标准模型下基于认证的混合加密算法

为了构建一个较公钥基础设施(PKI)要求更为简单的公钥密码系统,Gentry提出了基于认证的公钥加密方案.在基于认证的公钥加密方案中,第三方对认证申请者的公钥或身份进行签名,并将该签名作为认证发送给申请者,申请者保留认证作为解密时的部分私钥.接收方对密文解密需要同时拥有第三方对其公钥的认证和接收方公钥对应的私钥,因而基于认证的加密方案同时具备基于身份加密方案中公钥的可认证性和传统公钥加密方案中私钥的免撤销性.基于Gentry身份加密算法提出一种高效、短公钥的基于认证的混合加密算法,新算法能在标准(非随机预言机)模型下被证明抗适应性选择密文攻击.     

EPON系统中安全服务策略分析及改进

从以太网无源光网络(EPON)潜在隐患入手,分析窃听、拒绝服务、伪装及窃取服务等安全风险,提出一种基于ECC公钥数字证书的认证方案.同时,引进了基于CCM方式的数据认证加密方案,并在OMNeT环境中仿真该认证及加密方案,并与其它现有方案进行对比分析.从结果可知,该认证方案具有低延时特性,且满足不可否认性等安全性问题.     

一种基于指纹加密的网络身份认证方案

分析与比较了现有的身份认证技术,将指纹识别、数据加密和安全协议等技术紧密结合,指出用指纹加密作为网络身份认证技术是可行的,可靠的。提出了一种基于指纹加密的网络身份认证方案,介绍了方案原理,体系结构和认证协议,很好地解决了计算机网络系统中的身份认证问题。     

基于MAC层的EPON双向认证加密方案研究

在分析了以太网无源光网络(EPON)网络中存在的安全隐患基础上,针对EPON网络中存在的安全问题,根据双向认证加密方案及技术路线,提出了一个抗MAC帧窃听和重放攻击的混合加密双向认证方案。该方案在不增加成本的基础上,全面地保障了EPON系统数据的安全,同时也满足了不同用户的需求,系统有一定的实用意义。     

一种基于椭圆曲线的短波数据通信身份认证机制

结合短波信道的特点,比较了各种加密体制和算法,进行了加密体制选择和加密算法选择,最终确立一套切实可行的集加密与身份认证于一身的安全方案,并给出了具体实现流程.实现的加密认证方案对于解决短波数据通信中的安全问题有一定的参考价值.     

电视制导导弹无线电指令加密认证研究

针对两枚导弹同时攻击邻近目标时相互之间的指令干扰问题,提出了一种含有载机认证的无线电控制指令加密方案。方案结合对称密码学与非对称密码学的特点,利用非线性滤波函数产生密钥流对指令明文进行加密,并利用简化的数字签名实现了对制导指令的认证。描述了非线性滤波函数的构造、指令加密认证方案和算法的DSP实现与仿真,仿真结果表明该方案能很好地解决指令干扰问题,为综合更全面的航空电子系统的研究提供了有益的帮助。     

一种新型的ASP集成应用方案的实现

本文针对中小企业现状和应用软件的特点,提出了一个ASP(application service provider,应用服务提供商)体系结构模型,并对基于终端服务和基于网络封包认证两种ASP应用方案进行了分析比较,给出了基于SPI(服务供应商接口)的网络封包截获加密认证的ASP实现方案.     

SA-IBE:一种安全可追责的基于身份加密方案

基于身份加密(Identity-Based Encryption, IBE)方案中,用户公钥直接由用户身份得到,可以避免公钥基础设施(Public Key Infrastructure, PKI)系统的证书管理负担。但IBE存在密钥托管问题,即私钥生成器(Private Key Generator, PKG)能够解密用户密文或泄漏用户私钥,而现有解决方案一般需要安全信道传输私钥,且存在用户身份认证开销大或不能彻底解决密钥托管问题的缺陷。该文提出一种安全可追责的基于身份加密方案,即SA-IBE方案,用户原私钥由PKG颁发,然后由多个密钥隐私机构并行地加固私钥隐私,使得各机构无法获取用户私钥,也不能单独解密用户密文;设计了高效可追责的单点PKG认证方案;并采用遮蔽技术取消了传输私钥的安全信道。文中基于标准的Diffie-Hellman假设证明了SA-IBE方案的安全性、解决密钥托管问题的有效性以及身份认证的可追责性。     

一种基于公钥的新型Kerberos域间认证方案

描述了一种基于公钥加密的新型Kerberos域间认证方案.鉴于以往Kerberos域间认证方案中域间存在密钥数量庞大和系统安全性不够强的问题,引入了中介KDC和公钥加密体制对Kerberos域间认证方案进行改进.改进方案中,中介KDC和与之相关的非中介KDC共享对方公钥.通过可行性、安全性分析可知,该方案使系统更安全,密钥的管理和维护更容易.     

一种新的一阶段加密认证模式

 在信息安全的许多实际应用中往往需要同时提供私密性和认证性,通常采用加密模式和消息认证码的组合来实现这一目的,但这种实现方式须对同一消息分加密和认证两阶段进行处理,不仅密钥使用量大,而且效率低下.本文基于CBC加密模式设计了一种新的一阶段加密认证方案OXCBC,能够同时提供私密性和认证性,且仅使用一个密钥和一个Nonce,与同类型的加密认证方案相比具有较高的效率.在分组密码是强伪随机置换的假设下,证明了该方案的认证性.     

