基于证书的RSA签名系统的设计与实现

近几年办公自动化系统使用程度愈来愈高,提高社会生产效率的同时也带来了更多的安全需求。很多数字签名系统应运而生。探讨了基于证书的数字签名系统的分析与设计,该系统通过VC编程实现。在填入个人相关信息后生成证书,其中公钥证书中包含有证书有效日期、RSA参数信息和签名值。私钥证书的相关RSA参数被私钥口令加密。签名系统通过散列运算得到文件摘要,然后再用私钥证书中的RSA参数信息对摘要进行签名运算,验证者随后可以用公钥证书的RSA参数信息对签名进行验证。     

基于匿名认证的车联网安全技术研究

车联网相关应用需要基于实时、准确的交通信息。RSU会实时进行广播,同时车辆间要进行实时通信,包括车辆的身份信息、驾驶状态及位置信息等。攻击者可以利用车联网的开放性获取实时发送的空口数据,通过破解空口数据获得车辆的身份信息和位置信息,进而可以通过伪装、篡改或者植入恶意程序的方式对车辆进行攻击。因此,车联网通信过程中的信息安全问题必须得到有效的保护。基于区块链的匿名认证,车辆在V2V及V2I通信过程中将公钥作为假名进行认证,既保证了消息来源的真实性和消息的完整性,也避免了车辆身份信息的泄露。     

车辆自组网的位置隐私保护技术研究

车辆自组网的位置服务在解决道路安全问题、为驾乘者提供便捷服务的同时,也带来了相应的隐私保护问题。总结了隐私保护内容,重点分析了车辆自组网的假名和签名2类隐私保护技术,其中假名方案分为基于特殊地形、基于安静时段、加密mix-zones和mix-zones通信代理;签名方案分为群签名和环签名。继而针对隐私保护水平的高低,分析了匿名集合、熵度量、数学理论分析和形式化证明几类主要的位置隐私度量方法,对其各自的特点进行了总结比较。     

基于停放车辆路边单元环境感知的车联网资源高效分配

为减少路边单元（RSU）部署,同时满足移动车辆用户对处理时延敏感和计算密集任务的需求,提出了基于停放车辆环境感知的资源分配算法。选择路边停放的车辆替代RSU为车辆用户提供服务,将停放时间作为选择停放车辆路边单元（PCRSU）的决策要素,分别在内容缓存和分发2个方面设计了减小需求响应时延的机制。在内容缓存方面,PCRSU通过感知用户历史搜索数据与兴趣点区域类型两类要素对用户进行个性化的内容推荐。在内容分发方面,PCRSU通过感知车辆用户的数据传输需求,对带宽进行高效分配。实验证明,与已有方法相比,所提算法能更合理地选择PCRSU,有效降低系统的需求响应时延,在保证网络覆盖的同时提升系统稳定性,并且能为车辆用户提供更加准确的服务内容。     

一种改进的ECC数字签名方案

利用组合公钥体制（CPK）的基本思想，结合椭圆曲线加密（ECC）算法，提出了一种改进的数字签名方案。该方案中，签名者使用双私钥对消息进行签名，并通过结合运用CPK和ECC的特点，实现了高效的密钥管理以及高可靠性，较传统数字签名方法有更高的安全性和方便性。最后，对该签名方案进行了安全性分析。     

一种基于身份一次性公钥的构造

该文利用基于身份的密码系统,构造一个一次性公钥,来解决Internet通信的匿名性问题。在该系统中,用户只需由可信中心颁发一次私钥,而在每次活动时自己生成不同的公钥,通过与之对应的签名方案,在认证用户身份的同时,保证用户的匿名性和多次活动之间的不可联系性。另外,在必要时,可以联合可信中心揭示用户的真实身份,以防止用户的恶意活动。     

