Signcryption with fast online signing and short signcryptext for secure and private mobile communication

Signcryption scheme is one of the useful tools for secure communication where authenticity and confidentiality are simultaneously required.Now,mobile devices are more and more widely used for communication,and thus it is desirable to design a scheme suitable to mobile applications.In this paper,we propose a signcryption scheme which is efficient enough to be implemented on mobile devices.In our scheme,we need only one multiplication in an online phase,and thus a signcryptor can generate a signcryptext very efficiently in the online phase.Moreover,the size of signcryptext is very short compared with exsiting schemes,and thus our scheme is very efficient in terms of communication overhead.The security of our signcryption scheme is proven in the random oracle model.     

Cryptanalysis of a signcryption scheme with fast online signing and short signcryptext

Signcryption is functional combination of encryption and signature,efficiency higher than the separate signing and encrypting.Recently,Youn et al.presented a new signcryption scheme,which has fast online signing and short signcryptext,and is efficient enough for mobile applications.This scheme is claimed to be both existentially unforgeable and semantically secure.However,in this paper we shall show that it is not existentially unforgeable.     

On the Security of Tag-KEM for Signcryption

Signcryption tag-KEM (Key Encapsulation Mechanism with a tag) is an authenticated tag-KEM for generic construction of hybrid signcryption. Signcryption tag-KEM allows the sender to encapsulate a symmetric key along with a tag so that the receiver can authenticate the sender, the key, and the tag. We present a definition for the security of signcryption tag-KEM which is suitable for a recent signcryption setting. We also present a proof of security for the previous generic construction of hybrid signcryption according to the given definition.     

基于身份的签密方案分析与改进

分析3种基于身份的签密方案,使用不可区分性选择明文攻击(IND-CPA)方法对前2种方案进行攻击,使用IND-CPA和伪造攻击方法对第3种方案进行攻击,并分别给出改进方案。分析结果表明,这3种改进方案的运算效率较高,且具有机密性、不可伪造性、不可否认性、公开验证性和前向安全性。     

基于双线性对的前向安全短门限代理签名方案

将前向安全的概念结合到基于双线性对的门限签名方案中,提出了一个基于双线性对的前向安全短门限代理签名方案。该方案将密钥更新算法应用在原始签名者计算过程中,更有效增强了代理签名密钥的安全性。对该方案的性能进行了分析,表明该方案是安全有效的。     

适用于3G网络的无证书的短签密方案

短签密方案实现了在一个逻辑步骤内同时完成了加密和数字签名二者的功能,并且所花费的代价,包括计算时间和消息扩展率两方面,要远远低于传统的先签名后加密的方法。然而目前大部分的短签密方案都不具有可信公钥以及签名验证阶段发生在解签密阶段之后,降低了签密消息的可靠性与伪造签密消息的处理效率。一种新型的基于无证书密码系统的短签密方案被提了出来,相应的安全模型也被定义。该方案计算量小,仅需一次对运算,而且还具有可信公钥以及临时密钥安全性。经过分析及实现验证,该方案可以在消息保密性的基础上实现3G网络信息在传播路径上的认证,从而防范垃圾信息的传播。     

MASHED: Security and privacy-aware mutual authentication scheme for heterogeneous and distributed mobile cloud computing services

ABSTRACT

Rapid development in mobile devices and cloud computing technologies has increased the number of mobile services from different vendors on the cloud platform. However, users of these services are facing different security and access control challenges due to the nonexistence of security solutions capable of providing secure access to these services, which are from different vendors, using a single key. An effective security solution for heterogeneous Mobile Cloud Computing (MCC) services should be able to guarantee confidentiality and integrity through single key-based authentication scheme. Meanwhile, a few of the existing authentication schemes for MCC services require different keys to access different services from different vendors on a cloud platform, thus increases complexity and overhead incurred through generation and storage of different keys for different services.

In this paper, an efficient mutual authentication scheme for accessing heterogeneous MCC services is proposed. The proposed scheme combines the user’s voice signature with cryptography operations to evolve efficient mutual authentication scheme devoid of key escrow problem and allows authorized users to use single key to access the heterogeneous MCC services at a reduced cost.     

A provably secure short signature scheme based on discrete logarithms

We propose a short signature scheme whose security is closely related to the discrete logarithm assumption in the random oracle model. The new scheme offers a better security guarantee than existing discrete-logarithm-based signature schemes. The main advantage of this scheme over the DSA signature scheme is that it has a one-fourth reduction in both the signature length and the verification computation; the level of security is preserved. The new short signatures are needed to low-bandwidth communication, low-storage and low-computation environments, and particularly applicable to smart cards and wireless devices.     

代理签名者身份保护的代理签名体制

电子世界中,签名权力的委托通过代理签名来解决。代理签名是原始签名者将他的签名权委托给代理签名者的一种签名体制,代理签名者代表原始签名者进行签名。2002年,K.Shum和K.Wei提出的体制中,可以隐藏代理者的身份。如果仅仅通过代理签名,没有人能够确定代理签名者的身份。而且,如果必要的话,可信任机构可以揭示代理签名者的身份。然而,Narn-YihLee指出K.Shum的签名体制不满足强不可否认性。最后,我们提出一种代理签名体制,这种签名体制能克服以上指出的弱点。新体制满足强不可否认性。     

Using IND-CVA for constructing secure communication

Within the framework of UC (universally composable) security, a general method is presented to construct a secure channel protocol with using IND-CVA (indistinguishability of encryption scheme under ciphertext verification attacks). A channel protocol with using the method first invokes an ideal keyexchange protocol to get a session key, and then computes the messages with an authenticated encryption scheme. The paper shows that a channel protocol is UC secure if and only if the underlying authenticated enc...     

