičius, Robertas; Maskeliūnas, Rytis

    2018-05-14

    The Internet of Things (IoT) introduces many new challenges which cannot be solved using traditional cloud and host computing models. A new architecture known as fog computing is emerging to address these technological and security gaps. Traditional security paradigms focused on providing perimeter-based protections and client/server point to point protocols (e.g., Transport Layer Security (TLS)) are no longer the best choices for addressing new security challenges in fog computing end devices, where energy and computational resources are limited. In this paper, we present a lightweight secure streaming protocol for the fog computing "Fog Node-End Device" layer. This protocol is lightweight, connectionless, supports broadcast and multicast operations, and is able to provide data source authentication, data integrity, and confidentiality. The protocol is based on simple and energy efficient cryptographic methods, such as Hash Message Authentication Codes (HMAC) and symmetrical ciphers, and uses modified User Datagram Protocol (UDP) packets to embed authentication data into streaming data. Data redundancy could be added to improve reliability in lossy networks. The experimental results summarized in this paper confirm that the proposed method efficiently uses energy and computational resources and at the same time provides security properties on par with the Datagram TLS (DTLS) standard.

  4. Alcatel-Lucent Service Routing Architect (SRA) self-study guide preparing for the BGP, VPRN and Multicast exams

    CERN Document Server

    Warnock, Glenn; Shaheen, Ghassan

    2015-01-01

    A comprehensive resource for professionals preparing for Alcatel-Lucent Service Routing Architect (SRA) certification Networking professionals are taking note of Alcatel-Lucent and its quick ascent in the networking and telecom industries. IP networking professionals looking for a comprehensive guide to obtaining the Alcatel-Lucent Service Routing Architect (SRA) certification will be pleased to learn of this new publication, Alcatel-Lucent Service Routing Architect (SRA) Self-Study Guide: Preparing for the BGP, VPRN and Multicast Exams. The book comprises approximately 2,600 pages of print a

  5. Quantum dense key distribution

    International Nuclear Information System (INIS)

    Degiovanni, I.P.; Ruo Berchera, I.; Castelletto, S.; Rastello, M.L.; Bovino, F.A.; Colla, A.M.; Castagnoli, G.

    2004-01-01

    This paper proposes a protocol for quantum dense key distribution. This protocol embeds the benefits of a quantum dense coding and a quantum key distribution and is able to generate shared secret keys four times more efficiently than the Bennet-Brassard 1984 protocol. We hereinafter prove the security of this scheme against individual eavesdropping attacks, and we present preliminary experimental results, showing its feasibility

  6. Improvement of the Response Time in an Open Source Audioconference Architecture Based on SIP Multicast Implemented with JainSIP, JainSDP and JGAP Libraries

    Directory of Open Access Journals (Sweden)

    Carlos M. Moreno

    2014-06-01

    Full Text Available Group services like the audioconference require a minimum level of quality of service for multicast sessions. This work proposes a new overlay multicast architecture based on SIP extensions and a genetic algorithm. The architecture consists of a SIP Extender client (SE, a Multicast Gateway Agent (MGA and a Multicast Manager (MM. The SE receives information about the most adequate MGA for it determined by a genetic algorithm inside the MM, then connects the chosen MGA and maintains connection with the MM itself. The genetic algorithm is implemented with JGAP(Java Genetic Algorithm Package libraries. The SE and MGA are programmed with JainSIP and JainSDP libraries which contain Java structures associated with the SIP protocol and session description. Some experiments over UTP wired and WiFi IEEE802.11n network were performed. Partial results with static and dynamic MGA selection show that, if we compare the joining and leaving time measured inside a station containing SE client programmed with JainSIP and JainSDP libraries versus SJphone proprietary client, the software engineering may have more influence than the medium access method in the response time for a potential group member. Even more, the genetic algorithm at the MM minimizes the response time at great scale.

  7. All-optical multi-wavelength conversion with negative power penalty by a commercial SOA-MZI for WDM wavelength multicast

    NARCIS (Netherlands)

    Yan, N.; Jung, H.D.; Tafur Monroy, I.; Waardt, de H.; Koonen, A.M.J.

    2007-01-01

    WDM wavelength multicast is demonstrated by all-optical multi-wavelength conversion at 10 Gb/s using a commercial SOA-MZI. We report for the first time simultaneous one-to-four conversion with negative power penalty of 1.84 dB.

  8. Hybrid monitoring scheme for end-to-end performance enhancement of multicast-based real-time media

    Science.gov (United States)

    Park, Ju-Won; Kim, JongWon

    2004-10-01

    As real-time media applications based on IP multicast networks spread widely, end-to-end QoS (quality of service) provisioning for these applications have become very important. To guarantee the end-to-end QoS of multi-party media applications, it is essential to monitor the time-varying status of both network metrics (i.e., delay, jitter and loss) and system metrics (i.e., CPU and memory utilization). In this paper, targeting the multicast-enabled AG (Access Grid) a next-generation group collaboration tool based on multi-party media services, the applicability of hybrid monitoring scheme that combines active and passive monitoring is investigated. The active monitoring measures network-layer metrics (i.e., network condition) with probe packets while the passive monitoring checks both application-layer metrics (i.e., user traffic condition by analyzing RTCP packets) and system metrics. By comparing these hybrid results, we attempt to pinpoint the causes of performance degradation and explore corresponding reactions to improve the end-to-end performance. The experimental results show that the proposed hybrid monitoring can provide useful information to coordinate the performance improvement of multi-party real-time media applications.

  9. Iran's Security Policy in the Post-Revolutionary Era

    National Research Council Canada - National Science Library

    Byman, Daniel

    2001-01-01

    This report assesses Iran's security policy. It examines broad drivers of Iran's security policy, describes important security institutions, explores decisionmaking, and reviews Iran's relations with key countries...

  10. Security for multihop wireless networks

    CERN Document Server

    Khan, Shafiullah

    2014-01-01

    Security for Multihop Wireless Networks provides broad coverage of the security issues facing multihop wireless networks. Presenting the work of a different group of expert contributors in each chapter, it explores security in mobile ad hoc networks, wireless sensor networks, wireless mesh networks, and personal area networks.Detailing technologies and processes that can help you secure your wireless networks, the book covers cryptographic coprocessors, encryption, authentication, key management, attacks and countermeasures, secure routing, secure medium access control, intrusion detection, ep

  11. Managing Cisco network security

    CERN Document Server

    Knipp, Eric

    2002-01-01

    An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today''s internetworked world"There''s no question that attacks on enterprise networks are increasing in frequency and sophistication..."-Mike Fuhrman, Cisco Systems Manager, Security ConsultingManaging Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco''s security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.Security from a real-world perspectiveKey coverage of the new technologies offered by the Cisc...