基于网络编码的优化V2R数据传输性能的研究

将路侧设备RSUs作为车载网络VANETs的缓冲点,可缓解车与车V2V之间连通的间歇性问题。然而,由于车辆的快速移动以及RSU短的传输距离,车辆驻留同一个RSU的时间很短。尽管广播技术能够有效地提高广播带宽利用率以及系统响应时间。但RSU采用广播技术前需要获取车辆缓存数据项的先验知识。因此,车辆需要向RSU服务器上传缓存信息,浪费了带宽。为此,针对基于RSUs的VANETs,提出基于网络编码的车与路边设施V2R通信的数据传输算法NCDD。NCDD算法允许车辆不必向RSU服务器上传它们的缓冲信息,并利用网络编码提高RSU的广播性能,仿真结果也证实了NCDD算法能够有效地降低截止期错失率和系统响应时间。     

VANETs中一种隐私保护的高效批认证协议

车载自组网(Vehicular Ad Hoc Networks, VANETs)是一种自组织、自管理、快速移动的户外通信网络系统。车辆加入VANETs可以获取道路的交通状况信息,但是其与路侧单元进行通信时消息容易被窃取。为此,文章提出了一种基于假名和数字签名的批认证协议,实现了车辆身份的匿名和隐私保护。同时,该协议支持路侧单元(Road Side Unit, RSU)对多辆车辆的批量认证,极大地降低了身份验证的计算开销。     

面向云服务的安全高效无证书聚合签名车联网认证密钥协商协议

针对目前车联网认证密钥协商协议效率低下以及车辆公私钥频繁更新的问题,提出一个基于无证书聚合签名的车联网匿名认证与密钥协商协议.本方案通过引入临时身份和预签名机制实现对车辆的隐私保护以及匿名认证,同时通过构建临时身份索引数据库,实现可信中心对可疑车辆的事后追查,满足车辆的条件匿名性要求.此外,本方案中车辆的公私钥不随其临时身份动态改变,有效避免了已有方案公私钥频繁更新带来的系统开销.同时,为了提供高效的批量认证,采用无双线性对的聚合签名技术,实现了车辆签名的动态聚合和转发,有效降低了签名传递的通信量和云服务器的验证开销.本文方案在eCK模型和CDH问题假设下被证明是形式化安全的.     

ITBES：一种基于门限与身份的WSN加密签名方法

为了提高基于身份的加密签名（IBES）系统中密钥生成中心（PKG）的可信性,采用门限密码学中的（t,n）秘密共享方法,对Xavier IBES算法进行了改进,将主密钥s共享于n个对等的可信第三方PKG之间,并且将改进后的新的基于门限与身份的加密签名一体化方法（ITBES）应用于无线传感器网络,从方法的复杂性、存储需求、安全性方面进行了分析,结果表明我们的方法能够提高PKG可信性,加强无线传感器网络的安全。     

移动计算中基于椭圆曲线的匿名签名算法

移动代码(例如移动代理)在异地执行签名时往往不希望暴露其所有者的私有密钥,本文提出了一种基于椭圆曲线的移动代码匿名签名算法,依据该算法,移动代码所有者可以利用椭圆曲线根据自己的身份信息为移动代码生成一个认证矢量和一个临时性密钥对,并通过它们实现了移动代码匿名签名以及签名后的不可否认性.该算法除具有匿名性和不可否认性以外,还具有高效性、保密性和不可伪造性等特点,可广泛应用于各种具有代码移动特性的移动计算.     

