共查询到20条相似文献,搜索用时 31 毫秒
1.
2.
基于CPK的安全电子邮件系统的设计 总被引:2,自引:0,他引:2
由于PKI设计了一种安全电子邮件系统,该系统屏蔽掉了基于PKI的安全邮件系统的一些固有缺陷,任何两个用户之间仅通过对方的标识(邮件地址)即可安全通信,不依靠第三方验证,同时具有很好的用户扩展性,实现了电子邮件的安全、可靠、高效的传输. 相似文献
3.
密码学中的随机预言模型与标准模型 总被引:1,自引:0,他引:1
随机预言模型与标准模型是密码学可证明安全理论中非常重要的两类模型。在此对这两种模型进行了描述,并研究了运用它们证明密码方案或协议安全性时所采取的不同技术,包括随机预言模型在加密和数字签名方案中的应用研究,以及标准模型下可证明安全性理论在加密方案中的应用研究。此外对进一步研究方向进行了展望。 相似文献
4.
The main challenge at present in constructing hierarchical identity‐based encryption (HIBE) is to solve the trade‐off between private‐key size and ciphertext size. At least one private‐key size or ciphertext size in the existing schemes must rely on the hierarchy depth. In this letter, a new hierarchical computing technique is introduced to HIBE. Unlike others, the proposed scheme, which consists of only two group elements, achieves constant‐size private keys. In addition, the ciphertext consists of just three group elements, regardless of the hierarchy depth. To the best of our knowledge, it is the first efficient scheme where both ciphertexts and private keys achieve O(1)‐size, which is the best trade‐off between private‐key size and ciphertext size at present. We also give the security proof in the selective‐identity model. 相似文献
5.
Public Key Encryption with Keyword Search (PEKS), an indispensable part of searchable encryption, is stock-in- trade for both protecting data and providing operability of encrypted data. So far most of PEKS schemes have been established on Identity-Based Cryptography (IBC) with key escrow problem inherently. Such problem severely restricts the promotion of IBC-based Public Key Infrastructure including PEKS component. Hence, Certificateless Public Key Cryptography (CLPKC) is efficient to remove such problem. CLPKC is introduced into PEKS, and a general model of Certificateless PEKS (CLPEKS) is formalized. In addition, a practical CLPEKS scheme is constructed with security and efficiency analyses. The proposal is secure channel free, and semantically secure against adaptive chosen keyword attack and keyword guessing attack. To illustrate the superiority, massive experiments are conducted on Enron Email dataset which is famous in information retrieval field. Compared with existed constructions, CLPEKS improves the efficiency in theory and removes the key escrow problem. 相似文献
6.
Cloud computing is an efficient tool in which cloud storage shares plenty of encrypted data with other data owners. In existing cloud computing scenarios, it may suffer from some new attacks like side channel attacks. Therefore, we are eager to introduce a new cryptographic scheme that can resist these new attacks. In this work, we exploit a new technique to build leakage‐resilient identity‐based encryption and use the stronger existing partial leakage model, such as continual leakage model. More specifically, our proposal is based on the underlying decisional bilinear Diffie‐Hellman assumption, but proven adaptively secure against adaptive chosen ciphertext attack in the standard model. Above all, a continuous leakage–resilient IBE scheme with adaptive security meets cloud computing with stronger security. 相似文献
7.
签密是一种能够同时保证机密性和认证性的新颖体制,但已有方案的通信效率较低,成为影响签密广泛应用的主要问题之一。基于BLS签名,构造了一个具有短密文属性的高效签密方案。该方案在Random Oracle模型和GDH假设之下是可证明安全的。明文数据率在当前的安全参数下可达76%,是已知方案中密文长度最短的方案,特别适用于带宽受限场合的安全通信。 相似文献
8.
