A Space Information Service Forwarding Mechanism Based on Software Defined Network

Space information network includes multi-system integration that involves real-time acquisition, transmission, and processing over the information systems. Space information network is an important strategic direction of China’s 13th Five-Year Plan for the innovation of science and technology, which is also considered to be the current focus area of national development. Efficient carrying and the information integration amongst different information services are the major challenges in the space information networks, which are constantly affecting the performance of system integration. Motivated by these challenges, in this paper, a Space Information Service (SIS) forwarding mechanism is proposed that is completely based on Software-Defined Network (SDN). According to the complexity of the information service demand, the designing of label tunnel control mechanism and packet/label mixed forwarding methodologies were executed by referring the concepts of SDN. Simulation results revealed that the SIS could efficiently achieve high information traffic delivery along with the management of the network tunnel

Guest Editorial: Special Issue on Advances in Internet Security and Technology *

Today's Internet has been considered as the largest engineered system ever created by mankind, which consists of hundreds of millions of connected individual computer hosts, communication links, and switches. It is a worldwide collection of connected networks that can be accessed by individual computer hosts through different ways, including gateways, routers and switches, dial-up connections, and Internet service providers. Combining with powerful capabilities of distributed computing and communications, the Internet has been serving as a new paradigm of information infrastructure, a mechanism for information dissemination, and a medium for collaboration and interaction between individuals, government agencies, financial companies, academic institutions and businesses of all size without taking into account geographic locations. People and our societies have become increasingly dependent on the Internet for personal or professional uses regardless of whether it is for e-mail, file transfer, remote login, web page access or commercial transactions. Given that the Internet is so large and has so many diverse components and uses, it naturally brings lots of challenges on issues related to architecture, congestion, naming/addressing, interoperability, routing, resilience, dependability, fault tolerant, security and privacy. To achieve a good performance for Internet applications, all these addressed issues above should be considered. This special issue on "Internet Security and Technology" attempts to highlight some of the latest research addressing those challenges. It collects a series of papers on the important topics, More specifically: • The first paper, "Lattice Based Forward-Secure Identity Based Encryption Scheme with Shorter Ciphertext" by Singh et al

A Security Real-time Privacy Amplification Scheme in QKD System

Quantum Key Distribution (QKD) technology, based on the laws of physics, can create unconditional security keys between communication parties. In recent years, researchers draw more and more attention to the QKD technology. Privacy amplification is a very significant procedure in QKD system. In this paper, we propose the real-time privacy amplification (RTPA) scheme which converts the weak secret string to a uniform key that is fully secret from Eve. Our detailed proofs show the security of our RTPA scheme. In order to prevent the potential man-in-middle attacks, we employ an authentication procedure to RTPA scheme (ARTPA) with the "-XOR almost universal hash functions. We implement our ARTPA scheme based on CLIP system, which is connected to the quantum communication system. Considering the privacy amplification and authentication overhead and the finite size effect on the security of final keys, we set the secret key length be 256k before privacy amplification and the authentication tag length be 60. Our experimental results show the efficiency of the proposed ARTPA scheme

Towards Efficient Data Collection in Space-Based Internet of Things

Due to the strong anti-destructive ability, global coverage, and independent infrastructure of the space-based Internet of Things (S-IoT), it is one of the most important ways to achieve a real interconnection of all things. In S-IoT, a single satellite can often achieve thousands of kilometers of coverage and needs to provide data transmission services for massive ground nodes. However, satellite bandwidth is usually low and the uplink and downlink bandwidth is extremely asymmetric. Therefore, exact data collection is not affordable for S-IoT. In this paper, an approximate data collection algorithm is proposed for S-IoT; that is, the sampling-reconstruction (SR) algorithm. Since the uplink bandwidth is very limited, the SR algorithm samples only the sensory data of some nodes and then reconstructs the unacquired data based on the spatiotemporal correlation between the sensory data. In order to obtain higher data collection precision under a certain data collection ratio, the SR algorithm optimizes the sampling node selection by leveraging the curvature characteristics of the sensory data in time and space dimensions. Moreover, the SR algorithm innovatively applies spatiotemporal compressive sensing (ST-CS) technology to accurately reconstruct unacquired sensory data by making full use of the spatiotemporal correlation between the sensory data. We used a real-weather data set to evaluate the performance of the SR algorithm and compared it with two existing representative approximate data collection algorithms. The experimental results show that the SR algorithm is well-suited for S-IoT and can achieve efficient data collection under the condition that the uplink bandwidth is extremely limited

