An authenticated group key distribution protocol based on the generalized Chinese remainder theorem

The group key distribution protocol is a mechanism for distributing a group key that is used to encrypt the communication data transmitted in an open group. Recently, a novel group key distribution protocol based on secret sharing was proposed. In their protocol, the group key information is broadcast in an open network environment, and only authorized group members can obtain the group key. However, their protocol requires each group member to broadcast a random challenge to the rest of the group members in the construction of the group key, and this may increase communication cost and cause network traffic congestion. In this paper, we propose an authenticated group key distribution protocol based on the generalized Chinese remainder theorem that drastically reduces communication costs while maintaining at least the same degree of security. Our protocol is built on the secret sharing scheme based on Chinese remainder theorem, which requires fewer computation operations than the previous work. Copyright © 2012 John Wiley & Sons, Ltd.     

A novel verifiable secret sharing mechanism using theory of numbers and a method for sharing secrets

Verifiable secret sharing (VSS) has been extensively used as a cryptographic tool in many applications of information security in recent years. A VSS enables a dealer to divide a secret s into n shares and allows shareholders to verify whether their shares are generated by the dealer consistently without revealing the secrecy of both shares and the secret. More specifically, shareholders can verify that (i) the secret can be recovered by any t or more than t shares and (ii) the secret cannot be obtained by fewer than t shares. Many VSSs are based on polynomial, and only a few of them are based on the Chinese Remainder Theorem (CRT). Recently, Harn et al. proposed a CRT‐based VSS in which multiple verification secrets are used during the phase of verification. In this paper, we propose a VSS based on Asmuth‐Bloom's (t, n) SS scheme, which depends on the CRT. Our proposed VSS is simpler and more efficient than the scheme of Harn et al. Our proposed VSS is unconditionally secure. Copyright © 2014 John Wiley & Sons, Ltd.     

基于Mignotte''''s列的(t,n)门限群签名方案

电子学报中曾提出了一个在不改变其他有效群成员的签名密钥的情况下，可安全快速地加入或删除群成员的群签名方案。但此方案没有涉及到实际运用中需要设置门限的情况，现对原方案做了改进和推广，保留了原方案中可安全快速地加入或删除群成员的优点，推广到了每次参与签名人数变动较大，并需要设置门限的情况，利用中国剩余定理提出了一个新的基于Mignotte’s门限秘密共享方案的（t，n）门限群签名方案。     

基于指纹及中国剩余定理的改进模糊金库算法

针对传统生物特征加密算法中所存在的不足.对模糊金库算法进行了一定的研究,基于指纹特征提出了一种改进的模糊金库算法.在密钥绑定阶段,根据生成的两两互素的正整数,将待保护密钥和生物特征相结合生成生物密钥.在密钥恢复阶段,根据(t,n)门限思想,运用中国剩余定理将获得的影子进行解密并恢复密钥.通过理论分析和仿真实验,密钥的安...     

A secure and robust group key distribution and authentication protocol with efficient rekey mechanism for dynamic access control in secure group communications

In today's Internet era, group communications have become more and more essential for many emerging applications. Given the openness of today's networks, efficient and secure distribution of common key is an essential issue for secure communications in the group. To maintain confidentiality during communication in the group, all authorized members require a common key called the group key in advance. This paper proposes a group key distribution and authentication protocol for dynamic access control in secure group communication using Chinese remainder theorem (CRT), which is highly secure and computationally efficient. The proposed protocol (1) has drastically reduced the computation complexity of group controller ( GC ) and members, (2) has provided intense security by means of an additional secret parameter used by GC and members, (3) has minimized storage and communication overheads, (4) has been decentralized for higher scalability so that it can efficiently handle large‐scale changes in the group membership, and (5) is suitable for many practical applications due to intense security along with low computation and storage overheads. Detailed security analysis proves that our protocol can guarantee the privacy and security requirements of group communications. Moreover, performance analysis also verifies the efficiency and effectiveness of the proposed protocol. The proposed protocol has been experimented on star topology‐based key distribution system and observed that the protocol significantly reduces the computation cost and minimizes the communication and storage overheads.     

