一个改进的多消息多接收者混合签密方案

指出王彩芬等人的基于离散对数的多消息多接收者混合签密方案存在着密钥泄露问题。为了克服该私钥泄漏问题,结合双线性对和基于身份密钥机制提出了一个改进的多消息多接收者混合签密方案。利用双线性对的对称性和基于身份密钥机制的密钥生成方式避免了原方案中存在的密钥泄露问题。最后,基于DBDH难题和CDH难题,在随机预言机模型下证明了改进方案的机密性和不可伪造性。     

新的基于身份的多接收者匿名签密方案

针对现有基于身份的多接收者签密方案存在的接收者身份泄露和解签密不公平等问题,文中提出一种具有公平性的基于身份的多接收者匿名签密方案.该方案运用拉格朗日插值多项式实现匿名性,不仅能解决现有方案不能保护接收者隐私的问题,而且具有解签密公平性,可防止发送者的欺骗行为.最后,对方案的正确性以及安全性进行了证明,并与其它方案进行...     

公平的基于身份的多接收者匿名签密设计与分析

针对现有基于身份的多接收者签密方案中存在的接收者身份泄露以及解密不公平性等问题,提出一种具有解密公平性的基于身份的多接收者匿名签密方案。新方案不仅能够解决现有方案中不能保护接收者身份隐私性的问题,并且满足解密公平性,从而有效地防止了发送者可能的欺骗行为。接着,基于双线性Diffie-Hellman假设和计算Diffie-Hellman假设,对所提方案的保密性和不可伪造性进行了证明。同时,对方案的正确性及性能进行了分析。分析发现,该方案是一个安全、有效的公钥签密方案,能够解决现有方案中存在的接收者身份暴露和解密不公平性等问题。这使得该方案具有非常重要的应用,尤其是可以用来实现安全广播,以便在不安全和开放的网络环境中安全地广播敏感信息。     

无证书的多接收者匿名签密方案

针对现有的多签密算法当中存在的效率不高以及无法同时保证发送者和接收者匿名性的问题,通过拉格朗日插值法和避免使用双线性对运算构造出一种多消息多接收者匿名签密方案。发送者将所有接收者的身份信息通过拉格朗日插值变换添加到密文消息中,通过广播的形式发送给每一位接收者,密文不再列出接收者的身份信息,保证接收者匿名性;在签密和解签密过程中不使用双线性对运算,提高签密和解签密的计算效率,缩短签密之后的密文长度,降低密文传输的通信开销。     

一个基于身份的多接收者签密方案

利用双线性对提出一种基于身份的多接收者的签密方案,为同时有多名接收者的签密问题提供了解决途径。该方案既保持了基于身份加密的优点,又具有可公开验证性,且安全性好。该方案具有很高的执行效率,签密过程只需一次双线性对运算,接收者人数越多,其效率的优势会越加明显。     

改进的多接收者签密方案

针对现有签密方案存在的可能泄漏接收者隐私、解签密不公平和无公开验证性等问题,采用拉格朗日插值函数方法对其进行改进,提出了一个新的基于身份的多接收者签密方案.新方案将接收者解签密所需的身份信息揉合在一起,实现对接收者隐私的保护,具有解签密匿名性;每一个接收者解密所需密文信息相同,满足解签密公平性;任何第三方在仅拥有密文时就可验证密文发送方的身份,满足公开可验证性.与现有签密方案相比,新方案具有更小的计算量和密文长度.在随机预言模型下,给出了新方案基于双线性Diffie-Hellman(bilinear Diffie-Hellman, BDH)问题假设和计算Diffie-Hellman(computational Diffie-Hellman, CDH)问题假设的安全性证明.     

多接收者基于身份签密方案的密码分析

针对一个多接收者基于身份签密方案,从签密方案的安全属性入手,分析其安全性。通过2个成功的攻击证明该方案不满足语义安全性和不可伪造性要求,存在对任何消息和任何身份伪造密文的有效算法。提出一个改进的多接收者基于身份签密方案并给出安全性 证明。     

可公开验证无证书的多接收者匿名签密方案

针对广播通信环境下存在的接收方身份信息泄露以及发送方身份信息模糊等问题,提出了一种可公开验证的多接收者匿名签密方案。该方案利用安全参数完成系统初始化,生成系统的主密钥和公开参数,利用用户身份和哈希函数相结合的密钥生成方法,提取出用户的公私钥对,并在签密过程中将接收者的身份集合采用拉格朗日插值隐藏在多项式里,生成具有接收者身份匿名性的密文,将此密文发送给接收者,对收到的密文验证发送和接收两方身份合法性,通过后解密输出正确明文。在随机预言模型下,基于离散对数问题和计算性Diffie-Hellman困难问题证明了方案的机密性、不可伪造性、匿名性和公开验证性。与几种经典的多接收者签密算法在计算量和安全属性上进行比较,实验结果表明该方案计算开销适中、安全性好。     

标准模型下基于身份的多接收者签密密钥封装

签密密钥封装机制能同时实现封装密钥的机密性和认证性。以Wa-IBE加密方案和PS-IBS签名机制为基础,提出一种标准模型下的身份基签密密钥封装机制(IBSC-KEM)和多接收者签密密钥封装机制(mIBSC-KEM)。新方案中的签名算法直接采用了PS-IBS签名,密钥封装算法采用了变形的WaIBE加密方案。因此,新方案的不可伪造性和机密性在标准模型下分别被规约为破解PS-IBS签名与WaIBE加密,具有可证明安全性。新方案可用于构建标准模型下安全的一对一和多对一认证与密钥交换方案。     

