CHEN Liquan,ZHU Zheng ,WANG Yansong ,LU Hua,and CHEN Yang

(1.School of Information Science and Engineering，Southeast University，Nanjing 210096，China;

2.Nanjing R&D Center，ZTE Corporation，Nanjing 210021，China)

Abstract How to build a secure architecture for network function virtualization(NFV)is an important issue.Trusted computing has the ability to provide security for NFV and it is called trusted NFV system.In this paper，we propose a new NFV direct anonymous attestation(NFV-DAA)scheme based on trusted NFV architecture.It is based on the Elliptic curve cryptography and transfers the computation of variable D from the trusted platform module(TPM)to the issuer.With the mutual authentication mechanism that those existing DAA schemes do not have and an efficient batch proof and verification scheme，the performance of trusted NFV system is optimized.The proposed NFV-DAA scheme was proved to have a higher security level and higher efficiency than those existing DAA schemes.We have reduced the computation load in Join protocol from 3G1 to 2G1 exponential operation，while the time of NFV-DAA scheme's Sign protocol is reduced up to 49%.

Key words NFV;trusted computation;DAA;bilinear pairings

1 Introduction

N etwork function virtualization(NFV)is a new network architecture based on standard virtualization technology.It can realize the network entities such as servers，switches and storages on industrial standard hardware platforms，achieving various network functions by running different software on the virtualized platform.Network entities loaded onto the virtualized platform can achieve dynamic resource allocation，and network flexibility and scalability enhancement.Moreover，replacing the existing special hardware devices with industrial standardized servers could decrease the operators'network cost.Low cost and high flexibility arethegreat featuresof NFV technology[1].

Since NFV technology is being widely used in the foreseen future，the security issues in NFV system need resolving.In an NFV system，the virtualized network function(VNF)is the key model of achieving network functionality and it possibly becomes the first target to be attacked.Furthermore，compared to other modules in NFV，VNF needs to interact with outside environments(e.g.another VNF)frequently，which makes it to be another breakthrough for the malicious counterpart.Therefore，the VNFsecurity is the most important part for the entire NFV system.To guarantee the security of interaction among different VNF modules，a two-way authentication protocol for mutual authentication is necessary.At the same time，a security channel needs to be established for this authentication protocol，which prevents the conversation between VNF parties from eavesdropping.Based on direct anonymous attestation(DAA)，we propose a new NFV-DAA scheme that is applied to the authentication between VNF modules.The proposed scheme also provides VNF with identification and mutual authentication，and establishes secure communication channel between the VNFparties.

The DAA scheme was first developed by Brickell，Camenisch，and Chen[2]for remote authentication of a trusted computing platform while preserving the privacy of the platform.It has been adopted by trusted computing group(TCG)in the trusted platform module(TPM)specification version 1.2[3].DAA is a new group signature scheme without the capability to open signature but with a mechanism to detect rogue members.It draws on the techniques that have been developed for group signatures，identity escrow and credential systems.In the DAA scheme，a suitable signature scheme is employed to issue certificate on a membership public key generated by a TPM.This certificate can help one platform to be authenticated as a group member.A valid TPM proves to the verifier that it possesses a certificate.Each TPM has a secret key，which is used to sign a credential and detect rogue TPMs by the verifier.Many researchers have proposed different DAA schemes to meet the requirements in different applications and environments[4]-[6].

Generally，the DAA schemes have the characteristics of efficiency，anonymity，and privacy.

The Join protocol，by which the issuer receives the TPM's application for joining and sends back the credential to TPM，runs once a new platform with TPM begins to join this trusted system.When this platform receives the DAA credential from the issuer，it can use this credential to conduct the following sign/verify processes many times.Compared to the privacy certificate authority(CA)scheme，the issuer in DAA has no need to conduct in each of the following sign/verify processes[2].Therefore，DAA is more efficient than the Privacy CA scheme that have a bottleneck because the Privacy CA server has to be included in every processingsection.

Since the DAA scheme uses zero-knowledge proof theory to prove the trust of a new platform which possesses legitimate credential，it prevents any adversary from seeking the identity of the real communicating TPM.Meanwhile，many DAA schemes use the credential randomization technique to mask the real transmitted credential[7]，[8].It is difficult for the adversary to track the identity of the target TPM even when the verifier can colludewith thecredential issuer.