  12. Optimizing Key Updates in Sensor Networks

    DEFF Research Database (Denmark)

    Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

    2011-01-01

    Sensor networks offer the advantages of simple and low–resource communication. Nevertheless, security is of particular importance in many cases such as when sensitive data is communicated or tamper-resistance is required. Updating the security keys is one of the key points in security, which...

  13. Network Paradigm of Information Security

    Directory of Open Access Journals (Sweden)

    Alexandr Diomidovich Afanasyev

    2016-03-01

    Full Text Available An issue of topological analysis has been claimed as a key one while creating robust and secure network systems. Some examples of complex network applications in information security domain have been cited.

  14. Pro Spring security

    CERN Document Server

    Scarioni, Carlo

    2013-01-01

    Security is a key element in the development of any non-trivial application. The Spring Security Framework provides a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security will be a reference and advanced tutorial that will do the following: Guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground-up. Demonstrates the different authentication and authorization methods to secure enterprise-level applications

  15. Alternative security

    International Nuclear Information System (INIS)

    Weston, B.H.

    1990-01-01

    This book contains the following chapters: The Military and Alternative Security: New Missions for Stable Conventional Security; Technology and Alternative Security: A Cherished Myth Expires; Law and Alternative Security: Toward a Just World Peace; Politics and Alternative Security: Toward a More Democratic, Therefore More Peaceful, World; Economics and Alternative Security: Toward a Peacekeeping International Economy; Psychology and Alternative Security: Needs, Perceptions, and Misperceptions; Religion and Alternative Security: A Prophetic Vision; and Toward Post-Nuclear Global Security: An Overview

  16. Homeland Security

    Science.gov (United States)

    Provides an overview of EPA's homeland security roles and responsibilities, and links to specific homeland security issues: water security, research, emergency response, recovery, and waste management.

  17. Ethical Responsibility Key to Computer Security.

    Science.gov (United States)

    Lynn, M. Stuart

    1989-01-01

    The pervasiveness of powerful computers and computer networks has raised the specter of new forms of abuse and of concomitant ethical issues. Blurred boundaries, hackers, the Computer Worm, ethical issues, and implications for academic institutions are discussed. (MLW)

  18. Wavelength conversion, time demultiplexing and multicasting based on cross-phase modulation and four-wave mixing in dispersion-flattened highly nonlinear photonic crystal fiber

    International Nuclear Information System (INIS)

    Hui, Zhan-Qiang; Zhang, Jian-Guo

    2012-01-01

    We propose the use of cross-phase modulation (XPM) and four-wave mixing (FWM) in dispersion-flattened highly nonlinear photonic crystal fibers (HNL-PCFs) to implement the functionalities of wavelength conversion, simultaneous time demultiplexing and wavelength multicasting in optical time-division multiplexing (OTDM) systems. The experiments on wavelength conversion at 80 Gbit s −1 and OTDM demultiplexing from 80 to 10 Gbit s −1 with wavelength multicasting of two channels are successfully demonstrated to validate the proposed scheme, which are carried out by using two segments of dispersion-flattened HNL-PCFs with lengths of 100 and 50 m, respectively. Moreover, the bit error rate (BER) performance is also measured. The results show that our designed system can achieve a power penalty of less than 4.6 dB for two multicasting channels with a 24 nm wavelength span at the BER of 10 −9 when compared with the 10 Gbit/s back-to-back measurement. The proposed system is transparent to bit rate since only an ultrafast third-order nonlinear effect is used. The resulting configuration is compact, robust and reliable, benefiting from the use of dispersion-flattened HNL-PCFs with short lengths. This also makes the proposed system more flexible in the operational wavelengths than those based on dispersion-shifted fibers and traditional highly nonlinear fibers. (paper)

  19. Credentialed Secure Communication "Switchboards"

    National Research Council Canada - National Science Library

    Freudenthal, Eric; Port, Lawrence; Keenan, Edward; Pesin, Tracy; Karamcheti, Vijay

    2001-01-01

    ... with connection monitoring facilities. Switchboard extends the secure authenticated communication channel abstraction provided by standard interfaces such as SSL/TLS with mechanisms to support trust management, key sharing, service...

  20. Security Dilemma

    DEFF Research Database (Denmark)

    Wivel, Anders

    2011-01-01

    What is a security dilemma? What are the consequences of security dilemmas in international politics?......What is a security dilemma? What are the consequences of security dilemmas in international politics?...

  1. Database and applications security integrating information security and data management

    CERN Document Server

    Thuraisingham, Bhavani

    2005-01-01

    This is the first book to provide an in-depth coverage of all the developments, issues and challenges in secure databases and applications. It provides directions for data and application security, including securing emerging applications such as bioinformatics, stream information processing and peer-to-peer computing. Divided into eight sections, each of which focuses on a key concept of secure databases and applications, this book deals with all aspects of technology, including secure relational databases, inference problems, secure object databases, secure distributed databases and emerging

  2. Economic Analysis of Cyber Security

    National Research Council Canada - National Science Library

    Gallaher, Michael P; Rowe, Brent R; Rogozhin, Alex V; Link, Albert N

    2006-01-01

    .... However, few organizations attempt such analysis for their cyber security mechanisms. Key performance and evaluation metrics are not available, so organizations rely on qualitative assessments...

  3. Securing collaborative environments

    Energy Technology Data Exchange (ETDEWEB)

    Agarwal, Deborah [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Jackson, Keith [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Thompson, Mary [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)

    2002-05-16

    The diverse set of organizations and software components involved in a typical collaboratory make providing a seamless security solution difficult. In addition, the users need support for a broad range of frequency and locations for access to the collaboratory. A collaboratory security solution needs to be robust enough to ensure that valid participants are not denied access because of its failure. There are many tools that can be applied to the task of securing collaborative environments and these include public key infrastructure, secure sockets layer, Kerberos, virtual and real private networks, grid security infrastructure, and username/password. A combination of these mechanisms can provide effective secure collaboration capabilities. In this paper, we discuss the requirements of typical collaboratories and some proposals for applying various security mechanisms to collaborative environments.

