A Provably Secure and PUF-Based Authentication Key Agreement Scheme for Cloud-Edge IoT

With the exponential growth of intelligent Internet of Things(IoT) applications, Cloud-Edge(CE) paradigm is emerging as a solution that facilitates resource-efficient and timely services. However,it remains an underlying issue that frequent end-edgecloud communication is over a public or adversarycontrolled channel. Additionally, with the presence of resource-constrained devices, it’s imperative to conduct the secure communication mechanism, while still guaranteeing efficiency. Physical unclonab...     

A Secure PUF-Based Unilateral Authentication Scheme for RFID System

Wireless Personal Communications - Privacy and security concerns are significant barrier for RFID deployment in many applications in modern day world. The implementation of authentication schemes...     

基于PUF的低开销物联网安全通信方案

将物理不可克隆函数（Physical Unclonable Function,PUF）与椭圆曲线上的无证书公钥密码体制相结合,提出一种面向物联网的安全通信方案,在节点设备不存储任何秘密参数的情况下,实现设备间消息的安全传递.方案无需使用高计算复杂度的双线性对运算,并提供了消息认证机制.安全性分析表明,该方案不仅能够抵抗窃听、篡改、重放等传统攻击,而且可以有效防范节点设备可能遭到的复制攻击.对比结果显示,相较于同类方案,该方案明显降低了设备的资源开销.     

Multi-VDD Testing for Analog Circuits

We present industrial results of a quiescent current testing technique suitable for RF testing. The operational method consists of ramping the power supply and of observing the corresponding quiescent current signatures. When the power supply is swept, all transistors are forced into various regions of operation. This has as advantage that the detection of faults is done for multiple supply voltages and corresponding quiescent currents, enhancing in this form the detectability of faults. We found that this method of structural testing yields fault coverage results comparable to functional RF tests making it a potential and attractive technique for production wafer testing due to its low cost, low testing times and low frequency requirements.José Pineda de Gyvez received the Ph.D. degree from the Eindhoven University of Technology. He is currently a principal scientist at Philips Research Laboratories, The Netherlands. Dr. Pineda was Associate Editor in IEEE Transactions on Circuits and Systems Part I and also Associate Editor for Technology in IEEE Transactions on Semiconductor Manufacturing. His research interests are in the general areas of design for manufacturability and analog signal processing.Guido Gronthoud received the electrical engineering degree from the Delft University in 1975. From 1976 to 1980 he worked at the Delft University on the design of Microwave systems. From 1980 he works with Philips. He has been working in the fields of circuit simulation and modelling for IC designs, CAD development for PCB design and electronic circuits and systems reliability. Since 1998 he is working on test innovation of digital and mixed-signal circuits. His interests are Defect Oriented Test, fault modeling and Process Related Test. He has authored and co-authored technical papers.     

集中管控安全文件系统

在分析了集中管控系统中采用国外通用文件系统可能存在的问题的基础上,提出了自主研发国产化安全文件系统的必要性,并探讨了安全文件系统的实现技术,构建了一个从文件格式、文件访问接口、文件存储加密等方面来保护存储信息的安全文件系统体系结构,并采用专用文件浏览器、文件密级标识、文件访问日志等措施来规范和管理对敏感信息的使用,从技术上杜绝病毒、木马等恶意程序在文件系统内部的传播、感染,有效阻止病毒、木马对涉密文件的窃取。     

蔡氏电路混沌同步保密通讯

两个相同的蔡氏电路(Chua’s Circuit)互相耦合可以实现混沌(Chaos)同步是混沌研究的一个重要成果．也是探索蔡氏电路开发应用的基础。应用蔡氏电路的同步特性实现保密通讯是当前蔡氏电路开发应用研究的一个主要方向。本文在介绍蔡氏电路混沌同步特性的基础上，讨论主—从式蔡氏电路同步保密通讯系统及实现双向通讯和无线传输的可行性．并对这种保密通讯系统的安全性与鲁棒性(Robustness)作了简要的分析.     

Secure Self-healing Group Key Distribution Scheme with Constant Storage for SCADA Systems in Smart Grid

Wireless Personal Communications - Smart grid has a great advantage over the traditional power grid and it is a critical condition in people’s daily life. The security of data communication...     

安全存储与云存储安全

云存储是整个存储业发展的趋势。随着信息技术的高速发展和社会经济的发展进步,社会公众服务对信息化的依赖性越来越高,整个社会正逐步进入＂数字化＂社会,信息技术也已经进入＂云＂时代,而这些都对数据存储带来了爆炸式的增长,对传统存储系统带来了新的挑战,传统存储系统不管是在建设和运营成本方面还是在动态增长方面,都不能适应＂绿色环保、节能减排＂的社会发展步伐。     