An Authenticated Identity-Based Key Establishment and Encryption Scheme for Wireless Sensor Networks

1Introduction Wirelesscommunicationhasbeenahotissuesince1990.includingAdhocandwirelesssensornetworks,etc.Especially,WirelessSensorNetwork(WSN).Whichhasreceivedconsiderableattentionduringlast decade[1-2].Ithasbeendevelopedforawidevarietyof applications,inc…     

不使用Hash和Redundancy函数的认证加密方案

本文提出了一类新的认证加密方案,这类方案首次将消息可恢复签名和对称加密有机结合.它有两个特点,一个是签名中的承诺值只有预定的接收者才能算出,从而又可将该承诺值用作对称加密的密钥,取得一举两得之功效;另一个是用签名中恢复出的消息与对称解密得到的消息相比较,实现消息有效性的验证,改变了传统上使用Hash函数或Redundancy函数的验证方法.因此本文提出的新方案是一类不使用Hash函数和Redundancy函数的认证加密方案,     

带消息恢复的可证明安全自证书签名方案

To solve the key escrow problem of the identity-based cryptosystem, Girault introduced the notion of a self-certified public key, which not only eliminates the need to authenticate a public key but also solves the key escrow problem. This paper proposes a Self-Certified Signature (SCS) scheme with message recovery and two variants without using bilinear pairings: one is the authenticated encryption scheme in which only the designated receiver can verify the signature, and the other is the authenticated encryption scheme with message linkage that deals with large messages. These three SCS schemes are provably secure in the random oracle model and are more efficient than previous schemes.     

Authenticated encryption schemes with low communication costs

A possible application of the Nyberg-Rueppel digital signature scheme is for authenticated encryption. The authors present schemes in which the communication costs are low in comparison to the basic scheme and which can be constructed from the Nyberg-Rueppel digital signature scheme     

Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm

An authenticated encryption scheme is a symmetric encryption scheme whose goal is to provide both privacy and integrity. We consider two possible notions of authenticity for such schemes, namely integrity of plaintexts and integrity of ciphertexts, and relate them, when coupled with IND-CPA (indistinguishability under chosen-plaintext attack), to the standard notions of privacy IND-CCA and NM-CPA (indistinguishability under chosen-ciphertext attack and nonmalleability under chosen-plaintext attack) by presenting implications and separations between all notions considered. We then analyze the security of authenticated encryption schemes designed by “generic composition,” meaning making black-box use of a given symmetric encryption scheme and a given MAC. Three composition methods are considered, namely Encrypt-and-MAC, MAC-then-encrypt, and Encrypt-then-MAC. For each of these and for each notion of security, we indicate whether or not the resulting scheme meets the notion in question assuming that the given symmetric encryption scheme is secure against chosen-plaintext attack and the given MAC is unforgeable under chosen-message attack. We provide proofs for the cases where the answer is “yes” and counter-examples for the cases where the answer is “no.” M. Bellare’s work was supported in part by a 1996 Packard Foundation Fellowship in Science and Engineering, NSF CAREER Award CCR-9624439, NSF grants CNS-0524765 and CNS-0627779, and a gift from Intel Corporation. C. Namprempre’s work was supported in part by grants of the first author and the Thailand Research Fund.     

具有纠错能力的认证会议密钥分配方案和安全广播通信方案

本文提出了一种构造具有纠错能力的认证会议密钥分配方案和安全广播 有效方法，该方法不是采用传统的加密技术而是利用幻民错码技术，由该方法构造的两个方案不仅安全，而且可以提高通信的可靠性。     

量子消息认证协议

研究了在量子信道上实现经典消息和量子消息认证的方法。给出了一个基于量子单向函数的非交互式经典消息认证加密协议。证明了给出的协议既是一个安全的加密方案,也是一个安全的认证方案。利用该认证加密协议作为子协议,构造了一个量子消息认证方案,并证明了其安全性。与BARNUM等给出的认证方案相比,该方案缩减了通信双方共享密钥的数量。     

Privacy-preserving authenticated key agreement scheme based on biometrics for session initiation protocol

A secure key agreement scheme plays a major role in protecting communications between the users using voice over internet protocol over a public network like the internet. In this paper we present a strong security authenticated key agreement scheme for session initiation protocol (SIP) by using biometrics, passwords and smart cards. The proposed scheme realizes biometric data protection through key agreement process meanwhile achieving the verification of the biometric value on the SIP server side which is very important in designing a practical authenticated key agreement for SIP. The main merits of our proposed scheme are: (1) the SIP server does not need to maintain any password or verification table; (2) the scheme can provide user identity protection—the user’s real identity is protected by a secure symmetric encryption algorithm and the elliptic curve discrete logarithm problem, and it is transmitted in code; (3) the scheme can preserve the privacy of the user’s biometric data while the biometric matching algorithm is performed at the SIP server side, even if the server does not know the biometric data in the authentication process. Performance and security analysis shows that our proposed scheme increases efficiency significantly in comparison with other related schemes.     

关于具有恢复消息功能的认证方案的一点注记

简述了基本的Nyberg-Rueppel认证方案和HMP认证方案,指出了LC认证方案是HMP认证方案的一个特例。