Conference key agreement protocol with non-interactive fault-tolerance over broadcast network

Most conventional conference key agreement protocols have not been concerned with a practical situation. There may exist some malicious conferees who attempt to block conference initiation for some purposes, e.g. commercial, political or military benefit. Instances where conference must be launched immediately due to emergency, efficient detection of malicious behavior would be needed. Recently, Tzeng (IEEE Trans. Comput. 51(4):373–379, 2002) proposed a fault-tolerant conference key agreement protocol to address the issue where a conference key can be established among conferees even though malicious conferees exist. However, his protocol might be complex and inefficient during fault-detection. In the case where a malicious conferee exists and a fault-tolerant mechanism is launched, complicated interactions between conferees will be required. In this paper, we introduce a novel strategy, where any malicious conferee may be identified and removed from the conferee list without any interaction. With such a non-interactive fault-tolerance, conferences could be established and started efficiently. A complete example of our protocol will be given to describe the fascinating fault-tolerance. We analyse the security of our protocol regarding four aspects, i.e. correctness, fault-tolerance, active attack and passive attack. The comparisons of performance between our protocol and that of Tzeng are also shown. As a whole, the advantage of our protocol is superior to that of Tzeng under the situation where malicious conferees exist.

一种抗阻断攻击的认证组密钥协商协议

一个非认证的组密钥协商协议不能对通信参与者和消息进行认证,它必须依赖认证的网络信道或其它的认证方法.分析了Burmester等人在认证广播信道下提出的著名组密钥协商协议,指出它不能抵抗内部恶意节点发起的密钥协商阻断攻击,该攻击导致组内其它诚实节点不能正确计算出一致的组密钥.提出了一种改进的认证的组密钥协商协议,在原协议中加入了消息正确性的认证方法,能够对组内恶意节点进行检测,并在随机预言模型下证明了改进的协议能够抵抗密钥协商阻断攻击.     

基于概率验证的移动会议方案

基于移动网络的会议系统,着重于共享密钥的建立、分发与更新,对会议参与者的恶意或虚假消息,以往的方案不能阻止。提出了一种基于概率验证的方法,将其应用于移动会议的设计,可以有效地降低方案运行中的垃圾信息。     

Security weakness of Tseng’s fault-tolerant conference-key agreement protocol

A fault-tolerant conference-key agreement protocol establishes a shared key among participants of a conference even when some malicious participants disrupt key agreement processes. Recently, Tseng proposed a new fault-tolerant conference-key agreement protocol that only requires a constant message size and a small number of rounds. In this paper, we show that the Tseng’s protocol cannot provide forward and backward confidentiality during a conference session for the proposed attack method. We also show that a simple countermeasure—re-randomizing short-term keys of some participants—to avoid the proposed attack can be broken by extending the proposed attack method.     

改进的错误容忍的会议密钥分配方案

提出了一个改进的基于身份并且错误容忍的会议密钥分配方案,分析结果表明,改进的协议在继承原协议安全特性的基础上,具备了抗被动攻击性、抗篡改攻击性和前向安全性,跟同类协议相比较,其安全性最高,通信量居中,因此,其实用性最强。     

基于身份的会议密钥协商算法

利用Cha和Cheon提出的基于身份的数字签名方案,提出了一种新的会议密钥协商算法,并分析了该算法的正确性、安全性和执行效率。分析结果表明,在Gap Diffie-Hellman假设下,任何窃听者均无法得到有关会议密钥的任何信息,且无论存在多少恶意参与者,诚实参与者都能够协商出共同的会议密钥。该方案效率较高,有较强的灵活性、适应性和实用性。     

基于身份具有错误容忍的会议密钥分配协议

利用Yang等人的一个基于身份的并且错误容忍的会议密钥分配方案,提出了一种改进的会议密钥分配协议算法,并分析了该协议的正确性和安全性。分析结果表明,该方案不但实现了即使存在恶意参与者的情况下,诚实参与者也能协商出一个共同的会议密钥的目的;而且能够有效地抵抗被动攻击和主动攻击,安全高效,具有很强的实用性。     

