Signcryption with fast online signing and short signcryptext for secure and private mobile communication

Signcryption scheme is one of the useful tools for secure communication where authenticity and confidentiality are simultaneously required.Now,mobile devices are more and more widely used for communication,and thus it is desirable to design a scheme suitable to mobile applications.In this paper,we propose a signcryption scheme which is efficient enough to be implemented on mobile devices.In our scheme,we need only one multiplication in an online phase,and thus a signcryptor can generate a signcryptext very efficiently in the online phase.Moreover,the size of signcryptext is very short compared with exsiting schemes,and thus our scheme is very efficient in terms of communication overhead.The security of our signcryption scheme is proven in the random oracle model.     

Cryptanalysis of a signcryption scheme with fast online signing and short signcryptext

Signcryption is functional combination of encryption and signature,efficiency higher than the separate signing and encrypting.Recently,Youn et al.presented a new signcryption scheme,which has fast online signing and short signcryptext,and is efficient enough for mobile applications.This scheme is claimed to be both existentially unforgeable and semantically secure.However,in this paper we shall show that it is not existentially unforgeable.     

On the Security of Tag-KEM for Signcryption

Signcryption tag-KEM (Key Encapsulation Mechanism with a tag) is an authenticated tag-KEM for generic construction of hybrid signcryption. Signcryption tag-KEM allows the sender to encapsulate a symmetric key along with a tag so that the receiver can authenticate the sender, the key, and the tag. We present a definition for the security of signcryption tag-KEM which is suitable for a recent signcryption setting. We also present a proof of security for the previous generic construction of hybrid signcryption according to the given definition.     

MASHED: Security and privacy-aware mutual authentication scheme for heterogeneous and distributed mobile cloud computing services

ABSTRACT

Rapid development in mobile devices and cloud computing technologies has increased the number of mobile services from different vendors on the cloud platform. However, users of these services are facing different security and access control challenges due to the nonexistence of security solutions capable of providing secure access to these services, which are from different vendors, using a single key. An effective security solution for heterogeneous Mobile Cloud Computing (MCC) services should be able to guarantee confidentiality and integrity through single key-based authentication scheme. Meanwhile, a few of the existing authentication schemes for MCC services require different keys to access different services from different vendors on a cloud platform, thus increases complexity and overhead incurred through generation and storage of different keys for different services.

In this paper, an efficient mutual authentication scheme for accessing heterogeneous MCC services is proposed. The proposed scheme combines the user’s voice signature with cryptography operations to evolve efficient mutual authentication scheme devoid of key escrow problem and allows authorized users to use single key to access the heterogeneous MCC services at a reduced cost.     

A provably secure short signature scheme based on discrete logarithms

We propose a short signature scheme whose security is closely related to the discrete logarithm assumption in the random oracle model. The new scheme offers a better security guarantee than existing discrete-logarithm-based signature schemes. The main advantage of this scheme over the DSA signature scheme is that it has a one-fourth reduction in both the signature length and the verification computation; the level of security is preserved. The new short signatures are needed to low-bandwidth communication, low-storage and low-computation environments, and particularly applicable to smart cards and wireless devices.     

代理签名者身份保护的代理签名体制

电子世界中,签名权力的委托通过代理签名来解决。代理签名是原始签名者将他的签名权委托给代理签名者的一种签名体制,代理签名者代表原始签名者进行签名。2002年,K.Shum和K.Wei提出的体制中,可以隐藏代理者的身份。如果仅仅通过代理签名,没有人能够确定代理签名者的身份。而且,如果必要的话,可信任机构可以揭示代理签名者的身份。然而,Narn-YihLee指出K.Shum的签名体制不满足强不可否认性。最后,我们提出一种代理签名体制,这种签名体制能克服以上指出的弱点。新体制满足强不可否认性。     

Using IND-CVA for constructing secure communication

Within the framework of UC (universally composable) security, a general method is presented to construct a secure channel protocol with using IND-CVA (indistinguishability of encryption scheme under ciphertext verification attacks). A channel protocol with using the method first invokes an ideal keyexchange protocol to get a session key, and then computes the messages with an authenticated encryption scheme. The paper shows that a channel protocol is UC secure if and only if the underlying authenticated enc...     

