An efficient non-interactive deniable authentication scheme based on trapdoor commitment schemes

Deniable authentication scheme is one of useful tools for secure communications. The scheme allows a sender to prove the authenticity of a message to a specified receiver without permitting the receiver to prove that the message was authenticated by the sender. Non-interactive schemes are more attractive than interactive schemes in terms of communication overhead, and thus several non-interactive deniable authentication scheme have been proposed. In this paper, we propose an efficient non-interactive deniable authentication scheme based on trapdoor commitment scheme. We construct an efficient trapdoor commitment scheme which provides very efficient commitment evaluation operation. Then we design an efficient non-interactive deniable authentication scheme by using the trapdoor commitment scheme. We also prove the security of our scheme under firmly formalized security model.     

DECENT: Secure and fine-grained data access control with policy updating for constrained IoT devices

The Internet of Things (IoT) is a novel paradigm where many of the objects that surround us can be connected to the internet. Since IoT is always related to user’s personal information, it raises lot of data security and privacy issues. In this paper, we present a secure and fine-grained data access control scheme for constrained IoT devices and cloud computing based on hierarchical attribute-based encryption, which reduces the key management by introducing hierarchical attribute authorities. In order to relieve local computation burden, we propose an outsourced encryption and decryption construction by delegating most of laborious operations to gateway and cloud server. Further, our scheme achieves efficient policy updating, which allows the sender device to update access policies without retrieving and re-encrypting the data. The security and performance analysis results show that our scheme is secure and efficient.     

基于DICE的证明存储方案

信息技术的不断发展和智能终端设备的普及导致全球数据存储总量持续增长,数据面临的威胁挑战也随着其重要性的凸显而日益增加,但目前部分计算设备和存储设备仍存在缺乏数据保护模块或数据保护能力较弱的问题.现有数据安全存储技术一般通过加密的方式实现对数据的保护,但是数据的加解密操作即数据保护过程通常都在应用设备上执行,导致应用设备遭受各类攻击时会对存储数据的安全造成威胁.针对以上问题,本文提出了一种基于DICE的物联网设备证明存储方案,利用基于轻量级信任根DICE构建的可信物联网设备为通用计算设备(统称为主机)提供安全存储服务,将数据的加解密操作移至可信物联网设备上执行,消除因主机遭受内存攻击等风险对存储数据造成的威胁.本文工作主要包括以下3方面:(1)利用信任根DICE构建可信物联网设备,为提供可信服务提供安全前提.(2)建立基于信任根DICE的远程证明机制和访问控制机制实现安全认证和安全通信信道的建立.(3)最终利用可信物联网设备为合法主机用户提供可信的安全存储服务,在实现数据安全存储的同时,兼顾隔离性和使用过程的灵活性.实验结果表明,本方案提供的安全存储服务具有较高的文件传输速率,并具备较高...     

可证明安全k-out-of-n不经意传输方案的安全分析与改进

不经意传输是密码学研究的一个重要内容。对一种可证明安全的k-out-of-n不经意传输方案安全性进行了分析。该方案的构造方法很新颖,具有很高的计算效率和传输效率。但是分析发现其存在一个明显漏洞,可以使得接收者能够获得发送者发送的全部信息,从而违背了不经意传输的安全性要求。详细分析后,通过引入一个随机数对该方案进行了改进,改进后的方案消除了原方案存在的漏洞,并且传输开销和计算开销与原方案相同,方案安全性同样是建立在判断性Diffie-Hellman (DDH)问题为困难问题的假设之上。     

Perfect state transfer by means of discrete-time quantum walk on complete bipartite graphs

We consider a quantum walk with two marked vertices, sender and receiver, and analyze its application to perfect state transfer on complete bipartite graphs. First, the situation with both the sender and the receiver vertex in the same part of the graph is considered. We show that in this case the dynamics of the quantum walk is independent of the size of the second part and reduces to the one for the star graph where perfect state transfer is achieved. Second, we consider the situation where the sender and the receiver vertex are in the opposite parts of the graph. In such a case, the state transfer with unit fidelity is achieved only when the parts have the same size.     