智能车载自组织网络中匿名在线注册与安全认证协议

随着智能交通系统(ITS)的建立,车载自组织网络(VANETs)在提高交通安全和效率方面发挥着重要的作用。由于车载自组织网络具有开放性和脆弱性特点,容易遭受各种安全威胁与攻击,这将阻碍其广泛应用。针对当前车载自组织网络传输中数据的认证性与完整性,以及车辆身份的隐私保护需求,该文提出一种智能车载自组织网络中的匿名在线注册与安全认证协议。协议让智能车辆在公开信道以匿名的方式向交通系统可信中心(TA)在线注册。可信中心证实智能车辆的真实身份后,无需搭建安全信道,在开放网络中颁发用于安全认证的签名私钥。车辆可以匿名发送实时交通信息到附近路边基站单元(RSU),并得到有效认证与完整性检测。该协议使得可信中心可以有效追踪因发送伪造信息引起交通事故的匿名车辆。协议可以让路边基站单元同时对多个匿名车辆发送的交通信息进行批量认证。该协议做了详细的安全性分析和性能分析。性能比较结果表明,该协议在智能车辆端的计算开销以及在路边基站单元端的通信开销都具有明显优势,而且无需搭建安全信道就能够实现匿名在线注册,因此可以安全高效地部署在智能车载自组织网络环境。     

Cooperative and Opportunistic Channel Access for Vehicle to Roadside (V2R) Communications

This paper focuses on vehicle to roadside (V2R) communications in vehicular networks based on the IEEE 802.11 DCF MAC protocol. In vehicular networks, roadside units (RSUs) are typically spaced apart along the road and each vehicle can be connected to an RSU only when the vehicle is within its transmission range. Due to the high relative speed between a moving vehicle and a stationary RSU, the residence time of the vehicle within the coverage of each RSU is very short. Thus it is hard for the system to reach a steady state. With multi-hop forwarding, in which a vehicle may be connected to an RSU through relaying over other vehicles, the connection time of each V2R access may be extended. But this is at the expense of introducing wireless interference among vehicles, which may dramatically degrade the system performance. To tackle these challenges, we propose a new mechanism called Proxy-based Vehicle to RSU access (PVR) for V2R communications. This protocol is designed to exploit cooperative and opportunistic forwarding between any two distant RSUs and to emulate back-to-back transmissions within the coverage of an RSU. As a result, it can shorten the access delay by taking advantage of opportunistic forwarding and mitigate the interference problem during the short residence time within the coverage of an RSU. The simulation results show that PVR achieves excellent performance and outperforms all existing solutions for V2R communications in vehicular networks.     

An improved EAAP scheme for vehicular ad hoc networks

Recently, Maria Azees et al proposed an “EAAP: efficient anonymous authentication with conditional privacy‐preserving scheme for Vehicular Ad Hoc Networks.” Their scheme is mainly to solve the problem of high computation time of anonymous certificate and signature authentication, as well as the tracking problem of malicious vehicles. However, some improvements are needed in the protection of anonymous identity and the effective tracking of malicious vehicles. In this paper, our scheme realizes mutual authentication between OBU and RSU, and the RSU is authenticated without using certificate. In order to prevent the anonymous identity of the vehicles from being monitored and tracked, we use the negotiated short‐time key to encrypt the anonymous identity in the vehicle certificates. In addition, our scheme uses a new tracking method for malicious vehicles. Then, we prove the scheme through BAN logic, and it has the properties of authentication, anonymity, unlinkability, privacy protection, and traceability. Finally, we compare the computation cost and communication cost with other schemes, and the scheme has been greatly improved.     

Conditional privacy protection authentication scheme based on bilinear pairings for VANET

To solve the problem of security and efficiency of anonymous authentication in the vehicle Ad-hoc network（VANET）, a conditional privacy protection authentication scheme for vehicular networks is proposed based on bilinear pairings. In this scheme, the tamper-proof device in the roadside unit (RSU) is used to complete the message signature and authentication process together with the vehicle, which makes it more secure to communicate between RSU and trusted authority (TA) and faster to update system parameters and revoke the vehicle. And this is also cheaper than installing tamper-proof devices in each vehicle unit. Moreover, the scheme provide provable security proof under random oracle model (ROM), which shows that the proposed scheme can meet the security requirements such as conditional privacy, unforgeability, traceability etc. And the results of simulation experiment demonstrate that this scheme not only of achieves high efficiency, but also has low message loss rate.     