基于短消息的移动工作流平台的设计与研究

由于传统的工作流模式已经无法满足社会发展的需要，结合通讯技术和计算机技术的发展情况提出了基于短消息的移动工作流平台解决方案，通过阐述短消息平台的特点及未来发展趋势，分析了该方案的可行性，并重点分析了解决方案中的消息服务功能设计、移动工作流方案设计、系统架构及知识管理设计，最后提出了保证系统安全的一系列相应措施。     

高效的可证安全短代理签名方案

代理签名在大规模无线工控物联网中应用广泛,利用代理签名可以大大提高签名主服务器的效率。为适应带宽受限和计算能力弱的应用环境,提出了一个基于双线性映射的短代理签名方案。首先,在随机预言机模型下基于计算Diffie-Hellman（CDH）问题和k-碰撞攻击算法（k-CAA）问题证明了该方案的安全性。然后,与其他现有代理签名和短代理签名方案进行了性能上的优势分析,并给出了该方案实现的关键代码。实验结果表明,所提方案在代理签名生成时进行了1次标量乘运算和1次哈希运算,签名验证时进行了2次双线性对运算、1次标量乘运算和2次哈希运算,与其他同类代理签名方案相比计算性能上具有优势,适用于计算能力较弱和传输能力受限的应用场景。     

可公开验证的代理重加密签密方案

已有的代理重加密签密的方案仅仅提供了不可否认性,其安全强度弱于适应选择选择消息下不可伪造性。因此,定义了在适应选择消息下不可伪造的安全模型,同时提出了一个新的代理重加密签密方案,新方案的授权人和受理人的签密文本都具有公开可验证性,并且新方案在随机预言模型下可证明安全,且该方案安全高效,适用于安全级别要求较高的实际应用领域。     

Designing efficient proxy signature schemes for mobile communication

Proxy signature is an active cryptographic research area, and a wide range of literatures can be found nowadays suggesting improvement and generalization of existing protocols in various directions. However, from the efficiency view, many proposed proxy signature schemes in these literatures are not satisfying and cannot fit to the mobile communication. Therefore, there is a desire to design efficient proxy signature schemes. Based on Boneh et al＇s pairing-based short signature, this paper presents two proxy signature schemes. One is proxy-protected signature scheme, and the other is proxy aggregate signature scheme. Since both of them can achieve high efficiency, it is believed that they are specially suitable for mobile communication environment.     

适用于物联网环境的无证书广义签密方案

无证书广义签密方案不仅可以解决证书管理和密钥托管问题,而且可以根据实际需求分别作为加密方案、签名方案或签密方案,在资源受限的物联网环境中具有广泛的应用场景.但是,通过具体的攻击方法证明Karati等的方案不能抵抗伪造攻击,文中总结了攻击者成功伪造的原因.针对上述问题,提出了一种无双线性配对的无证书广义签密方案,并在随机...     

一个可公开验证和前向安全的签密方案

利用双线性对提出一个满足公开验证性和前向安全的基于身份的签密方案,并且能够将签名的验证和消息的恢复分别独立进行,可以应用于为移动设备过滤垃圾信息等移动电子商务场合。在BDH问题是困难的假设下用随机预言模型给出了安全性证明,经过分析比较,该方案具有很高的安全性和效率。     

采用分段验证签密的移动代理新方案

密码的应用可使移动代理免受运行主机上恶意软件的攻击,保持其携带信息的机密性并不受撺扰.结合分段验证签密与多方签密,一个采用分段验证签密的移动代理系统新方案被提出,此设计方案具有防止各主机彼此间偷窥与伪造信息的性能.这类移动代理的目标是采集网络多方的敏感数据,这种情况下,对信息提供主机和非信息提供主机的防犯都是重要的.     

一个基于椭圆曲线的前向安全的签密方案

签密就是能够在一个逻辑步骤内完成数字签名和加密两项功能,比传统的先签名后加密有更高的效率。在椭圆曲线密码体制下,提出一个具有公开可验证性的和前向安全的签密方案,并分析了该方案的安全性,解决了签密方案设计上的一个公开问题。文中方案可以应用于许多特殊场合,如电子现金、匿名认证等,实现了前向安全性。     

具有前向安全性的可公开验证的签密方案

已有签密方案大多数不能同时提供可公开验证性和前向安全性.针对此问题,基于求解Z.上离散对数问题的困难性和单向hash函数的不可逆性,给出了一个同时具有前向安全性和可公开验证的签密方案.在该方案中验证不需要接收者的私钥,传输中通过将某一参数隐藏在指数位置,使得到发送者私钥的攻击者不可能得到本次及以前通信者的秘密信息.通过这些方法实现了可公开验证性和前向安全性,弥补了大多数已有签密方案不能同时提供可公开验证性和前向安全性的不足,而且在该方案中认证与消息恢复并未分离,但是在公开验证过程中却无须破坏消息的机密性,这使得本方案具有更高的安全性和更广泛的应用性.