数字电路测试程序设计

为了更好地满足生产质量要求,严格测试电路的全部功能及交直流参数是十分必要的。在多年测试实践基础上,文章提出了数字电路测试程序设计的概要。随着集成电路的集成度越来越高,功能更加强大,测试向量越来越大,测试时间也越来越长。为了降低测试成本,Teradyne J750测试系统以测试速度快的特点,顺应测试行业的发展,在行业中得到了广泛的应用。文中以74HC123芯片为例,对于一些数字电路关键测试技术在Teradyne J750测试机上的调试做出了较详细的阐述。     

Secure Disintegration Protocol for Privacy Preserving Cloud Storage

Cloud service providers offer infrastructure, network services, and software applications in the cloud. The cloud services are hosted in a data center that can be used by users with the help of network connectivity. Hence, there is a need for providing security and integrity in cloud resources. Most security instruments have a finite rate of failure, and the intrusion comes with more complex and sophisticated techniques; the security failure rates are skyrocketing. In this paper, we have proposed a secure disintegration protocol (SDP) for the protection of privacy on-site and in the cloud. The architecture presented in this paper is used for cloud storage, and it is used in conjunction with our unique data compression and encoding technique. Probabilistic analysis is used for calculating the intrusion tolerance abilities for the SDP.     

分布式数据存储中的机密性保护

结合对称加密技术和门限加密技术,提出了一种适用于分布式数据存储需要的有效的系统机密性保护方案,其中对称加密技术用于对所存储的文件进行加密,分布式门限加密技术则对对称加密方案中所用的密钥进行保护,可在不带来密钥存储问题情况下满足恶意环境中分布式数据存储系统的机密性要求。     

适用于卫星网络的IBE安全密钥分发

分析了卫星网络的通信特点,提出一种基于身份加密体制的安全密钥分发方法,用于解决在卫星网络中基于身份加密体制的密钥托管问题。该方法将密钥生成中心的功能进行划分,并将划分后的子功能分别由不同实体完成,网络结点通过与不同实体交互计算出私钥,防止单个密钥生成中心获取网络结点的私钥。安全性分析和仿真分析表明,该方法具有良好的安全性,在卫星网络中具有较高运行效率。     

Secure Distributed Key Generation for Discrete-Log Based Cryptosystems

A Distributed Key Generation (DKG) protocol is an essential component of threshold cryptosystems required to initialize the cryptosystem securely and generate its private and public keys. In the case of discrete-log-based (dlog-based) threshold signature schemes (ElGamal and its derivatives), the DKG protocol is further used in the distributed signature generation phase to generate one-time signature randomizers (r = g^k). In this paper we show that a widely used dlog-based DKG protocol suggested by Pedersen does not guarantee a uniformly random distribution of generated keys: we describe an efficient active attacker controlling a small number of parties which successfully biases the values of the generated keys away from uniform. We then present a new DKG protocol for the setting of dlog-based cryptosystems which we prove to satisfy the security requirements from DKG protocols and, in particular, it ensures a uniform distribution of the generated keys. The new protocol can be used as a secure replacement for the many applications of Pedersen's protocol. Motivated by the fact that the new DKG protocol incurs additional communication cost relative to Pedersen's original protocol, we investigate whether the latter can be used in specific applications which require relaxed security properties from the DKG protocol. We answer this question affirmatively by showing that Pedersen's protocol suffices for the secure implementation of certain threshold cryptosystems whose security can be reduced to the hardness of the discrete logarithm problem. In particular, we show Pedersen's DKG to be sufficient for the construction of a threshold Schnorr signature scheme. Finally, we observe an interesting trade-off between security (reductions), computation, and communication that arises when comparing Pedersen's DKG protocol with ours.     

