高效的无证书多接收者匿名签密方案

针对已有的基于身份的多接收者签密方案存在的密钥托管问题,研究了无证书多接收者签密安全模型,进而基于椭圆曲线密码体制,提出一个无证书多接收者签密方案,并在随机预言机模型下证明方案的安全性建立在计算Diffie-Hellman问题及椭圆曲线离散对数问题的困难性之上。该方案无需证书管理中心,在签密阶段和解签密阶段均不含双线性对运算,且可确保发送者和接收者的身份信息不被泄露,可以方便地应用于网络广播签密服务。     

基于身份的多接收者匿名签密改进方案

对庞等提出的首个考虑发送者和接收者双重匿名性的基于身份的多接收者匿名签密方案进行安全性分析,结果表明该方案不满足选择密文攻击下的密文不可区分性,在现有安全模型下,攻击者可以区分不同消息的签密密文。提出一个在随机预言模型下选定身份安全的改进方案,新方案在CDH和Gap-BDH困难问题假设下分别满足密文的存在不可伪造性和不可区分性。     

基于身份公平的匿名多接收者签密方案

针对Lal等人所提出的基于身份的多接收者签密方案中存在的暴露接收者身份信息隐私性和解密不公平的问题,应用拉格拉日插值方法,提出一种满足接收者身份匿名性和解密公平性的新的多接收者签密方案。基于双线性 Diffie-Hellman 问题和计算 Diffie-Hellman 问题,对随机模预言模型下的 IND-sMIBSC-CCA2和EUF-sMIBSC-CMA的安全性进行了证明,验证本方案具有保密性和不可否认性。     

基于异构密码系统的混合群组签密方案

群组签密既能实现群组签名,又能实现群组加密,但是现有的群组签密方案的发送者和接收者基本上在同一个密码系统中,不能满足现实环境的需求,而且基本上采用的是公钥加密技术,公钥加密技术在加密长消息时效率较低。因此该文提出由基于身份的密码体制(IBC)到无证书密码体制(CLC)的异构密码系统的混合群组签密方案。在该方案中,私钥生成器(PKG)和密钥生成中心(KGC)能够分别在IBC密码体制和CLC密码体制中产生自己的系统主密钥;而且群组成员只有协作才能解签密,提高了方案的安全性;同时在无需更换群组公钥和其他成员私钥的情况下,用户可以动态地加入该群组。所提方案采用了混合签密,具有可加密任意长消息的能力。在随机预言模型下,证明了该文方案在计算Diffie-hellman困难问题下具有保密性和不可伪造性。通过理论和数值实验分析表明该方案具有更高的效率和可行性。     

对一个匿名多接收者签密方案的安全性分析与改进

2011年,庞等人利用拉格朗日插值多项式方法构造了一个新的基于身份的多接收者匿名签密方案,并声称在其方案中任何攻击者或合法接收者都无法获取其他合法接收者的身份信息,从而能够保护接收者隐私.本文对庞等人的多接收者签密方案进行安全性分析,发现其方案中任何接收者对于其他接收者都无法实现匿名.同时,本文在其方案基础上进行改进,提出了一种改进方案,以弥补其安全缺陷.最后在随机预言模型下,对改进方案的正确性和接收者匿名性进行了证明.     

基于社交网络机理的短信息监控系统

短信息实时过滤基于社交网络机理,从社交网络的聚类现象切入,通过确认发送者的身份实现短信息实时监控过滤。首先根据接收者与发送者之间是否存在通信历史对发送的短信进行预处理,进而根据接收者与发送者、接收者之间的通信历史记录实施二度实时过滤,确认发送者身份,拦截文本或多媒体形式的垃圾短信。并行过滤算法在对称多处理(SMP)的硬件平台上运行。     

新的基于身份的签密方案

利用椭圆曲线上的双线性对,提出一个基于身份的签密方案。在新方案中,接收者收到一个签密消息,在验证该消息签名的合法性后,再对消息进行恢复。在安全性方面,新方案具有机密性、不可伪造性、公开可验证性、鲁棒性;在计算量和通信成本方面,新方案中只需要进行1次模指数运算、2次双线性对运算和1次双线性对预运算,签密产生的密文长度为2｜G1｜＋｜m｜,总成本比已有的基于身份的签密方案耗费少,从而有效实现了对消息的认证和保密。     

双向匿名的基于属性的密钥隔离签密

为解决发送者和接收者都具有匿名性的基于属性签密方案中密钥泄露的问题,将密钥隔离机制引入到基于属性签密方案中,给出了基于属性密钥隔离签密的形式化定义和安全模型,构建了随机预言模型下安全的基于属性的密钥隔离签密方案。改进后的方案不仅没有失去原有的双向匿名性,而且满足前向安全性和后向安全性的要求,减轻了密钥泄露带来的危害。最后在安全模型的基础上,给出了双向匿名的基于属性的密钥隔离签密的机密性、认证性和匿名性的安全性证明。     

