Simple and efficient password-based authenticated key exchange protocol

Password-based authenticated key exchange (PAKE) protocols are cryptographic primitives which enable two entities, who only share a memorable password, to identify each other and to communicate over a public unreliable network with a secure session key. In this paper, we propose a simple, efficient and provably secure PAKE protocol based on Diffie-Hellman key exchange and cryptographic hash function. Our protocol is secure against dictionary attacks. Its security is proved based on the hardness of the computational Diffie-Hellman problem in the random oracle model.     

Interaction of HLA and TCP/IP subsystems in C^3I system

Aiming to the fact that the distribution modules of the C31 simulation system originally developed based on TCP/IP protocol has to be compatible with the present HLA （High Level of Architecture） rules, three methods for implementing the interaction of HLA and TCP/IP subsystems are presented to make the original TCP/IP modules directly used in the HLA-based C^3I system without redevelopment. The three methods are agent method, middlewarc method and gateway method. Moreover, the implementation of gateway method via VC ＋＋ as well as the key technology is discussed.     

A Layer-Cluster Key Agreement Protocol for Ad Hoc Networks

Mobile ad hoc networks create additional challenges for implementing the group key establishment due to resource constraints on nodes and dynamic changes on topology. The nodes in mobile ad hoc networks are usually low power devices that run on battery power. As a result, the costs of the node resources should be minimized when constructing a group key agreement protocol so that the battery life could be prolonged. To achieve this goal, in this paper we propose a security efficient group key agreement protocol based on Burmester-Desmedt (BD) scheme and layer-cluster group model, referred to as LCKM-BD, which is appropriate for large mobile ad hoc networks. In the layer-cluster group model, BD scheme is employed to establish group key, which can not only meet security demands of mobile ad hoc networks but also improve executing performance. Finally, the proposed protocol LCKM-BD are compared with BD, TGDH (tree-based group Diffe-Hellman), and GDH (group Diffie-Hellman) group key agreement protocols. The analysis results show that our protocol can significantly decrease both the computational overhead and communication costs with respect to these comparable protocols.     

Some remarks on the TKIP key mixing function of IEEE 802.11i

Temporal key integrity protocol (TKIP) is a sub-protocol of IEEE 802.11i. TKIP remedies some security flaws in wired equivalent privacy (WEP) protocol. TKIP adds four new algorithms to WEP: a message integrity code (MIC) called Michael, an initialization vector (IV) sequencing discipline, a key mixing function and a re-keying mechanism. The key mixing function, also called temporal key hash, de-correlates the IVs from weak keys. Some cryptographic properties of the substitution box (S-box) used in the key mixing function are investigated in this paper, such as regularity, avalanche effect, differ uniform and linear structure. Moen et al pointed out that there existed a temporal key recovery attack in TKIP key mixing function. In this paper a method is proposed to defend against the attack, and the resulting effect on performance is discussed.     

基于自更新哈希链的安全高效车-地鉴权方案

针对下一代高速铁路无线通信系统LTE-R （long term evolution-railway）对安全性和实时性的特殊需求，基于哈希链技术，提出一种完全基于对称密码体制的的车-地通信鉴权方案. 用户归属服务器（home subscriber sever，HSS）利用身份授权主密钥为车载设备（on-board unit，OBU）生成动态可变的匿名身份（temporary identity，TID），以在接入认证请求信令中保护车载设备的隐私，同时能够抵挡去同步攻击. 在列车高速移动过程中，方案采用高效的哈希链代替认证向量完成列车和服务网络之间的双向认证，哈希链的本地更新可解决认证向量耗尽导致的全认证重启问题. 此外，通过引入身份证明票据实现基于基站协同的高效无缝切换认证. 安全性和性能分析表明:在同样条件下，所提出的全认证协议、重认证协议和切换认证协议与目前性能最优的LTE （long term evolution）标准协议相比，计算量分别下降41.67%、44.44%和45.45%，通信量分别下降62.11%、50.91%和84.91%，能够满足LTE-R接入网络的安全性和实时性要求.      

Distributed certificateless key encapsulation mechanism secure against the adaptive adversary

This paper proposes an adaptively secure solution to certificateless distributed key encapsulation mechanism from pairings by using Canetti's adaptive secure key generation scheme based on discrete logarithm. The proposed scheme can withstand adaptive attackers that can choose players for corruption at any time during the run of the protocol, and this kind of attack is powerful and realistic. In contrast, all previously presented threshold certificateless public key cryptosystems are proven secure against the more idealized static adversaries only. They choose and fix the subset of target players before running the protocol. We also prove security of this scheme in the random oracle model.     