  4. Introduction to Hardware Security

    Directory of Open Access Journals (Sweden)

    Yier Jin

    2015-10-01

    Full Text Available Hardware security has become a hot topic recently with more and more researchers from related research domains joining this area. However, the understanding of hardware security is often mixed with cybersecurity and cryptography, especially cryptographic hardware. For the same reason, the research scope of hardware security has never been clearly defined. To help researchers who have recently joined in this area better understand the challenges and tasks within the hardware security domain and to help both academia and industry investigate countermeasures and solutions to solve hardware security problems, we will introduce the key concepts of hardware security as well as its relations to related research topics in this survey paper. Emerging hardware security topics will also be clearly depicted through which the future trend will be elaborated, making this survey paper a good reference for the continuing research efforts in this area.

  5. Enhancing implementation security of QKD

    Science.gov (United States)

    Tamaki, Kiyoshi

    2017-10-01

    Quantum key distribution (QKD) can achieve information-theoretic security, which is a provable security against any eavesdropping, given that all the devices the sender and the receiver employ operate exactly as the theory of security requires. Unfortunately, however, it is difficult for practical devices to meet all such requirements, and therefore more works have to be done toward guaranteeing information-theoretic security in practice, i.e., implementation security. In this paper, we review our recent efforts to enhance implementation security. We also have a brief look at a flaw in security proofs and present how to fix it.

  6. Cryptographic Key Management System

    Energy Technology Data Exchange (ETDEWEB)

    No, author

    2014-02-21

    This report summarizes the outcome of U.S. Department of Energy (DOE) contract DE-OE0000543, requesting the design of a Cryptographic Key Management System (CKMS) for the secure management of cryptographic keys for the energy sector infrastructure. Prime contractor Sypris Electronics, in collaboration with Oak Ridge National Laboratories (ORNL), Electric Power Research Institute (EPRI), Valicore Technologies, and Purdue University's Center for Education and Research in Information Assurance and Security (CERIAS) and Smart Meter Integration Laboratory (SMIL), has designed, developed and evaluated the CKMS solution. We provide an overview of the project in Section 3, review the core contributions of all contractors in Section 4, and discuss bene ts to the DOE in Section 5. In Section 6 we describe the technical construction of the CKMS solution, and review its key contributions in Section 6.9. Section 7 describes the evaluation and demonstration of the CKMS solution in different environments. We summarize the key project objectives in Section 8, list publications resulting from the project in Section 9, and conclude with a discussion on commercialization in Section 10 and future work in Section 11.

  7. Security Evolution.

    Science.gov (United States)

    De Patta, Joe

    2003-01-01

    Examines how to evaluate school security, begin making schools safe, secure schools without turning them into fortresses, and secure schools easily and affordably; the evolution of security systems into information technology systems; using schools' high-speed network lines; how one specific security system was developed; pros and cons of the…

  8. Cyber security awareness toolkit for national security: an approach to South Africa's cyber security policy implementation

    CSIR Research Space (South Africa)

    Phahlamohlaka, LJ

    2011-05-01

    Full Text Available The aim of this paper is to propose an approach that South Africa could follow in implementing its proposed cyber security policy. The paper proposes a Cyber Security Awareness Toolkit that is underpinned by key National Security imperatives...

  9. SecurID

    CERN Multimedia

    Now called RSA SecurID, SecurID is a mechanism developed by Security Dynamics that allows two-factor authentication for a user on a network resource. It works on the principle of the unique password mode, based on a shared secret. Every sixty seconds, the component generates a new six-digit token on the screen. The latter comes from the current time (internal clock) and the seed (SecurID private key that is available on the component, and is also from the SecurID server). During an authentication request, the SecurID server will check the entered token by performing exactly the same calculation as that performed by your component. The server knows the two information required for this calculation: the current time and the seed of your component. Access is allowed if the token calculated by the server matches the token you specified.

  10. Surviving security how to integrate people, process, and technology

    CERN Document Server

    Andress, Amanda

    2003-01-01

    WHY DO I NEED SECURITY? Introduction The Importance of an Effective Security Infrastructure People, Process, and Technology What Are You Protecting Against? Types of Attacks Types of Attackers Security as a Competitive Advantage Choosing a Solution Finding Security Employees The Layered Approach UNDERSTANDING REQUIREMENTS AND RISK What Is Risk? Embracing Risk Information Security Risk Assessment Assessing Risk Insurance SECURITY POLICIES AND PROCEDURES Internal Focus Is Key Security Awareness and Education Policy Life Cycle Developing Policies Components of a Security Policy Sample Security Po

  11. Security and Efficiency Concerns With Distributed Collaborative Networking Environments

    National Research Council Canada - National Science Library

    Felker, Keith

    2003-01-01

    ... exception. Recent technology advancements in the areas of multicast, firewalls, encryption techniques, and bandwidth availability have made the next level of interpersonal communication possible...

  12. Optimal Caching in Multicast 5G Networks with Opportunistic Spectrum Access

    KAUST Repository

    Emara, Mostafa; Elsawy, Hesham; Sorour, Sameh; Al-Ghadhban, Samir; Alouini, Mohamed-Slim; Al-Naffouri, Tareq Y.

    2018-01-01

    Cache-enabled small base station (SBS) densification is foreseen as a key component of 5G cellular networks. This architecture enables storing popular files at the network edge (i.e., SBS caches), which empowers local communication and alleviates

  13. Are you in Control? : That was the key question discussed at the second Dutch Second Dutch Process Control Security Event at the Technical University of Delft, December 4, 2008

    NARCIS (Netherlands)

    Luiijf, H.A.M.

    2009-01-01

    The second Dutch Process Control Security Event attracted many process control people. The event was organised by the National Infrastructure against Cybercrime (NICC). Over hundred people responsible for the security of process control systems (PCS) and related networks in many of the Dutch

  14. Three state quantum key distribution for small keys

    International Nuclear Information System (INIS)

    Batuwantudawe, J.; Boileau, J.-C.