一种基于身份的环签密方案

使用威尔配对,本文提出了一种基于身份的环签密方案,给出了具体的算法.该方案能够使消息的发送者以一种完全匿名的方式发送消息,并且同时实现保密性和认证性两种功能.我们证明了在决策双线性Diffie-Hellman问题难解的假设下,新提出的方案对自适应选择密文攻击是安全的.与传统的先签名后加密的方案相比,本方案中密文长度有了明显的降低,在低带宽的要求下更加可行.     

一个动态门限的基于属性签密方案

签密能同时实现加密与签名,并且代价小于传统的先签名再加密。该文在Li等人(2010)签名方案的基础上提出了一个动态门限的基于属性签密方案,除具有一般签密方案的保密性和认证性外,还同时具有签密者属性隐私安全性和多接收者特性。在随机预言机模型下,利用判定双线性Diffie-Hellman (DBDH)问题和计算Diffie- Hellman (CDH)问题的困难性,证明了该方案满足在适应性选择密文攻击下的不可区分性及适应性选择消息下的不可伪造性。     

具有差错控制的安全广播方案

本文介绍了一种具有差错控制的安全广播方案。该方案只基于线性分组码理论,而不使用任何加密技术。同时,在方案中还说明如何通过发送纠错奇偶校验消息来达到在信道差错情况下的可靠消息传输。     

一种新的并行多消息签名方案

在现有的数字签名方案中,一个人可以对一个文件签名,也可以同时对多个文件签名。如果需要多个人对多个文件签名,往往采用顺序签名或者需要一个第三者代理多个人签名。有时需要多个签名人在没有代理人的情况下对多个消息并行(同时)签名,现有的签名方案都满足不了这样的需要。本文给出一种能够满足这种需要的并行多消息签名方案,并给出了安全性证明,签名的验证也是并行的。     

Random coding theorems for the general discrete memoryless broadcast channel

Three different communication situations are considered for the general nondegraded discrete memoryless broadcast channel with two components. In the most general situation, common and separate information is sent to both receivers. In another situation, only separate information is sent, and in a third, one Common and one separate message is sent. For each communication situation a random coding inner bound on the capacity region is derived. An example is presented which Shows that in the most general situation the inner bound strictly dominates the family of rates obtained by time-sharing. The capacity region for the general situation is characterized by a limiting expression. The relationship with the degraded broadcast channel and the connection with other multiway channels, such as the channel with two senders and two receivers, is shown.     

Wireless broadcast encryption based on smart cards

Wireless broadcasting is an efficient way to broadcast data to a large number of users. Some commercial applications of wireless broadcasting, such as satellite pay-TV, desire that only those users who have paid for the service can retrieve broadcast data. This is often achieved by broadcast encryption, which allows a station securely to broadcast data to a dynamically changing set of privileged users through open air. Most existing broadcast encryption schemes can only revoke a pre-specified number of users before system re-setup or require high computation, communication and storage overheads in receivers. In this paper, we propose a new broadcast encryption scheme based on smart cards. In our scheme, smart cards are used to prevent users from leaking secret keys. Additionally, once an illegally cloned smart card is captured, our scheme also allows tracing of the compromised smart card by which illegal smart cards are cloned, and can then revoke all cloned smart cards. The new features of our scheme include minimal computation needs of only a few modular multiplications in the smart card, and the capability to revoke up to any number of users in one revocation. Furthermore, our scheme is secure against both passive and active attacks and has better performance than other schemes.     

可证安全的基于证书广播加密方案

广播加密可使发送者选取任意用户集合进行广播加密,只有授权用户才能够解密密文.但是其安全性依赖广播中心产生和颁布群成员的解密密钥.针对这一问题,本文提出基于证书广播加密的概念,给出了基于证书广播加密的形式化定义和安全模型.结合基于证书公钥加密算法的思想,构造了一个高效的基于证书广播加密方案,并证明了方案的安全性.在方案中,用户私钥由用户自己选取,证书由认证中心产生,解密密钥由用户私钥和证书两部分组成,克服了密钥托管的问题.在方案中,广播加密算法中的双线性对运算可以进行预计算,仅在解密时做一次双线性对运算,提高了计算效率.     

