Cybertwin中的格上生物特征认证密钥交换协议

针对基于Cybertwin的网络架构中通信双方存在信道安全以及隐私保护的问题,提出新的格上认证密钥交换协议。使用生物特征认证技术实现Cytertwin服务下的用户实名制登录和强身份认证需求,保证Cybertwin服务对用户网络行为的审计和追踪。通过引入通信方身份信息构造格上抗碰撞哈希函数,使身份信息在公共信道传输过程中能够应对量子威胁,同时满足用户匿名性和不可追踪性。最后基于RLWE问题设计了新的和解机制,通过两轮交互共享安全会话密钥。协议在BPR模型下满足理论可证明安全,具有抗量子攻击、抗临时秘密值泄露攻击、抗生物特征猜测攻击等安全特性。仿真实验表明该协议计算和通信开销适用于Cybertwin服务下数量庞大的终端互连需求。     

基于RLWE的双因子三方认证密钥交换协议

为了使格上Diffie-Hellman式密钥交换协议能够实现认证性并且适用于客户-服务器-客户模式的大规模通信,提出了一个基于环上误差学习RLWE的双因子三方认证密钥交换协议。该协议将口令和生物特征作为客户的长期密钥,实现服务器对客户的显式身份认证。首先利用环上误差学习的困难问题的优势（密钥及密文尺寸短、运行效率高）来构造密码体制;其次服务器通过口令和生物特征的哈希值传递环元素,并结合丁式错误协调机制使得通信方获得随机均匀的会话密钥。最后分析表明,该协议适用于大规模通信,提高了通信量,具有更高的安全属性,可以抵抗口令泄露用户假冒攻击。     

理想格上的多阶段认证密钥交换协议

现有的格基认证密钥交换协议普遍基于Bellare-Rogaway等单阶段模型,忽略了实际通信场景中会话密钥建立的阶段分离。针对这一问题,基于MSKE模型提出了一种格基多阶段认证密钥交换协议。该方案使用预共享的口令进行认证,并使用Peikert误差消除机制结合服务器静态密钥实现多阶段密钥协商。分析表明,该方案整体只引入少量计算开销,实现了双向认证、二阶会话密钥完美前向保密、抗量子攻击等特性,在MSKE模型下满足KD-2FS-M安全等级,是一种简单高效的后量子多阶段密钥交换协议。     

一种新型基于Binary-LWE的认证密钥交换协议

为了设计一种基于格困难问题的强安全认证密钥交换协议,分析了DXL12和DXL14方案中缺少认证功能导致容易遭受中间人攻击等缺陷,提出一种基于Binary-LWE的认证密钥交换协议。该协议具有两轮消息交互,不依赖于数字签名提供隐式密钥认证,并采用2012年Micciancio和Peikert在欧密会上提出的陷门函数来提供双方认证功能。在随机语言机模型下将安全性直接建立在Binary-LWE问题的困难性假设上,具有前向安全性、抗中间人攻击、抗冒充攻击等安全属性。由于该方案的安全性是基于格上困难问题,所以可以抵抗量子攻击。     

标准模型下格上的密钥封装机制

密钥封装机制(key encapsulation mechanism,KEM)使得会话双方能够安全地共享一个随机的会话密钥,改善了使用公钥加密明文时空间受限的问题,是大规模网络中密钥分发和密钥管理问题的有效解决方案之一。提出一种标准模型下安全高效的格上的密钥封装机制,将陷门函数与带误差学习问题(learning with errors,LWE)算法相结合,并引入参与者的身份信息,保证密钥封装机制的机密性和可认证性,可抵抗现有已知量子算法攻击。采用密文压缩技术,对封装后的密文元素进行压缩,分析结果表明,能够有效提高传输效率。在标准模型下,该机制安全性归约至判定性LWE的难解性,并包含严格的安全性证明。其安全性为可证明的选择密文安全,适用于多种类型基于格的密钥交换协议方案。     

