PUF‐based solutions for secure communications in Advanced Metering Infrastructure (AMI)

Advanced metering infrastructure (AMI) provides 2‐way communications between the utility and the smart meters. Developing authenticated key exchange (AKE) and broadcast authentication (BA) protocols is essential to provide secure communications in AMI. The security of all existing cryptographic protocols is based on the assumption that secret information is stored in the nonvolatile memories. In the AMI, the attackers can obtain some or all of the stored secret information from memories by a great variety of inexpensive and fast side‐channel attacks. Thus, all existing AKE and BA protocols are no longer secure. In this paper, we investigate how to develop secure AKE and BA protocols in the presence of memory attacks. As a solution, we propose to embed a physical unclonable function (PUF) in each party, which generates the secret values as required without the need to store them. By combining PUFs and 2 well‐known and secure protocols, we propose PUF‐based AKE and BA protocols. We show that our proposed protocols are memory leakage resilient. In addition, we prove their security in the standard model. Performance analysis of both protocols shows their efficiency for AMI applications. The proposed protocols can be easily implemented.     

Isotopic Characterization of 100% Agave Tequila (Silver,Aged and Extra-Aged Class) for Its Use as an Additional Parameter in the Determination of the Authenticity of the Beverage Maturation Time

Isotopic ratios of δ¹³C_VPDB and δ¹⁸O_VSMOW have been used as an additional parameter to ensure the authenticity of the aging time of 100% agave tequila. For this purpose, 120 samples were isotopically analyzed (40 silver class, 40 aged class, and 40 extra-aged classes). The samples were obtained through a stratified sampling by proportional allocation, considering tequila producers from the main different regions of Jalisco, Mexico (Valles 41%, Altos Sur 31%, Cienega 16%, and Centro 12%). The results showed that the δ¹³C_VPDB was found in an average of −12.85 ‰ for all the analyzed beverages, with no significant difference between them. Since for all the tested samples the Agave tequilana Weber blue variety was used as source of sugar to obtain alcohol, those results were foreseeable, and confirm the origin of the sugar source. Instead, the results for δ¹⁸O_VSMOW showed a positive slope linear trend for the aging time (silver class 19.52‰, aged class 20.54‰, extra-aged class 21.45‰), which is associated with the maturation process, there are oxidation reactions that add congeneric compounds to the beverage, these can be used as tracers for the authenticity of the aging time. Additionally, the experimental data showed homogeneity in the beverages regardless of the production region, evidencing the tequila industry’s high-quality standards. However, a particular case occurs with the δ¹⁸O_VSMOW data for the silver class samples, in which a clear trend is noted with the altitude of the region of origin; therefore, this information suggests that this analytical parameter could be useful to authenticate the regional origin of beverage.     

iCETD: An improved tag generation design for memory data authentication in embedded processor systems

Security becomes increasingly important in computing systems. Data integrity is of utmost importance. One way to protect data integrity is attaching an identifying tag to individual data. The authenticity of the data can then be checked against its tag. If the data is altered by the adversary, the related tag becomes invalid and the attack will be detected. The work presented in this paper studies an existing tag design (CETD) for authenticating memory data in embedded processor systems, where data that are stored in the memory or transferred over the bus can be tampered. Compared to other designs, this design offers the flexibility of trading-off between the implementation cost and tag size (hence the level of security); the design is cost effective and can counter the data integrity attack with random values (namely the fake values used to replace the valid data in the attack are random). However, we find that the design is vulnerable when the fake data is not randomly selected. For some data, their tags are not distributed over the full tag value space but rather limited to a much reduced set of values. When those values were chosen as the fake value, the data alteration would likely go undetected. In this article, we analytically investigate this problem and propose a low cost enhancement to ensure the full-range distribution of tag values for each data, hence effectively removing the vulnerability of the original design.     

