两种安全的密钥协商协议

研究一种集成DSA数字签名的Diffie Hellman密钥协商协议,对Phan改进协议进行安全性分析和优化。然后,基于RSA-OAEP密钥算法设计了一种新的密钥协商协议。该协议形式简单,计算速度快,并满足密钥协商协议所需的安全属性。     

A Revised Transformation Protocol for Unconditionally Secure Secret Key Exchange

The transformation protocol can allow two players to share an unconditionally secure secret key using a random deal of cards. A sufficient condition on the number of cards for the transformation protocol to succeed was known. However, it has been an open problem to obtain a necessary and sufficient condition. This paper improves the transformation protocol and gives a necessary and sufficient condition for the resulting protocol to succeed. An early version of the paper was presented in Lecture Notes in Computer Science, vol. 3106.     

一种新型基于格上LWE问题密钥交换协议的设计

基于格上困难问题设计高效、安全的后量子密钥交换协议具有非常重要的理论意义和实用价值。提出了一种新型高效实用的基于格上错误学习问题被动安全密钥交换协议。该协议采用加密机制的构造方式并使用了密文压缩技术,与2016年Bos等人基于错误学习问题并使用Peikert错误调和机制设计的密钥交换协议Frodo相比,通信量只增加了1.09%,但方案复杂度有效降低,计算更加简洁高效,且协议在被动攻击下可证明安全,可有效抵御量子攻击。该协议与现有的基于错误学习问题设计的密钥交换协议相比,具有很强的竞争力。     

对两个口令认证密钥交换协议的安全性分析

口令认证密钥交换协议使得仅共享低熵口令的用户可以通过不安全的信道安全地协商出高熵的会话密钥,由于实用性较强受到了密码学研究者的广泛关注。对最近在“标准模型下高效的基于口令认证密钥协商协议”一文中提出的协议以及在“基于验证元的三方口令认证密钥交换协议”一文中提出的协议进行了分析,指出这两个口令认证密钥交换协议都是不安全的,难于抵抗离线字典攻击,进一步分析了原协议设计或安全性证明中被疏忽之处。     

Lattice-based key exchange on small integer solution problem

In this paper, we propose a new hard problem, called bilateral inhomogeneous small integer solution （Bi-ISIS）, which can be seen as an extension of the small integer solution problem on lattices. The main idea is that, instead of choosing a rectangle matrix, we choose a square matrix with small rank to generate Bi-ISIS problem without affecting the hardness of the underlying SIS problem. Based on this new problem, we present two new hardness problems： computational Bi-ISIS and decisional problems. As a direct application of these problems, we construct a new lattice-based key exchange （KE） protocol, which is analogous to the classic Diffie- Hellman KE protocol. We prove the security of this protocol and show that it provides better security in case of worst-case hardness of lattice problems, relatively efficient implementations, and great simplicity.     

A communication-efficient three-party password authenticated key exchange protocol

Three-party password authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key through an authentication server over an insecure channel. Clients only share an easy-to-remember password with the trusted server. In the related literature, most schemes employ the server public keys to ensure the identities of both the servers and symmetric cryptosystems to encrypt the messages. This paper describes an efficient 3PAKE based on LHL-3PAKE proposed by Lee et al. Our 3PAKE requires neither the server public keys nor symmetric cryptosystems such as DES. The formal proof of security of our 3PAKE is based on the computational Diffie-Hellman assumption in the random oracle model along with a parallel version of the proposed 3PAKE. The comparisons have shown that our 3PAKE is more practical than other 3PAKEs.     

Cryptanalysis of two three-party encrypted key exchange protocols

Due to the simplicity of maintaining human memorable passwords without any assistant storage device, password-based three-party encrypted key exchange (3PEKE) protocol has become one of the most promising research fields on user authentication and secure communication. In 2008, Chen et al. and Yoon and Yoo both pointed that Chang and Chang's password-based 3PEKE scheme cannot resist against undetectable on-line password guessing attacks, and then respectively proposed an improved protocol to eliminate the security vulnerability. However, based on the security analyses conducted by us, we find that both of their protocols are still vulnerable against undetectable on-line password guessing attacks. Accordingly, we develop a novel 3PEKE protocol to remedy these authentication flaws. Moreover, our proposed protocol can achieve better performance efficiency by requiring only four message transmission rounds. In conclusion, we can claim that our proposed 3PEKE protocol is more secure and efficient in comparison with the protocols proposed by Chen et al. and Yoon and Yoo.     