A Security Real-time Privacy Amplification Scheme in QKD System

Abstract: Quantum Key Distribution (QKD) technology, based on the laws of physics, can create unconditional security keys between communication parties. In recent years, researchers draw more and more attention to the QKD technology. Privacy amplification is a very significant procedure in QKD system. In this paper, we propose the real-time privacy amplification (RTPA) scheme which converts the weak secret string to a uniform key that is fully secret from Eve. Our detailed proofs show the security of our RTPA scheme. In order to prevent the potential man-in-middle attacks, we employ an authentication procedure to RTPA scheme (ARTPA) with the ε-XOR almost universal hash functions. We implement our ARTPA scheme based on CLIP system, which is connected to the quantum communication system. Considering the privacy amplification and authentication overhead and the finite size effect on the security of final keys, we set the secret key length be 256k before privacy amplification and the authentication tag length be 60. Our experimental results show the efficiency of the proposed ARTPA scheme

Efficient Almost Strongly Universal Hash Function for Quantum Key Distribution

Part 9: CryptographyInternational audienceQuantum Key Distribution (QKD) technology, based on principles of quantum mechanics, can generate unconditional security keys for communication parties. Information-theoretically secure (ITS) authentication, the compulsory procedure of QKD systems, avoids the man-in-the-middle attack during the security key generation. The construction of hash functions is the paramount concern within the ITS authentication. In this extended abstract, we proposed a novel Efficient NTT-based ε-Almost Strongly Universal Hash Function. The security of our NTT-based ε-ASU hash function meets ε ≤ L(n + 1)/2n − 2. With ultra-low computational amounts of construction and hashing procedures, our proposed NTT-based ε-ASU hash function is suitable for QKD systems

A High-Speed Network Content Filtering System

Part 2: 4th International Workshop on Security and Cognitive Informatics for Homeland Defense (SeCIHD 2014)International audienceCurrent software based Content Filtering Systems are too computing intensive in large scale packets payload detection and cannot meet the performance requirements of modern networks. Thus, hardware architectures are desired to speed up the detection process. In this paper, hardware based Conjoint Network Content Filtering System (CNCFS) is proposed to solve the problem. In CNCFS, a TCAM based algorithm named Linking Shared Multi-Match (LSMM) is implemented, which can speed up large scale Multi-Pattern Multi-Matching greatly. Also, this system can also be used in high speed mobile networks which need to deal with the security of fast handover of mobile users. The results of performance evaluation show that our solution can provide 5 Gbps wire speed processing capability

Improving Availability through Energy-Saving Optimization in LEO Satellite Networks

Part 2: The 2014 Asian Conference on Availability, Reliability and Security, AsiaARES 2014International audienceRecently, satellite networks are widely used for communication in areas lack of network infrastructures, and will act as the backbones in the next generation internet. Therefore, the availability of satellite networks is very important. In space, the energy is always limited for satellites, and highly efficient energy utilization would certainly improve the availability of satellite systems. In this paper, we consider the energy-saving optimization for the LEO satellite network instead of a single satellite. We modify and extend the multicommodity flow model [3] to switch off satellite nodes and links as much as possible in LEO satellite networks. Taking advantage of the multi-coverage scheme and traffic distribution patents in satellite networks, we improve the heuristic algorithms in [3] to turn off the unnecessary satellites, up-down links and inter-satellite links respectively up to 59 %, 61 % and 72 % under the constraints of link utilization and routing hops increase ratio, and the total energy saving ratio can be up to 65 %. Finally, the availability of LEO satellite networks has been deeply developed

Routing Algorithm Based on Nash Equilibrium against Malicious Attacks for DTN Congestion Control

Part 2: WorkshopInternational audienceIn Delay-Tolerant Network(DTN), certain malicious node might generate congestion in attack to reduce the overall performance of the whole network, especially the target of message successful delivery ratio. In this paper, a novel Nash equilibrium based congestion control routing algorithm with the function of security defense (NESD) is proposed. In the process of message delivery, node can use Nash equilibrium to compute the largest proportion of transfer messages occupancy to node memory capacity. This mechanism constrains the attack from malicious node and guarantees the message transfer of regular node. This congestion control routing algorithm for security defense is evaluated by experiment. It is important application in the field of homeland defense. The results show that related key parameters are significantly improved in DTN scenario