适用于智能家居的格上基于身份多方认证密钥协商协议

随着物联网应用的日益普及,物联网设备终端数量激增、种类多样、层次复杂,常处于不可控的环境之中,因此,确保数据传输过程的安全性和隐私性至关重要。对基于物联网架构的智能家居服务进行探讨得出,启用智能家居应用需涉及多个方面,如用户、云、物联网智能集线器(the IoT smart hub, ISH)和智能设备,它们需要多方验证以进行安全通信。由此提出了一种针对智能家居应用的格上基于身份多方认证密钥协商协议,并证明在eCK模型下是安全的。其安全性可以归约到环上带误差学习(ring learning with errors, RLWE)问题的困难性,能够抗量子计算攻击。所提协议由一个格上基于身份的加密方案转换而成,无须公钥证书,避免了部署一个庞大的公钥基础设施(public key infrastructure, PKI)。通过信息交互实现显式认证,且可具有一定的匿名性质,与其他相关的后量子格上多方认证密钥协商协议方案相比,该协议在安全性和执行效率方面更具优势。     

基于格的非交互式密钥交换协议

当前网络中广泛使用的交互式密钥交换协议,如SSL协议和TLS协议,由于密钥建立过程的通信量较大,不适合物联网中传感器等资源有限的轻型网络设备使用,因此提出一种基于格的非交互式密钥交换协议.文章基于格理论的环上带误差学习困难性问题,使用Freire等人给出的非交互式密钥交换协议形式化定义和安全模型对协议的安全性进行分析,通过攻击者与挑战者之间的博弈证明了协议的安全性.该协议具有抗量子攻击安全性,能够有效地提升物联网的通信安全.     

一种新型基于格上LWE问题密钥交换协议的设计

基于格上困难问题设计高效、安全的后量子密钥交换协议具有非常重要的理论意义和实用价值。提出了一种新型高效实用的基于格上错误学习问题被动安全密钥交换协议。该协议采用加密机制的构造方式并使用了密文压缩技术,与2016年Bos等人基于错误学习问题并使用Peikert错误调和机制设计的密钥交换协议Frodo相比,通信量只增加了1.09%,但方案复杂度有效降低,计算更加简洁高效,且协议在被动攻击下可证明安全,可有效抵御量子攻击。该协议与现有的基于错误学习问题设计的密钥交换协议相比,具有很强的竞争力。     

具有双向身份认证功能的量子密钥分发协议

提出了一种具有身份认证功能的量子密钥分发协议。该协议利用Bell态纠缠交换特性、Bell基测量和按位异或运算,可以高效完成通信双方的身份认证;身份认证完成后,通信双方对手中粒子进行Pauli操作,能得到与对方拥有一样的Bell态粒子;通信双方按照约定的编码规则,得到相同二进制字符串作为密钥。分析表明,提出的密钥分发协议过程简单、操作容易实现,协议的安全性也能得到保证。     

基于理想格的用户匿名口令认证密钥协商协议

基于标准格的密钥协商协议具有较长的密钥长度和较高的密文扩张率,且格的表示方式需要较大的空间,而理想格具有密钥长度短和运行效率高等优点。因此,结合环上误差学习问题,提出基于理想格的用户匿名口令认证密钥协商协议。使用低熵的口令,通过服务器实现相互认证和共享会话密钥,以避免在身份认证过程中用户长期密钥的存储安全受到威胁。分析结果表明,与传统的2PAKE和3PAKE协议相比,该协议具有较高的效率和较短的密钥长度,能够抵抗量子攻击,适用于大规模网络通信。     

基于RLWE的生物特征认证密钥交换协议

在后量子密码学中,针对密钥交换协议存在口令容易丢失以及难以实现相互认证的安全缺陷,提出了一个新的基于环上误差学习的生物特征认证密钥交换协议。该协议根据环上误差学习问题构造的密码体制具有密钥及密文尺寸短、运行效率高等优势,并采用生物特征和口令作为长期密钥,同时通过Peikert式错误协调机制从各自的环元素中协调出随机均匀的会话密钥,实现了服务器对客户的显式认证。性能分析结果表明,该方案可抵抗用户假冒攻击,安全属性更高,提高了通信效率。     

An novel three-party authenticated key exchange protocol using one-time key

Three-party authenticated key exchange protocol (3PAKE) is an important cryptographic technique for secure communication which allows two parties to agree a new secure session key with the help of a trusted server. In this paper, we propose a new three-party authenticated key exchange protocol which aims to achieve more efficiency with the same security level of other existing 3PAKE protocols. Security analysis and formal verification using AVISPA tools show that the proposed protocol is secure against various known attacks. Comparing with other typical 3PAKE protocols, the proposed protocol is more efficient with less computation complexity.     