    2005-01-01

    Full text: Quantum key distribution (QKD) protocols allow two parties, Alice and Bob, to establish secure keys. The most well-known protocol is BB84, using four distinct states. Recently, Phoenix et al. proposed a three state protocol. We explain the protocol and discuss its security proof. The three state protocol also has an interesting structure that allows for errors estimation from the inconclusive results (i.e.. where Alice and Bob choose different bases). This eliminates the need for sampling, potentially useful when qubits are limited. We discuss the effectiveness of this approach compared to BB84 for the case where a good error estimate is required. (author)

  15. Wavelength Tuning Free Transceiver Module in OLT Downstream Multicasting 4λ × 10 Gb/s TWDM-PON System

    OpenAIRE

    M. S. Salleh; A. S. M. Supa’at; S. M. Idrus; S. Yaakob; Z. M. Yusof

    2014-01-01

    We propose a new architecture of dynamic time-wavelength division multiplexing-passive optical network (TWDM-PON) system that employs integrated all-optical packet routing (AOPR) module using 4λ×10 Gbps downstream signal to support 20 km fiber transmission. This module has been designed to support high speed L2 aggregation and routing in the physical layer PON system by using multicasting cross-gain modulation (XGM) to route packet from any PON port to multiple PON links. Meanwhile, the fixed...

  16. Evaluación del punto de conmutación unicast- multicast para ahorro de potencia de transmisión en redes MBMS

    Directory of Open Access Journals (Sweden)

    Raúl Tamayo Fernández

    2014-01-01

    Full Text Available La oferta de aplicaciones y servicios multimedia para terminales móviles se hace principalmente a través de las redes celulares de tercera y cuarta generación (3G/4G existentes. El envío de los datos en este tipo de redes se realiza en modo unicast, es decir, a cada usuario se le dedican recursos de radio (ancho de banda y potencia de transmisión durante toda la sesión. Esto presenta algunos inconvenientes, tales como agotamiento rápido del ancho de banda del operador móvil, alto consumo de potencia de transmisión, incremento de la interferencia, y costos altos del servicio. Los operadores móviles requieren de nuevas tecnologías que optimicen el uso de sus recursos de radio y así lograr un mayor índice de penetración de los servicios. De ahí la necesidad de cambiar de paradigma hacia un modo de transmisión en multicast o broadcast, en el que una misma señal pueda recibirse por varios usuarios simultáneamente, de tal forma que los recursos de radio se puedan compartir. Para ello, la solución técnica sobre redes celulares LTE (Long Term Evolution se dio en la especificación 3GPP Release 6, llamada Servicio Multimedia por Broadcast/Multicast (MBMS, Multimedia Broadcast Multicast Service. La especificación de MBMS permite que una transmisión cambie de modo unicast a modo multicast a partir de un “punto de conmutación”, que determina el momento de hacer el cambio para obtener un ahorro tanto en ancho de banda como en potencia de transmisión. Este artículo presenta una evaluación para determinar los puntos de conmutación de modo de transmisión óptimos en el estándar MBMS para diferentes ambientes de propagación inalámbrica. Además, dado que MBMS se puede utilizar en topologías de Red de Frecuencia Única (SFN, Single Frequency Networks, que tienen la propiedad de “ganancia de red”, también se determina el ahorro de potencia de transmisión adicional que se obtiene en esta configuración.

  17. Secret-key expansion from covert communication

    Science.gov (United States)

    Arrazola, Juan Miguel; Amiri, Ryan

    2018-02-01

    Covert communication allows the transmission of messages in such a way that it is not possible for adversaries to detect that the communication is occurring. This provides protection in situations where knowledge that two parties are talking to each other may be incriminating to them. In this work, we study how covert communication can be used for a different purpose: secret key expansion. First, we show that any message transmitted in a secure covert protocol is also secret and therefore unknown to an adversary. We then propose a covert communication protocol where the amount of key consumed in the protocol is smaller than the transmitted key, thus leading to secure secret key expansion. We derive precise conditions for secret key expansion to occur, showing that it is possible when there are sufficiently low levels of noise for a given security level. We conclude by examining how secret key expansion from covert communication can be performed in a computational security model.

  18. Quantum key distribution network for multiple applications

    Science.gov (United States)

    Tajima, A.; Kondoh, T.; Ochi, T.; Fujiwara, M.; Yoshino, K.; Iizuka, H.; Sakamoto, T.; Tomita, A.; Shimamura, E.; Asami, S.; Sasaki, M.

    2017-09-01

    The fundamental architecture and functions of secure key management in a quantum key distribution (QKD) network with enhanced universal interfaces for smooth key sharing between arbitrary two nodes and enabling multiple secure communication applications are proposed. The proposed architecture consists of three layers: a quantum layer, key management layer and key supply layer. We explain the functions of each layer, the key formats in each layer and the key lifecycle for enabling a practical QKD network. A quantum key distribution-advanced encryption standard (QKD-AES) hybrid system and an encrypted smartphone system were developed as secure communication applications on our QKD network. The validity and usefulness of these systems were demonstrated on the Tokyo QKD Network testbed.

  19. Quantum Secure Group Communication.

    Science.gov (United States)

    Li, Zheng-Hong; Zubairy, M Suhail; Al-Amri, M

    2018-03-01

    We propose a quantum secure group communication protocol for the purpose of sharing the same message among multiple authorized users. Our protocol can remove the need for key management that is needed for the quantum network built on quantum key distribution. Comparing with the secure quantum network based on BB84, we show our protocol is more efficient and securer. Particularly, in the security analysis, we introduce a new way of attack, i.e., the counterfactual quantum attack, which can steal information by "invisible" photons. This invisible photon can reveal a single-photon detector in the photon path without triggering the detector. Moreover, the photon can identify phase operations applied to itself, thereby stealing information. To defeat this counterfactual quantum attack, we propose a quantum multi-user authorization system. It allows us to precisely control the communication time so that the attack can not be completed in time.

  20. Financial security

    NARCIS (Netherlands)

    de Goede, M.; Burgess, J.P.

    2010-01-01

    1. Introduction J. Peter Burgess Part 1: New Security Concepts 2. Civilizational Security Brett Bowden 3. Risk Oliver Kessler 4. Small Arms Keith Krause 5. Critical Human Security Taylor Owen 6. Critical Geopolitics Simon Dalby Part 2: New Security Subjects 7. Biopolitics Michael Dillon 8. Gendered

  1. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  2. Mitigating Docker Security Issues

    OpenAIRE

    Yasrab, Robail

    2018-01-01

    It is very easy to run applications in Docker. Docker offers an ecosystem that offers a platform for application packaging, distributing and managing within containers. However, Docker platform is yet not matured. Presently, Docker is less secured as compare to virtual machines (VM) and most of the other cloud technologies. The key of reason of Docker inadequate security protocols is containers sharing of Linux kernel, which can lead to risk of privileged escalations. This research is going t...