适用于物联网环境的无证书广义签密方案

无证书广义签密方案不仅可以解决证书管理和密钥托管问题,而且可以根据实际需求分别作为加密方案、签名方案或签密方案,在资源受限的物联网环境中具有广泛的应用场景.但是,通过具体的攻击方法证明Karati等的方案不能抵抗伪造攻击,文中总结了攻击者成功伪造的原因.针对上述问题,提出了一种无双线性配对的无证书广义签密方案,并在随机...     

Designing efficient proxy signature schemes for mobile communication

Proxy signature is an active cryptographic research area, and a wide range of literatures can be found nowadays suggesting improvement and generalization of existing protocols in various directions. However, from the efficiency view, many proposed proxy signature schemes in these literatures are not satisfying and cannot fit to the mobile communication. Therefore, there is a desire to design efficient proxy signature schemes. Based on Boneh et al＇s pairing-based short signature, this paper presents two proxy signature schemes. One is proxy-protected signature scheme, and the other is proxy aggregate signature scheme. Since both of them can achieve high efficiency, it is believed that they are specially suitable for mobile communication environment.     

基于短消息的移动工作流平台的设计与研究

由于传统的工作流模式已经无法满足社会发展的需要，结合通讯技术和计算机技术的发展情况提出了基于短消息的移动工作流平台解决方案，通过阐述短消息平台的特点及未来发展趋势，分析了该方案的可行性，并重点分析了解决方案中的消息服务功能设计、移动工作流方案设计、系统架构及知识管理设计，最后提出了保证系统安全的一系列相应措施。     

一个基于椭圆曲线的前向安全的签密方案

签密就是能够在一个逻辑步骤内完成数字签名和加密两项功能,比传统的先签名后加密有更高的效率。在椭圆曲线密码体制下,提出一个具有公开可验证性的和前向安全的签密方案,并分析了该方案的安全性,解决了签密方案设计上的一个公开问题。文中方案可以应用于许多特殊场合,如电子现金、匿名认证等,实现了前向安全性。     

具有前向安全性的可公开验证的签密方案

已有签密方案大多数不能同时提供可公开验证性和前向安全性.针对此问题,基于求解Z.上离散对数问题的困难性和单向hash函数的不可逆性,给出了一个同时具有前向安全性和可公开验证的签密方案.在该方案中验证不需要接收者的私钥,传输中通过将某一参数隐藏在指数位置,使得到发送者私钥的攻击者不可能得到本次及以前通信者的秘密信息.通过这些方法实现了可公开验证性和前向安全性,弥补了大多数已有签密方案不能同时提供可公开验证性和前向安全性的不足,而且在该方案中认证与消息恢复并未分离,但是在公开验证过程中却无须破坏消息的机密性,这使得本方案具有更高的安全性和更广泛的应用性.     

采用分段验证签密的移动代理新方案

密码的应用可使移动代理免受运行主机上恶意软件的攻击,保持其携带信息的机密性并不受撺扰.结合分段验证签密与多方签密,一个采用分段验证签密的移动代理系统新方案被提出,此设计方案具有防止各主机彼此间偷窥与伪造信息的性能.这类移动代理的目标是采集网络多方的敏感数据,这种情况下,对信息提供主机和非信息提供主机的防犯都是重要的.     