基于类pi演算的电子支付协议安全性形式化研究

设计一个满足安全需求的协议非常困难,并且极易出错,因此利用形式化方法来检验安全协议引起了人们极大的关注。使用了类pi演算来验证电子支付协议的认证性和匿名性。     

基于多线性映射的环签密广播公钥方案

提出了基于多线性映射的环签密广播方案,环成员代表环群体匿名签密并广播给多个接收者。其具有两个用户群之间环签密通信的功能。该方案满足环签密广播的安全要求,能够保证签密所传输消息的保密性、签密的不可伪造性、签密者的匿名性。在随机预言模型下,把方案的安全性归约到分级Diffie-Hellman判定问题(GDDH)进行求解。     

New efficient user identification and key distribution scheme providing enhanced security

Apart from user identification and key distribution, it is very useful for the login process to achieve user anonymity. Recently, Wu and Hsu proposed an efficient user identification scheme with key distribution while preserving user anonymity by extending an earlier work of Lee and Chang. We however find out that the Wu and Hsu scheme has a serious weakness, which can be exploited by the service provider to learn the secret token of the user who requests services from the service provider. We further propose a scheme to overcome this limitation while attaining the same set of objectives as the previous works. Performance analyses have shown that efficiency in terms of both computation and communication is not sacrificed in our scheme.     

A strong user authentication scheme with smart cards for wireless communications

Seamless roaming over wireless network is highly desirable to mobile users, and security such as authentication of mobile users is challenging. Recently, due to tamper-resistance and convenience in managing a password file, some smart card based secure authentication schemes have been proposed. This paper shows some security weaknesses in those schemes. As the main contribution of this paper, a secure and light-weight authentication scheme with user anonymity is presented. It is simple to implement for mobile user since it only performs a symmetric encryption/decryption operation. Having this feature, it is more suitable for the low-power and resource-limited mobile devices. In addition, it requires four message exchanges between mobile user, foreign agent and home agent. Thus, this protocol enjoys both computation and communication efficiency as compared to the well-known authentication schemes. As a special case, we consider the authentication protocol when a user is located in his/her home network. Also, the session key will be used only once between the mobile user and the visited network. Besides, security analysis demonstrates that our scheme enjoys important security attributes such as preventing the various kinds of attacks, single registration, user anonymity, no password/verifier table, and high efficiency in password authentication, etc. Moreover, one of the new features in our proposal is: it is secure in the case that the information stored in the smart card is disclosed but the user password of the smart card owner is unknown to the attacker. To the best of our knowledge, until now no user authentication scheme for wireless communications has been proposed to prevent from smart card breach. Finally, performance analysis shows that compared with known smart card based authentication protocols, our proposed scheme is more simple, secure and efficient.     

An efficient mutual authentication and key agreement protocol preserving user anonymity in mobile networks

We address the problem of mutual authentication and key agreement with user anonymity for mobile networks. Recently, Lee et al. proposed such a scheme, which is claimed to be a slight modification of, but a security enhancement on Zhu et al.’s scheme based on the smart card. In this paper, however, we reveal that both schemes still suffer from certain weaknesses which have been previously overlooked, and thus are far from the desired security. We then propose a new protocol which is immune to various known types of attacks. Analysis shows that, while achieving identity anonymity, key agreement fairness, and user friendliness, our scheme is still cost-efficient for a general mobile node.     

电子商务领域移动Agent的安全技术探讨

简要介绍移动代理在电子商务中的应用及其存在的安全威胁,提出了PKI体系支持的移动代理的电子商务模型的安全认证基础,并介绍了针对PKI局限性、基于MH完整性保护方案的改进方案完整性、保密性保护的安全方案MH-A。     

ECC-based lightweight authentication protocol with untraceability for low-cost RFID

Due to the potential wide deployment of Radio Frequency Identification (RFID), the security of RFID systems has drawn extensive attention from both academia and industry, and the RFID authentication protocol is an important mechanism in the security of RFID systems. The desired security requirements of RFID authentication protocols include privacy, integrity, authentication, anonymity/untraceability, and even availability. To design an efficient protocol that satisfies all the requirements with limited resources is a challenge. This paper proposes a new RFID authentication protocol based on Error Correction Codes (ECC). The proposed scheme has excellent performance in terms of security, efficiency, server’s maintenance, robustness, and cost. The tag only performs simple operations, such as random number generation and simple bitwise computations. The lightweight feature makes it attractive to those low-cost RFIDs that support only simple operations.     

物联网中的隐私保护问题研究

在物联网中的认证和密钥协商过程中,如果用户的身份信息以明文的形式传输,攻击者可能追踪用户的行动轨迹,从而造成信息泄漏。针对大多数基于身份的认证和密钥协商协议不能保护用户隐私的问题,提出一个基于身份的匿名认证和密钥协商协议。在设计的认证和密钥协商方案中,用户的身份信息以密文的形式传输,解决了用户的隐私问题。     

Web安全技术综述

网络安全已经成为网络发展中的重要问题。主要分析了Web中存在的一些安全问题和相应的安全技术。     

高效安全的无证书混合签密方案

对两种新提出的无证书混合签密方案进行密码学分析,指出它们各自存在的正确性和安全性缺陷,进而提出一种更加安全和高效的无证书混合签密方案。通过引入vBNN-IBS签名算法,从而避免使用幂指数运算,进一步降低新方案的计算开销。在随机预言机模型下,新方案被证明是安全的,满足不可伪造性和机密性。对比分析表明,新方案在确保强安全性的同时具有更低的计算开销。