  3. Security negotiation

    OpenAIRE

    Mitrović, Miroslav M.; Ivaniš, Željko

    2013-01-01

    Contemporary security challenges, risks and threats represent a resultant of the achieved level of interaction between various entities within the paradigm of global security relations. Asymmetry and nonlinearity are main features of contemporary challenges in the field of global security. Negotiation in the area of security, namely the security negotiation, thus goes beyond just the domain of negotiation in conflicts and takes into consideration particularly asymmetric forms of possible sour...

  4. Algorithms for Lightweight Key Exchange.

    Science.gov (United States)

    Alvarez, Rafael; Caballero-Gil, Cándido; Santonja, Juan; Zamora, Antonio

    2017-06-27

    Public-key cryptography is too slow for general purpose encryption, with most applications limiting its use as much as possible. Some secure protocols, especially those that enable forward secrecy, make a much heavier use of public-key cryptography, increasing the demand for lightweight cryptosystems that can be implemented in low powered or mobile devices. This performance requirements are even more significant in critical infrastructure and emergency scenarios where peer-to-peer networks are deployed for increased availability and resiliency. We benchmark several public-key key-exchange algorithms, determining those that are better for the requirements of critical infrastructure and emergency applications and propose a security framework based on these algorithms and study its application to decentralized node or sensor networks.

  5. Indirection and computer security.

    Energy Technology Data Exchange (ETDEWEB)

    Berg, Michael J.

    2011-09-01

    The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyze common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.

  6. Secure Multiparty AES

    Science.gov (United States)

    Damgård, Ivan; Keller, Marcel

    We propose several variants of a secure multiparty computation protocol for AES encryption. The best variant requires 2200 + {{400}over{255}} expected elementary operations in expected 70 + {{20}over{255}} rounds to encrypt one 128-bit block with a 128-bit key. We implemented the variants using VIFF, a software framework for implementing secure multiparty computation (MPC). Tests with three players (passive security against at most one corrupted player) in a local network showed that one block can be encrypted in 2 seconds. We also argue that this result could be improved by an optimized implementation.

  7. Utilizing Joint Routing and Capacity Assignment Algorithms to Achieve Inter- and Intra-Group Delay Fairness in Multi-Rate Multicast Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Yean-Fu Wen

    2013-03-01

    Full Text Available Recent advance in wireless sensor network (WSN applications such as the Internet of Things (IoT have attracted a lot of attention. Sensor nodes have to monitor and cooperatively pass their data, such as temperature, sound, pressure, etc. through the network under constrained physical or environmental conditions. The Quality of Service (QoS is very sensitive to network delays. When resources are constrained and when the number of receivers increases rapidly, how the sensor network can provide good QoS (measured as end-to-end delay becomes a very critical problem. In this paper; a solution to the wireless sensor network multicasting problem is proposed in which a mathematical model that provides services to accommodate delay fairness for each subscriber is constructed. Granting equal consideration to both network link capacity assignment and routing strategies for each multicast group guarantees the intra-group and inter-group delay fairness of end-to-end delay. Minimizing delay and achieving fairness is ultimately achieved through the Lagrangean Relaxation method and Subgradient Optimization Technique. Test results indicate that the new system runs with greater effectiveness and efficiency.

  8. Utilizing joint routing and capacity assignment algorithms to achieve inter- and intra-group delay fairness in multi-rate multicast wireless sensor networks.

    Science.gov (United States)

    Lin, Frank Yeong-Sung; Hsiao, Chiu-Han; Lin, Leo Shih-Chang; Wen, Yean-Fu

    2013-03-14

    Recent advance in wireless sensor network (WSN) applications such as the Internet of Things (IoT) have attracted a lot of attention. Sensor nodes have to monitor and cooperatively pass their data, such as temperature, sound, pressure, etc. through the network under constrained physical or environmental conditions. The Quality of Service (QoS) is very sensitive to network delays. When resources are constrained and when the number of receivers increases rapidly, how the sensor network can provide good QoS (measured as end-to-end delay) becomes a very critical problem. In this paper; a solution to the wireless sensor network multicasting problem is proposed in which a mathematical model that provides services to accommodate delay fairness for each subscriber is constructed. Granting equal consideration to both network link capacity assignment and routing strategies for each multicast group guarantees the intra-group and inter-group delay fairness of end-to-end delay. Minimizing delay and achieving fairness is ultimately achieved through the Lagrangean Relaxation method and Subgradient Optimization Technique. Test results indicate that the new system runs with greater effectiveness and efficiency.

  9. Dynamic secrets in communication security

    CERN Document Server

    Xiao, Sheng; Towsley, Donald

    2013-01-01

    Dynamic secrets are constantly generated and updated from messages exchanged between two communication users. When dynamic secrets are used as a complement to existing secure communication systems, a stolen key or password can be quickly and automatically reverted to its secret status without disrupting communication. 'Dynamic Secrets in Communication Security' presents unique security properties and application studies for this technology. Password theft and key theft no longer pose serious security threats when parties frequently use dynamic secrets. This book also illustrates that a dynamic

  10. Multiparty quantum key agreement with single particles

    Science.gov (United States)

    Liu, Bin; Gao, Fei; Huang, Wei; Wen, Qiao-yan

    2013-04-01

    Two conditions must be satisfied in a secure quantum key agreement (QKA) protocol: (1) outside eavesdroppers cannot gain the generated key without introducing any error; (2) the generated key cannot be determined by any non-trivial subset of the participants. That is, a secure QKA protocol can not only prevent the outside attackers from stealing the key, but also resist the attack from inside participants, i.e. some dishonest participants determine the key alone by illegal means. How to resist participant attack is an aporia in the design of QKA protocols, especially the multi-party ones. In this paper we present the first secure multiparty QKA protocol against both outside and participant attacks. Further more, we have proved its security in detail.

  11. Security Expertise

    DEFF Research Database (Denmark)

    systematic study of security expertise and opens up a productive dialogue between science and technology studies and security studies to investigate the character and consequences of this expertise. In security theory, the study of expertise is crucial to understanding whose knowledge informs security making......This volume brings together scholars from different fields to explore the power, consequences and everyday practices of security expertise. Expertise mediates between different forms of knowledge: scientific and technological, legal, economic and political knowledge. This book offers the first...... and to reflect on the impact and responsibility of security analysis. In science and technology studies, the study of security politics adds a challenging new case to the agenda of research on expertise and policy. The contributors investigate cases such as academic security studies, security think tanks...