基于身份的门限代理签名方案大都是在随机预言模型下进行安全证明,并且方案中每个代理人的代理签名密钥在有效期内都是固定不变的。在已有的基于身份的签名方案基础上,利用可公开验证秘密分享技术提出了一个在标准模型下可证安全的基于身份的(t,n)-动态门限代理签名方案。方案中代理人的代理签名密钥可以定期更新,而且代理签名验证过程只需要常数个双线性对运算,因此方案具有更好的动态安全性和较高的效率。 相似文献
9.
针对主机标识协议(HIP, host identity protocol)实际部署应用的相关问题,设计实现了一种基于HIP的安全IP通信系统(HIPSCS, HIP based secure communication system)。该系统通过将主机标识(HI, host identifier)和用户身份证书唯一关联,实现了主机身份的实名化,以保障网络报文的源地址真实可信,并通过IPsec技术加密所有通信数据以达到安全通信目的。实现并在实验室环境中部署了HIPSCS原型系统。实验表明此通信系统可用性强,并能很好地支持移动通信。 相似文献
10.
双系统密码技术下的身份型广播加密方案 总被引:1,自引:0,他引:1
考虑到广播加密模式在各种动态网络中广泛的应用前景以及现有的广播加密方案效率与安全性难以兼顾的事实,该文利用Waters双系统密码技术,结合混合阶群双线性运算的正交性,提出一个双系统密码技术下的身份型广播加密方案。该方案建立在标准模型下,具有短的尺寸固定的密文与密钥,同时无需使用任何哈希函数及随机标签,具有较高的计算效率与存储效率。该方案的安全性依赖于3个简单的静态假设,证明结果显示此方案达到了完全安全性的高安全要求级别。 相似文献
11.
对基于口令的标准模型下可证明安全的认证密钥协商协议进行安全分析,指出该协议易受反射攻击.同时给出了一个改进方案,该方案不仅弥补了原方案的缺陷,而且改善了协议的性能.最后,基于DDH假设,在标准模型下证明了协议的安全性.结果表明,改进后的协议还具有完美前向安全特性. 相似文献
12.
Xiaolei Dong Haifeng Qian Zhenfu Cao 《Wireless Communications and Mobile Computing》2009,9(2):217-225
In electronic communication and wireless communication, message authentication should be necessary. However, traditional method message authentication code (MAC) employs a symmetric cryptographical technique and it needs to keep a shared private key between two parties. For convenience, people now begins to use public key techniques to provide message authentication. In wireless communication, we shall save more space for message itself because of the limited resources. Therefore, we believe that our proposed digital signature scheme will be more fitful for this kind of communication due to the following merits: (1) in addition to inheriting the merits of RSA signature such as high verification efficiency, the proposed scheme also shows its advantage over RSA by resisting low public key exponent attack; (2) comparing with 1024 bits RSA, our digital signature scheme can sign 2048‐bit long message once, and generate a signature with 1025 bits length which doubles the capacity of the 1024‐bit RSA signature; (3) the scheme is provably secure and its security is tightly related to the hardness of conic‐based (CB)‐RSA assumption. Copyright © 2008 John Wiley & Sons, Ltd. 相似文献
13.
Maryam Rajabzadeh Asaar Mahmoud Salmasizadeh Willy Susilo 《International Journal of Communication Systems》2016,29(5):859-873
The notion of identity‐based proxy signature with message recovery feature has been proposed to shorten identity‐based proxy signatures and improve their communication overhead because signed messages are not transmitted with these kinds of signatures. There are a few schemes for this notion: the schemes of Singh and Verma and Yoon et al. Unfortunately, Tian et al., by presenting two forgery attacks, show that Singh and Verma scheme is not secure, and also, the scheme of Yoon et al. does not support provable security. The contributions of this paper are twofold. First, we review the scheme by Yoon et al. and discuss why it does not have message recovery property, and consequently, it is not short. Second, we propose a short identity‐based proxy signature scheme with the help of message recovery property and show that it is secure under computational Diffie–Hellman assumption in the random oracle model. Furthermore, our scheme is more efficient than (as efficient as) previous identity‐based proxy signatures. Copyright © 2014 John Wiley & Sons, Ltd. 相似文献
14.