An arbitrated quantum signature scheme with fast signing and verifying

Existing arbitrated quantum signature (AQS) schemes are almost all based on the Leung quantum one-time pad (L-QOTP) algorithm. In these schemes, the receiver can achieve an existential forgery of the sender’s signatures under the known message attack, and the sender can successfully disavow any of her/his signatures by a simple attack. In this paper, a solution of solving the problems is given, through designing a new QOTP algorithm relying largely on inserting decoy states into fixed insertion positions. Furthermore, we present an AQS scheme with fast signing and verifying, which is based on the new QOTP algorithm. It is just using single particle states and is unconditional secure. To fulfill the functions of AQS schemes, our scheme needs a significantly lower computational costs than that required by other AQS schemes based on the L-QOTP algorithm.     

Integrity Codes: Message Integrity Protection and Authentication over Insecure Channels

Inspired by unidirectional error detecting codes that are used in situations where only one kind of bit errors are possible (e.g., it is possible to change a bit "0" into a bit "1", but not the contrary), we propose integrity codes (I-codes) for a radio communication channel, which enable integrity protection of messages exchanged between entities that do not hold any mutual authentication material (i.e. public keys or shared secret keys). The construction of I-codes enables a sender to encode any message such that if its integrity is violated in transmission over a radio channel, the receiver is able to detect it. In order to achieve this, we rely on the physical properties of the radio channel and on unidirectional error detecting codes. We analyze in detail the use of I-codes on a radio communication channel and we present their implementation on a wireless platform as a "proof of concept". We further introduce a novel concept called "authentication through presence", whose broad applications include broadcast authentication, key establishment and navigation signal protection. We perform a detailed analysis of the security of our coding scheme and we show that it is secure within a realistic attacker model.     

Confidential deniable authentication using promised signcryption

In a deniable authentication protocol, a receiver is convinced that a received message is indeed from a particular sender, but cannot prove this to any third party. Deniable authentication protocols satisfy deniability and intended receiver properties. Among the proposed deniable authentication protocols, non-interactive protocols are more efficient than interactive protocols by reducing communication cost. The Hwang and Ma, and the Hwang and Chao non-interactive protocols provide sender anonymity. Recently some interactive protocols provide confidentiality while no non-interactive protocols do. However, the transferred data may damage sender or receiver anonymity. To provide confidentiality and anonymity efficiently, the first promised signcryption scheme is proposed. Using our promised signcryption scheme, we propose the first efficient non-interactive deniable authentication protocol with confidentiality, sender anonymity, and sender protection.     

Private Keyword-Search for Database Systems Against Insider Attacks

The notion of searchable encrypted keywords introduced an elegant approach to retrieve encrypted data without the need of decryption. Since the introduction of this notion, there are two main searchable encrypted keywords techniques, symmetric searchable encryption (SSE) and public key encryption with keyword search (PEKS). Due to the complicated key management problem in SSE, a number of concrete PEKS constructions have been proposed to overcome it. However, the security of these PEKS schemes was only weakly defined in presence of outsider attacks; therefore they suffer from keyword guessing attacks from the database server as an insider. How to resist insider attacks remains a challenging problem. We propose the first searchable encrypted keywords against insider attacks (SEK-IA) framework to address this problem. The security model of SEK-IA under public key environment is rebuilt. We give a concrete SEK-IA construction featured with a constant-size trapdoor and the proposed scheme is formally proved to be secure against insider attacks. The performance evaluations show that the communication cost between the receiver and the server in our SEK-IA scheme remains constant, independent of the sender identity set size, and the receiver needs the minimized computational cost to generate a trapdoor to search the data from multiple senders.     