Quantum simultaneous secret distribution with dense coding by using cluster states

A new communication mode, quantum simultaneous secret distribution (QSSD) is put forward, where one sender distributes different classical secret message to multiparty receivers simultaneously. Based on the properties of the one-dimensional four-qubit cluster states, a three-party QSSD protocol is proposed, and then it is extended to the case that there are many receivers. Owing to the idea of quantum dense coding, each receiver can receive two bits of classical message by the sender only using a cluster state. In order to check security of quantum channels, a strategy which can prevent common attacks efficiently is put forward. QSSD is distinct from quantum secret sharing (QSS) and quantum broadcast communication (QBC), but it can be easily converted into QSS and QBC. QSSD is also different from the multiple-QKD communication mode where the sender shares a private key with each receiver at first, while in QSSD the sender doesn’t; in addition, only one round of one-to-many communication is performed in QSSD, while in multiple-QKD communication mode many rounds of one-to-one communication are performed.     

针对基于离散对数多重签名方案的一种攻击

作为一种特殊的数字签名，多重签名由签名群体中的所有成员合作对给定的消息进行处理后形成整个群体的签名；而验证者只需要利用群体的唯一公钥即可对签名进行有效性检验．Harn和Ji等人提出了两个基于离散对数的多重签名方案．但陆浪如等指出了这两个方案的一个共同缺点：若部分成员合谋作弊，则群体所产生的多重签名也可以解释为由其他诚实成员所产生的多重签名．这样，在必要时，作弊成员就可以否认他们与某些多重签名有关．为了克服这一缺点，陆浪如等对这两个多重签名方案的密钥生成部分提出了两种改进．该文给出一种攻击方法以表明陆浪如等的改进多重签名方案仍然是不安全的．在这一攻击中，单个成员就能够控制群体私钥，从而能以群体的名义伪造对任何消息的多重签名．与此同时，其他成员仍可正常地产生签名，所以他们觉察不到欺诈的存在．另外，该文提出的攻击方法对改进前的方案也有效．     

A conference key agreement protocol with fault-tolerant capability

Secure communication is of utmost importance to participants of Internet conferences. Secure communication thwarts eavesdropping. In an Internet conference, all conference participants together establish a common conference key to enable multi-party and secure exchange of messages. However, malicious conference participants may try to obtain the conference key through unfair means, and this could result in the generation of different conference keys. This paper is intended as a proposal of a new form of conference key agreement protocol. It emphasizes the filtering of malicious participants at the beginning of the conference to ensure that all participants obtain the same conference key. The proposed method also has fault-tolerant capability. Efficiency and security of a protocol is important in practice. The security of the proposed protocol is based on discrete logarithm problem assumption. The protocol is executed in computationally secure environment. The secret information of a user cannot be determined from its corresponding public information and therefore ensures privacy. Since efficiency of a protocol depends on low computation cost, the protocol attempts to achieve lower computation cost without compromising on security.     

Security of robust generalized MQV key agreement protocol without using one-way hash functions

The MQV key agreement protocol has been adopted by IEEE P1363 Committee to become a standard, which uses a digital signature to sign the Diffie–Hellman public keys without using any one-way hash function. Based on the MQV protocol, Harn and Lin proposed a generalized key agreement protocol to enable two parties to establish multiple common secret keys in a single round of message exchange. However, the Harn–Lin protocol suffers from the known-key attack if all the secret keys established are adopted. Recently, Tseng proposed a new generalized MQV key agreement protocol without using one-way hash functions. Tseng claimed that the proposed protocol is robust since the new protocol can withstand the forgery attack and the known-key attack. In this paper we show that this protocol is not secure since the receiver can forge signatures. We also propose an improved authenticated multiple-key agreement protocol, which is secure against the forgery attack and the known-key attack.     

基于多比特全同态加密的安全多方计算

本文中,我们首先证明了李增鹏等人提出的多比特多密钥全同态加密方案(MFHE)满足密钥同态性质,利用此性质,可以通过门限解密得到最终解密结果.使用该方案,我们设计了一个在CRS模型下和半恶意攻击者模型下安全的三轮多方计算协议(MPC).该安全多方计算协议的安全性是基于容错学习问题(LWE)的两个变种问题Ferr-LWE和...     