  12. Establishment of the National Nuclear Regulatory Portal (NNRP) as the key element of the Global Nuclear Safety and Security Network and Regulatory Network (GNSSN/RegNet) for sharing of nuclear safety information and knowledge among the Global Expert Community

    International Nuclear Information System (INIS)

    Kuvshinnikov, A.V.

    2011-01-01

    The Global Nuclear Safety and Security Network (GNSSN) implements the concept of the Global Nuclear Safety and Security Framework (GNSSF) as outlined in INSAG 21. This is the framework of instruments and resources for achieving and maintaining worldwide a high level of safety and security at nuclear facilities and activities as stated in SF-1 and supporting safety standards or recommendations such as INSAG-12. National efforts are and should be augmented by the activities of a variety of international enterprises that facilitate safety and security. The IAEA standard GS-R-3 requires that information and knowledge is managed as a resource. Further strengthening of GNSSN in particular regulatory networking as intended by GNSSN/RegNet has to be based on current national priorities, on existing regional and thematic networks and on the established mechanisms of international co-operation as presented for example on the websites of the IAEA or the OECD-NEA. Current design and operation of RegNet are flexible enough to accommodate differences in national and international approaches and practices and to facilitate exchange and cooperation on regulatory matters. The main role of GNSSN/RegNet is sharing knowledge and bringing people together to enhance and promote nuclear safety and security. The objectives of GNSSN/RegNet: enhancing safety and security by international cooperation, sharing information and best practices, enabling adequate access to relevant safety and security information and promoting the dissemination of this information, implementing active collaboration in the relevant areas related to safety and security, such as joint projects, peer reviews, enabling synergies among existing networks and initiatives, informing the public on the relevant safety and security areas and the related international collaboration. In the RegNet part of the GNSSN exist the National Nuclear Regulatory Portal (NNRP) which is on one hand a part of the global RegNet and on the

  13. Breaking chaotic shift key communication via adaptive key identification

    International Nuclear Information System (INIS)

    Ren Haipeng; Han Chongzhao; Liu Ding

    2008-01-01

    This paper proposes an adaptive parameter identification method for breaking chaotic shift key communication from the transmitted signal in public channel. The sensitive dependence property of chaos on parameter mismatch is used for chaos adaptive synchronization and parameter identification. An index function about the synchronization error is defined and conjugate gradient method is used to minimize the index function and to search the transmitter's parameter (key). By using proposed method, secure key is recovered from transmitted signal generated by low dimensional chaos and hyper chaos switching communication. Multi-parameters can also be identified from the transmitted signal with noise

  14. Information security architecture an integrated approach to security in the organization

    CERN Document Server

    Killmeyer, Jan

    2000-01-01

    An information security architecture is made up of several components. Each component in the architecture focuses on establishing acceptable levels of control. These controls are then applied to the operating environment of an organization. Functionally, information security architecture combines technical, practical, and cost-effective solutions to provide an adequate and appropriate level of security.Information Security Architecture: An Integrated Approach to Security in the Organization details the five key components of an information security architecture. It provides C-level executives

  15. Key issues

    International Nuclear Information System (INIS)

    Cook, N.G.W.

    1980-01-01

    Successful modeling of the thermo-mechanical and hydrochemical behavior of radioactive waste repositories in hard rock is possible in principle. Because such predictions lie outside the realm of experience, their adequacy depends entirely upon a thorough understanding of three fundamental questions: an understanding of the chemical and physical processess that determine the behavior of rock and all its complexities; accurate and realistic numerical models of the geologic media within which a repository may be built; and sufficient in-situ data covering the entire geologic region affected by, or effecting the behavior of a repository. At present sufficient is known to be able to identify most of those areas which require further attention. These areas extend all the way from a complete understanding of the chemical and physical processes determining the behavior of rock through to the exploration mapping and testing that must be done during the development of any potential repository. Many of the techniques, laboratory equipment, field instrumentation, and numerical methods needed to accomplish this do not exist at present. Therefore it is necessary to accept that a major investment in scientific research is required to generate this information over the next few years. The spectrum of scientific and engineering activities is wide extending from laboratory measurements through the development of numerical models to the measurement of data in-situ, but there is every prospect that sufficient can be done to resolve these key issues. However, to do so requires overt recognition of the many gaps which exist in our knowledge and abilities today, and of the need to bridge these gaps and of the significant costs involved in doing so

  16. Watermarking security

    CERN Document Server

    Bas, Patrick; Cayre, François; Doërr, Gwenaël; Mathon, Benjamin

    2016-01-01

    This book explains how to measure the security of a watermarking scheme, how to design secure schemes but also how to attack popular watermarking schemes. This book gathers the most recent achievements in the field of watermarking security by considering both parts of this cat and mouse game. This book is useful to industrial practitioners who would like to increase the security of their watermarking applications and for academics to quickly master this fascinating domain.

  17. Security Locks

    Science.gov (United States)

    Hart, Kevin

    2010-01-01

    According to a 2008 "Year in Review" report by Educational Security Incidents, an online repository that collects data on higher education security issues, the total number of security incidents reported at universities and colleges worldwide rose to 173 in 2008, a 24.5 percent increase over 2007. The number of institutions…

  18. Parallel Device-Independent Quantum Key Distribution

    OpenAIRE

    Jain, Rahul; Miller, Carl A.; Shi, Yaoyun

    2017-01-01

    A prominent application of quantum cryptography is the distribution of cryptographic keys with unconditional security. Recently, such security was extended by Vazirani and Vidick (Physical Review Letters, 113, 140501, 2014) to the device-independent (DI) scenario, where the users do not need to trust the integrity of the underlying quantum devices. The protocols analyzed by them and by subsequent authors all require a sequential execution of N multiplayer games, where N is the security parame...

  19. Security of quantum cryptography with realistic sources

    International Nuclear Information System (INIS)

    Lutkenhaus, N.