The trusted credential issuer has endorsement key(EK)lists to check the legitimation of the applying TPM，and the verifier employs the Camenisch-Lysyanskaya(C-L)signature scheme[9]and the discrete logarithms based proofs to prove the possession of a certificate，while the unforgeability，privacy and anonymity are guaranteed under the decisional Diffie-Hellman(DDH)assumption.

The DAA scheme in[2]is based on the strong RSA assumption and is named as RSA-DAA.Theory analysis results have shown that the protocols and algorithms in RSA-DAA are complicated and inefficient.In recent years，researchers have worked on how to create new DAA schemes with elliptic curves cryptography(ECC)and bilinear pairings[10]，[11].We call these DAA schemes as ECC-DAA for short.Generally speaking，ECC-DAA is more efficient in both computation and communication than RSA-DAA.The operation of TPMis much simpler and the key and signature length is shorter in ECCDAA than that in RSA-DAA.

However，there are no existing DAA schemes proposed to meet the requirements of NFV system by now.According to the security requirements of mutual authentication between the signer and verifier，bundling rogue check of TPM and host in NFV system，an enhanced DAA scheme(hereinafter as NFVDAA scheme)with mutual authentication which can meet all the above requirements is proposed.A remote anonymous authentication architecture for NFV system is constructed.The proposed NFV-DAA scheme has the following advantages with efficiency and security.

1)We put off J，K variablesand those computationsin thesign/verify stage in[10]，and use a new variable c2=H2(f ‖bsn)instead.In order to realize rogue list checking and usercontrolled-linkability，the verifier can check the received c2with the RogueList to find out those rogue TPMs.Meanwhile，with the same bsn(base name)value，we can control the verifier to find out what messages are coming from the same TPM by getting out the same c2value.This scheme can reduce one scalar multiplication induced by the J，K pair computation.

2)Considering the low computing ability of the TPM，the computation of variable D istransferred fromthe TPMtoissuer.

3)An efficient batch proof and verification scheme is used to reduce the computation of both the TPM and Host.In our NFV-DAA scheme，the TPM needs only to perform one exponentiation in the sign stage.However，this operation requires at least three exponentiations in the existing DAA schemesthat providethesamefunctionality.

4)Elliptic curve is used in the Join，Sign and Verify protocols.It is shown in theoretical analysis that the protocols and algorithms used in RSA-DAA are complex and inefficient compared to those in ECC-DAA.Generally，TPM has lower computation load and higher communication efficiency in ECC-DAA，while the length of key and signature is also shorter.

5)The identity of TPM and Host is tied up and checked by the issuer and verifier.This technology prevents the attack of plugging a valid TPM into a malicious host.This security problem has not been considered in the existing other DAA schemes.

6)Traditional DAA schemes do not take mutual authentication into account.Despite that the issuer has a thorough mechanism to check the identity of TPM，TPM does not have any method to check the authenticity of the issuer and host.Therefore，the TPM and host would receive a forged certificate from a fake issuer，or the TPM be deceived by a fake host.In NFV-DAA scheme，a thorough mutual authentication is proposed，which ensures the legitimacy of the identity of all the protocol parties.

The rest of the paper is organized as following.Section 2 presents the NFV-DAA scheme for trusted NFV system.In Section 3，the security and performance analysis of the proposed scheme is presented.Finally，we conclude the paper in Section 4.

2 NFV-DAA Schemefor Trusted NFV System

2.1 Preliminary knowledge

1)Bilinear mapping

G1， G2and GTare cyclic groups with order of prime q，，where P1，P2is a generator of G1，G2respectively.And calculating discrete logarithm on groups G1，G2，and GTis difficult.Here，we also use the G1，G2and GTto represent the computation costs of the group G1，G2and GT.

P1∈ G1，P2∈ G2，1 ∈ GT，and t'(P1，P2)≠ 1

x∈ G1，y∈ G2，then t'(x，y)can be computed in polynomial time

for x∈ G1，y∈ G2，and a，b∈ ZP

2)The CDH problem

The computational Diffie-Hellman(CDH assumption)is the assumption that a certain computational problem within a cyclic group is hard.Consider a cyclic group G1=.The CDH assumption states that，given aP1，bP1，and a，b∈Zqit is computationally difficult to get the value of abP1.

Moreover，each party in the NFV-DAA scheme is presented asfollows.

Trusted Center(TC)and Issuer:They are the entity who issues the certificate.In this paper，we make no distinction between these two terms.

TPM:It is the trusted platformmodule.