一个前向安全的基于口令认证的三方密钥交换协议

目前,文献中提出的基于口令认证的密钥交换协议,很多都是针对两方的情形设计的,即通信双方为客户与服务器,它们通过一个预先共享的口令来进行认证的密钥交换.随着现代通信环境的快速变化,需要能为任意客户间构建一个端到端的安全信道,这种应用的情形与那些文献中所考虑的有很大区别.针对这种情形,文中提出了一个可证前向安全的基于口令认证的三方密钥交换协议,使通信双方在认证服务器的帮助下能相互进行认证并建立一个会话密钥.与前人提出的基于口令认证的三方密钥交换协议相比,该协议在计算代价和通信代价上都较有效,因而更适用于资源受限的环境.此协议的安全性是在口令型的选择基Gap Diffie-Hellman问题难解的假设前提下在随机谕示模型下证明的.     

Two ID-based authenticated schemes with key agreement for mobile environments

With the rapid development of electronic commerce transactions on mobile devices, achieving secure communications between communication parties is an important issue. The typical solutions are authenticated key agreement protocols, designed to efficiently implement secure channels for two or more parties communicating via a public network by providing them with a shared secret key, called a session key. In this paper, we propose two key agreement schemes based on elliptic curve cryptosystems suited for mobile environments. The first one is an identity-based remote mutual authentication with key agreement scheme, and it is used to establish a session key between the client and the server. In the second one, we extend the proposed two-party authentication key exchange scheme to develop an efficient three-party authenticated key agreement scheme for establishing a session key between two users with the help of a trusted server. Both our proposed schemes achieve efficiency, practicability, simplicity, and strong notions of security.     

A round- and computation-efficient three-party authenticated key exchange protocol

In three-party authenticated key exchange protocols, each client shares a secret only with a trusted server with assists in generating a session key used for securely sending messages between two communication clients. Compared with two-party authenticated key exchange protocols where each pair of parties must share a secret with each other, a three-party protocol does not cause any key management problem for the parties. In the literature, mainly there exist three issues in three-party authenticated key exchange protocols are discussed that need to be further improved: (1) to reduce latency, communication steps in the protocol should be as parallel as possible; (2) as the existence of a security-sensitive table on the server side may cause the server to become compromised, the table should be removed; (3) resources required for computation should be as few as possible to avoid the protocol to become an efficiency bottleneck. In various applications over networks, a quick response is required especially by light-weight clients in the mobile e-commerce. In this paper, a round- and computation-efficient three-party authenticated key exchange protocol is proposed which fulfils all of the above mentioned requirements.     

Provably secure lightweight certificateless lattice-based authenticated key exchange scheme for IIoT

Through the Industrial Internet of Things (IIoT), the manufacturing enterprises have significantly enhanced the production efficiency. The transmission of data in IIoT over public channels has brought about information leakage issues. Therefore, it is crucial to agree on a session key among the participants. In recent years, numerous authenticated key exchange (AKE) schemes have been designed. However, those AKE schemes which adopt the certificateless approach to tackle certificate management and key escrow may remain vulnerable to quantum attacks, and other AKE schemes which are based on lattice hard problem so as to achieve the post quantum security may incur key management issues. To simultaneously address the aforementioned challenges, we propose a lightweight certificateless lattice-based authenticated key exchange (C2LAKE) scheme. Upon the hardness assumptions of the inhomogeneous small integer solution (ISIS) and computational bilateral inhomogeneous small integer solution (CBi-ISIS) problems, the C2LAKE scheme has been demonstrated to be secure in the eCK model and the random oracle model (ROM). Better trade-off among security and functionality features, and communication and computation costs make the C2LAKE scheme suitable and applicable in the IIoT environment.     

新的单轮无证书群认证密钥协商协议

群认证密钥协商协议可以使多个参与者在公开信道中建立会话密钥。提出了一种高效的基于PKC的无证书群认证密钥协商协议,由于采用了无证书机制,简化了基于证书的协议中复杂的证书管理问题,同时也解决了基于身份的协议中密钥托管问题。还对新协议进行了严格的形式化证明和计算量的横向比较,结果显示,新协议是安全且高效的。