基于属性的代理签密方案

为了达到群组签密的目的以及使得群组签密具有代理功能,利用双线性配对的特性结构及基于属性的密码体制结构,构建出一个基于属性的代理签密方案。其中,将文件用属性集来标识,私钥由访问控制结构来产生,用来控制签密、代理签密和解签密的权限范围。该方案既保持了基于属性签密的优点,又具有代理签名的功能,且具有公开验证性、强可识别性及强不可否认性。最后,对方案进行了安全性分析。     

无线传感器网络中自治愈的群组密钥管理方案

 群组密钥管理的自治愈机制是保证无线传感器网络在不可靠信道上进行安全群组通信的重要 手段.基于采用双方向密钥链的群组密钥分发与撤销方法,提出了一个无线传感器网络中具有撤销能力的自治愈群组密钥管理方案.该方案实现了群组密钥的自治愈功能和节点撤销能力, 能够满足在较高丢包率的无线通信环境下传感器网络群组密钥管理的安全需求,确保了群组密钥保密性、前向保密性和后向保密性等安全属性.性能分析表明,该方案具有较小的计算和通信开销,能够适用于无线传感器网络.     

基于身份的空间网络组密钥管理方案

针对现有组密钥管理方案无法适应空间网络的问题,提出了一种基于身份的空间网络组密钥管理方案.方案设置了一个由卫星节点组成的多播服务节点集合,协助多播群组完成公共参数的生成和广播,解决了组成员开销不平衡的问题;为同一群组提供服务的节点动态可变,避免了单点失效问题.与现有方案相比,本方案在满足安全要求的基础上,具有更小的计算、存储和通信开销.     

新型面向授权子集环签名方案

对传统的面向个人环签名方案进行扩展,提出了一个面向授权子集的环签名方案.在方案中,签名子集首先构建一个包含其自身所有成员在内的群组,然后构建一个包含签名子集在内的群组成员的子集集合.环签名是由签名子集中的所有成员合作做出的.验证者可以验证签名是否是由子集集合中的某一个子集所做出的,却无法找出具体的签名子集.在随机问答器模型下,证明了方案是安全的.通过对方案的复杂性分析表明,签名系统是高效的.     

基于异构密码系统的混合群组签密方案

群组签密既能实现群组签名,又能实现群组加密,但是现有的群组签密方案的发送者和接收者基本上在同一个密码系统中,不能满足现实环境的需求,而且基本上采用的是公钥加密技术,公钥加密技术在加密长消息时效率较低。因此该文提出由基于身份的密码体制(IBC)到无证书密码体制(CLC)的异构密码系统的混合群组签密方案。在该方案中,私钥生成器(PKG)和密钥生成中心(KGC)能够分别在IBC密码体制和CLC密码体制中产生自己的系统主密钥;而且群组成员只有协作才能解签密,提高了方案的安全性;同时在无需更换群组公钥和其他成员私钥的情况下,用户可以动态地加入该群组。所提方案采用了混合签密,具有可加密任意长消息的能力。在随机预言模型下,证明了该文方案在计算Diffie-hellman困难问题下具有保密性和不可伪造性。通过理论和数值实验分析表明该方案具有更高的效率和可行性。

     

R＆S移动终端PoC测试方案

PoC（Push to talk Over cellular，一键通）是WCDMA或CDMA2000网络基于分组交换语音传输的一项双向无线服务，这项服务为封闭群组的用户提供了一个群组通信的经济方案，使用户通过一个按键即可进行私人约会或商务会谈，而无须冗长的电话交谈或是复杂的短信。     

面向分层无人机网络的去中心群组密钥管理方案

为解决现有分层无人机(UAV)网络中群组密钥管理存在的单点故障问题,群组成员离线导致整个群组无法计算、及时更新组密钥的问题,该文提出一种支持异步计算的去中心群组密钥管理方案。该方案采用异步棘轮树(ART)协议实现对群组密钥的预部署,各成员能对组密钥进行异步计算、自主更新;利用区块链技术的去中心化特性解决了单点故障问题,提高了群组密钥管理的透明性与公平性。性能评估表明,与同类方案相比,该方案中的簇成员无人机具有较低的计算开销和通信开销,适合应用于分层无人机网络环境。     

