Unconditional Authentication Based on Physical Layer Offered Chain Key in Wireless Communication

Authentication is a critical issue in wireless communication due to the impersonation and substitution attacks from the vulnerable air interface launched by the malicious node. There are currently two kinds of authentication research in wireless communication. One is based on cryptography and relies on computational complexity, the other is based on physical layer fingerprint and can not protect data integrity well. Both of these approaches will become insecure when facing attackers with infinite computing power. In this paper, we develop a wireless unconditional authentication framework based on one-time keys generated from wireless channel. The proposed unconditional authentication framework provides a new perspective to resist infinite computing power attackers. We study the performance of the unconditional authentication framework in this paper. First, a physical layer offered chain key (PHYLOCK) structure is proposed, which can provide one-time keys for unconditional authentication. The physical layer offered chain keys are generated by XORing the physical layer updated keys extracted from the current channel state information (CSI) and the previous chain keys. The security of PHYLOCK is analyzed from the perspective of information theory. Then, the boundary of the deception probability is conducted. It is shown that unconditional authentication can achieve a probability of deception 2−12Hk, where Hk is the entropy of the one-time key used for one message. Finally, the conditions for unconditional authentication are listed. Our analysis shows that the length of the key and the authentication code need to be twice the length of the message and the encoding rules of the authentication code need to satisfy the restrictions we listed.     

对ARAP认证协议的攻击及其改进

分析了射频识别（RFID）系统中匿名RFID认证协议（ARAP）存在的安全缺陷,指出攻击者可利用该协议存在的异或运算使用不当的安全缺陷发起身份假冒攻击.为此,提出了一种改进的RFID双向认证协议,该协议修改了ARAP认证协议中部分异或运算和验证操作,仍采用假名机制提供隐私性保护,防止攻击者对标签进行跟踪.结果分析表明,改进后的协议具有双向认证、前向安全性和匿名性等安全属性,并能够抵抗冒充、跟踪和重放等攻击.同时,性能对比分析表明改进后的协议具有比较好的效率,实用性较强.     

EAP协议及其应用

认证服务是无线局域网的一种最重要的安全服务。介绍了可扩展认证协议,分析研究了它的类型及应用。     

基于CSP方法的移动自组织网络认证协议TAM的分析与改进

针对移动自组织网络认证协议应对安全威胁、满足安全目标的有效性问题,提出了采用基于通信顺序进程（CSP, communicating sequential process）和模型检测的协议分析方法,对移动自组织网络的代表性认证协议TAM进行分析、建模、检验并改进。首先采用CSP方法对TAM中参与者的通信行为建立模型、给出了安全目标的安全规范;然后利用模型检测工具FDR验证了TAM的CSP进程,结果表明TAM不满足认证性和机密性安全规范;最后对TAM进行了改进并检验,结果表明改进后的TAM满足安全目标,实验表明与TAM相比,改进的TAM在合理的簇规模情况下增加可接受的额外开销。     

移动通信网络中的安全保密技术

分析了移动通信网络中的不安全因素,重点讨论了移动通信网络中的身份认证和密钥分配,数据加密与完整性检测方案,并对其安全性进行了详细分析.     

RFID认证协议研究

Secure and private authentication protocol is important in Radio Frequency Identification (RFID) technology. To date, researchers have proposed many RFID authentication protocols. However, these protocols have many flaws due to lack of theoretical support in designing these protocols. In this work, first we present the security and privacy requirements in RFID authentication protocols. Then we examine related works and point out problems in designing RFID authentication protocols. To solve these problems, we propose and briefly prove three theorems. We also give necessary examples for better understanding these theorems with concrete protocols. At last, we give our suggestions on designing secure and private authentication protocols. The security and privacy requirements, theorems, and suggestions will facilitate better understanding and designing of RFID authentication protocols in the future.     

零知识性量子身份认证协议

基于EPR纠缠光子对的相干特性,设计了一个量子身份认证协议。该协议具有零知识性。由于基于量子物理特性,不但满足传统的身份认证的基本性质,还具有无条件安全性,并可以抵抗各种可能的量子攻击。     

基于可视密码的身份认证技术方案

可视密码技术是密码学领域近年来发展起来的针对图像的加、解密技术,具有隐蔽性好、安全性高、秘密恢复的简单性等特点。而身份认证技术是为了确认用户在生活、工作、消费等活动中的真实身份而产生的有效解决办法,对保障用户身份的真实性和可靠性有着举足轻重的作用。本文引入可视密码技术,提出一种基于可视密码的身份识别技术方案,用户携带的信息通过加密手段保障不被他人非法窃取利用,提高了信息携带过程的安全性与隐私性。     

Threshold Password-Authenticated Key Exchange

In most password-authenticated key exchange systems there is a single server storing password verification data. To provide some resilience against server compromise, this data typically takes the form of a one-way function of the password (and possibly a salt, or other public values) rather than the password itself. However, if the server is compromised, this password verification data can be used to perform an off-line dictionary attack on the user's password. In this paper we propose an efficient password-authenticated key exchange system involving a set of servers with known public keys, in which a certain threshold of servers must participate in the authentication of a user, and in which the compromise of any fewer than that threshold of servers does not allow an attacker to perform an off-line dictionary attack. We prove our system is secure in the random oracle model under the Decision Diffie-Hellman assumption against an attacker that may eavesdrop on, insert, delete, or modify messages between the user and servers, and that compromises fewer than that threshold of servers.     

Efficient identity-based signature scheme with batch authentication for delay tolerant mobile sensor network

Identity-based cryptography （IBC） has drawn a lot of attentions in delay tolerant environment. However, the high computational cost of IBC becomes the most critical issue in delay tolerant mobile sensor network （DTMSN） because of the limited processing power. In this paper, an efficient identify-based signature scheme with batch authentication （ISBA） is proposed for DTMSN. ISBA designs an online/offline signature with batch authentication to reduce the computational cost, and improves data delivery mechanism to increase the number of messages for each batch authentication. Simulation results show that ISBA not only realizes a lower computational cost than existed schemes, but also does not induce negative impact on the delivery performance.