An Efficient Key Management Protocol for Wireless Sensor Networks

Key management is a fundamental security service in wireless sensor networks. The communication security problems for these networks are exacerbated by the limited power and energy of the sensor devices. In this paper, we describe the design and implementation of an efficient key management scheme based on low energy adaptive clustering hierarchy（LEACH） for wireless sensor networks. The design of the protocol is motivated by the observation that many sensor nodes in the network play different roles. The paper presents different keys are set to the sensors for meeting different transmitting messages and variable security requirements. Simulation results show that our key management protocol based-on LEACH can achieve better performance. The energy consumption overhead introduced is remarkably low compared with the original Kerberos schemes.     

A general pairwise key predistribution scheme for wireless sensor networks

This paper develops a general hypercube-based key predistribution scheme for establishing pairwise keys between sensor nodes using polynomials, which is parameterized by the dimension of hypercube and the Hamming distance threshold variables. The scheme addresses the weaknesses of existing key predistribution schemes, which have either worse security or lower efficiency. It exhibits a nice property--when the Hamming distance between any two neighboring sensor nodes is less than the pre-defined threshold, the pairwise key can be established directly. Extensive performance and security analysis shows that by increasing Hamming distance threshold value, we can trade off the resilience against node capture attack for higher probability of direct pairwise key establishment, so as to save the energy consumption which is the most important issue for sensor networks.     

Optimization model of a structural simulation design for a CICC

The engineering design of a Cable-In-Conduit Conductor (CICC) is complicated. A model for the optimal design of a CICC based on conductor stability, AC loss and strain is proposed. The model considers the critical current density as a function of applied strain. A mathematical programming method that minimizes the AC loss of the CICC is established to yield an optimal design for the CICC structure. The optimized structure and related performance agree well with the engineering design values used for the KSTAR project.     

Formal analysis of TPM2.0 key management APIs

The trusted platform module （TPM）, a system component implemented on physical resources, is designed to enable computers to achieve a higher level of security than the security level that it is possible to achieve by software alone. For this reason, the TPM provides a way to store cryptographic keys and other sensitive data in its memory, which is shielded from access by any entity other than the TPM. Users who want to use those keys and data to achieve some security goals are restricted to interact with the TPM through its APIs defined in the TPM speci- fication. Therefore, whether the TPM can provide Pro- tected Capabilities it claimed depends to a large extent on the security of its APIs. In this paper, we devise a formal model, which is accessible to a fully mechanized analysis, for the key management APIs in the TPM2.0 specification. We identify and formalize security properties of these APIs in our model and then successfully use the automated prover Tamarin to obtain the first mechanized analysis of them. The analysis shows that the key management subset of TPM APIs preserves the secrecy of non-duplicable keys for unbounded numbers of fresh keys and handles. The analysis also reports that the key duplication mechanism, used to duplicate a key between two hierarchies, is vul- nerable to impersonation attacks, which enable an adver- sary to recover the duplicated key of the originating hierarchy or import his own key into the destination hier- archy. Aiming at avoiding these vulnerabilities, we proposean approach, which restricts the originating and destination TPMs to authenticate each other＇ s identity during duplication. Then we formally demonstrate that our approach maintains the secrecy of duplicable keys when they are duplicated.     

Improvement of Laih and Yen＇s multisignature scheme

A new attack is proposed to show that a specified group of verifiers can cooperate to forge the signature for any message by secret key substitution due to the leaked secret key or by the group public key adjustment because of the renewed members. This paper presents the improvement scheme which overcomes the security weakness of Laih and Yen‘s scheme.     

A Practical Approach to Attaining Chosen Ciphertext Security

Strong security in public key cryptography is not enongh; the encryption has to be achieved in an efficient way. OAEP or SAEP is only suitable for special applications （e. g. key transport）, and securely transporting message of any length is a challenge. Motivated by the hybrid encryption, we present a practical approach to achieve the （adaptively） chosen eiphertext security. The time cost of encryption/decryption of proposed scheme is similar to OAEP and the bandwidth of message recovery is 92% for standard security parameter, while RSA-OAEP is 84%. The scheme is also provably secure against adaptively chosen ciphertext attacks in the random oracle model. We conclude that the approach is practical in more extensive application.     