一种基于服务器端的群组密钥协商方案

群组密钥协商是群组通信中非常重要的基本工具,现有群组密钥协商机制需要本地组成员全部参与协商,这严重制约群组通信系统的可扩展性与高效性。针对这个问题,文中提出了一种基于服务器端的群组密钥协商方案。该方案仅需要与每个组成员连接的服务器组间密钥协商,从而能够降低群组的存储开销和通信开销。同时在客户端函数库内通过设计一个单向映射机制实现从服务器组密钥到群组密钥变换。与基于客户端函数库的密钥协商机制相比,其可扩展性及密钥协商效率更高。     

基于UDP的群组通信构件的方案

随着计算机技术的发展以及微处理器和网络技术的不断更新,分布式系统已应用于通信的众多领域,而群组通信作为其中的核心环节,也就变得尤为重要。本文对群组通信的设计作了详细分析,并针对UDP协议的不可靠性,给出了一个基于UDP协议的群组通信构件的方案,为高效可靠的群组通信提供了一个新的设计方案。     

基于LKH的组播密钥分发改进方案R-LKH

随着Internet的发展，组播技术得到了广泛的应用，其中组密钥管理是组播安全的核心问题。分析了已有密钥管理方案的优缺点，特别是被广泛关注的LKH方案，提出了一个基于LKH的密钥管理新方案R—LKH．并给出相应的更新算法。通过对本方案和其他方案的通信开销、密钥存储开销和计算开销的分析表明．该方案可有效降低密钥开销，且具有可行的通信效率，适用于大型的动态群组。     

Slight Homomorphic Signature for Access Controlling in Cloud Computing

With the popularity of cloud computing, how to securely authenticate a user while not releasing user’s sensitive information becomes a challenge. In this paper, we introduce a slight homomorphic signature, which is suitable to implement an access controlling service in cloud computing. In slight homomorphic signature, each user in cloud computing who have a set of identity attributes, firstly computes a full signature on all his identity attributes, and sends it to a semi-trusted access controlling server. The access controlling server verifies the full signature for all identity attributes. After then, if the user wants to require a cloud service, which may have a special requirement on one of the identity attributes, the user only needs to securely send the cloud service’s name to the access controlling server. The access controlling server which does not know the secret key can compute a partial signature on this special identity attribute, and then sends it to the cloud server for authentication. In the paper, we give a formal secure definition of this slight homomorphic signature, and construct a scheme from Boneh–Boyen signature. We prove that our scheme is secure under q-SDH problem with a weak adversary.     

网络空间大搜索研究范畴与发展趋势

随着网络空间的拓展、网络应用模式的发展及大数据时代的到来,面向网络空间的下一代搜索引擎——“大搜索”已具有迫切的需求。阐述了网络空间大搜索的内涵及其特点,提出了大搜索的研究范畴,包括泛在网络空间信息获取与发掘、知识仓库构建和管理、用户搜索意图准确理解与表示、用户意图高效匹配和推演、大搜索安全可信与隐私保护等方面的内容,并针对上述问题,指出了具有5S特性的网络空间大搜索技术的发展趋势。     

Attribute Allocation and Retrieval Scheme for Large-Scale Sensor Networks

Wireless sensor network is an emerging technology that enables remote monitoring of large geographical regions. In this paper, we address the problem of distributing attributes over such a large-scale sensor network so that the cost of data retrieval is minimized. The proposed scheme is a data-centric storage scheme where the attributes are distributed over the network depending on the correlations between them. The problem addressed here is similar to the Allocation Problem of distributed databases. In this paper, we have defined the Allocation Problem in the context of sensor networks and have proposed a scheme for finding a good distribution of attributes to the sensor network. We also propose an architecture for query processing given such a distribution of attributes. We analytically determine the conditions under which the proposed architecture is beneficial and present simulation results to demonstrate the same. To the best of our knowledge, this is the first attempt to determine an allocation of attributes over a sensor network based on the correlations between attributes.     

A based on blinded CP‐ABE searchable encryption cloud storage service scheme

Cloud computing has great economical advantages and wide application, more and more data owners store their data in the cloud storage server (CSS) to avoid tedious local data management and insufficient storage resources. But the privacy of data owners faces enormous challenges. The most recent searchable encryption technology adopts the ciphertext‐policy attribute‐based encryption (CP‐ABE), which is one good method to deal with this security issue. However, the access attributes of the users are transmitted and assigned in plaintext form. In this paper, we propose a based on blinded CP‐ABE searchable encryption cloud storage service (BCP‐ABE‐SECSS) scheme, which can blind the access attributes of the users in order to prevent the collusion attacks of the CSS and the users. Data encryption and keyword index generation are performed by the data owners; meanwhile, we construct that CSS not only executes the access control policy of the data but also performs the pre‐decryption operation about the encrypted data to solve higher time cost of decryption calculation to the data users. Security proof results show that this scheme has access attribute security, data confidentiality, indistinguishable security against chosen keyword attack, and resisting the collusion attack between the data user and the CSS. Performance analysis and the experimental results show that this scheme can effectively reduce the computation time cost of the data owners and the data users.     