Host:the host for the TPM.It isalsothe physical platform in trusted NFV system which providing resources for different VNF.

Verifier:It verifies the signature.In this paper，the verifying operation is carried out by the counterpart VNF's Host，therefore，the counterpart Host plays the role of Verifier in the NFV-DAA scheme.However，in the following discussion，westill put Host and Verifier asdifferent logical entity.

The overall NFV-DAA scheme similarly includes Setup protocol which establishes system parameters，Join protocol which obtain certificate and the Sign/Verify protocol which do the Sign and authentication process.Specific description of each protocol isshown asfollows.

2.1.1 Setup Protocol

Assuming that the bilinear pairs are t':G1× G2→ GTand H1:{0，1}*→Zq， we define the common parameter set parc=(G1，G2，GT，t'，P1，P2，q，H1).Given that the public key and private key parameters of the issuer are ipk and isk respectively.Here， isk is x，y←Zq， ipk is (X，Y)，while X=xP2∈G2，Y=yP2∈G2.In addition，the issuer will generate a pair of key(PKI，SKI)for mutual authentication.Finally，the issuer will provide a unique value H2to generate secret value f.Then we get the issuer parameter set parI=(ipk，KI，PKI).

Suppose that the parameter parRof TPM is H2，H2:{0，1}*←Zq.The public key of TPM is parT，and the public and private EK key is(PKT，SKT)，parT=PKT.The public and private key pair of the host is (PKH，SKH)，parH=PKH. The parameters of sign/verify are pars:H3:{0，1}*→Zq，H4:{0，1}*→Zq.After the protocol setup，the system public parameter set par is defined as(parC，parI，parT，parH，parS).

2.1.2 Join Protocol

The Join protocol is realized based on the request/response interaction between the issuer and TPM/host.We can divide the Join protocol intofour partsin chronological order:theissuer request，TPM response，issuer response，and host verification.The overall process of the Join protocol is shown inFig.1.

The operation process of issuer request isshown inFig.2.

The issuer needs to confirm firstly that it is a legitimate trusted platform who has issued the DAA certificate，while the TPMalso needs to check the legitimacy of the issuer.That isto say，an authentication channel should be established between the issuer and TPM in advance.The establishment is completed with the random numbers nI1and nI2chosen by the issuer，while nI2isencrypted with SKIand then nI‖nI‖ESK(nI)ise-12I2 ncrypted with PKTto the host.Similar to the issuer，the host also generates a random number RAND，encrypts RAND with pre - shared private key SKH， and sends Cn‖RAND‖ESKH(R AND) to TPM.

▲Figure1.Overall processof the Join protocol.

▲Figure2.Flowchart of theissuer request.

The TPM decrypts ESKH(R AND )with the pre-shared public key PKHto get RAND′.The result of comparison between RAND′and RAND indicates whether the host is legitimate.O-nly when RAND′is equal to RAND will the TPM continue the protocol.Next，if the TPM can successfully decrypt Cnwith SKT，obtain the value of n′I1and return the hash value of n′to the issuer，it indicates that the TPM owns its legitimate I1 EK private key.Besides，the TPM decrypts ESKI(nI2)with the legitimate EK public key of the issuer and compares the decrypted result n′I2with nI2.If they are equal，it indicates the legitimacy of the issuer.In this way，mutual authentication between the issuer and TPM is completed.Fig.3shows the operatingprocessof TPMresponse.

The TPM generates secret value f with KIand TREid(a stable security parameter stored in TPM) and f=H(1 ‖TREid‖KI).It also generates the comm value from f ，and delivers it to the certificate issuer.Fig.4shows the processof theissuer response.

The issuer will authenticate the comm value，that is to say，it will judge the zero-knowledge proof process the TPM performed to discrete logarithm f，and check whether the TPM owns the legitimate f or not.If the authentication is successful，the issuer will generate DAA certificate with F in comm.It is important to note that，the computation of D in certificate cre uses D=[yr] F，which uses F provided by TPM rather than f to compute D=[f] B[12].This is mainly due to the fact that F itself is generated from value f.For the generation of DAA certification(A ，B，C，D )，according to the B-bLRSW principle of blind-bilinear assumption，the computation amount of TPM Join in NFV-DAA is reduced from 3G1to 2G1.This computation amount is the lowest among the existing DAA schemes which are based on the LRSWor DDH difficulty assumption.