Key recovery for the commercial environment

We propose an efficient, scalable, certification-based key recovery system that is a hybrid of the key escrow and key encapsulation techniques. The proposed key recovery system is highly flexible and can be employed in a variety of policy environments. It possesses the properties required for commercial key recovery systems. We demonstrate the claims by comparing the computation and communication requirements for our proposal with a key recovery solution implemented by IBM. Published online: 27 June 2002 Parts of this paper have already been published by the authors [23].     

Using AVL trees for fault-tolerant group key management

In this paper we describe an efficient algorithm for the management of group keys for group communication systems. Our algorithm is based on the notion of key graphs, previously used for managing keys in large Internet-protocol multicast groups. The standard protocol requires a centralized key server that has knowledge of the full key graph. Our protocol does not delegate this role to any one process. Rather, members enlist in a collaborative effort to create the group key graph. The key graph contains n keys, of which each member learns log₂n of them. We show how to balance the key graph, a result that is applicable to the centralized protocol. We also show how to optimize our distributed protocol, and provide a performance study of its capabilities. Published online: 26 October 2001     

A complete temporal relational algebra

Various temporal extensions to the relational model have been proposed. All of these, however, deviate significantly from the original relational model. This paper presents a temporal extension of the relational algebra that is not significantly different from the original relational model, yet is at least as expressive as any of the previous approaches. This algebra employs multidimensional tuple time-stamping to capture the complete temporal behavior of data. The basic relational operations are redefined as consistent extensions of the existing operations in a manner that preserves the basic algebraic equivalences of the snapshot (i.e., conventional static) algebra. A new operation, namely temporal projection, is introduced. The complete update semantics are formally specified and aggregate functions are defined. The algebra is closed, and reduces to the snapshot algebra. It is also shown to be at least as expressive as the calculus-based temporal query language TQuel. In order to assess the algebra, it is evaluated using a set of twenty-six criteria proposed in the literature, and compared to existing temporal relational algebras. The proposed algebra appears to satisfy more criteria than any other existing algebra. Edited by Wesley Chu. Received February 1993 / Accepted April 1995     

A round- and computation-efficient three-party authenticated key exchange protocol

In three-party authenticated key exchange protocols, each client shares a secret only with a trusted server with assists in generating a session key used for securely sending messages between two communication clients. Compared with two-party authenticated key exchange protocols where each pair of parties must share a secret with each other, a three-party protocol does not cause any key management problem for the parties. In the literature, mainly there exist three issues in three-party authenticated key exchange protocols are discussed that need to be further improved: (1) to reduce latency, communication steps in the protocol should be as parallel as possible; (2) as the existence of a security-sensitive table on the server side may cause the server to become compromised, the table should be removed; (3) resources required for computation should be as few as possible to avoid the protocol to become an efficiency bottleneck. In various applications over networks, a quick response is required especially by light-weight clients in the mobile e-commerce. In this paper, a round- and computation-efficient three-party authenticated key exchange protocol is proposed which fulfils all of the above mentioned requirements.     

适用于双方频繁通信的密钥交换协议

首先对以前提出的一个高效的基于验证元的三方密钥交换协议进行了安全性分析,指出了它容易受到服务器密钥泄露攻击等安全威胁,且缺乏前向安全性;并以此为基础,针对大多数现存的基于验证元的3PAKE协议均难以抵御服务器密钥泄露攻击的现状,提出了一个新的3PAKE协议。通过安全性分析,证明了新协议比原协议更安全,能够抵御各种已知的攻击,且与现有的大多数同类协议相比具有更高的效率。     

Secure reliable multicast protocols in a WAN

Summary. A secure reliable multicast protocol enables a process to send a message to a group of recipients such that all correct destinations receive the same message, despite the malicious efforts of fewer than a third of the total number of processes, including the sender. This has been shown to be a useful tool in building secure distributed services, albeit with a cost that typically grows linearly with the size of the system. For very large networks, for which this is prohibitive, we present two approaches for reducing the cost: First, we show a protocol whose cost is on the order of the number of tolerated failures. Secondly, we show how relaxing the consistency requirement to a probabilistic guarantee can reduce the associated cost, effectively to a constant. Received: August 1997 / Accepted: July 1999     

A sound and complete algorithm for distributed commerce transactions

Summary. In a multi-party transaction (also called a distributed commerce transaction) agents face risks from dealing with untrusted agents. These risks are compounded in the face of deadlines, e.g., an agent may fail to deliver purchased goods by the time the goods are needed. We characterize the risks, and present a distributed algorithm that mitigates these risks, by using pairwise exchanges and trusted intermediaries. The algorithm generates a safe sequence of actions that completes a commerce transaction without risk, if such a sequence exists. We show that the algorithm is sound (produces only safe multi-agent action sequences) and complete (finds a safe sequence whenever one exists). The initial restriction of guaranteeing safety even when none of the principals trusts another can be relaxed in some cases, so we show how to handle principals that do trust each other and interact directly rather than through a trusted intermediary. Received: September 1997 / Accepted: December 1998     

