基于ID的一次性盲公钥

盲签名的匿名性不仅能保护个人的隐私，也同样给犯罪分子带来了可乘之机．为了解决这一问题，一些方案利用了可信中心给用户颁发的公私钥，然而，用户的不同活动可由用户的公钥及证书联系起来．为了避免这种联系，本文利用况RSA和Fiat-Shamir身份鉴别方案提出了一种简单易行的方案，只需可信中心给用户颁发一次私钥，而由用户在每次使用时根据该私钥来生成不同的公钥，从而保证了多次使用活动的不可联系性．同时在法院授权许可的情况下，可信中心可以揭示用户的身份，以防止用户的犯罪。     

普适环境中基于一次性公钥的匿名认证方案

提出一种基于身份的一次性公钥及签名算法,与现有算法相比,该算法具有较小的计算和通信开销。基于该算法设计了一种普适环境中的匿名认证方案,当用户进行恶意操作时,服务提供者通过和可信中心合作可以揭示恶意用户身份。方案在提供强匿名性的同时,可有效防止用户进行恶意活动。     

用限制性群盲签名构造电子现金系统

本文提出一个新的称为限制性群盲签名的概念,并且指出了如何利用限制性群盲签名来构造多个银行参与发行的、公正的电子现金系统。一方面,系统保证了发币银行的匿名性,在必要时,可以由中央银行识别出发币银行的身份;另一方面,系统也保证合法用户的匿名性,在特定的情况下,银行在可信方的帮助下,能够撤消用户的匿名性。     

一种改进的可控制匿名性的离线电子现金系统

利用RSA盲签名算法和Schnorr一次数字签名算法,对Juels的电子现金方案[1]做了改进,提出一个新的可控制匿名性的电子现金系统。在用户向商家支付电子现金时,用户利用自己的秘密密钥对其将要支付的信息进行数字签名,解决了原方案中TTP(可信第三方)能冒充用户去花费用户的电子现金、他人获得合法用户的电子现金可盗用的问题,而且TTP使用公钥数字签名算法对可信标记签名,进一步增强了系统的安全性。最后对系统的安全性进行了分析。     

无可信第三方的离线电子现金匿名性控制

利用可信第三方的电子现金匿名性撤销方案增加了系统负担,并且可信第三方的跟踪是不确定的.最近Kulger等提出了无可信第三方的可审计跟踪的电子现金方案,但需要用户事后审计检查.结合Camenisch等的加标记跟踪及证明方法和Abe等部分盲签名方案,本文提出了一个无可信第三方的电子现金匿名性控制方案.方案中银行只在需要跟踪时要求用户打开标记,从而进行用户和钱币的跟踪,这样跟踪时用户是知道的,因此简便实用地解决了无可信第三方情况下电子现金匿名性控制问题.     

基于云存储的文件共享策略研究

云存储具有高可扩展性、低成本等特点,为用户文件共享提供了经济高效的服务,同时也带来了新的安全问题:在不可信的云存储中,如何在保证文件的安全和隐私的前提下,为特定用户共享。该方案提出了基于身份的公钥密码体制基础上,运用高效安全的代理环签名、动态广播加密和双线性对技术,通过授权用户列表,能动态加入和撤销共享用户,不需要更改老用户相关密钥。该方案简单可行,具有可追溯性、匿名性、不可伪造性等特点。     

直接匿名的无线网络可信接入认证分析

无线网络可信接入在认证移动用户身份的同时,利用直接匿名的方式去对平台身份的合法性和可信性进行验证。外地网络代理服务器和本地网络代理服务器对移动用户的身份进行双重验证,用临时的身份和一次性密钥来保持用户身份的匿名性,并且直接验证移动用户平台的可信性。     

一个无证书的环签名方案

无证书公钥密码体制简化了传统公钥体制负担过重的密钥管理问题,在不失基于身份的公钥体制其密钥管理简单的前提下克服了其所固有的密钥托管缺陷,基于无证书公钥体制提出了一个高效的环签名方案,可以实现签名者的无条件匿名性,且能有效抵制来自密钥生成中心的伪造攻击,适用于对安全性能要求较高且匿名的场合.     