Furthermore，the process of host authentication is shown inFig.5.After receiving the certification cre，the host verifies correctness of cre.Based on the batch authentication technology，the host findsout whether the certificateis correct or not by using a P4computation.The P4computation will cost less than four independent bilinear pair computations(4P)[13].The platform here does not have to perform very strict authentication of certificate and simple authentication is enough.The reason is that it does not affect the security of the entire DAA even if we cannot completely guarantee the dependability of certificate at this time.In subsequent Sign/Verify，there are other operationsto verify the certificate.

2.1.3 Sign/Verify Protocol

The Sign/Verify protocol refers to the process in which the TPM，together with the host，performs the knowledge sign of message msg and generates DAA signature σ，and then sendsσto the verifier.The operations in chronological order in the Sign/Verify protocol can be divided into three parts:host sign，TPM sign，and verify.The total framework of the Sign/Verify protocol isshown inFig.6.

Not much; but indeed I am very unhappy, cried Celandine, bursting into tears, and if my services are any good to you-- Services! interrupted the hag crossly

▲Figure3.Responseflowchart of thetrusted platform module.

▲Figure4.Flowchart of theissuer response.

▲Figure5.Flowchart of host verify.

The operation of host sign is shown inFig.7.The host performs blind computation of DAA certification value(A ，B，C，D )after receiving nVand base name b sn.Then the host generates blind certificate(R ，S，T，E).Meanwhile，the host generates a random number RAND and encrypts it with the pre-shared private key SKH，which is similar to the procedure in the Join protocol. Next，the host sends S‖bsn‖msg‖c1‖RAND‖ESKH(R AND) to TPM.

The operation of TPM sign is shown inFig.8.After receiving from the host，the TPM verifies the legitimacy of the verifier and host using the same method as the Join protocol.The TPM computes RAND′in the way of decrypting the ESKH(R AND )with the pre-shared key PKH，and compares RAND′with RAND.Only when the values are equal is the host proved tobelegitimate.

▲Figure6.Overall framework of the Sign/Verify protocol.

▲Figure7.Flowchart of thehost sign operation.

▲Figure8.Thesign operation of thetrusted platform module.

The TPM continues to finish the rest computation of the signature value after checking the legitimacy of the host.It generates independent value c2for relevance detection as c2=H2(f ‖bsn).Then it considers the c2as the public signature member value，and performs the zero-knowledge proof of possessing a legitimate DAA certification.It also generates c and s values，while c2is add into the Hash computation of c.The TPM sends c，s and the random number nTall together to the host，the final signature σ generated by the host is constructed as(R ，S，T，E，c，s，n2，nT，nV).Then，the operation of Verify isshown inFig.9.

The verifier performs the verify operation after receiving the signatureσ.It firstly substitutes the blind certificate value E=[f] S for the counterfeit f on RogueList to check if the f value used in the signature has been disclosed，then verifies whether the blind signature value(R ，S，T，E )is correct or not，and judges whether the zero-knowledge proof of the legitimate DAA certification in signature is correct.If all these are correct，it indicates that the signer owns a legitimate secret value f and the legitimate DAA certificate based on the same f.If the verifier has been provided with a specific bsn in advance，the relevance detection of signature is also needed.Relevance detection can be performed by using the signature member value c2generated from the secret value f and the base name bsn of the verifier.The entire verify process is completed only if all these verification stepsarecompleted.

2.2 VNF Mutual Authentication and Secure Channel Establishment

In trusted NFV architecture，the VNF modules are able to mutually authenticate in a security and effective way as well as to establish secure a communication channel by the support of the NFV-DAA scheme.Mutual authentication referstotwoparties authenticating each other.Under trusted NFV architecture，any two VNF should authenticating each other before communication in order to verify the identity and establish a security channel，i.e.exchanging the session key.The mutual authentication and security channel establishment is shown inFig.10.

As stated in Section 2.1，DAA's Sign protocol can generate signatures for any msg(message)accordingly.Therefore，during the mutual authentication，VNFsends 3 parameters(identification ID，trusted information TRU and secure channel establishment information PKEY)as the msg to NFV-DAA for the signature. The generated signature will be σID‖TRU‖PKEY=Sign( )ID‖TRU‖PKEY.It will be sent to the counterpart VNFmodule in the other side.Then the recipient side will send the received signature to its own NFV-DAA scheme to verify its legality.After the verification，TRU is verified by the credibility verification service provided by NFV infrastructure.It finishes the entire process by establishing a secure communication channel under the exchange of keys through PKEY.ID and TRU are all security parameters coming from thetwopartiesof mutual authentication，i.e.two VNFs.