Constraint-based structuring of network protocols

Summary. The complexity of designing protocols has led to compositional techniques for designing and verifying protocols. We propose a technique based on the notion of parallel composition of protocols. We view a composite protocol as an interleaved execution of the component protocols subject to a set of constraints. Using the constraints as building blocks, we define several constraint-based structures with each structure combining the properties of the component protocols in a different way. For instance, the component protocols of a multifunction protocol can be structured so that the composite protocol performs all the individual functions concurrently or performs only one of them depending on the order of initiation of the component protocols. We provide inference rules to infer safety and liveness properties of the composite protocol. Some properties are derived from those of the component protocols while others are derived from the structuring mechanism (the set of constraints) used to combine the component protocols. Received: October 1996 / Accepted: August 1998     

Enhancement of two-factor authenticated key exchange protocols in public wireless LANs

In 2008, Juang and Wu proposed two authenticated key exchange protocols by improving Park and Park’s two-factor authenticated key exchange protocol in public wireless LANs. They pointed out that Park’s protocol was vulnerable to the dictionary attack on the identity protection. The improved protocols requires fewer exchanged messages and provided more secure protection for the client’s identity. In this paper, we propose two protocols require less exchanged messages than Juang’s protocols. In addition to this advantage, we point out that the identity protection of Juang’s protocol is computationally inefficient for the server and efficient identity protection is proposed in the second proposed protocol.     

Transformation and exchange of multimedia objects in distributed multimedia systems

One of the challenges in the design of a distributed multimedia system is devising suitable specification models for various schemas in different levels of the system. Another important research issue is the integration and synchronization of heterogeneous multimedia objects. In this paper, we present our models for multimedia schemas and transformation algorithms. They transform high-level multimedia objects into schemas that can be used to support the presentation and communication of the multimedia objects. A key module in the system is the Object Exchange Manager (OEM). In this paper, we present the design and implementation of the OEM module, and discuss in detail the interaction between the OEM and other modules in a distributed multimedia system.     

Communicating the variability of a software-product family to customers

Variability is a central concept in software product family development. Variability empowers constructive reuse and facilitates the derivation of different, customer specific products from the product family. If many customer specific requirements can be realised by exploiting the product family variability, the reuse achieved is obviously high. If not, the reuse is low. It is thus important that the variability of the product family is adequately considered when eliciting requirements from the customer. In this paper we sketch the challenges for requirements engineering for product family applications. More precisely we elaborate on the need to communicate the variability of the product family to the customer. We differentiate between variability aspects which are essential for the customer and aspects which are more related to the technical realisation and need thus not be communicated to the customer. Motivated by the successful usage of use cases in single product development we propose use cases as communication medium for the product family variability. We discuss and illustrate which customer relevant variability aspects can be represented with use cases, and for which aspects use cases are not suitable. Moreover we propose extensions to use case diagrams to support an intuitive representation of customer relevant variability aspects. Received: 14 October 2002 / Accepted: 8 January 2003 Published online: 27 February 2003 This work was partially funded by the CAFé project “From Concept to Application in System Family Engineering”; Eureka Σ! 2023 Programme, ITEA Project ip00004 (BMBF, F?rderkennzeichen 01 IS 002 C) and the state Nord-Rhein-Westfalia. This paper is a significant extension of the paper “Modellierung der Variabilit?t einer Produktfamilie”, [15].     

A complete system for the intelligent interpretation of engineering drawings

Converting paper-based engineering drawings into CAD model files is a tedious process. Therefore, automating the conversion of such drawings represents tremendous time and labor savings. We present a complete system which interprets such 2D paper-based engineering drawings, and outputs 3D models that can be displayed as wireframes. The system performs the detection of dimension sets, the extraction of object lines, and the assembly of 3D objects from the extracted object lines. A knowledge-based method is used to remove dimension sets and text from ANSI engineering drawings, a graphics recognition procedure is used to extract complete object lines, and an evidential rule-based method is utilized to identify view relationships. While these methods are the subject of several of our previous papers, this paper focuses on the 3D interpretation of the object. This is accomplished using a technique based on evidential reasoning and a wide range of rules and heuristics. The system is limited to the interpretation of objects composed of planar, spherical, and cylindrical surfaces. Experimental results are presented. Received December 2, 1998 / Revised June 18, 1999