Multiple-access channels with different generalized feedback signals

This paper is concerned with a communication channel with two senders and one receiver, in which each sender observes a private feedback signal. The two feedback signals are not necessarily equivalent to or derived from the signal observed by the receiver. An achievable rate region is demonstrated for this multiple-access channel by means of a new superposition coding scheme. In particular it is shown that a rate region, previously obtained for the multiple-access channel with "perfect" feedback to both senders, remains achievable when the feedback connection to one of the senders is eliminated.     

SOM: dynamic push-pull channel allocation framework for mobile data broadcasting

In a mobile computing environment, the combined use of broadcast and on-demand channels can utilize the bandwidth effectively for data dissemination. We explore in this paper the problem of dynamic data and channel allocation with the number of communication channels and the number of data items given. We first derive the analytical models of the average access time when the data items are requested through the broadcast and on-demand channels. Then, we transform this problem into a guided search problem. In light of the theoretical properties derived, we devise algorithm SOM to obtain the optimal allocation of data and channels. Algorithm SOM is a composite algorithm which will cooperate with 1) a search strategy and 2) a broadcast program generation algorithm. According to the analytical mode, we devise scheme BIS-incremental on the basis of algorithm SOM, which is able to obtain solutions of high quality efficiently by employing binary interpolation search. In essence, scheme BIS-incremental is guided to explore the search space with higher likelihood to be the optimal first, thereby leading to an efficient and effective search. It is shown by our simulation results that the solution obtained by scheme BIS-incremental is of very high quality and is in fact very close to the optimal one. A sensitivity study on several parameters, including the number of data items and the number of communication channels, is conducted. The experimental results show that scheme BIS-incremental is of very good scalability, which is particularly important for its practical use in a mobile computing environment.     

How to signcrypt a message to designated group

In an open network environment, the protection of group communication is a crucial problem. In this article, a novel broadcast group-oriented signcryption scheme is presented for group communication scenarios in distributed networks. Anyone in this scheme can signcrypt a message and distribute it to a designated group, and any member in the receiving group can unsigncrypt the ciphertext. The ciphertext and public key in the scheme are of constant size. In addition, this new scheme offers public verification of the ciphertext. This property is very important to the large-scale group communication since the gateway can filter the incorrect ciphertext and alleviate the receiver's workload. Finally, a proof in the random oracle model is given to show that the scheme is secure against chosen ciphertext attack and existential forgery.     

Optimal memory management strategies for a mobile user in abroadcast data delivery system

Data broadcasting has been considered as a promising way of disseminating information to a massive number of users in a wireless communication environment. In a broadcast data delivery system, there is a server which is broadcasting data to a user community. Due to the lack of communication from the users to the server, the server cannot know what a user needs. In order to access a certain item, a user has to wait until the item appears in the broadcast. The waiting time will be considerably long if the server's broadcast schedule does not match the user's access needs. If a user has a local memory, it can alleviate its access latency by selectively prefetching the items from the broadcast and storing them in the memory. A good memory management strategy can substantially reduce the user's access latency, which is a major concern in a broadcast data delivery system. An optimal memory management policy is identified that minimizes the expected aggregate latency. We present optimal memory update strategies with limited look ahead as implementable approximations of the optimal policy. Some interesting special cases are given for which the limited look-ahead policies are optimal. We also show that the same formulation can be used to find the optimal memory management policy which minimizes the number of deadline misses when users generate information requests which have to be satisfied within some given deadlines     

Adaptive Dissemination of Data in Time-Critical Asymmetric Communication Environments

The proliferation of new data-intensive applications in asymmetric communication environments has led to an increasing interest in the development of push-based techniques, in which the information is broadcast to a large population of clients in order to achieve the most efficient use of the limited server and communication resources. It is important to note that quite often the data that is broadcast is time-critical in nature.Most of the related current research focuses on a pure push-based approach (Broadcast Disks model), where the transmission of data is done without allowing explicit requests from the users. More recently, some bidirectional models incorporating a low-capacity uplink channel have been proposed in order to increase the functionality of the Broadcast Disks model. However, the impact of integration of the uplink channel has been investigated using only static client profiles or ignoring the existence of time-sensitive data. None of the existing models integrates all the characteristics needed to perform effectively in a real-world, dynamic time-critical asymmetric communication environment.In this paper we present an adaptive data dissemination model and the associated on-line scheduling algorithms. These improve the functionality and performance of bidirectional broadcast models, maximizing the total number of satisfied users in asymmetric communication environments with dynamic client profiles and time requirements (e.g., mobile systems). This is achieved by means of dynamic adaptation of the broadcast program to the needs of the users, taking into account the bandwidth constraints inherent in asymmetric communication environments and the deadline requirements of the user requests. Performance is evaluated by simulation of a real-time asymmetric communication environment.