基于MI和TPM混合的多变量数字签名方案

 本文基于MI和TPM两类多变量公钥密码的公钥,利用"减"方法将其混合,提出了多变量数字签名方案的中心映射构造新方法,给出了基于MI和TPM混合的多变量数字签名方案,该方案能够有效抵抗高阶线性化方程攻击、秩攻击、XL&Grbner基攻击、差分攻击等现有典型攻击,并且与Rainbow、Sflash^v2等典型多变量数字签名方案相比,在签名长度、密钥存储规模等方面具有优势.     

Distance and clustering‐based energy‐efficient pseudonyms changing strategy over road network

To improve the fairness, the energy consumption changing pseudonyms needs to be taken into account. Existing works focus on changing velocity‐based pseudonyms changing strategy and short changes interval with limited coverage, but due to similar velocity and short changes, internal attacker guesses easily known communication and location information due to location information of vehicle on tracking, which may expose adversary private information, and frequently, pseudonyms changing occurs due to movement of vehicles' similar velocity and short coverage, which may cause serious attack of vehicle. To overcome this problem, distance and cluster can be performed. In this work, we proposed distance and cluster‐based energy pseudonyms changing method for road network. We proposed distance and energy‐based clustering routing service over road network, the cluster head elected to depend on random number of distance and energy to change pseudonyms of vehicles. An each interval to be establish cluster head vehicle deployed while selects the operation mode and informs the cluster members of the selected mode through beacon signal. The cluster head vehicle node performs the pseudonyms changing based on the predicted distance and energy of the cluster member to use clustering optimization. The data of whole network send to report server through these nodes while near the RSU, and the vehicles in this area will use less energy to change the pseudonyms. The simulation results show that the proposed method enhances pseudonyms changing strategy less consumption and delays sufficient privacy level each vehicle also our method has outperform compare with existing methods than we use Sumo simulation and Matlab tools to verify our proposed method. Our proposed method outperformed in terms of pseudonym changing energy efficiency to careful attention during the cluster formation process, stable and balanced clusters that prolong the network lifetime, increases distances to more CH vehicles connectivity to makes clustering group and changing their pseudonyms in terms of high level privacy and finally, CH nodes use Dijkstra's algorithm use MST among the vehicles nodes depend on existing road networks to follow shortest path selection roads in terms of high connectivity probability of CH and stable structure of the network decreases the topology changes and thus,the clustering overhead is reduced.     

Privacy‐preserving authentication scheme for on‐road on‐demand refilling of pseudonym in VANET

Privacy in Vehicular Ad Hoc Networks (VANET) is fundamental because the user's safety may be threatened by the identity and the real‐time spatiotemporal data exchanged on the network. This issue is commonly addressed by the use of certified temporal pseudonyms and their updating strategies to ensure the user's unlinkability and anonymity. IEEE 1609.2 Standard specified the process of certifying pseudonym along with certificates structure. However, the communication procedure between the certifying authority and the requesting vehicle was not defined. In this paper, a new privacy‐preserving solution for pseudonym on‐road on‐demand refilling is proposed where the vehicle anonymously authenticates itself to the regional authority subsidiary of the central trusted authority to request a new pseudonyms pool. The authentication method has two phases, the first one uses anonymous tickets, and the second one is a challenge‐based authentication. The anonymous tickets are certificates that do not include the identity of the user. Instead, it contains a reference number and the certifying authority signature. The challenge authentication is identity‐less to preserve the privacy, yet it is used to prevent the misuse of tickets and the impersonation of its owner. Our proposed scheme is analyzed by the use of Burrows, Abadi and Needham (BAN) logic to demonstrate its correctness. It is also specified and checked by using the Security Protocol ANimator (SPAN) and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tools. The logical demonstration proved that this privacy‐preserving authentication is assured. The SPAN and AVISPA tools illustrated that it is resilient to security attacks.