▲Figure9.Flowchart of theverify operation.

▲Figure10.NFV-DAA schemeapplication in trusted NFV system.

3 Security and Performance Analysisof NFV-DAA Scheme

3.1 Security

The CDH problem can be solved if the NFV-DAA scheme can be a breakthrough when the security parameters saved in TPMarenot leaked.

At the time of verifying，(1)guarantees the correctness of NFV-DAA process.

The proof is as follows:in the context where no the TPM secret value or DAA certification is disclosed，without the verifier，an attacker should provide(R ，S，T，E )alone to make(1)true，which expects S=[y] R and T=[x](R +E )to be true.A-ssume that attacker A selects R=[α]P1，S=[β]P1，T=[γ]P1and E=[δ]P1，and the public key of the issuer is known as X=[x] P2，Y=[y] P1and S=[y ·α] P1which is needed to make S=[y] R true.It means that given[α]P1and[y] P1，the attacker must be able to calculate[y ·α] P1，so as to solve the CDH problem in group G1.However，it is obviously impossible for the attacker to solve the CDH problem.The non-symmetric bilinear pair is generally considered tobedifficult.

In addition，different from the existing DAA schemes，NFV-DAA has the feature of mutual authentication.We assume that prior to any system setup，each issuer has its private endorsement private key SKIand each TPM has the corresponding public key PKI.The issuer generates a random number nI2and encrypts it with SKI.The TPMadmits the legitimacy of the issuer if the decrypting result is equal to the received nI2.In other words，the issuer sends its signature to the TPM for checking.Considering the issuer has checked the TPM by the endorsement key pair SKT/PKTin the Join protocol，mutual authentication isrealized.

In order to prevent a corrupted host from taking advantages of an honest TPM to sign on an illegal message，it is necessary to bind the TPM and host when manufacturing the devices.A pair of p

re-shared public/private key PKH/SKHis embedded into the TPM and host respectively.For the Join protocol and Sign protocol，the host needs to generate a random number RAND and sends RAND‖ESKH(R AND )to the TPM.The TPM checks the consistency of the decrypting result RAND′and RAND to verify the legitimacy of the host.Here，we assume that the embedded key cannot be extracted from the TPM and host duetohardwareprotection.

The existing DAA schemes prevent the change of bsn by the host to make signatures linkable，but they cannot prevent that a malicious message is delivered to TPM by the host to generatea legal signature.Since avalid TPMmay be used in an illegal way in existing DAA schemes，verifying the identity of the host isnecessary.In the NFV-DAA scheme，mutual authentication ensures the legitimacy of the host，hence the host will not deliver illegal messages to the TPM or disclose the identity of the TPM directly.

Based on all of the above results，it is easy to find out that the proposed NFV-DAA scheme issecure enough on the premise that the TPM is secure and credible.Compared with those DAA schemes based on LRSW and DDH assumptions，NFVDAA has no security weakness and can improve overall protocol efficiency.It has the highest running efficiency among all the existing DAA schemes based on LRSWand DDH assumption at present.Both the Join and Sign protocols of the NFVDAA scheme have been improved，the computation amount of TPMJoin is reduced to 2G1，and that of TPM Sign is as low as 1G1.The detailed analysis of NFV-DAA efficiency will be pr-esented in next section.The benefits of secured security，low cost，high efficiency，and being easy to implement help the NFV-DAA scheme meet the dual requirements for security and economic benefitsof thetrusted NFV system.

3.2 Performance

In this paper，we compare the performance of the scheme in[12]with that of the NFV-DAA scheme.In other words，we compare the time overhead of the Join protocol and Sign/verify protocol in both schemes.Here，the alternative simulation is used to make the experiments.It means that without considering the communication time between the TPM and the remote issuer，and between the TPM and the remote verifier，we just focus on the time overhead on the protocol operations of each protocol entity.

Based on the above consideration，we set the host，issuer and verifier to the same PC host.The software simulation scheme[14]is used to internally install the TPM to the same PC host，which communicates with the TPM via the hardware interface.Statistics on the time overhead of each protocol are provided in the stand-stone simulation environment.Besides，theprotocol parametersarechosen thesameasthosein[15].

