DoSGuard: Mitigating Denial-of-Service Attacks in Software-Defined Networks.

Software-defined networking (SDN) is a new networking paradigm that realizes the fast management and optimal configuration of network resources by decoupling control logic and forwarding functions. However, centralized network architecture brings new security problems, and denial-of-service (DoS) attacks are among the most critical threats. Due to the lack of an effective message-verification mechanism in SDN, attackers can easily launch a DoS attack by faking the source address information. This paper presents DoSGuard, an efficient and protocol-independent defense framework for SDN networks to detect and mitigate such attacks. DoSGuard is a lightweight extension module on SDN controllers that mainly consists of three key components: a monitor, a detector, and a mitigator. The monitor maintains the information between the switches and the hosts for anomaly detection. The detector utilizes OpenFlow message and flow features to detect the attack. The mitigator protects networks by filtering malicious packets. We implement a prototype of DoSGuard in the floodlight controller and evaluate its effectiveness in a simulation environment. Experimental results show the DoSGuard achieves 98.72% detecion precision, and the average CPU utilization of the controller is only around 8%. The results demonstrate that DoSGuard can effectively mitigate DoS attacks against SDN with limited overhead.

Sound Can Help Us See More Clearly.

In the field of video action classification, existing network frameworks often only use video frames as input. When the object involved in the action does not appear in a prominent position in the video frame, the network cannot accurately classify it. We introduce a new neural network structure that uses sound to assist in processing such tasks. The original sound wave is converted into sound texture as the input of the network. Furthermore, in order to use the rich modal information (images and sound) in the video, we designed and used a two-stream frame. In this work, we assume that sound data can be used to solve motion recognition tasks. To demonstrate this, we designed a neural network based on sound texture to perform video action classification tasks. Then, we fuse this network with a deep neural network that uses continuous video frames to construct a two-stream network, which is called A-IN. Finally, in the kinetics dataset, we use our proposed A-IN to compare with the image-only network. The experimental results show that the recognition accuracy of the two-stream neural network model with uesed sound data features is increased by 7.6% compared with the network using video frames. This proves that the rational use of the rich information in the video can improve the classification effect.

A Multi-User Public Key Encryption with Multi-Keyword Search out of Bilinear Pairings.

Internet of Things (IoT) and cloud computing are adopted widely in daily life and industrial production. Sensors of IoT equipment gather personal, sensitive and important data, which is stored in a cloud server. The cloud helps users to save cost and collaborate. However, the privacy of data is also at risk. Public-key encryption with keyword search (PEKS) is convenient for users to use the data without leaking privacy. In this article, we give a scheme of PEKS for a multi-user to realize the multi-keyword search at once and extend it to show a rank based on keywords match. The receiver can finish the search by himself or herself. With private cloud and server cloud, most users' computing can be outsourced. Moreover, the PEKS can be transferred to a multi-user model in which the private cloud is used to manage receivers and outsource. The store cloud and the private cloud both obtain nothing with the keyword information. Then our IoT devices can easily run these protocols. As we do not use any pairing operations, the scheme is under more general assumptions that means the devices do not need to take on the heavy task of calculating pairing.

Cache-Based Privacy Preserving Solution for Location and Content Protection in Location-Based Services.

Location-Based Services (LBSs) are playing an increasingly important role in people's daily activities nowadays. While enjoying the convenience provided by LBSs, users may lose privacy since they report their personal information to the untrusted LBS server. Although many approaches have been proposed to preserve users' privacy, most of them just focus on the user's location privacy, but do not consider the query privacy. Moreover, many existing approaches rely heavily on a trusted third-party (TTP) server, which may suffer from a single point of failure. To solve the problems above, in this paper we propose a Cache-Based Privacy-Preserving (CBPP) solution for users in LBSs. Different from the previous approaches, the proposed CBPP solution protects location privacy and query privacy simultaneously, while avoiding the problem of TTP server by having users collaborating with each other in a mobile peer-to-peer (P2P) environment. In the CBPP solution, each user keeps a buffer in his mobile device (e.g., smartphone) to record service data and acts as a micro TTP server. When a user needs LBSs, he sends a query to his neighbors first to seek for an answer. The user only contacts the LBS server when he cannot obtain the required service data from his neighbors. In this way, the user reduces the number of queries sent to the LBS server. We argue that the fewer queries are submitted to the LBS server, the less the user's privacy is exposed. To users who have to send live queries to the LBS server, we employ the l-diversity, a powerful privacy protection definition that can guarantee the user's privacy against attackers using background knowledge, to further protect their privacy. Evaluation results show that the proposed CBPP solution can effectively protect users' location and query privacy with a lower communication cost and better quality of service.