RFID身份认证问答

Q1什么是非接触式身份认证系统? A:是基于射频卡技术的双因素身份认证系统,能够解决由密码泄露导致的系统安全问题,实现了管理人员和操作员登录业务系统时的安全认证控制。非接触式身份认证系统的流程是:由用户持有的射频卡产生挑战数,并用中心公钥加密、射频卡私钥签名,然后上送中心;中心验证签名、解密数据后,计     

格上身份基简短关联环签名及其电子投票应用

环签名具备匿名性,身份基环签名无需证书,关联环签名可避免用户重复签名,但这些签名占用空间多且效率低。针对这些问题,先输出公共参数和系统主密钥,再提取用户密钥,然后使用格上的累加器对环中公钥进行累加,并将知识证明签名推广至格上,构造出格上身份基简短关联环签名。对该签名的不可伪造性、关联性和匿名性进行了证明。对签名方案进行了性能分析与实验评估,结果表明,该签名节省了时间开销和存储空间。利用该签名及门限秘密共享技术,提出后量子的电子投票协议。     

移动计算环境下的用户匿名性问题研究

文章首先对移动计算环境下的移动用户匿名性问题进行了分类。给出了解决移动用户认证过程中匿名性问题的三种方法：共享密钥方法、公钥方法和混合认证方法。然后对这三种方法进行了比较分析，指出了存在的问题并给出了解决无家乡匿名认证方法条件限制的有关建议。     

Identity-Based User Authenticated Key Agreement Protocol for Multi-Server Environment with Anonymity

A multi-server environment is an important application paradigm in the Internet of Things (IoT). It enables a user access services from different vendors without having to go through multiple registration. The privacy of one who desires to access these services is often crucial. In order to access this service in a manner that assures user privacy, a user needs to be anonymously authenticated independent of the vendors’ services. However, existing identity-based anonymous schemes are only suitable for the client-server domain. Moreover, these schemes provide conditional anonymity which presupposes that if an adversary discovers the user’s private key, the identity can easily be recovered and misused. To avoid this situation, a new unconditional anonymity identity-based user authenticated key agreement scheme for IoT multi-server environment is introduced in this paper. Our protocol applies a ring signature to allow users to anonymously authenticate themselves in the severs without revealing their identities. Hence, an adversary cannot recover the user’s identity even when the user’s private key is known. We further provide a security proof in the random oracle model. Compared with the existing protocols, our proposed scheme is well fitting for mobile phone applications and guarantees the privacy of users in IoT multi-server domain.

     

Security Enhanced Anonymous User Authenticated Key Agreement Scheme Using Smart Card

Nowadays, the password-based remote user authentication mechanism using smart card is one of the simplest and convenient authentication ways to ensure secure communications over the public network environments. Recently, Liu et al. proposed an efficient and secure smart card based password authentication scheme. However, we find that Liu et al.’s scheme is vulnerable to the off-line password guessing attack and user impersonation attack. Furthermore, it also cannot provide user anonymity. In this paper, we cryptanalyze Liu et al.’s scheme and propose a security enhanced user authentication scheme to overcome the aforementioned problems. Especially, in order to preserve the user anonymity and prevent the guessing attack, we use the dynamic identity technique. The analysis shows that the proposed scheme is more secure and efficient than other related authentication schemes.     

Cryptanalysis of some user identification schemes for distributed computer networks

User identification plays an important role for access control in networks. Recently, Hsu and Chuang proposed a user identification scheme for distributed computer networks, which can also provide key agreement and user anonymity. However, Tsai pointed out the weakness of Hsu–Chuang's scheme and proposed an improved scheme. In this paper, we present two attacks to examine that some user identification schemes have a serious security loophole. Finally, we propose a new user identification scheme, which is more secure than the existing schemes.Copyright © 2013 John Wiley & Sons, Ltd.     

An independent three‐factor mutual authentication and key agreement scheme with privacy preserving for multiserver environment and a survey

In the past decades, the demand for remote mutual authentication and key agreement (MAKA) scheme with privacy preserving grows rapidly with the rise of the right to privacy and the development of wireless networks and Internet of Things (IoT). Numerous remote MAKA schemes are proposed for various purposes, and they have different properties. In this paper, we survey 49 three‐factor–based remote MAKA schemes with privacy preserving from 2013 to 2019. None of them can simultaneously achieve security, suitability for multiserver environments, user anonymity, user untraceability, table free, public key management free, and independent authentication. Therefore, we propose an efficient three‐factor MAKA scheme, which achieves all the properties. We propose a security model of a three‐factor–based MAKA scheme with user anonymity for multiserver environments and formally prove that our scheme is secure under the elliptic curve computational Diffie‐Hellman problem assumption, decisional bilinear Diffie‐Hellman problem assumption, and hash function assumption. We compare the proposed scheme to relevant schemes to show our contribution and also show that our scheme is sufficiently efficient for low‐power portable mobile devices.     

