Privacy‐preserving multireceiver ID‐based encryption with provable security

Multireceiver identity (ID) based encryption and ID‐based broadcast encryption allow a sender to use the public identities of multiple receivers to encrypt messages so that only the selected receivers or a privileged set of users can decrypt the messages. It can be used for many practical applications such as digital content distribution, pay‐per‐view and multicast communication. For protecting the privacy of receivers or providing receiver anonymity, several privacy‐preserving (or anonymous) multireceiver ID‐based encryption and ID‐based broadcast encryption schemes were recently proposed, in which receiver anonymity means that nobody (including any selected receiver), except the sender, knows who the other selected receivers are. However, security incompleteness or flaws were found in these schemes. In this paper, we propose a new privacy‐preserving multireceiver ID‐based encryption scheme with provable security. We formally prove that the proposed scheme is semantically secure for confidentiality and receiver anonymity. Compared with the previously proposed anonymous multireceiver ID‐based encryption and ID‐based broadcast encryption schemes, the proposed scheme has better performance and robust security. Copyright © 2012 John Wiley & Sons, Ltd.     

可公开验证的ElGamal／RSA加密

可公开验证加密允许任何实体验证加密的消息和先前承诺的秘密一样,但不会泄漏明文的任何信息。这在公平交换、防欺骗的秘密分享和安全多方计算中有重要应用。该文分别给出可公开验证的ElGamal加密和RSA加密方案。其中前者是Stalderr方案的改进,改进后的方案是语义安全的而Stalder方案达不到语义安全性。同时将该方案推广到了多个接受者的情形,最后给出了高效的可公开验证RSA加密方案。     

A pairing‐free identity‐based handover AKE protocol with anonymity in the heterogeneous wireless networks

Nowadays, seamless roaming service in heterogeneous wireless networks attracts more and more attention. When a mobile user roams into a foreign domain, the process of secure handover authentication and key exchange (AKE) plays an important role to verify the authenticity and establish a secure communication between the user and the access point. Meanwhile, to prevent the user's current location and moving history information from being tracked, privacy preservation should be also considered. However, existing handover AKE schemes have more or less defects in security aspects or efficiency. In this paper, a secure pairing‐free identity‐based handover AKE protocol with privacy preservation is proposed. In our scheme, users' temporary identities will be used to conceal their real identities during the handover process, and the foreign server can verify the legitimacy of the user with the home server's assistance. Besides, to resist ephemeral private key leakage attack, the session key is generated from the static private keys and the ephemeral private keys together. Security analysis shows that our protocol is provably secure in extended Canetti‐Krawczyk (eCK) model under the computational Diffie‐Hellman (CDH) assumption and can capture desirable security properties including key‐compromise impersonation resistance, ephemeral secrets reveal resistance, strong anonymity, etc. Furthermore, the efficiency of our identity‐based protocol is improved by removing pairings, which not only simplifies the complex management of public key infrastructure (PKI) but also reduces the computation overhead of ID‐based cryptosystem with pairings. It is shown that our proposed handover AKE protocol provides better security assurance and higher computational efficiency for roaming authentication in heterogeneous wireless networks.     

Towards generalized ID‐based user authentication for mobile multi‐server environment

With the popularity of Internet and wireless networks, more and more network architectures are used in multi‐server environment, in which mobile users remotely access servers through open networks. In the past, many schemes have been proposed to solve the issue of user authentication for multi‐server environment and low‐power mobile devices. However, most of these schemes have suffered from many attacks because these schemes did not provide the formal security analysis. In this paper, we first give a security model for multi‐server environment. We then propose an ID‐based mutual authentication and key agreement scheme based on bilinear maps for mobile multi‐server environment. Our scheme can be used for both general users with a long validity period and anonymous users with a short validity period. Under the presented security model, we show that our scheme is secure against all known attacks. We demonstrate that the proposed scheme is well suitable for low‐power mobile devices. Copyright © 2011 John Wiley & Sons, Ltd.     

基于RC4和RSA混合算法的加密卡设计

当代社会,信息安全成为信息领域重要的研究课题.本文对现有的密码算法作了比较分析后,结合RC4和RSA算法的优点,提出了混合加密算法方案.针对算法的特点,给出了实现方法,并设计了基于该算法的DSP硬件加密卡.     

A simple three‐party password‐based key exchange protocol

In three‐party password‐based key exchange (3PAKE) protocol, a client is allowed to share a human‐memorable password with a trusted server such that two clients can agree on a secret session key for secure connectivity. Recently, many 3PAKE protocols have been developed. However, not all of them can simultaneously achieve security and efficiency. Without any server's public key, this article will propose a simple three‐party password‐based authenticated key exchange scheme. Compared with the existing schemes, the proposed scheme is not only more efficient, but also is secure. Copyright © 2009 John Wiley & Sons, Ltd.     