An efficient and attack‐resistant key agreement scheme for secure group communications in mobile ad‐hoc networks

As a result of the growing popularity of wireless networks, in particular mobile ad hoc networks (MANET), security over such networks has become very important. Trust establishment, key management, authentication, and authorization are important areas that need to be thoroughly researched before security in MANETs becomes a reality. This work studies the problem of secure group communications (SGCs) and key management over MANETs. It identifies the key features of any SGC scheme over such networks. AUTH‐CRTDH, an efficient key agreement scheme with authentication capability for SGC over MANETs, is proposed. Compared to the existing schemes, the proposed scheme has many desirable features such as contributory and efficient computation of group key, uniform work load for all members, few rounds of rekeying, efficient support for user dynamics, key agreement without member serialization and defense against the Man‐in‐the‐Middle attack, and the Least Common Multiple (LCM) attack. These properties make the proposed scheme well suited for MANETs. The implementation results show that the proposed scheme is computationally efficient and scales well to a large number of mobile users. Copyright © 2007 John Wiley & Sons, Ltd.     

量子密钥分发系统的现实无条件安全性

量子密钥分发系统由于能够提供一种物理上安全的密钥分发方式,因此成为量子信息领域的研究热点,其中如何在现实条件下保证量子密钥分发的无条件安全性是该领域的一个重要研究课题。本文从经典保密通信系统中具有完善保密性的一次一密体制出发,介绍了量子密钥分发系统的应用模型和整体保密通信系统的安全性基础,以及自量子密钥分发协议被提出以来量子密钥传输现实无条件安全性的研究进展,重点介绍了针对现实条件安全漏洞的各种类型的量子黑客攻击方案、防御方式,以及最近两年被广泛重视的与测量设备无关的量子密钥分发系统的理论和实验进展。     

Impact of fiber dispersion on the performance of entanglement-based dispersive optics quantum key distribution

Dispersive optics quantum key distribution (DO-QKD) based on energy-time entangled photon pairs is an important QKD scheme. In DO-QKD, the arrival time of photons is used in key generation and security analysis, which would be greatly affected by fiber dispersion. In this work, we established a theoretical model of the entanglement-based DO-QKD system, considering the protocol, physical processes (such as fiber transmission and single-photon detection), and the analysis of security tests. Based on this theoretical model, we investigate the influence of chromatic dispersion introduced by transmission fibers on the performance of DO-QKD. By analyzing the benefits and costs of dispersion compensation, the system performance under G.652 and G.655 optical fibers are shown, respectively. The results show that dispersion compensation is unnecessary for DO-QKD systems in campus networks and even metro networks. Whereas, it is still required in DO-QKD systems with longer fiber transmission distances.     

单光子双比特量子密钥分发量子误码分析

对基于偏振-相位混合调制的单光子双比特方案进行了分析和改进。建立了偏振态输入输出模型,从理论分析了光纤Mach-Zehnder(M-Z)干涉环对偏振态的影响,仿真分析了偏振基矢与快慢轴对准误差以及快慢轴相位差引入的偏振编码量子误码率(BER),进而推导出了偏振-相位混合调制的光子偏振态保持条件。偏振编码的量子误码率受到M-Z干涉仪的影响非常大。理论分析表明,偏振态的抖动不仅来源于光纤的折射率,还受到偏振态未对准光纤快慢轴的影响。给出了一些重要的偏振态保持条件。仿真表明当ρ和θ小于0.2rad,偏振态量子误码率小于0.015,当ρ和θ小于0.4rad时,偏振态量子误码率小于0.06。这对于单光子双比特的量子密钥系统的误码率(<11%)要求来说,2%～5%的误码率是能够接受的。     

Design and FPGA implementation of an efficient security mechanism for mobile pay‐TV systems

A mobile pay‐TV service is one of the ongoing services of multimedia systems. Designing an efficient mechanism for authentication and key distribution is an important security requirement in mobile pay‐TV systems. Until now, many security protocols have been proposed for mobile pay‐TV systems. However, the existing protocols for mobile pay‐TV systems are vulnerable to various security attacks. Recently, Wang and Qin proposed an authentication scheme for mobile pay‐TV systems using bilinear pairing on elliptic curve cryptography. They claimed that their scheme could withstand various attacks. In this paper, we demonstrate that Wang and Qin's scheme is vulnerable to replay attacks and impersonation attacks. Furthermore, we propose a novel security protocol for mobile pay‐TV systems using the elliptic curve cryptosystem to overcome the weaknesses of Wang and Qin's scheme. In order to improve the efficiency, the proposed scheme is designed in such a way that needs fewer scalar multiplication operations and does not use bilinear pairing, which is an expensive cryptographic operation. Detailed analyses, including verification using the Automated Validation of Internet Security Protocols and Applications tool and implementation on FPGA, demonstrate that the proposed scheme not only withstands active and passive attacks and provides user anonymity but also has a better performance than Wang and Qin's scheme.