    1999-01-01

    The interest in practical implementations of quantum key distribution is steadily growing. However, there is still a need to give a precise security statement which adapts to realistic implementation. In this paper I give the effective key rate we can obtain in a practical setting within scenario of security against individual attacks by an eavesdropper. It illustrates previous results that high losses together with detector dark counts can make secure quantum key distribution impossible. (Author)

  20. Security of quantum cryptography with realistic sources

    Energy Technology Data Exchange (ETDEWEB)

    Lutkenhaus, N [Helsinki Institute of Physics, P.O. Box 9, 00014 Helsingin yliopisto (Finland)

    1999-08-01

    The interest in practical implementations of quantum key distribution is steadily growing. However, there is still a need to give a precise security statement which adapts to realistic implementation. In this paper I give the effective key rate we can obtain in a practical setting within scenario of security against individual attacks by an eavesdropper. It illustrates previous results that high losses together with detector dark counts can make secure quantum key distribution impossible. (Author)

  1. China demonstrates intercontinental quantum key distribution

    Science.gov (United States)

    Johnston, Hamish

    2017-11-01

    A quantum cryptography key has been shared between Beijing and Vienna using a satellite - allowing the presidents of the Chinese Academy of Sciences and Austrian Academy of Sciences to communicate via a secure video link.

  2. Quantum Security of Cryptographic Primitives

    OpenAIRE

    Gagliardoni, Tommaso

    2017-01-01

    We call quantum security the area of IT security dealing with scenarios where one or more parties have access to quantum hardware. This encompasses both the fields of post-quantum cryptography (that is, traditional cryptography engineered to be resistant against quantum adversaries), and quantum cryptography (that is, security protocols designed to be natively run on a quantum infrastructure, such as quantum key distribution). Moreover, there exist also hybrid models, where traditional crypto...

  3. Design-Efficiency in Security

    DEFF Research Database (Denmark)

    Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

    In this document, we present our applied results on balancing security and performance using a running example, which is based on sensor networks. These results are forming a basis for a new approach to balance security and performance, and therefore provide design-­efficiency of key updates. We...

  4. Mali and Nigeria Should be Established as Key Regional Partners of the United States to Further Mutual Interests for Ensuring Long-Term Security and Stability in the Sahel Region

    Science.gov (United States)

    2016-06-10

    natural resources and markets through the IMF and World Bank’s Structural Adjustment Programs ( SAPs ) during the 1980s. As a result, the security...development- indicators&Type=TABLE&preview=on#. On the macroeconomics spectrum, an economic dependency, poor human resources , and lack of... resources became involved in the region but now find it necessary to protect their interests and homelands from a variety of hybrid threats

  5. Securing Cloud - The Quantum Way

    OpenAIRE

    Pandya, Marmik

    2015-01-01

    Confidentiality, Integrity, and Availability are basic goals of security architecture. To ensure CIA, many authentication scheme has been introduced in several years. Currently deployment of Public Key Infrastructure (PKI) is a most significant solution. PKI involving exchange key using certificates via a public channel to a authenticate users in the cloud infrastructure. It is exposed to widespread security threats such as eavesdropping, the man in the middle attack, masquerade et al. Quantu...

  6. Secure Wireless Sensor Networks: Problems and Solutions

    Directory of Open Access Journals (Sweden)

    Fei Hu

    2003-08-01

    Full Text Available As sensor networks edge closer towards wide-spread deployment, security issues become a central concern. So far, the main research focus has been on making sensor networks feasible and useful, and less emphasis was placed on security. This paper analyzes security challenges in wireless sensor networks and summarizes key issues that should be solved for achieving the ad hoc security. It gives an overview of the current state of solutions on such key issues as secure routing, prevention of denial-of-service and key management service. We also present some secure methods to achieve security in wireless sensor networks. Finally we present our integrated approach to securing sensor networks.

  7. Social security for seafarers globally

    DEFF Research Database (Denmark)

    Jensen, Olaf; Canals, Luisa; Haarløv, Erik

    2013-01-01

    Social security for seafarers globally Background: Social security protection is one of the essential elements of decent work. The issue is complex and no previous epidemiological studies of the coverage among seafarers have yet been performed. Objectives: The aim was to overcome the gap...... of knowledge to promote the discussion and planning of the implementation of social security for all seafarers. Methods: The seafarers completed a short questionnaire concerning their knowledge about their social security status. Results: Significant disparities of coverage of social security were pointed out...... comes from poorer countries without substantial social security systems. The solutions suggested are to implement the minimum requirements as recommended by the ILO 2006 Convention, to survey the implementation and in the long term to struggle for global social equality. Key words: Social security...

  8. Robust Public Key Cryptography — A New Cryptosystem Surviving Private Key Compromise

    Science.gov (United States)

    Shaik, Cheman

    A weakness of the present-day public key cryptosystems is that these cryptosystems do not survive private-key compromise attacks resulting from an internal breach of trust. In a competitive business environment, private key compromise is a common incident that voids the strength of public key cryptosystems such as RSA and ECC. Bribing corporate employees to disclose their secret keys and inadvertently disclosing secret information are among a plethora of practical attacks that occur at the implementation level. Once a breach of trust takes place and subsequently the private key is revealed, any public key cryptosystem fails to secure electronic data in Internet communications. The revealed key may be used by an attacker to decipher the intercepted data at an intermediary router. This weakness of public key cryptography calls for an additional security measure that enables encryptions to survive private key compromise attacks.

  9. The summarize of the technique about proactive network security protection

    International Nuclear Information System (INIS)

    Liu Baoxu; Li Xueying; Cao Aijuan; Yu Chuansong; Xu Rongsheng

    2003-01-01

    The proactive protection measures and the traditional passive security protection tools are complementarities each other. It also can supply the conventional network security protection system and enhance its capability of the security protection. Based upon sorts of existing network security technologies, this article analyses and summarizes the technologies, functions and the development directions of some key proactive network security protection tools. (authors)

  10. Decoy State Quantum Key Distribution

    Science.gov (United States)

    Lo, Hoi-Kwong

    2005-10-01

    Quantum key distribution (QKD) allows two parties to communicate in absolute security based on the fundamental laws of physics. Up till now, it is widely believed that unconditionally secure QKD based on standard Bennett-Brassard (BB84) protocol is limited in both key generation rate and distance because of imperfect devices. Here, we solve these two problems directly by presenting new protocols that are feasible with only current technology. Surprisingly, our new protocols can make fiber-based QKD unconditionally secure at distances over 100km (for some experiments, such as GYS) and increase the key generation rate from O(η2) in prior art to O(η) where η is the overall transmittance. Our method is to develop the decoy state idea (first proposed by W.-Y. Hwang in "Quantum Key Distribution with High Loss: Toward Global Secure Communication", Phys. Rev. Lett. 91, 057901 (2003)) and consider simple extensions of the BB84 protocol. This part of work is published in "Decoy State Quantum Key Distribution", . We present a general theory of the decoy state protocol and propose a decoy method based on only one signal state and two decoy states. We perform optimization on the choice of intensities of the signal state and the two decoy states. Our result shows that a decoy state protocol with only two types of decoy states--a vacuum and a weak decoy state--asymptotically approaches the theoretical limit of the most general type of decoy state protocols (with an infinite number of decoy states). We also present a one-decoy-state protocol as a special case of Vacuum+Weak decoy method. Moreover, we provide estimations on the effects of statistical fluctuations and suggest that, even for long distance (larger than 100km) QKD, our two-decoy-state protocol can be implemented with only a few hours of experimental data. In conclusion, decoy state quantum key distribution is highly practical. This part of work is published in "Practical Decoy State for Quantum Key Distribution

