Homomorphic MAC-based scheme against pollution attacks in network coding

Network coding can improve network throughput in large, but it is vulnerable to the data pollution attacks. In this paper, we propose an efficient homomorphic message authentication code (MAC) scheme with discrete logarithm to detect and locate the malicious nodes. We also prove the security property of the scheme theoretically. Its effectiveness is demonstrated, and overhead is analyzed through extensive experiments.     

Efficient Algorithm for Prolonging Network Lifetime of Wireless Sensor Networks

One of the fundamental design challenges in designing a Wireless Sensor Network (WSN) is to maximize the network lifetime,as each sensor node of the network is equipped with a limited power battery.To overcome this challenge,different methods were developed in the last few years using such techniques as network protocols,data fusion algorithms using low power,energy efficient routing,and locating optimal sink position.This paper focuses on finding the optimal sink position.Relay nodes are introduced in conjunction with the sensor nodes to mitigate network geometric deficiencies since in most other approaches the sensor nodes close to the sink become heavily involved in data forwarding and,thus,their batteries are quickly depleted.A Particle Swarm Optimization (PSO) based algorithm is used to locate the optimal sink position with respect to those relay nodes to make the network more energy efficient.The relay nodes communicate with the sink instead of the sensor nodes.Tests show that this approach can save at least 40% of the energy and prolong the network lifetime.     

A Partially Non-Cryptographic Security Routing Protocol in Mobile Ad Hoc Networks

In this paper, we propose a partially non-cryptographic security routing protocol （PNCSR） that protects both routing and data forwarding operations through the same reactive approach. PNCSR only apply public-key cryptographic system in managing token, but it doesn＇t utilize any cryptographic primitives on the routing messages. In PNCSR, each node is fair. Local neighboring nodes collaboratively monitor each other and sustain each other. It also uses a novel credit strategy which additively increases the token lifetime each time a node renews its token. We also analyze the storage, computation, and communication overhead of PNCSR, and provide a simple yet meaningful overhead comparison. Finally, the simulation results show the effectiveness of PNCSR in various situations.     

Ubiquitous Computing Identity Authentication Mechanism Based on D-S Evidence Theory and Extended SPKI/SDSI

Ubiquitous computing systems typically have lots of security problems in the area of identity authentication by means of classical PKI methods. The limited computing resources, the disconnection network, the classification requirements of identity authentication, the requirement of trust transfer and cross identity authentication, the bidirectional identity authentication, the security delegation and the simple privacy protection etc are all these unsolved problems. In this paper, a new novel ubiquitous computing identity authentication mechanism, named UCIAMdess, is presented. It is based on D-S Evidence Theory and extended SPKI/SDSI. D-S Evidence Theory is used in UCIAMdess to compute the trust value from the ubiquitous computing environment to the principal or between the different ubiquitous computing environments. SPKI-based authorization is expanded by adding the trust certificate in UCIAMdess to solve above problems in the ubiquitous computing environments. The identity authentication mechanism and the algorithm of certificate reduction are given in the paper to solve the multi-levels trust-correlative identity authentication problems. The performance analyses show that UCIAMdess is a suitable security mechanism in solving the complex ubiquitous computing problems.     

SLEACH： Secure Low.Energy Adaptive Clustering Hierarchy Protocol for Wireless Sensor Networks

LEACH (Low-Energy Adaptive Clustering Hierarchy) protocol is a basic clustering-based routing protocol of sensor networks. In this paper, we present the design of SLEACH, a secure extension for the LEACH protocol. We divide SLEACH into four phases and fit inexpensive cryptographic operations to each part of the protocol functionality to create an efficient, practical protocol. Then we give security analyses of SLEACH. Our security analyses show that our scheme is robust against any external attacker or compromised nodes in the sensor network     

Design of the XML Security System for Electronic Commerce Application

The invocation of World Wide Web (www) first triggered mass adoption of the Internet for public access to digital information exchanges across the globe. To get a big market on the Web,a special security infrastructure would need to be put into place transforming the wild-and-woolly Internet into a network with end-to-end protections. XML (extensible Markup Language) is widely accepted as powerful data representation standard for electronic documents, so a security mechanism for XML documents must be provided in the first place to secure electronic commerce over Internet. In this paper the authors design and implement a secure framework that provides XML signature function, XML Element-wise Encryption function, smart card based crypto APIlibrary and Public Key Infrastructure (PKI) security functions to achieve confidentiality, integri-ty, message authentication, and/or signer authentication services for XML documents and exist-ing non-XML documents that are exchanged by Internet for E-commerce application.     