3.2.1 Join

In accordance with the NFV-DAA Join protocol process，with the cryptographic algorithm library package in OpenSSL software，we used C++to write the client program edaa_join.c in ubuntu 9.10.Main parts of the edaa_join.c include the issuer requirement，issuer response and host verification.The TPM response is fulfilled by the TPM software.The program computed the time overhead of each protocol in microseconds and ran by calling the timing function gettimeofday()of the system.The experimental results after running edaa_join.c are shown inFig.11.

Furthermore，we did experiments to verify the scheme[12]and the experimental resultsare shown inFig.12.

According to the results in Figs.11 and 12，it is easy to compute the time overhead in the two schemes(Table1).

In Table 1，the main differences between NFVDAA and the scheme in[12]lie in two aspects.On one hand，the NFV-DAA scheme does not have the TPM Open process.On the other hand，the time overhead of the issuer response in the NFV-DAA scheme is 996 us larger than that in the scheme in[12].The reason is that in NFV-DAA，the TPM does not have TPM Open operation，while the issuer makes the operation on behalf of the TPM.In this way，the issuer fulfills a group G1exponential operation originally conducted by the TPM.With the usage of Batch technology，the issuer response costs just 996 us more than the scheme in[12]，which is much smaller than the TPM Open cost of 1，125，081 us.It is also found that the Join's total time of NFVDAA is 2，770，411 us.Compared with the time overhead 3，896，101us in the scheme[12]，the performance of NFV-DAA Join isimproved up toabout 29%.

▲Figure11.Timeoverhead of the Join protocol in NFV-DAA scheme.

▲Figure12.Timeoverhead of the Join protocol in theschemein[12].

3.2.2 Sign/Verify

Two more software programs edaa_sign.c and edaa_verify.c are written to test the performance of Sign/Verify protocol.Table 2provides the final statistics of comparing Sign/Verify timeoverhead in NFV-DAA and theschemein[12].

From Table 2，the time of the scheme in[12]is different for the signature with correlation(bsn=⊥)and without correlation(bsn≠⊥).The improvement of the NFV-DAA scheme is that no matter whether the signature has correlation，the computation time of each entity is the same as that of the scheme without correlation in the scheme in[12].It is found that the NFVDAA scheme costs 1，200，602 us that is similar to the time overhead in the scheme in[12]when bsn=⊥ .However，compared to the time in the scheme in[12]when bsn≠⊥，it is obvious that the performance of the NFV-DAA scheme's Sign/Verify is improved up to 49%.The reason is that the NFVDAA scheme uses c2=H2( )f‖bsn instead of J and K in[12]for signature correlation detection so that TPM Sign gets less group G1exponential operation than in[12].

▼Table1.Comparison of NFV-DAA and theschemein[12]on thetimeoverhead of Join

▼Table2.Comparison of NFV-DAA and theschemein[12]on thetimeof Sign/Verify

4 Conclusions

A secure and high efficient NFV-DAA scheme is proposed in this paper.The scheme is designed based on the architecture of trusted NFV system，taking advantages of existing security TPM in the architecture.Therefore，the scheme can be integrated into the architecture seamlessly.With a mutual authentication mechanism that the existing DAA schemes do not have and an efficient batch proof and verification scheme，the trusted NFV system has optimized performance.From the experiment results，we can find out that the proposed NFV-DAA scheme has higher security level and efficiency than those existing DAA schemes.The computation load in Join protocol is reduced from 3G1to 2G1exponential operation，while the time of NFV-DAA scheme's Sign/Verify protocol is improved up to49%.

Biographies

CHEN Liquan(Lqchen@seu.edu.cn)received his B.Sc.degree in electronic engineering from Nanjing University，China in 1998，M.Sc.degree in radio engineering from the Purple Mountain Observatory，Chinese Academic of Sciences in 2001，and Ph.D.degree in signal processing from Southeast University，China in 2005.He is presently engaged in information processing and communication network research asaprofessor at Southeast University，China.

ZHU Zheng(zhuzheng@seu.edu.cn)is currently a master student at Southeast University，China.His research interests includeinformation security and computer networks.

WANG Yansong(wang.yansong@zte.com.cn)is a principle product manager of ZTE Corporation.His research interests include communications technologies and computer networks.

LU Hua(lu.hua@zte.com.cn)is an engineer of ZTECorporation.His research interestsinclude 5Gtechnologies，computer networks.

CHEN Yang(chenyang90@seu.edu.cn)is currently a master student at Southeast University，China.His research interests include information security and digital communications.