基于单粒子态的双向认证多方量子密钥分发

量子密钥分发是一种重要的量子通信方式.为了提高量子密钥分发的可行性、安全性和效率,提出了一种基于单粒子态的具有双向认证功能的多方量子密钥分发协议.在协议中,量子网络中的任意两个用户均可在半可信第三方的帮助下进行双向认证并共享一个安全的会话密钥;协议中作为量子信息载体的粒子不需要存储,这在当前技术下更容易实现.安全性分析表明所提出协议在理论上是安全的.     

应用诱骗态的光子轨道角动量测量设备无关量子密钥分发协议的研究

轨道角动量作为量子信息的一种载体,可应用于测量设备无关量子密钥分发协议中,来消除发送端和接收端间的基校准。诱骗态技术可以消除量子密钥分发协议采用弱相干光源时易被分裂攻击的缺陷。本文将轨道角动量态、测量设备无关方案和诱骗态方案相结合,设计一种基于高效轨道角动量分离方法的诱骗态光子轨道角动量测量设备无关量子密钥分发协议方案,避免了极化方案中对极化基的依赖性缺陷,提高了密钥速率,本文给出了该方案密钥速率的理论推导,并分别对采用无限个诱骗态和两个诱骗态时该方案密钥速率进行了仿真。研究结果表明,在相同条件下,基于轨道角动量的MDI QKD协议方案比极化方案密钥速率更高。      

基于任意BELL态的量子密钥分配

为了提高量子密钥分配的安全性和效率,利用量子纠缠交换的规律,提出了基于纠缠交换的量子密钥分配协议。通信双方通过简单的BELL测量建立起共享密钥,窃听者不可能窃取密钥而不被发现。该协议与其它分配协议的不同在于,可以实现对任意两个BELL态进行BELL测量达到量子密钥分配的目的。协议的实现只需要EPR粒子对,而不需要制备多粒子纠缠态。分析结果表明,此协议只用到两粒子的纠缠态,不需要进行幺正操作,它不仅能够保证密钥分配的安全性,而且简单高效。     

一种适用于非平衡无线网络的组密钥交换协议

组认证密钥交换协议允许两方或多方用户通过公开的信道协商出共享的组会话密钥。针对非平衡无线网络中用户计算能力强弱不等的情况,该文提出一种适用于非平衡无线网络的组组认证密钥交换协议。该协议不但可以抵抗临时密钥泄露所带来的安全隐患,而且任意两个组中用户可以根据需要使用先前组通信消息计算独立于组会话密钥的两方会话密钥。与已有非平衡网络组密钥交换协议相比,该协议具有更高的安全性和实用性并且在随机预言模型下是可证安全的。     

无线网络中基于量子隐形传态的鲁棒安全通信协议

该文在深入研究无线网络802.11i鲁棒安全通信的基础上,提出基于量子隐形传态的无线网络鲁棒安全通信协议,利用量子纠缠对的非定域关联性保证数据链路层的安全。首先,对量子隐形传态理论进行描述,并着重分析临时密钥完整性协议和计数器模式及密码块链消息认证协议的成对密钥、组密钥的层次结构;其次,给出了嵌入量子隐形传态的成对密钥、组密钥的层次结构方案;最后,在理论上给出安全证明。该协议不需要变动用户、接入点、认证服务器等基础网络设备,只需增加产生和处理纠缠对的设备,即可进行量子化的密钥认证工作,网络整体框架变动较小。     

基于W态的网络中任意两个用户间量子密钥分配方案

针对实现网络中任意两个用户间密钥分配的问题,该文将W态变换为系数全部相同的对称形式,提出一种利用W态实现网络量子密钥分配的方案,即可信赖中心(CA)与网络中要求通信的任意两个用户分别拥有W态的3个粒子,CA对手中的粒子进行测量并公开测量结果,两个用户按照CA的不同测量结果采取相应的措施以生成密钥。继而,分别对存在窃听者(Eve)的情况以及CA不可信的情况进行安全性分析。结果表明,该方案能够有效抵御攻击,且可以实现平均消耗3个W态得到两比特密钥的理论效率。     