一个基于椭圆曲线的前向安全的签密方案

签密就是能够在一个逻辑步骤内完成数字签名和加密两项功能，比传统的先签名后加密有更高的效率。在椭圆曲线密码体制下，提出一个具有公开可验证性的和前向安全的签密方案，并分析了该方案的安全性，解决了签密方案设计上的一个公开问题。文中方案可以应用于许多特殊场合，如电子现金、匿名认证等，实现了前向安全性。     

Trust requirements and performance of a fast subtransport-levelprotocol for secure communication

A secure network protocol called the authenticated datagram protocol (ADP) that optimizes the performance of global networks by establishing host-to-host secure channels and building agent-to-agent channels on top of host-to-host channels is presented. The performance advantages of ADP come with an accompanying set of trust requirements that are stringent for a network spanning mutually distrustful organizations. The cause for this stringency is shown to be propagation of trust relationships in ADP. Methods of breaking their propagation and thereby accomplishing a significant reduction in ADP's trust requirements are presented. ADP, being a protocol for establishing host-to-host channels, can be handled at the subtransport level of the protocol hierarchy. A prototype of ADP implemented on Sun workstations connected by an Ethernet is described. Experimental measurements confirm that both the average latency of messages and the maximum throughput are substantially better than other secure protocols     

Extent of private information disclosure on online social networks: An exploration of Facebook mobile phone users

The present study adopts the Communication Privacy Management theory and investigates the factors that influence the extent of private information disclosure of Facebook mobile phone users. Using a sample size of 488 adult mobile phone users, the study further investigates the differential impact of age on the extent of private information disclosure. Results from the logistic regressions run reveal that use of smartphones to access social networking sites, use of multiple social networks, and being female decrease the likelihood of private information disclosure. In addition, usability problems increase the likelihood of information disclosure by older adults. The analyses show no association between perceived benefit and private information disclosure.     

A secure and traceable E-DRM system based on mobile device

In recent years, intellectual property violation events have caused enterprise to respect digital content protection. Illegal copying digital content abuses become a serious problem. Because the mobile devices are more portable and individualized than personal computers, anyone can access the network resources at anytime from anywhere. However, valuable digital contents without proper protection make the content vulnerable to unauthorized copying, modification and re-distribution, causing revenue losses to service providers. Thus, constructing an effective Digital Right Management (DRM) system has become an important issue.On the basis of the mobile device, we propose an efficient digital rights management protocol. We apply symmetrical cryptosystem, asymmetrical cryptosystem, digital signature and one-way hash function mechanisms in our scheme. To overcome the computing resource weakness problem of mobile devices, we also integrate digital certificate, hardware information and one time password mechanisms such that the security, persistent protection, integrity, authentication, track usage of DRM work, changeable access right, integration and portability issues will be assured. In this way, the mobile user can access the digital content securely in the enterprise via authorization mechanism.     

在线招投标Web系统安全结构及关键技术的研究

分析了网上在线招投标系统的安全性需求，提出了一种新的用于在线招投标Web应用系统的四层安全体系结构，并定义了其各层次的功能，描述了其安全认证过程，解决了传统三层体系结构在信息系统的安全性上存在的问题和不足。同时就系统中的数据安全性、系统的认证等关键安全技术，综合应用加密和Hash算法，给出了一种在传输和存储过程中保护数据的保密性和完整性的设计方法，以防止在数据库的应用中数据被非法窃取和篡改；给出了一种基于网上在线招投标系统的不可否认数字签名认证方案，使得可在不暴露用户安全信息的前提下实现其身份认证。     

Impulsively synchronizing chaotic systems with delay and applications to secure communication

In this paper, the presence of transmission delay and sampling delay in chaos-based secure communication systems by employing impulsive synchronization is studied. A time delayed impulsive differential system with delayed impulses, modeling the synchronization error between the driving and response schemes employed in such communication systems, is presented. The equi-attractivity property of the error dynamics is investigated and the sufficient conditions leading to this property are obtained. A set of upper bounds on the delay terms involved in the system are also obtained, and a numerical example is given. A communication security scheme employing hyperchaotic systems possessing continuous driving, impulsive driving and delay is proposed and simulation results are given to demonstrate the performance of the scheme.