Noise and linearity optimization methods for a 1.9GHz low noise amplifier

Noise and linearity performances are critical characteristics for radio frequency integrated circuits( RFICs), especially for low noise amplifiers (LNAs) . In this paper, a detailed analysis of noise and lineaxity for the cascode architecture, a widely used circuit structure in LNA designs, is presented. The noise and the hnearity improvement techniques for cascode structures are also developed and have been proven by computer simulating experiments. Theoretical analysis and simulation results showed that, for cascode structure LNAs,the first metallic oxide semiconductor field effect transistor (MOSFET) dominates the noise performance of the LNA, while the second MOSFET contributes more to the linearity. A conclusion is thus obtained that the first and second MOSFET of the LNA can be designed to optimize the noise performance and the hnearity performance separately, without trade-offs. The 1 .9 GHz Complementary Metal-Oxide-Semiconductor (CMOS) LNA simulation results are also given as an application of the developed theory.     

A broadcast signcryption protocol for ad hoc networks

Many previous broadcast encryption schemes can only guarantee confidentiality but cannot verify integrity and authenticity for broadcast messages.In this paper,a broadcast signcryption protocol for ad hoc networks is proposed based on cluster-based structure.The proposed protocol not only guarantees confidentiality but also verifies integrity and authenticity for broadcast messages.More importantly,the proposed scheme enables the cluster head to robustly add or remove any cluster member without changing secret key of other cluster members.Moreover,the proposed protocol avoids massive message exchange for key setup among cluster members.The analysis of security and performance shows that the proposed protocol is secure,efficient,and more practical protocol for ad hoc networks.     

Molecular modeling of the ion channel-like nanotube structure of amyloid β-peptide

The ion channel-like nanotube structure of the oligomers of amyloid β-peptide (Aβ) was first investi-gated by molecular modeling. The results reveal that the hydrogen bond net is one of the key factors to stabilize the structure. The hydrophobicity distribution mode of the side chains is in favor of the structure inserting into the bilayers and forming a hydrophilic pore. The lumen space is under the control of the negative potential,weaker but spreading continuously,to which the cation selectivity attributes; meanwhile,the alternate distribution of the stronger positive and negative potentials makes the electrostatic distribution of the structure framework balance,which is also one of the key factors stabilizing the structure. The results lay the theoretical foundation for illuminating the structure stability and the ion permeability,and give a clue to elucidating the molecular mechanism of Alzheimer's dis-ease (AD) and designing novel drugs to prevent or reverse AD at the root.     

Optimized body structure and packagingfor car ODB impact performance

Front bumper,crash box and side rail are key body structural parts in front crash.Deformation space is affected by compartment packaging.The improvement suggestions are proposed to solve the problems existed in the current vehicle structure and compartment packaging based on the areas that influence performance of automobile offset deformable barrier impact, such as the side rail,mounting,storage battery packaging,etc.It is proved that 40%offset crash simulation result of one certain car is well-correlated with the physical test.Optimization cases meet the crash performance requirements.The objective of the analysis is to guide structural design and improves a car’s crash safety performance.     

分层的基于身份的动态门限签名方案

提出了一个分层的基于身份的动态门限签名方案.方案具有分层的PKG结构，低层PKG可以分担高层PKG的秘密信息产生和身份认证的任务；同时具有动态安全的特性，将签名的整个生命周期分成若干时间段，每个时间段都对密钥份额进行更新，更新后的份额重构的密钥保持不变.使用了离散对数相等的知识证明协议，以保证部分签名的正确性，并证明了方案的正确性、不可伪造性和鲁棒性.给出了方案的一些扩展.     