基于相干态光场的连续变量测量设备无关Cluster态量子通信

由于量子通信协议理论上可以发现任何窃听者的攻击行为,因此其天然具有抗量子计算机攻击的能力。高斯相干态光场相较于纠缠态光场更容易制备和实现,利用其实现量子通信网络更具经济价值和实用价值。该文提出一种利用连续变量(CV)相干态光场就可以实现的测量设备无关(MDI)Cluster态量子通信网络协议。在此网络上可以方便地执行量子秘密共享(QSS)协议和量子会议(QC)协议。该文提出了线型Cluster态实现任意部分用户间QSS协议、星型Cluster态四用户QSS协议和QC协议,并利用纠缠模型分析了选用对称和非对称网络结构时,每种协议密钥率和传输距离之间的变化关系。结论为在量子网络中利用相干态实现QSS和QC协议提供了理论依据。     

点到多点量子密钥分配扩展研究

对两种点到多点量子密钥分配系统的密钥生成效率和传输距离进行了分析,讨论了系统的参数选取对它们的影响.分析了诱惑态技术对这两种多用户系统的传输距离及密钥生成效率的影响,数据表明,结合诱惑态技术,可以将密钥传输距离扩展为原来的2倍,以及将量子密钥分发效率提高1个数量级.对点到多点系统进行了功能扩展研究,提出了可实现任意两用户间密钥共享的协议.该协议无需其它的硬件要求,易于实现.     

用于多级访问控制的动态密钥管理

安全的多数访问控制协议把用户分为多个安全级,高安全级用户有权访问属于低安全级用户的信息,反过来低安全级的用户则无权访问属于高安全级用户的信息。本语文中提出了一种具密钥分配和密钥管理优势的安全协议,该协议下不仅能有效地实现密钥插入,删除和修改这类动态操作,还能保证高安全级用户能够在不需要中间用户组密钥的情况下方便地获得离它较远的下级用户的组密钥。     

基于椭圆曲线的隐私增强认证密钥协商协议

认证密钥协商协议能够为不安全网络中的通信双方提供安全的会话密钥,但是,大多数的认证密钥协商协议并没有考虑保护用户隐私.论文关注网络服务中用户的隐私属性,特别是匿名性和可否认性,规范了增强用户隐私的认证密钥协商协议应满足的安全需求,即双向认证、密钥控制、密钥确认、会话密钥保密、已知会话密钥安全、会话密钥前向安全、用户身份匿名、用户身份前向匿名、不可关联和可否认,并基于椭圆曲线密码系统设计了一个满足安全需求的隐私增强认证密钥协商协议.     

基于离散对数问题的两层分散式组密钥管理方案

该文基于多个解密密钥映射到同一加密密钥的公钥加密算法提出一个组密钥更新协议,结合LKH算法为特定源多播模型设计一个两层分散式组密钥管理方案。证明它具有后向保密性、高概率的前向保密性和抗串谋性。通过上层私钥的长寿性和密钥转换的方法来缓解子组管理者的性能瓶颈及共享组密钥方法中普遍存在的1影响n问题。分析表明,采用混合密码体制的新方案在一定程度上兼备了两类不同组密钥管理方法的优势。     

An Identity-Based Group Key Agreement Proto col for Low-Power Mobile Devices

In wireless mobile networks, group mem-bers join and leave the group frequently, a dynamic group key agreement protocol is required to provide a group of users with a shared secret key to achieve cryptographic goal. Most of previous group key agreement protocols for wireless mobile networks are static and employ traditional PKI. This paper presents an ID-based dynamic authen-ticated group key agreement protocol for wireless mobile networks. In Setup and Join algorithms, the protocol re-quires two rounds and each low-power node transmits con-stant size of messages. Furthermore, in Leave algorithm, only one round is required and none of low-power nodes is required to transmit any message, which improves the e?-ciency of the entire protocol. The protocol’s AKE-security with forward secrecy is proved under Decisional bilinear in-verse Di?e-Hellman (DBIDH) assumption. It is addition-ally proved to be contributory.     