An ID-Based Authenticated Key Agreement Protocol for Peer-to-Peer Computing

Introduction Overrecentyears,withtheemergenceofdis-tributedapplicationsovertheInternet,anewmod-elofcommunicationandcomputation,calledpeer-to-peer(P2P)computing,hasgainedgreatpopu-larity[1-3].Contrarytothetraditionalclient-server model,P2Pcomputingeliminatesthenotionof“server”,andallpeersinP2Psystemcanactas clientsandserversatthesametime.Therefore,thesinglepointoffailureandthebottleneckof“server”encounteredinthetraditionalclient-serv-ermodelcanbeeliminated,andtheperformance andreliabilit…     

Can the Polynomial Based Key Predistribution Scheme Be Used Many Times in One Wireless Sensor Network Key Establishment Protocol？

Key establishment is the basic step for the wireless sensor network (WSN) security. The polynomial based key predistribution scheme of Blom and Blundo et al. has been the basic ingredient for the key establishment for WSNs. It is tempting to use many random and different instances of polynomial based key predistribution scheme for various parts of the WSN to enhance the efficiency of WSN key establishment protocols. This paper indicates that it is not secured in general to use many instances of Blom-Blundo et al. polynomial based key predistribution scheme in a WSN key establishment protocol. Thus the previously constructed group-based type WSN key predistribution schemes using polynomial based key predistribution scheme are insecure. We propose new generalized Blom-Blundo et al. key predistribution schemes. These new generalized Blom-Blundo et al. key predistribution schemes can be used many times in one WSN key establishment protocol with only a small increase of cost. The application to group-based WSN key predistribution schemes is given.     

广义椭圆曲线数字签名链口令认证方案

一次性口令是身份认证的重要技术。文章构造了一个基于椭圆曲线数字签名链的一次性口令认证和密钥协商方案。该方案使用了具有消息恢复功能、无须求逆的椭圆曲线数字签名算法,椭圆曲线认证密钥协商协议,密钥进化算法和椭圆曲线数字签名链等。方案有以下优点:服务器无需维护口令和验证列表;允许用户自主选择和更改口令,实现了双向认证;无需系统时钟同步和传输时延限制;能够抵抗重放攻击、离线字典攻击、中间人攻击和内部人攻击;具备口令错误敏感性和强安全修复性;生成的会话密钥具有新鲜性、机密性、已知密钥安全性和前向安全性。经对比,该方案具有更好的安全性能,适合强安全性需求的场合。     

ID-based Key-insulated Authenticated Key Agreement Protocol

The basic idea behind an ID-based cryptosystem is that end user's public key can be determined by his identity information.Comparing with the traditional certificate-based cryptography,identity-based cryptography can eliminate much of the overhead associated with the deployment and management of certificate.However,exposure of private keys can be the most devastating attack on a public key based cryptosystem since such that all security guarantees are lost.In this paper,an ID-based authenticated key agreement protocol was presented.For solving the problem of key exposure of the basic scheme,the technique of key insulation was applied and a key insulated version is developed.     

BB84量子密钥分配协议的改进

以BB84协议为基础，对其中部分内容进行了变形，这种改变的核心思想在不影响量子密钥分配协议的安全性的基础上，通信双方通过在第三方普通公共信道上的对话，提高量子通信的传输效率．发信方在对话过程中故意发出一部分假的信息，诱使窃听者上当，以探测窃听者的存在；同时又通过协商一部分量子接收的规则来提高双方的传输效率．这种改进方案对其他带有噪声的量子密码协议同样适用．     

Research on Improved Low-Energy Adaptive Clustering Hierarchy Protocol in Wireless Sensor Networks

In wireless sensor networks (WSNs), due to the limited battery power of the sensor nodes, the communication energy consumption is the main factor to affect the lifetime of the networks. A reasonable design of the communication protocol can effectively reduce the energy consumption of the network system. Based on low-energy adaptive clustering hierarchy (LEACH), an improved LEACH protocol in WSNs is proposed. In order to optimize the cluster head (CH) election in the cluster setup phase, the improved LEACH takes into account a number of factors, including energy consumption of communication between nodes, remaining energy of the nodes, and the distance between nodes and base station (BS). In the steady phase, one-hop routing and multiple-hop routing are combined to transmit data between CHs to improve energy efficiency. The forward CH is selected as relay node according to the values of path cost. The simulation results show that the proposed algorithm performs better in balancing network energy consumption, and it can effectively improve the data transmission efficiency and prolong the network lifetime, as compared with LEACH, LEACH-C (LEACH-centralized) and NDAPSO-C (an adaptive clustering protocol based on improved particle swarm optimization) algorithms.     