基于身份的动态门限盲签名方案

提出一个基于身份的动态门限盲签名方案,签名者不知道他所签的消息的内容,签名信息不可追踪。 方案能够防止私钥生成器（PKG）伪造签名。 同时具有动态安全的特性,将签名的整个周期分成若干个时间段,每个时间段都要更新份额,且利用更新后的份额重构的密钥保持不变。 最后证明了方案的正确性、不可伪造性和鲁棒性。     

一种安全高效的入侵容忍CA方案

CA是PKI中的关键设施。CA的私钥一旦泄漏,该CA签发的所有证书就只能全部作废;因此,保护在线CA私钥的安全是非常重要的。将CA的私钥以门限密码技术分享在n个部件中,不仅保证了CA私钥的机密性和可用性,同时使CA具备了入侵容忍性。所提出的CA方案,私钥以Shamir的拉格朗日多项式方式分享,更适合实际需求,实验表明具有良好的性能。     

基于Linux环境下的IPS实现算法研究及性能测试

入侵防御系统(IPS)是继入侵检测系统(IDS)之后网络安全领域的一个新的研究方向,它既可以用来检测,又可以用来防御和阻止攻击。文中首先讨论了在L inux操作系统下的入侵防御系统,然后给出了建立入侵防御系统的3种算法,并对其性能做了测试、比较和分析,最后讨论了进一步需要研究的问题。     

主动式安全防御技术的研究与设计

分析了当前安全工具的优缺点,对主动防御体系及常用的主动防御技术进行了研究,并在此基础上提出一种新型的主动防御系统的实验模型.     

积极的财政政策与中西部的崛起

党的十六届三中全会提出了"五个统筹"的发展观,实施积极的财政政策应向中西部倾斜。财政要充当规划、发动、调节中西部开发中基础设施建设的主导力量;要在构建中西部大的产业结构框架(如"西气东引"西电东输"等工程)方面发挥更大的作用;要进一步加大中央对中西部地区的财政转移支付制度,以支持中西部地区的产业升级和骨干企业的技术改造。同时,要探寻财政资金运作的新方式,引导其他投资及时跟进,最终实现中西部地区的崛起和全国共同富裕的战略目标。     

分离机制下一种互联网安全接入方法

重点研究身份与位置分离机制下源地址真实性保障方面的方法,提出了身份与位置分离网络中唯一且不变的终端身份标识EID结构,并设计了一种保障源地址真实性的安全接入方法,并且给出了相应的协议流程和协议格式,保证了身份与位置分离网络中源地址即终端身份标识EID的真实性.最后使用SVO形式化逻辑对其安全性进行了证明.     

数字校园一卡通系统的安全管理策略

从多个角度探讨在数字校园环境下如何保障校园一卡通系统的安全性，提出了一套针对复杂应用情况下的安全管理策略，是对校园一卡通系统安全管理比较完备的解决方案．该方案从通讯、卡片、密钥管理、交易和数据诸多方面对系统进行了保护，不仅保护了系统中重要数据的信息安全，也保障了系统安全、可靠地运行．方案不仅适用于数字校园环境下的一卡通系统安全的管理，也为任何需要进行安全保障的系统提供了范例．     

基于身份的移动网动态可认证群组密钥协商协议

群组密钥协商是保证无线网络群组安全通信的重要工具之一。2007年,Tseng等提出一种适合无线移动网络的高效群组密钥协商协议。对Tseng协议安全性进行分析,发现Tseng协议不具备认证性,不能抵御主动攻击。因此,通过改进Tseng协议,提出一种新的动态可认证群组密钥协商协议。该协议基于身份的公钥密码体制,降低了建立和管理公钥基础设施的代价;同时,协议支持节点间的相互认证。分析结果表明：协议满足群组密钥所要求的安全准则,降低了普通节点的计算和通信成本。     

一种改进的SVM多类分类算法在入侵检测中的应用

入侵检测作为网络安全的关键技术,成为了当前网络安全研究的热点,入侵检测算法的准确率和推广性能是研究的重点。基于二叉树的思想和超球支持向量机的特点,本文提出了一种改进的SVM多类分类入侵检测算法。本文通过引入相似度函数作为权值,选取相似性最小的两类样本构造两类分类器,采用自下而上的方法构造多个两类超球SVM分类器,并将该多类分类算法应用于入侵检测中。利用KDD CUP 1999入侵检测数据进行了仿真实验,实验结果表明,该算法能有效提高检测准确率、推广性能也得到较好改善。