Secure and Efficient Mutual Adaptive User Authentication Scheme for Heterogeneous Wireless Sensor Networks Using Multimedia Client–Server Systems

In hierarchical wireless sensor networks (H-WSNs), adaptive user authentication scheme has attracted significantly for the purposes of mutual authentication, session key establishment and resiliency to the attacks, like impersonation, parallel-session and password guessing. Several user authentication schemes have been proposed recently; though the schemes have had many potential vulnerabilities, such as key-impersonation, user anonymity, eavesdropping and masquerade. Thus, this paper proposes secure-cum-efficient mutual adaptive user authentication (S-Cum-EMAUA) scheme for practical use in H-WSNs. The scheme of S-Cum-EMAUA) is not only resilient to the most of the potential attacks, but also provides mutual authentication, user anonymity and session-key establishment. In addition, the proposed scheme is well secured, since it has the usage of the hash-function and X-OR operation.

     

A pairing‐free identity‐based handover AKE protocol with anonymity in the heterogeneous wireless networks

Nowadays, seamless roaming service in heterogeneous wireless networks attracts more and more attention. When a mobile user roams into a foreign domain, the process of secure handover authentication and key exchange (AKE) plays an important role to verify the authenticity and establish a secure communication between the user and the access point. Meanwhile, to prevent the user's current location and moving history information from being tracked, privacy preservation should be also considered. However, existing handover AKE schemes have more or less defects in security aspects or efficiency. In this paper, a secure pairing‐free identity‐based handover AKE protocol with privacy preservation is proposed. In our scheme, users' temporary identities will be used to conceal their real identities during the handover process, and the foreign server can verify the legitimacy of the user with the home server's assistance. Besides, to resist ephemeral private key leakage attack, the session key is generated from the static private keys and the ephemeral private keys together. Security analysis shows that our protocol is provably secure in extended Canetti‐Krawczyk (eCK) model under the computational Diffie‐Hellman (CDH) assumption and can capture desirable security properties including key‐compromise impersonation resistance, ephemeral secrets reveal resistance, strong anonymity, etc. Furthermore, the efficiency of our identity‐based protocol is improved by removing pairings, which not only simplifies the complex management of public key infrastructure (PKI) but also reduces the computation overhead of ID‐based cryptosystem with pairings. It is shown that our proposed handover AKE protocol provides better security assurance and higher computational efficiency for roaming authentication in heterogeneous wireless networks.     

A secure and enhanced elliptic curve cryptography‐based dynamic authentication scheme using smart card

In remote system security, 2‐factor authentication is one of the security approaches and provides fundamental protection to the system. Recently, numerous 2‐factor authentication schemes are proposed. In 2014, Troung et al proposed an enhanced dynamic authentication scheme using smart card mainly to provide anonymity, secure mutual authentication, and session key security. By the analysis of Troung et al's scheme, we observed that Troung et al' s scheme does not provide user anonymity, perfect forward secrecy, server's secret key security and does not allow the user to choose his/her password. We also identified that Troung et al's scheme is vulnerable to replay attack. To fix these security weaknesses, a robust authentication scheme is proposed and analyzed using the formal verification tool for measuring the robustness. From the observation of computational efficiency of the proposed scheme, we conclude that the scheme is more secure and easy to implement practically.     

TAKAP:A Lightweight Three-Party Authenticated Key Agreement Protocol with User Anonymity

The three-party authenticated key agree-ment protocol is a significant cryptographic mechanism for secure communication,which encourages two entities to authenticate each other and generate a shared session key with the assistance of a trusted party (remote server) via a public channel.Recently,Wang et al.put forward a three-party key agreement protocol with user anonymity and alleged that their protocol is able to resist all kinds of attacks and provide multifarious security features in Computer Engineering & Science,No.3,2018.Unfortunately,we show that Wang et al.'s protocol is vulnerable to the password guessing attack and fails to satisfy user anonymity and perfect secrecy.To solve the aforementioned problems,a lightweight chaotic map-based Three-party authenticated key agreement protocol(short for TAKAP) is proposed,which not only could provide privacy protection but also resist a wide variety of security attacks.Furthermore,it is formally proved under Burrows-Abadi-Needham (BAN) logic.Simultaneously,the performance analysis in this paper demonstrates that the proposed TAKAP protocol is more secure and efficient compared with other relevant protocols.