Efficient Membership Revocation in ACJT Group Signature

How to find efficient and secure member- ship revocation algorithms is one of the most important issues standing in the way of real-world applications of group signatures. In this paper, the proof of knowledge of divisibility is given and a novel membership revocation method in ACJT group signature scheme is proposed： the group manager issues the product E of the public keys of current members in the group, when a group member wants to sign, he should not only proves that he has a membership certificate, but also proves that the public key in his certificate divides exactly the public key product E with zero knowledge. The proposed method is efficient since the group manager only needs one division and one exponentiation when a group member is deleted, while the signing and verifying procedure are independent of the number of current group members and excluded members, as well as the original group public key and membership certificates needn＇t be changed.     

Performance analysis of decode-and-forward partial relay selection in NOMA systems with RF energy harvesting

Wireless Networks - In this paper, we investigate a dual hop communication decode-and-forward scheme relay system where a source node wants to transmit simultaneously two symbols to two desired...     

一种有效率的方法用于检测云中数据的完整性(英文)

Cloud computing and storage services allow clients to move their data center and applications to centralized large data centers and thus avoid the burden of local data storage and maintenance.However,this poses new challenges related to creating secure and reliable data storage over unreliable service providers.In this study,we address the problem of ensuring the integrity of data storage in cloud computing.In particular,we consider methods for reducing the burden of generating a constant amount of metadata at the client side.By exploiting some good attributes of the bilinear group,we can devise a simple and efficient audit service for public verification of untrusted and outsourced storage,which can be important for achieving widespread deployment of cloud computing.Whereas many prior studies on ensuring remote data integrity did not consider the burden of generating verification metadata at the client side,the objective of this study is to resolve this issue.Moreover,our scheme also supports data dynamics and public verifiability.Extensive security and performance analysis shows that the proposed scheme is highly efficient and provably secure.     

A robust and efficient dynamic identity‐based multi‐server authentication scheme using smart cards

In single‐server architecture, one service is maintained by one server. If a user wants to employ multiple services from different servers, he/she needs to register with these servers and to memorize numerous pairs of identities and passwords corresponding to each server. In order to improve user convenience, many authentication schemes have been provided for multi‐server environment with the property of single registration. In 2013, Li et al. provided an efficient multi‐server authentication scheme, which they contended that it could resist several attacks. Nevertheless, we find that their scheme is sensitive to the forgery attack and has a design flaw. This paper presents a more secure dynamic identity‐based multi‐server authentication scheme in order to solve the problem in the scheme by Li et al. Analyses show that the proposed scheme can preclude several attacks and support the revocation of anonymity to handle the malicious behavior of a legal user. Furthermore, our proposed scheme has a lower computation and communication costs, which make it is more suitable for practical applications. Copyright © 2014 John Wiley & Sons, Ltd.     

基于分级密钥管理的安全组播方案

该文提出了一个新的适用于大型动态组播群组的密钥管理方案,在分级结构中采用Hash链作 为数据传递密钥来实现层与层之间的数据传递,在子组内利用数字信封来实现密钥管理。此方案具有良好的计算、存储性能及动态安全性,为进一步研究提供了一个有价值的参考。     

An enhanced two-factor user authentication in wireless sensor networks

Since wireless sensor networks (WSN) are often deployed in an unattended environment and sensor nodes are equipped with limited computing power modules, user authentication is a critical issue when a user wants to access data from sensor nodes. Recently, M.L. Das proposed a two-factor user authentication scheme in WSN and claimed that his scheme is secure against different kinds of attack. Later, Khan and Alghathbar (K-A) pointed out that Das’ scheme has some security pitfalls and showed several improvements to overcome these weaknesses. However, we demonstrate that in the K-A-scheme, there is no provision of non-repudiation, it is susceptible to the attack due to a lost smart card, and mutual authentication between the user and the GW-node does not attained. Moreover, the GW-node cannot prove that the first message comes from the user. To overcome these security weaknesses of the K-A-scheme, we propose security patches and prove our scheme.