Robust Multiple Servers Architecture Based Authentication Scheme Preserving Anonymity.

Recently, many dynamic ID based remote user authentication schemes using smart card have been proposed to improve the security in multiple servers architecture authentication systems. In 2017, Kumari and Om proposed an anonymous multi-server authenticated key agreement scheme, which is believed to be secure against a range of network attacks. Nevertheless, in this paper we reanalyze the security of their scheme, and show that the scheme is vulnerable to impersonation attack and server spoofing attack launched by any adversary without knowing any secret information of the victim users. In addition, their protocol fails to achieve the claimed user privacy protection. For handling these aforementioned shortcomings, we introduce a new biometric-based authentication scheme for multi-server architecture preserving user anonymity. Besides, Burrows-Abadi-Needham (BAN)-logic validated proof and discussion on possible attacks demonstrate the completeness and security of our scheme, respectively. Further, the comparisons in terms of security analysis and performance evaluation of several related protocols show that our proposal can provide stronger security without sacrificing efficiency.

Message Integration Authentication in the Internet-of-Things via Lattice-Based Batch Signatures.

The internet-of-things (also known as IoT) connects a large number of information-sensing devices to the Internet to collect all kinds of information needed in real time. The reliability of the source of a large number of accessed information tests the processing speed of signatures. Batch signature allows a signer to sign a group of messages at one time, and signatures' verification can be completed individually and independently. Therefore, batch signature is suitable for data integration authentication in IoT. An outstanding advantage of batch signature is that a signer is able to sign as many messages as possible at one time without worrying about the size of signed messages. To reduce complexity yielded by multiple message signing, a binary tree is usually leveraged in the construction of batch signature. However, this structure requires a batch residue, making the size of a batch signature (for a group of messages) even longer than the sum of single signatures. In this paper, we make use of the intersection method from lattice to propose a novel generic method for batch signature. We further combine our method with hash-and-sign paradigm and Fiat⁻Shamir transformation to propose new batch signature schemes. In our constructions, a batch signature does not need a batch residue, so that the size of the signature is relatively smaller. Our schemes are securely proved to be existential unforgeability against adaptive chosen message attacks under the small integer solution problem, which shows great potential resisting quantum computer attacks.

Practical passive decoy state measurement-device-independent quantum key distribution with unstable sources.

Measurement-device-independent quantum key distribution (MDI-QKD) with the active decoy state method can remove all detector loopholes, and resist the imperfections of sources. But it may lead to side channel attacks and break the security of QKD system. In this paper, we apply the passive decoy state method to the MDI-QKD based on polarization encoding mode. Not only all attacks on detectors can be removed, but also the side channel attacks on sources can be overcome. We get that the MDI-QKD with our passive decoy state method can have a performance comparable to the protocol with the active decoy state method. To fit for the demand of practical application, we discuss intensity fluctuation in the security analysis of MDI-QKD protocol using passive decoy state method, and derive the key generation rate for our protocol with intensity fluctuation. It shows that intensity fluctuation has an adverse effect on the key generation rate which is non-negligible, especially in the case of small data size of total transmitting signals and long distance transmission. We give specific simulations on the relationship between intensity fluctuation and the key generation rate. Furthermore, the statistical fluctuation due to the finite length of data is also taken into account.

Bounds for coherence of quantum superpositions in high dimension.

Quantum coherence plays a major role in the promotion for quantum information processing and designing quantum technology. Since coherence is rooted in superposition principle, it is vital to understand the coherence change with respect to superpositions. Here we study the bounds for coherence of quantum superpositions in high dimension. We consider three most frequently used measures of coherence, i.e. the relative entropy of coherence, l 1 norm of coherence and robustness of coherence. For a quantum state (an arbitrary dimension) and its arbitrary decomposition, we give the upper and lower bounds for coherence of the superposition state in terms of the coherence of the states being superposed.

Round-robin differential-phase-shift quantum key distribution with a passive decoy state method.