一种基于RSA的数字图象加密技术及其快速实现

RSA公钥密码体制的安全性依赖于大整数因数分解的困难性,目前安全素数产生难度大,运算时间长。文章根据素数的特殊表示法研究了一种高速的安全素数算法,针对当今的信息安全问题和数字图像的特点,提出了一种基于图像信息摘要和RSA的图像加密技术,利用图像信息摘要构造图像像素置乱矩阵并对图像像素矩阵进行置乱后再运用RSA公钥加密算法对置乱后的图像快速加密。     

A Short and Efficient Redactable Signature Based on RSA

The redactable signature scheme was introduced by Johnson and others in 2002 as a mechanism to support disclosing verifiable subdocuments of a signed document. In their paper, a redactable signature based on RSA was presented. In 2009, Nojima and others presented a redactable signature scheme based on RSA. Both schemes are very efficient in terms of storage. However, the schemes need mechanisms to share random prime numbers, which causes huge time consuming computation. Moreover, the public key in the scheme of Johnson and others is designed to be used only once. In this paper, we improve the computational efficiency of these schemes by eliminating the use of a random prime sharing mechanism while sustaining the storage efficiency of them. The size of our signature scheme is the same as that of the standard RSA signature scheme plus the size of the security parameter. In our scheme, the public key can be used multiple times, and more efficient key management than the scheme of Johnson and others is possible. We also prove that the security of our scheme is reduced to the security of the full domain RSA signature scheme.     

Provable secure identity‐based multi‐proxy signature scheme

Multi‐proxy signature is one of the useful primitives of the proxy signature. Till now, only a few schemes of identity‐based multi‐proxy signature (IBMPS) have been proposed using bilinear pairings, but most of the schemes are insecure or lack a formal security proof. Because of the important application of IBMPS scheme in distributed systems, grid computing, and so on, construction of an efficient and provable‐secure IBMPS scheme is desired. In 2005, Li & Chen proposed an IBMPS scheme from bilinear pairings, but their paper lacks a formal model and proof of the security. Further, in 2009, Cao & Cao presented an IBMPS scheme with the first formal security model for it. Unfortunately, their scheme is not secure against the Xiong et al's attack. In this paper, first, we present an IBMPS scheme, then we formalize a security model for the IBMPS schemes and prove that the presented scheme is existential unforgeable against adaptive chosen message and identity attack in the random oracle model under the computational Diffie–Hellman assumption. Also, our scheme is not vulnerable for the Xiong et al's attack. The presented scheme is more efficient in the sense of computation and operation time than the existing IBMPS schemes. Copyright © 2013 John Wiley & Sons, Ltd.     

MaTRU‐KE: A key exchange protocol based on MaTRU cryptosystem

We propose a quantum ‐resistant key exchange protocol based on hard problems of lattices using MaTRU cryptosystem as an underlying scheme. A key exchange protocol based on NTRU cryptosystem given by Lie et al is not secure against man‐in‐the‐middle (MITM) attack. To remove this failure and provide a secure protocol, our protocol uses a trusted third party (TTP). Additionally, our protocol is better than NTRU‐KE on efficiency and security point of view. In this paper, we propose key exchange protocol with TTP and without TTP, and describe the advantages and disadvantages of both schemes.     

保护用户隐私的数据加密与安全存储方案

文中提出了一套保护用户隐私的数据加密与安全存储方案,选择了适合的加密算法和密钥管理方案。通过对比分析不同加密算法的安全性和效率,最终选择了AES 256,RSA等加密算法,并设计了三级密钥管理方案,实现了对密钥的安全存储和分发。在数据存储方面,以eMMC存储器为存储介质,实现了基于角色和权限的访问控制机制,确保用户只能访问其被授权的数据。     

An Improved and Secure Two-factor Dynamic ID Based Authenticated Key Agreement Scheme for Multiserver Environment

The smart card based password authentication scheme is one of the most important and efficient security mechanism, which is used for providing security to authorized users over an insecure network. In this paper, we analyzed major security flaws of Jangirala et al.’s scheme and proved that it is vulnerable to forgery attack, replay attack, user impersonation attack. Also, Jangirala et al.’s scheme fail to achieve mutual authentication as it claimed. We proposed an improved two factor based dynamic ID based authenticated key agreement protocol for the multiserver environment. The proposed scheme has been simulated using widely accepted AVISPA tool. Furthermore, mutual authentication is proved through BAN logic. The rigorous security and performance analysis depicts that the proposed scheme provides users anonymity, mutual authentication, session key agreement and secure against various active attacks.     

Provably secure RSA‐type signature based on conic curve

In electronic communication and wireless communication, message authentication should be necessary. However, traditional method message authentication code (MAC) employs a symmetric cryptographical technique and it needs to keep a shared private key between two parties. For convenience, people now begins to use public key techniques to provide message authentication. In wireless communication, we shall save more space for message itself because of the limited resources. Therefore, we believe that our proposed digital signature scheme will be more fitful for this kind of communication due to the following merits: (1) in addition to inheriting the merits of RSA signature such as high verification efficiency, the proposed scheme also shows its advantage over RSA by resisting low public key exponent attack; (2) comparing with 1024 bits RSA, our digital signature scheme can sign 2048‐bit long message once, and generate a signature with 1025 bits length which doubles the capacity of the 1024‐bit RSA signature; (3) the scheme is provably secure and its security is tightly related to the hardness of conic‐based (CB)‐RSA assumption. Copyright © 2008 John Wiley & Sons, Ltd.     