无线传感器网络节点复制攻击和女巫攻击防御机制研究

在无线传感器网络(WSNs)中,节点复制攻击和女巫攻击可扰乱数据融合和阈值选举等网络操作.发起这两种攻击需先通过邻居发现认证过程.考虑到在WSNs中发起邻居认证是不频繁的,提出了一种基于单向密钥链的ID认证防御机制(OKCIDA),降低攻击者在任何时间段发起这两种攻击的可能性.然后基于椭圆曲线离散对数问题,构造对称参数,并组合OKCIDA和利用节点邻居关系,提出了一种无需位置的邻居认证协议(LFNA),以阻止复制节点和女巫节点成功加入网络.最后给出了安全性证明和分析,并在安全和开销方面将LFNA与已有典型防御方案进行了比较,结果表明该方案具有一定的优势.     

基于PRESENT算法的RFID安全认证协议

物联网中RFID技术的应用非常广泛,但是RFID系统的安全性却存在着很大隐患。在RFID系统中标签与读写器间的通信信道是最易受到攻击,传输数据的完整性与保密性得不到保障,因而需要加强RFID系统通信的安全机制。考虑到RFID系统的硬件条件与成本限制,需要建立一个适合RFID系统的安全认证协议,来解决在RFID系统中信息传输所遇到的安全问题。PRESENT算法是轻量级的分组加密算法,将PRESENT结合到RFID系统的安全认证协议中,形成了新的RFID安全认证协议PRSA(PRESENT based RFID security authentication)。此协议可以增强RFID系统的安全性而又不会占用过多的硬件资源,从而能够适用于低成本的RFID系统的通信安全。     

基于块差值的半脆弱可逆视频认证方法

针对半脆弱可逆视频认证问题,提出一种基于块差值直方图调整的半脆弱可逆视频认证方法.在H.264帧内预测后重构的I帧Y分量中,通过预测残差对图像块分类.根据人眼视觉模型,在纹理复杂的区域嵌入比纹理平滑区域更多的水印.在接收端使用K-means对各块的差值进行聚类,自适应判断块差值所属区间,实现高准确率的水印提取.通过空间和时间认证之后,通过嵌入算法的逆操作实现无损视频还原.实验结果表明:提出算法具有良好的视觉效果,能够抵抗常规图像处理和噪声攻击,并实现对恶意篡改区域定位功能.     

一种改进的基于挑战/应答机制的短波接入认证系统研究与设计

挑战/应答方式是一种常用的安全性较高的动态身份认证技术,但窄带信道条件和高效率、高安全性要求限制了其在军事短波环境中的应用。基于短波终端和岸基短波台站已有的安全基础—预共享对称密钥,设计了一种改进的基于挑战/应答机制的短波接入双向认证系统。针对短波接入网实际应用,在认证过程中引入随机数和时间戳两种动态因子,在增强接入认证系统安全性的同时,有效减少了认证过程中的开销,实现通信双方相互认证的同时还能够完成会话和完整性密钥的协商。     

基于多分支认证树的多用户多副本数据持有性证明方案

在云存储环境下,如何高效、动态地完成对多用户多副本数据的完整性验证是一个挑战性问题。基于双线性代数映射的签名机制和多分支认证树特性,提出了一种新的多用户多副本数据持有性证明方案。该方案通过使用随机掩码技术对密文进行处理确保数据隐私性,采用多分支认证树来提高数据分块的签名效率,能够支持数据动态更新操作。此外,引入第三方审计者对多用户多副本数据进行批量审计以减少计算开销。最后,分析表明本方案具有较高的安全性和效率。     

基于指纹识别技术的双重身份鉴别系统实现

本文依据信息安全等级保护基本要求,利用指纹识别技术,设计了信息化应用的双重身份鉴别系统方案。方案通过建立指纹数据库,采集用户指纹信息并和账户关联,通过认证服务在用户登录时进行指纹认证实现双重身份鉴别。方案具有安全性高、适用面广、使用方便和抗抵赖等特点。