Recently, a new type of protocol named Round-robin differential-phase-shift quantum key distribution (RRDPS QKD) was proposed, where the security can be guaranteed without monitoring conventional signal disturbances. The active decoy state method can be used in this protocol to overcome the imperfections of the source. But, it may lead to side channel attacks and break the security of QKD systems. In this paper, we apply the passive decoy state method to the RRDPS QKD protocol. Not only can the more environment disturbance be tolerated, but in addition it can overcome side channel attacks on the sources. Importantly, we derive a new key generation rate formula for our RRDPS protocol using passive decoy states and enhance the key generation rate. We also compare the performance of our RRDPS QKD to that using the active decoy state method and the original RRDPS QKD without any decoy states. From numerical simulations, the performance improvement of the RRDPS QKD by our new method can be seen.

Locally indistinguishable orthogonal product bases in arbitrary bipartite quantum system.

As we know, unextendible product basis (UPB) is an incomplete basis whose members cannot be perfectly distinguished by local operations and classical communication. However, very little is known about those incomplete and locally indistinguishable product bases that are not UPBs. In this paper, we first construct a series of orthogonal product bases that are completable but not locally distinguishable in a general m ⊗ n (m ≥ 3 and n ≥ 3) quantum system. In particular, we give so far the smallest number of locally indistinguishable states of a completable orthogonal product basis in arbitrary quantum systems. Furthermore, we construct a series of small and locally indistinguishable orthogonal product bases in m ⊗ n (m ≥ 3 and n ≥ 3). All the results lead to a better understanding of the structures of locally indistinguishable product bases in arbitrary bipartite quantum system.

General existence of locally distinguishable maximally entangled states only with two-way classical communication.

It is known that there exist two locally operational settings, local operations with one-way and two-way classical communication. And recently, some sets of maximally entangled states have been built in specific dimensional quantum systems, which can be locally distinguished only with two-way classical communication. In this paper, we show the existence of such sets is general, through constructing such sets in all the remaining quantum systems. Specifically, such sets including p or n maximally entangled states will be built in the quantum system of (np - 1) ⊗ (np - 1) with n ≥ 3 and p being a prime number, which completes the picture that such sets do exist in every possible dimensional quantum system.

Entanglement as a resource to distinguish orthogonal product states.

It is known that there are many sets of orthogonal product states which cannot be distinguished perfectly by local operations and classical communication (LOCC). However, these discussions have left the following open question: What entanglement resources are necessary and/or sufficient for this task to be possible with LOCC? In m ⊗ n, certain classes of unextendible product bases (UPB) which can be distinguished perfectly using entanglement as a resource, had been presented in 2008. In this paper, we present protocols which use entanglement more efficiently than teleportation to distinguish some classes of orthogonal product states in m ⊗ n, which are not UPB. For the open question, our results offer rather general insight into why entanglement is useful for such tasks, and present a better understanding of the relationship between entanglement and nonlocality.

Minimal number of runs and the sequential scheme for local discrimination between special unitary operations.

It has been shown that any two different multipartite unitary operations are perfectly distinguishable by local operations and classical communication with a finite number of runs. Meanwhile, two open questions were left. One is how to determine the minimal number of runs needed for the local discrimination, and the other is whether a perfect local discrimination can be achieved by merely a sequential scheme. In this paper, we answer the two questions for some unitary operations U1 and U2 with locally unitary equivalent to a diagonal unitary matrix in a product basis. Specifically, we give the minimal number of runs needed for the local discrimination, which is the same with that needed for the global discrimination. In this sense, the local operation works the same with the global one. Moreover, when adding the local property to U1 or U2, we present that the perfect local discrimination can be also realized by merely a sequential scheme with the minimal number of runs. Both results contribute to saving the resources used for the discrimination.

Multipartite entanglement indicators based on monogamy relations of n-qubit symmetric states.

Constructed from Bai-Xu-Wang-class monogamy relations, multipartite entanglement indicators can detect the entanglement not stored in pairs of the focus particle and the other subset of particles. We investigate the k-partite entanglement indicators related to the αth power of entanglement of formation (αEoF) for k ≤ n, αϵ and n-qubit symmetric states. We then show that (1) The indicator based on αEoF is a monotonically increasing function of k. (2) When n is large enough, the indicator based on αEoF is a monotonically decreasing function of α, and then the n-partite indicator based on works best. However, the indicator based on 2 EoF works better when n is small enough.

Linear monogamy of entanglement in three-qubit systems.