HEAD:A Hybrid Mechanism to Enforce Node Cooperation in Mobile Ad Hoc Networks

Mobile ad hoc networks rely on the cooperation of nodes for routing and forwarding. However, it may not be advantageous for individual nodes to cooperate. In order to make the mobile ad hoc network more robust, we propose a scheme called HEAD (a hybrid mechanism to enforce node cooperation in mobile ad hoc networks) to make the misbehavior unattractive. HEAD is an improvement to OCEAN (observation-based cooperation enforcement in ad hoc networks). It employs only first hand information and works on the top of DSR (dynamic source routing) protocol. By interacting with the DSR, HEAD can detect the misbehavior nodes in the packet forwarding process and isolate them in the route discovery process. In order to detect the misbehavior nodes quickly, HEAD introduces the warning message. In this paper, we also classify the misbehavior nodes into three types:malicious nodes, misleading nodes, and selfish nodes. They all can be detected by HEAD, and isolated from the network.     

Field experiment on a robust hierarchical metropolitan quantum cryptography network

A hierarchical metropolitan quantum cryptography network upon the inner-city commercial telecom fiber cables is reported in this paper. The seven-user network contains a four-node backbone net with one node acting as the subnet gateway, a two-user subnet and a single-fiber access link, which is realized by the Faraday-Michelson interferometer set-ups. The techniques of the quantum router, optical switch and trusted relay are assembled here to guarantee the feasibility and expandability of the quantum cryptography network. Five nodes of the network are located in the government departments and the secure keys generated by the quantum key distribution network are utilized to encrypt the instant video, sound, text messages and confidential files transmitting between these bureaus. The whole implementation including the hierarchical quantum cryptographic communication network links and the corresponding application software shows a big step toward the practical user-oriented network with a high security level.     

Localization in 3D sensor networks using stochastic particle swarm optimization

Localization is one of the key technologies in wireless sensor networks,and the existing PSO-based localization methods are based on standard PSO,which cannot guarantee the global convergence.For the sensor network deployed in a three-dimensional region,this paper proposes a localization method using stochastic particle swarm optimization.After measuring the distances between sensor nodes,the sensor nodes estimate their locations using stochastic particle swarm optimization,which guarantees the global convergence of the results.The simulation results show that the localization error of the proposed method is almost 40% of that of multilateration,and it uses about 120 iterations to reach the optimizing value,which is 80 less than the standard particle swarm optimization.     

A lightweight secure network coding scheme against wiretapping

Existing works for securing network coding against wiretapping either incur high coding complexity or bring large bandwidth overhead. For exploiting the lightweight security mechanism for resource-constrained networks, an efficient secure coding scheme is proposed in conjunction with the inherent mix- ing characteristic of network coding. The key idea is to minimize the randomizing operations to the entire plaintext data. The pro- posed scheme is shown to have properties of lightweight security complexity and lower communication overhead compared with the existing traditional solutions, and can be easy in implementation and combination with classical cryptography techniques.     

A Fault Tolerance Scheme for Reliable Transfer in Delay Tolerant Networks

Delay Tolerant Network (DTN) is a class of networks that experience frequent and long-duration partitions due to sparse distribution of nodes.It has a broad prospect to new network applications for a better scalability,fault-tolerant,and high performance.In DTNs,path failure occurs frequently,so message transfer is not reliable.Sometimes it is required to change routing even in a very short period,resulting in transmission delay and reception delay.However,some well-known assumptions of traditional networks are no longer true in DTNs.In this paper,we study the problem of path failures in DTNs.The path failure process in DTNs is described when the path appears completely normal,completely failed and partially failed.Traditional approaches based on using precisely known network dynamics have not accounted for message losses.A new fault tolerant scheme to generate redundancy is to use erasure coding and full replication.This can greatly decrease the path failure rate.At last,a traffic DTN model is analyzed.Results reveal the superiority of our scheme in comparison to other present schemes.     

Research of session initial protocol security mechanism on public key technique

Two common kinds of security mechanisms used in session initial protocol (SIP) are analyzed.An improved HTTP digest authentication scheme is put forward based on the existing SIP authentication theories.This mechanism is combined with the merits of the HTTP digest authentication and the public key encryption,so the communicating parties complete two-way authentication and public key exchange in pre-calling,and the session key can be randomly generated in post-calling.The mixture of security encryption mechanism with public key encryption and symmetric-key encryption algorithm can ensure the security for network communication data.The emulation of the scheme is verified,and the security analysis is conducted in the end.The researches show that the simulations efficiency of this method is about 78% of HTTP’s,and it can prevent four kinds of attacks including impersonating a server,offline password guessing attacks,relay-attack,and session monitoring.     

A Secure and Pragmatic Routing Protocol for Mobile Ad hoc Networks

An ad hoc network is a group of wireless mobile computers （or nodes）, in which individual nodes cooperate by forwarding packets for each other to allow nodes to communicate beyond direct wireless transmission range. Because of node mobility and power limitations, the network topology changes frequently. Routing protocol plays an important role in the ad hoc network. A recent trend in ad hoc network routing is the reactive on-demand philosophy where routes are established only when required. As an optimization for the current Dynamic Source Routing Protocol, a secure and pragmatic routes selection scheme based on Reputation Systems was proposed. We design the Secure and Pragmatic Routing protocol and implement simulation models using GloMoSim. Simulation results show that the Secure and Pragmatic Routing protocol provides better experimental results on packet delivery ratio, power consumption and system throughput than Dynamic Source Routing Protocol.     