一种高效的具有用户匿名性的无线认证协议

提出了一种高效的具有用户匿名性的无线认证协议。利用Hash函数和Smart卡实现了协议的用户匿名性。协议充分考虑了无线网络自身的限制和移动设备存储资源及计算资源的局限性，在认证过程中移动用户只需要进行一次对称加密和解密运算，用户与访问网络、本地网络与访问网络都只进行一次信息交换，而且所有对称加密都使用一次性密钥。本协议具有实用、安全、高效的特点。     

Protocol design for scalable and reliable group rekeying

We present the design and specification of a protocol for scalable and reliable group rekeying together with performance evaluation results. The protocol is based upon the use of key trees for secure groups and periodic batch rekeying. At the beginning of each rekey interval, the key server sends a rekey message to all users consisting of encrypted new keys (encryptions, in short) carried in a sequence of packets. We present a scheme for identifying keys, encryptions, and users, and a key assignment algorithm that ensures that the encryptions needed by a user are in the same packet. Our protocol provides reliable delivery of new keys to all users eventually. It also attempts to deliver new keys to all users with a high probability by the end of the rekey interval. For each rekey message, the protocol runs in two steps: a multicast step followed by a unicast step. Proactive forward error correction (FEC) multicast is used to reduce delivery latency. Our experiments show that a small FEC block size can be used to reduce encoding time at the server without increasing server bandwidth overhead. Early transition to unicast, after at most two multicast rounds, further reduces the worst-case delivery latency as well as user bandwidth requirement. The key server adaptively adjusts the proactivity factor based upon past feedback information; our experiments show that the number of NACKs after a multicast round can be effectively controlled around a target number. Throughout the protocol design, we strive to minimize processing and bandwidth requirements for both the key server and users.     

A chaotic map‐based anonymous multi‐server authenticated key agreement protocol using smart card

Authenticated key agreement protocols play an important role for network‐connected servers to authenticate remote users in Internet environment. In recent years, several authenticated key agreement protocols for single‐server environment have been developed based on chaotic maps. In modern societies, people usually have to access multiple websites or enterprise servers to accomplish their daily personal matters or duties on work; therefore, how to increase user's convenience by offering multi‐server authentication protocol becomes a practical research topic. In this study, a novel chaotic map‐based anonymous multi‐server authenticated key agreement protocol using smart card is proposed. In this protocol, a legal user can access multiple servers using only a single secret key obtained from a trusted third party, known as the registration center. Security analysis shows this protocol is secure against well‐known attacks. In addition, protocol efficiency analysis is conducted by comparing the proposed protocol with two recently proposed schemes in terms of computational cost during one authentication session. We have shown that the proposed protocol is twice faster than the one proposed by Khan and He while preserving the same security properties as their protocol has. Copyright © 2014 John Wiley & Sons, Ltd.     

一种改进的TLCH组播密钥管理方案

TLCH协议是一个适用于安全组播通信且可扩展性较好的组播密钥管理协议。它基于LKH的思想,采用双层的控制者的层次结构,并使用单向函数进行密钥更新,达到了较低的计算开销。使用hash函数对TLCH组播密钥管理方案中成员加入时的密钥更新算法进行改进。与原来的TLCH相比,改进后的TLCH可以进一步降低了通信开销。     

An efficient certificateless key exchange protocol for heterogeneous networks in human-centered IoT systems

Human-centered Internet of things (IoT) systems enable human beings to enjoy the ubiquitous services and play more and more important roles in our life. A common application scenario in human-centered IoT systems is that two distributed wireless devices from heterogeneous networks want to communicate with each other. However, key generation centers (KGCs) from different networks usually use independent security parameters. It is difficult for two users with different security parameters to establish a common session key. We propose a certificateless key exchange protocol for two different devices managed by different KGCs to address the issue. The security of the proposed protocol is conducted in the random oracle model with the hardness assumption of elliptic curve computational Diffie-Hellman (ECDH) problem. The main merits of our protocol include the following: (a) it enables users from heterogeneous networks to establish upon a shared session key, (b) it can solve the key escrow problem, (c) it does not use bilinear pairings and obtains computational efficiency, and (d) it achieves stronger security compared with other related protocols.