For any three-qubit quantum systems ABC, Oliveira et al. numerically found that both the concurrence and the entanglement of formation (EoF) obey the linear monogamy relations in pure states. They also conjectured that the linear monogamy relations can be saturated when the focus qubit A is maximally entangled with the joint qubits BC. In this work, we prove analytically that both the concurrence and EoF obey linear monogamy relations in an arbitrary three-qubit state. Furthermore, we verify that all three-qubit pure states are maximally entangled in the bipartition A|BC when they saturate the linear monogamy relations. We also study the distribution of the concurrence and EoF. More specifically, when the amount of entanglement between A and B equals to that of A and C, we show that the sum of EoF itself saturates the linear monogamy relation, while the sum of the squared EoF is minimum. Different from EoF, the concurrence and the squared concurrence both saturate the linear monogamy relations when the entanglement between A and B equals to that of A and C.

Quantum secret sharing via local operations and classical communication.

We investigate the distinguishability of orthogonal multipartite entangled states in d-qudit system by restricted local operations and classical communication. According to these properties, we propose a standard (2, n)-threshold quantum secret sharing scheme (called LOCC-QSS scheme), which solves the open question in [Rahaman et al., Phys. Rev. A, 91, 022330 (2015)]. On the other hand, we find that all the existing (k, n)-threshold LOCC-QSS schemes are imperfect (or "ramp"), i.e., unauthorized groups can obtain some information about the shared secret. Furthermore, we present a (3, 4)-threshold LOCC-QSS scheme which is close to perfect.

Security of Semi-Device-Independent Random Number Expansion Protocols.

Semi-device-independent random number expansion (SDI-RNE) protocols require some truly random numbers to generate fresh ones, with making no assumptions on the internal working of quantum devices except for the dimension of the Hilbert space. The generated randomness is certified by non-classical correlation in the prepare-and-measure test. Until now, the analytical relations between the amount of the generated randomness and the degree of non-classical correlation, which are crucial for evaluating the security of SDI-RNE protocols, are not clear under both the ideal condition and the practical one. In the paper, first, we give the analytical relation between the above two factors under the ideal condition. As well, we derive the analytical relation under the practical conditions, where devices' behavior is not independent and identical in each round and there exists deviation in estimating the non-classical behavior of devices. Furthermore, we choose a different randomness extractor (i.e., two-universal random function) and give the security proof.

Finite-key security analyses on passive decoy-state QKD protocols with different unstable sources.

In quantum communication, passive decoy-state QKD protocols can eliminate many side channels, but the protocols without any finite-key analyses are not suitable for in practice. The finite-key securities of passive decoy-state (PDS) QKD protocols with two different unstable sources, type-II parametric down-convention (PDC) and phase randomized weak coherent pulses (WCPs), are analyzed in our paper. According to the PDS QKD protocols, we establish an optimizing programming respectively and obtain the lower bounds of finite-key rates. Under some reasonable values of quantum setup parameters, the lower bounds of finite-key rates are simulated. The simulation results show that at different transmission distances, the affections of different fluctuations on key rates are different. Moreover, the PDS QKD protocol with an unstable PDC source can resist more intensity fluctuations and more statistical fluctuation.

Characterizing unextendible product bases in qutrit-ququad system.

Unextendible product bases (UPBs) play an important role in quantum information theory. However, very little is known about UPBs in Hilbert space of local dimension more than three. In this paper, we study the UPBs in qutrit-ququad system and find that there only exist six, seven and eight-state UPBs. We completely characterize the six-state and seven-state UPBs. For eight-state UPBs, seven classes of UPBs are found. As auxiliary results, we study the distinguishability of qutrit-ququad UPBs by separable measurements, and find that there exists a UPB that cannot be distinguished.

A novel authentication scheme using self-certified public keys for telecare medical information systems.

Telecare medical information systems (TMIS), with the explosive growth of communication technology and physiological monitoring devices, are applied increasingly to enable and support healthcare delivery services. In order to safeguard patients' privacy and tackle the illegal access, authentication schemes for TMIS have been investigated and designed by many researchers. Many of them are promising for adoption in practice, nevertheless, they still have security flaws. In this paper, we propose a novel remote authentication scheme for TMIS using self-certified public keys, which is formally secure in the ID-mBJM model. Besides, the proposed scheme has better computational efficiency. Compared to the related schemes, our protocol is more practical for telemedicine system.