分布式MAS 在飞行冲突解脱中的应用研究

在自由飞行的环境下,为解决飞行冲突探测与解脱（conflict detection and resolution,CDR）问题,提出一种基于高度层、航向和速度调配的综合解脱方法,并将多 agent 系统(multi-agent system, MAS) 的分布式技术与启发式算法相结合,进行问题求解. 首先设计了分布式MAS框架结构,然后建立了飞行冲突探测模型,高度层调配模型及航向、速度调配模型,最后,综合运用了基于合同网协议的分布式算法和自适应遗传算法进行问题求解.仿真实验表明,所设计的MAS框架是可行的,同时分布式算法和自适应遗传算法的综合应用能很快找到基于高度层、航向和速度分配的近似最优解,为CDR问题提供了新的解决思路.     

工程智能CAD系统中的S_EL语言

通过对Ｓ－ＣＡＤ系统中的Ｓ－ＥＬ语言的研究背景、设计原理和实现方法的介绍、描述了较为完整的工程语文知识表达模型,并用实例说明了Ｓ＿ＥＬ语文遥应用。该语言包括数据类型,表达式,语法 述等内容,用于表达工程规范和工程专家经验知识,是工程智能ＣＡＤ系统的重要组成部分。     

基于网络的通信电源实时监控系统设计与实现

随着通信网络规模的不断扩大,通信电源的自动化远程监控成为一项关键技术.文中在分析TCP/IP和智能设备通信协议的基础上,开发了一个基于Internet的通信电源实时监控系统.该系统实现了监控中心与通信电源的远程通信,可对通信电源进行遥测、遥信和遥控,并将通信电源的相关运行数据存入数据库,方便对通信电源的维护和管理.本系统已在实际通信电源监控中应用,收到了良好的效果.     

MPLS L2 VPN的关键技术

讨论了传统VPN的不足以及MPLS L2 VPN技术的优点．实现基于MPLS L2 VPN的主要问题包括MPLS L2 VPN数据转发和控制的实现流程．实现MPLS12VPN的关键技术包括基于虚链路（VC）的VPN用户二层帧转发处理、利用VC信息参数组建VC_FTN表、以及通过LSP隧道在PE之间构建VC上下游状态机．     

基于帧投递率的无线Mesh网络DSR路由协议

为实现网络负载均衡，提出一种适用于无线Mesh网络的基于帧投递率（frame delivery ratio，FDR）的动态源路由（dynamic source routing，DSR）协议．该协议通过对网络的帧投递率的感知，优化路由发现与路由决策机制．仿真结果表明，该方法在准静态的网络拓扑环境下，使网络吞吐率提升1倍左右．     

基于数据同步协议SyncML协议的研究与实现

在对SyncML协议介绍的基础上,描述了一种基于SyncML协议的数据同步系统的实现思想,并结合客户端和服务器端的各自的框架结构,给出了相应实现的具体细节,并在客户端(手机)利用J2ME开发语言实现.在部署J2EE架构的tomcat服务器端中,采用免费开源项目Funambol来实现与客户端的同步连接.最后分析了该系统的功能、性能及采用该设计思想的优点.     

基于椭圆曲线含有效期的离线电子现金系统

为防止电子现金重复花费和数据库记录无限制的膨胀问题，改进了现有的利用椭圆曲线密码系统构造的离线电子现金系统．改进的系统利用了椭圆曲线良好的密码特性，并采用零知识证明方法．在取款协议中采用基于椭圆曲线的部分盲签名方案，使电子现金包含由银行颁布的有效期，超过有效期的电子现金历史记录将被清除，这样减少了通信量和计算量，提高了执行效率．在支付协议中采用并行的椭圆曲线零知识证明，提高了系统的安全性．     

一体化标识网络中的用户身份认证协议

一体化标识网络解决了传统网络中IP地址二义性问题,是一种基于网络的身份与位置分离体系.本文在一体化标识网络中提出一种用户身份认证协议,基于该协议设计了一种利用数字证书构建的接入标识.这种接入标识唯一的表示一体化标识网络中的终端,实现用户身份信息与终端的绑定.该用户身份认证协议基于Diffie-Hellman密钥交换完成用户到用户真实身份的双向认证,采用谜题机制和无认证状态防止应答方受到DoS攻击.通过C-K安全模型分析用户身份认证协议的安全性,分析表明该协议是会话密钥安全的.