A study on IP-based hierarchical routing strategy in network simulation

The intrinsic routing policy of NS2—a network simulation tool— based on flat or hierarchical address has the disadvantage such as small topology scale,high resource consumption,low efficiency and so on.This paper proposes an IP based hierarchical routing strategy in network simulation to extend the topology scale and improve performance in simulating.Firstly,a stratification mechanism to identify IP address of nodes is described.Then,an algorithm of packet transmitting method(PTM) is presented for packet forwarding in the same subnet.Finally,algorithms of region partition(RP),routing computation based on region division(RCBRD) and routing distribution(RD) is proposed to implement regional segmentation,route calculation and route distribution for forwarding packets in different subnets respectively.The experiment results show that under the same condition,compared with plane address,the topology scale of the network simulation is extended two times and the consumption of time and memory during simulation is reduced by approximately 73%and 45.8% respectively.Compared with hierarchical address,the topology scale of the network simulation is expanded by more than 50%,and the consumption of time and memory is reduced by about 59.2% and 25% respectively.In addition,along with the growth of the node size,the proportion of reducing total simulation time and memory consumption would gradually increase.     

An Authentication Method of Distinguishing Proxy＇s Secure Accident Responsibility

The publish/subscribe （pub/sub） paradigm has asynchronous, loosely-coupled and many-to-many communication properties and is widely used in the application of large-scale distributed computing environment. There is the problem that is mutual trustable between network proxies in terms of pub/sub systems and the problem which is hardly to distinguish accident responsibility while the accident happens in Kerberos based on symmetrical encryption algorithm. A proxy identity authentication algorithm based on RSA encryption is proposed to solve the problem of mutual trust between proxies, and the security of the messages is guaranteed through certificate delegation. The algorithm can distinguish accident responsibility. The feasibility analysis, security analysis and efficiency analysis of the algorithm are carried out.     

An Anomalous Behavior Detection Model in Cloud Computing

This paper proposes an anomalous behavior detection model based on cloud computing. Virtual Machines(VMs) are one of the key components of cloud Infrastructure as a Service(Iaa S). The security of such VMs is critical to Iaa S security. Many studies have been done on cloud computing security issues, but research into VM security issues, especially regarding VM network traffic anomalous behavior detection, remains inadequate.More and more studies show that communication among internal nodes exhibits complex patterns. Communication among VMs in cloud computing is invisible. Researchers find such issues challenging, and few solutions have been proposed—leaving cloud computing vulnerable to network attacks. This paper proposes a model that uses Software-Defined Networks(SDN) to implement traffic redirection. Our model can capture inter-VM traffic, detect known and unknown anomalous network behaviors, adopt hybrid techniques to analyze VM network behaviors, and control network systems. The experimental results indicate that the effectiveness of our approach is greater than 90%, and prove the feasibility of the model.     

Congestion control for ATM multiplexers using neural networks：multiple sources／single buffer scenario

A new neural network based method for solving the problem of congestion control arising at the user network interface (UNI) of ATM networks is proposed in this paper. Unlike the previous methods where the coding rate for all traffic sources as controller output signals is tuned in a body, the proposed method adjusts the coding rate for only a part of the traffic sources while the remainder sources send the cells in the previous coding rate in case of occurrence of congestion. The controller output signals include the source coding rate and the percentage of the sources that send cells at the corresponding coding rate. The control methods not only minimize the cell loss rate but also guarantee the quality of information (such as voice sources) fed into the multiplexer buffer. Simulations with 150 ADPCM voice sources fed into the multiplexer buffer showed that the proposed methods have advantage over the previous methods in the aspect of the performance indices such as cell loss rate (CLR) and voice quality.     

Cryptanalysis and Improvement of Piveteau Signature Scheme with Message Recovery

Piveteau signature scheme allows message recovery but the methodology differs from that of the Nyberg-Rueppel schemes. This paper analyzes the security of the Piveteau scheme by designing some attacks. Two improved methods to Piveteau signature scheme and Nyberg-Rueppel schemes were developed to avoid these weaknesses. Analyses of the security of the improved schemes prove that the improved methods can effectively handle the attacks proposed in this paper.     

Identification of the Credit Guarantee Network of Steel Trade Enterprises in China

The risk points in the credit guarantee network of steel trade enterprises were identified by using the network analysis method in this paper. Firstly, the formation and operation mechanism of steel trade credit guarantee network was analyzed.Secondly,a guarantee network was established to analyze the related network structure indexes based on the mutual guarantee data of 83 enterprises in a steel trade market. These indexes included centrality,honest broker,and structural hole. The results suggest that network analysis method can be used to find out the risk points of the guarantee network. Additionally,some recommendations are brought forth to reduce or prevent future crises.