Low Cost On-Line Testing Strategy for RF Circuits

This work proposes the use of a simple 1-bit digitizer as an analog block observer, in order to enable the implementation of on-line test strategies for RF analog circuits in the System-on-Chip environment. The main advantages of using a simple digitizer for RF circuits are related to the increased observability of the RF signal path and minimum RF signal degradation, as neither reconfiguration of the signal path nor variable load for the analog RF circuit are introduced. As an additional advantage, the same digitizer can be used to implement BIST strategies, if required. The feasibility of using a 1-bit digitizer for the test of analog signals has already been presented in the literature for low frequency linear analog systems. This paper discusses the implementation of an on-line test strategy for analog RF circuits in the SoC environment, and presents new results for on-line RF testing. Moreover, we also provide detailed analysis regarding the overhead of the test strategy implementation. Experimental results illustrate the feasibility of the proposed technique.Marcelo Negreiros was born in Porto Alegre, Brazil, in 1969. He received the electrical engineering degree in 1992 and the M.S. degree in 1994, both from Universidade Federal do Rio Grande do Sul (UFRGS), Brazil. Since then he was been working as an associate researcher in the Signal Processing Lab. (LaPSI) of the Electrical Engineering Department at UFRGS. Since 2000 he also works toward a Ph.D. in Computer Science from UFRGS. His main research interests include mixed-signal and analog testing and digital signal processing.Luigi Carro was born in Porto Alegre, Brazil, in 1962. He received the Electrical Engineering and the MSc. degrees from Universidade Federal do Rio Grande do Sul (UFRGS), Brazil, in 1985 and 1989, respectively. From 1989 to 1991 he worked at ST-Microelectronics, Agrate, Italy, in the R&D group. In 1996 he received the Ph.D. degree in the area of Computer Science from Universidade Federal do Rio Grande do Sul (UFRGS), Brazil. He is presently a lecturer at the Electrical Engineering Department of UFRGS, in charge of Digital Systems Design and Digital Signal processing disciplines at the graduate and undergraduate level. He is also a member of the Graduation Program in Computer Science of UFRGS, where he is responsible for courses in Embedded Systems, Digital Signal Processing, and VLSI Design. His primary research interests include mixed-signal design, digital signal processing, mixed-signal and analog testing, and fast system prototyping. He has published more than 90 technical papers in those topics and is the author of the book Digital Systems Design and Prototyping (in portuguese).Altamiro A. Susin was born in Vacaria-RS, Brazil, in 1945. He received the Electrical Engineering and the MSc. degrees from Universidade Federal do Rio Grande do Sul (UFRGS), Brazil, in 1972 and 1977, respectively. Since 1968 he worked in the start up of Computer Centers of two local Universities. In 1981 he got his Dr Eng degree from Institut National Polytechnique de Grenoble-France. He is presently a lecturer at the Electrical Engineering Department of UFRGS, in charge of Digital Systems Design disciplines at the graduate and undergraduate level. He is also a member of the Graduation Program in Computer Science of UFRGS, where he is responsible for courses in VLSI Architecture and is also thesis director. His main research interests are integrated circuit architecture, embedded systems, signal processing with more than 50 technical papers published in those domains. He is/was responsible for several R&D projects either funded with public and/or industry resources.     

一种有密钥确认的安全认证密钥协商协议

UAP协议不具有前向保密性和密钥泄露的安全性。论文提出了一种安全的AKC协议,简称SAKC协议,它不仅具有前向保密性和密钥泄露的安全性,还有较好的执行效率。     

数字电路测试生成的基本算法

计算机辅助测试（CAT）工具有助于数字电路测试的自动化，这主要是由于使用了有效的算法和相应的软件结构。文章主要介绍了测试生成领域有重大影响的基本要领和算法。     

云存储中一种抗窃听攻击的弱安全再生码

纠删码和再生码是保证云存储可靠性的有效机制,但是它们并不能提供节点被窃听情况下存储数据的机密性。该文设计了两类抗窃听攻击的弱安全再生码方案,方案结合All-or-Nothing变换与精确修复再生码策略,保证了攻击者在窃听能力有限的情况下无法获取关于原始数据符号的任何有意义信息,同时具有较小的数据修复带宽。该文给出了通用编码构造方法,证明了其安全性,并通过实验进行了对比分析,结果表明与其它安全再生码相比该方案的编解码时间更短,且具有更好的秘密数据存储能力。     

Secure Data Access and Sharing Scheme for Cloud Storage

Cloud storage is a new storage mode emerged along with the development of cloud computing paradigm. By migrating the data to cloud storage, the consumers can be liberated from building and maintaining the private storage infrastructure, and they can enjoy the data storage service at anywhere and anytime with high reliability and a relatively low cost. However, the security and privacy risks, especially the confidentiality and integrity of data seem to be the biggest hurdle to the adoption of the cloud storage applications. In this paper, we consider the secure data access and sharing issues for cloud storage services. Based on the intractability of the discrete logarithm problem, we design a secure data access and data sharing scheme for cloud storage, where we utilize the user authentication scheme to deal with the data access problem. According to our analysis, through our scheme, only valid user with the correct password and biometric can access to the cloud storage provider. Besides, the authorized users can access the rightful resources and verify the validity of the shared data, but cannot transfer the permission to any other party. At the same time, the confidentiality and integrity of data can be guaranteed.

     

Key Management in Secure Satellite Multicast Using Key Hypergraphs

Satellite networks play an important role in today’s information age because they can provide the global coverage services. Information security is an important concern in satellite multicast communications, where eavesdropping can be performed much easier than the fixed terrestrial networks. In this work, a novel multicast key management scheme based on key hypergraph for satellite networks on a predefined communication scenario is proposed. We use logical key hierarchy and distributed-logical key hierarchy as reference models for performance comparisons. It is shown that the proposed multicast key management scheme is scalable to large dynamic groups and minimizes satellite bandwidth usage.     

移动通信网中的安全密钥分配协议

本文将Rabin的公钥加密方案和Diffie-Hellmall的密钥交换方案相结合,提出了适用于数字移动通信网的一种安全密钥分配协议。该协议有以下特点:(1)在进行密钥交换时,增加了网络对通信双方的认证;(2)用户没有向网络中心泄漏任何秘密信息;(3)由于在协议中采用了Diffie—Hellman密钥交换系统,使得用户在安全性方面和计算复杂性方面取得了折中。最后,本文对该协议的安全性进行了分析。