Due to the civil BeiDou navigation system is open,unauthenticated,and non-encrypted,civilian BeiDou navigation signals may have great security loopholes during transmission or reception.The main security loophole here...Due to the civil BeiDou navigation system is open,unauthenticated,and non-encrypted,civilian BeiDou navigation signals may have great security loopholes during transmission or reception.The main security loophole here is spoofing attacks.Spoofing attacks make the positioning or timing results of BeiDou civilian receivers wrong.Such errors may cause a series of security problems,which lays a serious hidden danger for Bei-Dou satellite information security.This article proposes an anti-spoofing method for BeiDou navigation system based on the combination of SM commercial cryptographic algorithm and Timed Efficient Stream Loss-tolerant Authentication(TESLA)for spoofing attacks.In this solution,we use the SM3 algorithm to generate a TESLA key chain with time information,and then use the key in the key chain to generate the message authentication code for the BeiDou D2 navigation message.The message authentication code is inserted into a reserved bit of the D2 navigation message.In addition,this solution uses the SM2 algorithm to protect and encrypt time information in the TESLA key chain to prevent key replay attacks in TESLA.The experimental results tested on the experimental platform built in this paper show that this scheme reduces the possibility of the BeiDou navigation system being deceived and enhances the safety of the BeiDou navigation system.展开更多
This paper proposes a scheme for secure authentication of classical messages with single photons and a hashed function. The security analysis of this scheme is also given, which shows that anyone cannot forge valid me...This paper proposes a scheme for secure authentication of classical messages with single photons and a hashed function. The security analysis of this scheme is also given, which shows that anyone cannot forge valid message authentication codes (MACs). In addition, the lengths of the authentication key and the MACs are invariable and shorter, in comparison with those presented authentication schemes. Moreover, quantum data storage and entanglement are not required in this scheme. Therefore, this scheme is more efficient and economical.展开更多
A multi-user view file system (MUVFS) and a security scheme are developed to improve the security of the united storage network (USN) that integrates a network attached storage (NAS) and a storage area network (SAN). ...A multi-user view file system (MUVFS) and a security scheme are developed to improve the security of the united storage network (USN) that integrates a network attached storage (NAS) and a storage area network (SAN). The MUVFS offers a storage volume view for each authorized user who can access only the data in his own storage volume, the security scheme enables all users to encrypt and decrypt the data of their own storage view at client-side, and the USN server needs only to check the users’ identities and the data’s integrity. Experiments were performed to compare the sequential read, write and read/write rates of NFS+MUVFS+secure_module with those of NFS. The results indicate that the security of the USN is improved greatly with little influence on the system performance when the MUVFS and the security scheme are integrated into it.展开更多
CAN(Controller Area Network)总线技术的发展令人惊叹,基于CAN的车载总线实现ECU(Electronic Control Unit)分布式实时数据通讯,自由通信,总线仲裁。本文提出了在CAN协议基础上增加ECU间(Key)密钥分配与信息认证,简称MAC(Message Authe...CAN(Controller Area Network)总线技术的发展令人惊叹,基于CAN的车载总线实现ECU(Electronic Control Unit)分布式实时数据通讯,自由通信,总线仲裁。本文提出了在CAN协议基础上增加ECU间(Key)密钥分配与信息认证,简称MAC(Message Authentication Code,信息认证码)。本文会由浅入深阐述当前CAN总线协议基础上的MAC的工作原理与实现方式。展开更多
基金supported in part by the Joint Foundation of National Natural Science Committee of China and Civil Aviation Administration of China under Grant U1933108in part by the Scientific Research Project of Tianjin Municipal Education Commission under Grant 2019KJ117.
文摘Due to the civil BeiDou navigation system is open,unauthenticated,and non-encrypted,civilian BeiDou navigation signals may have great security loopholes during transmission or reception.The main security loophole here is spoofing attacks.Spoofing attacks make the positioning or timing results of BeiDou civilian receivers wrong.Such errors may cause a series of security problems,which lays a serious hidden danger for Bei-Dou satellite information security.This article proposes an anti-spoofing method for BeiDou navigation system based on the combination of SM commercial cryptographic algorithm and Timed Efficient Stream Loss-tolerant Authentication(TESLA)for spoofing attacks.In this solution,we use the SM3 algorithm to generate a TESLA key chain with time information,and then use the key in the key chain to generate the message authentication code for the BeiDou D2 navigation message.The message authentication code is inserted into a reserved bit of the D2 navigation message.In addition,this solution uses the SM2 algorithm to protect and encrypt time information in the TESLA key chain to prevent key replay attacks in TESLA.The experimental results tested on the experimental platform built in this paper show that this scheme reduces the possibility of the BeiDou navigation system being deceived and enhances the safety of the BeiDou navigation system.
基金supported by the National Natural Science Foundation of China (Grant Nos 60873191 and 60821001)the Specialized Research Fund for the Doctoral Program of Higher Education (Grant No 200800131016)+5 种基金Beijing Nova Program (Grant No2008B51)Key Project of the Chinese Ministry of Education (Grant No 109014)the Natural Science Foundation of Beijing (Grant No 4072020)the National Laboratory for Modern Communications Science Foundation of China (Grant No 9140C1101010601)the Natural Science Foundation of Education Bureau of Henan Province (Grant No 2008B120005)the Youth Foundation of Luoyang Normal University
文摘This paper proposes a scheme for secure authentication of classical messages with single photons and a hashed function. The security analysis of this scheme is also given, which shows that anyone cannot forge valid message authentication codes (MACs). In addition, the lengths of the authentication key and the MACs are invariable and shorter, in comparison with those presented authentication schemes. Moreover, quantum data storage and entanglement are not required in this scheme. Therefore, this scheme is more efficient and economical.
文摘A multi-user view file system (MUVFS) and a security scheme are developed to improve the security of the united storage network (USN) that integrates a network attached storage (NAS) and a storage area network (SAN). The MUVFS offers a storage volume view for each authorized user who can access only the data in his own storage volume, the security scheme enables all users to encrypt and decrypt the data of their own storage view at client-side, and the USN server needs only to check the users’ identities and the data’s integrity. Experiments were performed to compare the sequential read, write and read/write rates of NFS+MUVFS+secure_module with those of NFS. The results indicate that the security of the USN is improved greatly with little influence on the system performance when the MUVFS and the security scheme are integrated into it.
文摘CAN(Controller Area Network)总线技术的发展令人惊叹,基于CAN的车载总线实现ECU(Electronic Control Unit)分布式实时数据通讯,自由通信,总线仲裁。本文提出了在CAN协议基础上增加ECU间(Key)密钥分配与信息认证,简称MAC(Message Authentication Code,信息认证码)。本文会由浅入深阐述当前CAN总线协议基础上的MAC的工作原理与实现方式。