A one-round secure message broadcasting protocol through a key sharing tree

A key sharing graph is one in which each vertex corresponds to a player, and each edge corresponds to a secret key shared by the two players incident with the edge. Assume that, given a key sharing graph which contains a spanning tree, any designated player wishes to broadcast a message to all the other players securely against an eavesdropper. This can be easily done by flooding the message on the tree using the one-time pad scheme. However, the number of communication rounds in such a protocol is equal to the height of the tree. This paper provides another efficient protocol, which has exactly one communication round, i.e., we give a non-interactive protocol.     

Detecting and Preventing Type flaws: a Control Flow Analysis with Tags

A type flaw attack on a security protocol is an attack where an honest principal is cheated on interpreting a field in a message as the one with a type other than the intended one. In this paper, we shall present an extension of the LySa calculus with tags attached to each field, indicating the intended types. We developed a control flow analysis for analysing the extended LySa, which over-approximates all the possible behaviour of a protocol and hence is able to capture any type confusion that may happen during the protocol execution. The control flow analysis has been applied to a number of security protocols, either subject to type flaw attacks or not. The results show that it is able to capture type flaw attacks on those security protocols.     

公平的安全多方计算协议

公平性是安全多方计算中的一个重要性质,它保证所有参与者都能获得自己的输出,然而在大多数参与者不诚实的情况下,不可能实现完全公平性。为此,在恶意模型下,采用承诺方案及分割选择技术,提出一个基于混淆电路的安全多方计算协议。分析结果表明,该协议在诚实参与者人数t≥4的情形下满足多方计算的安全性,并且实现公平性。     

基于椭圆曲线的跨域端到端口令认证密钥协商协议

跨域端到端口令认证密钥协商协议(C2C-PAKA)的主要目的是使分布在不同域中持有不同口令的两个客户端可以在各自服务器的协助下实现相互认证并协商出共同的会话密钥。本文中,我们基于椭圆曲线上的离散对数问题,在直接通信架构下给出一个跨域的口令认证的密钥协商协议。该协议中,诚实的服务器是不能获取任何关于会话密钥的值。各参与方之间能够实现相互认证。与同类协议比较,该协议具有较小的通信负担和计算负担,更易于实现。此外,协议还能够抵抗字典攻击、口令泄露模仿攻击和未知会话密钥共享攻击等通用攻击类型,同时能够实现前向安全、无密钥控制和已知会话密钥安全等安全属性。     

基于无证书密码学的可认证三方密钥协商协议

为了使密钥协商协议能够抵抗主动攻击,提出了一个可认证的无证书三方密钥协商协议。首先分析现有密钥协商协议的特点,然后以无证书密码学理论为基础设计一个安全的三方密钥协商协议。该协议只需要一轮消息交换就可以建立起安全的三方会话密钥,有效地克服了密钥托管问题,提供完善的前向安全性。通过性能分析表明,该协议具有较高的安全性和运行效率。     

基于RSA的广播加密新方案

根据RSA加密系统和小公钥的动态放大技术,提出了一种面向不同组的用户的广播加密新方案。在新方案中,每个用户都采用相同的小公钥,利用它可同时对不同组的接收者进行广播加密传送消息。加密阶段发送者根据接收用户数计算安全的放大因子,然后引入随机整数,将明文消息加密生成广播传送的密文。这样不仅提高了RSA的加密速度,而且可同时抵御低指数攻击和重发攻击,并实现对不同组的接收者进行广播加密传送消息。     

一种基于椭圆曲线数字签名的可认证密钥分配方案

文章提出了一种基于椭圆曲线数字签名的可认证密钥分配方案,并对其安全性进行了分析、讨论。在此基础上提出了一种由会议主席产生会议密钥并秘密地传送给会议参加者,会议参加者可以对会议密钥及其签发者进行认证的会议密钥分配方案。