量子保密通信具有很高的军事价值和商业价值,得到各国政府及相关研究机构的广泛关注,已从科学研究逐渐走向规模化应用.量子保密通信产业链逐渐完善,量子密钥分发设备、单光子探测器、量子随机数发生器等成为产业链发展的关键环节,直接关系着规模化的量子保密通信网络部署和应用.介绍了量子保密通信产业化进展和标准化组织与标准进展,提出了... 相似文献
15.
提出了一种高效的可信网络存储协议,协议只需两轮交互就实现了服务器与用户间的身份认证和密钥协商,同时在协议的第一轮交互中实现了对客户端平台身份的认证和平台完整性校验,改进了原来系统服务器遭受攻击易导致整个系统瘫痪的缺点,提高了系统的可靠性和协议的执行效率,在此基础上建立了用户与智能磁盘间的安全信道。最后利用CK模型证明了协议是SK安全的,用户与磁盘间的信道是安全信道,提高了系统数据的保密性、完整性和不可抵赖性。 相似文献
16.
针对异构网络模型BRAIN(Broadband Radio Access for IP based Network)中的安全第一跳通信,提出一种新的基于Canetti-Krawczyk(CK)可证安全模型的双向认证和密钥交换协议.根据该模型方法,首先构造并证明了一种理想环境下的混合密钥交换协议HKE;然后利用现有安全的消息传输认证器构造一个适合BRAIN网络安全第一跳的认证器.最后利用该认证器自动编译理想的HKE协议,得到可证安全和实际可行的PHKE协议.分析比较表明,该协议更安全有效. 相似文献
17.
Hierarchical identity-based signature(HIBS)has wide applications in the large network. However, the existing works cannot solve the trade-off between the security and efficiency. The main challenge at present is to construct a high efficient and strong secret HIBS with a low computation cost. In this paper, a new construction of HIBS scheme is proposed. The new scheme achieves the adaptive security which is a strong security in the identity-based cryptography. But our scheme has short public parameters and the private keys size shrinks as the hierarchy depth increases. The signature size is a constant and the cost of verification only requires four bilinear pairings, which are independent of hierarchy depth. Furthermore, under the q-strong computational diffie-Hellman problem(q-SDH)assumption, the scheme is provably secure against existential forgery for adaptive chosen message and identity attack in the standard model. 相似文献
18.
IKE协议的安全性分析 总被引:1,自引:0,他引:1
在简略介绍IKE协议RFC2409工作机制的基础上,对协议现有的安全问题进行了分析,并针对协议阶段1中主模式与积极模式下身份保护存在的问题提出了协议修改建议,对阶段1中安全联盟建立的可靠性进行了探讨以加强协议抵御DoS攻击的能力。 相似文献
19.
Yuh‐Min Tseng Yi‐Hung Huang Hui‐Ju Chang 《International Journal of Communication Systems》2014,27(7):1034-1050
Multireceiver identity (ID) based encryption and ID‐based broadcast encryption allow a sender to use the public identities of multiple receivers to encrypt messages so that only the selected receivers or a privileged set of users can decrypt the messages. It can be used for many practical applications such as digital content distribution, pay‐per‐view and multicast communication. For protecting the privacy of receivers or providing receiver anonymity, several privacy‐preserving (or anonymous) multireceiver ID‐based encryption and ID‐based broadcast encryption schemes were recently proposed, in which receiver anonymity means that nobody (including any selected receiver), except the sender, knows who the other selected receivers are. However, security incompleteness or flaws were found in these schemes. In this paper, we propose a new privacy‐preserving multireceiver ID‐based encryption scheme with provable security. We formally prove that the proposed scheme is semantically secure for confidentiality and receiver anonymity. Compared with the previously proposed anonymous multireceiver ID‐based encryption and ID‐based broadcast encryption schemes, the proposed scheme has better performance and robust security. Copyright © 2012 John Wiley & Sons, Ltd. 相似文献