MaTRU‐KE revisited: CCA2‐secure key establishment protocol based on MaTRU

Quantum attack–resistant cryptosystems are required for secure communication since there is a big demand to have quantum computers. Lattice‐based cryptography is one of the quantum‐secure families due to its key/ciphertext sizes and performance. NTRU‐based cryptosystems, a member of lattice‐based cryptosystems, have received much more attention. MaTRU, a noncommutative version of NTRU with some matrix properties, is used to obtain a key exchange protocol in 2018. In this paper, we focus on MaTRU‐based key exchange protocols having CCA2 properties. We propose CCA2‐secure versions of MaTRU‐KE and then provide a security analysis of CCA2‐secure key establishment protocols. We also provide a comparison with the previous ones.     

Provably Secure Aggregate Signcryption Scheme

An aggregate signature scheme is a digital signature scheme that allows aggregation of n distinct signatures by n distinct users on n distinct messages. In this paper, we present an aggregate signcryption scheme (ASC) that is useful for reducing the size of certification chains (by aggregating all signatures in the chain) and for reducing message size in secure routing protocols. The new ASC scheme combines identity‐based encryption and the aggregation of signatures in a practical way that can simultaneously satisfy the security requirements for confidentiality and authentication. We formally prove the security of the new scheme in a random oracle model with respect to security properties IND‐CCA2, AUTH‐CMA2, and EUF‐CMA.     

基于身份认证的无线安全密钥交换

认证密钥协商使得通信双方在共享一个安全会话密钥的同时实现相互认证。针对无线网络,基于口令认证的密钥协商算法也许能降低系统资源开销,但通常不能有效抵抗字典攻击。针对无线设备的资源有限性,文中提出一种可证安全的、基于身份的、认证的密钥协商方案,所提出方案需要计算量少,能够抵抗冒充攻击并且满足密钥协商协议所要求的其它安全属性。     

基于ECC和零知识证明的盲签名方案设计与实现

椭圆曲线密码系统具有稳定的数学结构和较高的安全性,与目前流行的RSA公钥密码系统相比较有很大优势,成为当前研究的热点。基于椭圆曲线密码体制,设计和实现了一种高效安全的盲签名方案。首先,对相关概念及文献进行了分析与比较,介绍了椭圆曲线密码系统和盲签名的基本原理;其次,基于椭圆曲线密码系统的优势,设计了一种盲签名新方案.在方案中,为了不向签名者泄漏请求签名者的身份信息,消息发送者使用零知识证明协议隐藏了身份信息;最后,对设计方案的盲化、不可追踪性进行了分析,并与常见的盲签名算法进了分析比较,证明了本设计方案的高效性。     

基于非齐次线性方程组的认证协议的改进

文中主要回顾了<基于非齐次线性方程组的认证协议的研究>一文中给出的基于具有无穷多个解的非齐次线性方程组而建立的一个身份认证协议和一个消息认证协议,结合<两个认证协议的安全缺陷>一文,对这两个认证协议中存在的安全缺陷进行具体分析;然后通过引入陷门单向函数对这两个认证协议进行改进,保障其安全缺陷和可操作性;并用RSA算法作为实例,对改进后的认证协议进行讨论分析.     

A novel RSA algorithm for secured key transmission in a centralized cloud environment

Cloud computing has been gaining widespread significance in recent times, especially with the advent of state‐of‐the‐art communication technologies and data‐handling systems. Large volumes of data are being handled in real time and their availability is made feasible to consumers in an efficient manner through cloud computing networks. However, security of such data being transferred through clouds characterized in a centralized configuration is of prime concern, which has been investigated in this research paper. Secured transmission of data through a secured key transmission using appropriate authentication mechanism has been the driving force behind the research carried out in this paper. In order to resolve the existing issues in clouds in terms of computational as well as storage complexities, a secure key transmission Rivest‐Shamir‐Adleman (SKT‐RSA) protocol is proposed based on the secure key transmission. Key distribution between the certified authority and the end user is proposed. The proposed protocol is a tree‐based cluster key distribution scheme.     

一个高效的基于身份和RSA的紧致多重数字签名方案

紧致多重数字签名是指多个用户对同一个消息进行多重签名,所得多重签名的长度和单个用户签名的长度相当。该文提出一个高效的基于身份和RSA的紧致多重签名方案。签名和验证的效率比Bellare和Neven的多重签名方案提高了接近50%,多重签名的长度和单个RSA签名长度相当,因为使用了基于身份的公钥密码,新方案很好地实现了多重签名的紧致性目标。在随机预言模型和RSA假设下证明了方案的安全性。