  11. Analysis of the differential-phase-shift-keying protocol in the quantum-key-distribution system

    International Nuclear Information System (INIS)

    Rong-Zhen, Jiao; Chen-Xu, Feng; Hai-Qiang, Ma

    2009-01-01

    The analysis is based on the error rate and the secure communication rate as functions of distance for three quantum-key-distribution (QKD) protocols: the Bennett–Brassard 1984, the Bennett–Brassard–Mermin 1992, and the coherent differential-phase-shift keying (DPSK) protocols. We consider the secure communication rate of the DPSK protocol against an arbitrary individual attack, including the most commonly considered intercept-resend and photon-number splitting attacks, and concluded that the simple and efficient differential-phase-shift-keying protocol allows for more than 200 km of secure communication distance with high communication rates. (general)

  12. Grid Security

    CERN Multimedia

    CERN. Geneva

    2004-01-01

    The aim of Grid computing is to enable the easy and open sharing of resources between large and highly distributed communities of scientists and institutes across many independent administrative domains. Convincing site security officers and computer centre managers to allow this to happen in view of today's ever-increasing Internet security problems is a major challenge. Convincing users and application developers to take security seriously is equally difficult. This paper will describe the main Grid security issues, both in terms of technology and policy, that have been tackled over recent years in LCG and related Grid projects. Achievements to date will be described and opportunities for future improvements will be addressed.

  13. Secure cloud computing

    CERN Document Server

    Jajodia, Sushil; Samarati, Pierangela; Singhal, Anoop; Swarup, Vipin; Wang, Cliff

    2014-01-01

    This book presents a range of cloud computing security challenges and promising solution paths. The first two chapters focus on practical considerations of cloud computing. In Chapter 1, Chandramouli, Iorga, and Chokani describe the evolution of cloud computing and the current state of practice, followed by the challenges of cryptographic key management in the cloud. In Chapter 2, Chen and Sion present a dollar cost model of cloud computing and explore the economic viability of cloud computing with and without security mechanisms involving cryptographic mechanisms. The next two chapters addres

  14. Analysis of a security protocol in ?CRL

    NARCIS (Netherlands)

    J. Pang

    2002-01-01

    textabstractNeedham-Schroeder public-key protocol; With the growth and commercialization of the Internet, the security of communication between computers becomes a crucial point. A variety of security protocols based on cryptographic primitives are used to establish secure communication over

  15. Internet security information system implement method

    International Nuclear Information System (INIS)

    Liu Baoxu; Mei Jie; Xu Rongsheng; An Dehai; Yu Mingjian; Chen Xiangyang; Zheng Peng

    1999-01-01

    On the basis of analysis of the key elements that will affect the Internet Security Information System, the author takes UNIX Operating System as an example, and provides the important stages that must be considered when implementing the Internet Security Information System. An implemental model of the Internet Security Information System is given

  16. Social Security.

    Science.gov (United States)

    Social and Labour Bulletin, 1983

    1983-01-01

    This group of articles discusses a variety of studies related to social security and retirement benefits. These studies are related to both developing and developed nations and are also concerned with studying work conditions and government role in administering a democratic social security system. (SSH)

  17. Detector decoy quantum key distribution

    International Nuclear Information System (INIS)

    Moroder, Tobias; Luetkenhaus, Norbert; Curty, Marcos

    2009-01-01

    Photon number resolving detectors can enhance the performance of many practical quantum cryptographic setups. In this paper, we employ a simple method to estimate the statistics provided by such a photon number resolving detector using only a threshold detector together with a variable attenuator. This idea is similar in spirit to that of the decoy state technique, and is especially suited to those scenarios where only a few parameters of the photon number statistics of the incoming signals have to be estimated. As an illustration of the potential applicability of the method in quantum communication protocols, we use it to prove security of an entanglement-based quantum key distribution scheme with an untrusted source without the need for a squash model and by solely using this extra idea. In this sense, this detector decoy method can be seen as a different conceptual approach to adapt a single-photon security proof to its physical, full optical implementation. We show that in this scenario, the legitimate users can now even discard the double click events from the raw key data without compromising the security of the scheme, and we present simulations on the performance of the BB84 and the 6-state quantum key distribution protocols.

  18. Commercial Security on the Internet.

    Science.gov (United States)

    Liddy, Carrie

    1996-01-01

    Discusses commercial security on the Internet and explains public key technology as successfully melding the conflicting requirements of openness for practical business applications and isolation and confidentiality for protection of data. Examples of public key value-added products are described, including encryption, digital signature and…

  19. Lemnos Interoperable Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Stewart, John [Tennessee Valley Authority, Knoxville, TN (United States); Halbgewachs, Ron [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Chavez, Adrian [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Smith, Rhett [Schweitzer Engineering Laboratories, Chattanooga, TN (United States); Teumim, David [Teumim Technical, Allentown, PA (United States)

    2012-01-31

    The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or tunnels , to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock

  20. Computer Security at Nuclear Facilities

    International Nuclear Information System (INIS)

    Cavina, A.

    2013-01-01

    This series of slides presents the IAEA policy concerning the development of recommendations and guidelines for computer security at nuclear facilities. A document of the Nuclear Security Series dedicated to this issue is on the final stage prior to publication. This document is the the first existing IAEA document specifically addressing computer security. This document was necessary for 3 mains reasons: first not all national infrastructures have recognized and standardized computer security, secondly existing international guidance is not industry specific and fails to capture some of the key issues, and thirdly the presence of more or less connected digital systems is increasing in the design of nuclear power plants. The security of computer system must be based on a graded approach: the assignment of computer system to different levels and zones should be based on their relevance to safety and security and the risk assessment process should be allowed to feed back into and influence the graded approach