A simple deniable authentication protocol based on the Diffie–Hellman algorithm

Deniable authentication protocol is a new authentication mechanism in secure computer communication, that not only enables an intended receiver to identify the source of a received message but also prevents a third party from identifying the source of the message. In this paper, based on the Diffie–Hellman algorithm, we propose a new simple deniable authentication protocol from a provably secure simple user authentication scheme. Compared with other deniable authentication protocols, our proposed protocol not only achieves the property of deniable authenticity, but also provides the mutual authentication between the sender and the intended receiver and the confidentiality.     

利用移动键控和耦合超混沌系统实现异步十六进制数字保密通信系统

为提高混沌移动键控方案的通信效率,提出基于移动键控和耦合超混沌系统的异步保密通信方案。在发送端,将十六进制信号嵌入到增益后的混沌状态变量中,利用转换器控制模块实现多个状态变量交替变换掩盖信号,经添加高斯噪声后发送出去。在接收端通过检测噪声强度动态调整检测阈值,可成功提取出发送的信号。数值模拟验证了该系统在含噪声信道环境下,双方通过自适应调整混沌信号增益实现保密通信,随着信噪比（SNR）的增加,比特误码率（BER）呈平滑降低趋势,确保了系统的稳定性。     

减轻CMT中乱序程度的发送端数据分配方案

为减轻多径并行传输（concurrent multipath transfer,CMT）系统中的接收端数据包乱序对系统传输性能的影响,提出一种新的发送端数据分配方案。方案基于路径带宽、往返传输时延和拥塞窗口预测数据包前向传输时延,并将其作为划分系统中路径传输优先级的度量因子,发送端根据路径传输优先级和发送缓存区状态为各路径分配待发送队列中不会导致接收端乱序的数据包。仿真结果表明,与轮询和一种基于分组到达时间的负载均衡算法（arrival-time matching load-balancing,ATLB）算法相比,所提发送端数据分配方案可有效减少接收端乱序数据包个数。     

Concurrently deniable ring authentication and its application to LBS in VANETs

Deniable ring authentication can be used to facilitate privacy-preserving communication since the receiver accepts authentication while cannot convince a third party that the fact of this authentication occurred. Besides that, the receiver cannot decide the actual sender as the sender identity is hidden among a group of participants. However, the concurrent problem has not been studied well in the interactive deniable ring authentication so far. In this work, we propose a deniable ring authentication protocol to handle concurrent scenario, which achieves full deniability. We construct a CCA2-secure (which is secure against Adaptive Chosen Ciphertext attack) multi-receiver encryption scheme to support this protocol and it requires only 2 communication rounds, which is round-optimal in fully deniable ring authentications. In addition, we observe that efficient fully deniable ring authentication can be applied to location-based service in VANETs to protect vehicle privacy.     

Efficient chosen ciphertext secure key encapsulation mechanism in standard model over ideal lattices

Key encapsulation mechanism (KEM) is an important key distribution mechanism that not only allows both sender and receiver to safely share a random session key, but also can be mainly applied to construct a hybrid public key encryption scheme. In this paper, we give an positive answer to the question of if it is possible to build an efficient KEM over lattices. More precisely, we design an efficient KEM scheme in standard model based on ideal lattices. We prove that the proposed scheme captures indistinguishability against active chosen ciphertext attacks (IND-CCA) under the ring learning with errors problem, or more formally, IND-CCA security. Compared with the current CCA secure KEM schemes based on lattices in the standard model, our scheme has shorter public key, secret key and encapsulation ciphertext. In addition, our KEM scheme realizes IND-CCA security in the standard model.     

结合时间戳的指纹密钥数据加解密传输方案

目的 对于生物密钥而言，生物特征数据的安全与生物密钥的管理存储都很关键。为了构造能够应用在通信数据传输场景的生物密钥，同时保证生物特征本身的模糊性与密码学的精确性处于一种相对平衡状态，提出一种基于时间戳与指纹密钥的数据加解密传输方案。方法 利用发送方指纹特征点之间的相对信息，与保密随机矩阵生成发送方指纹密钥；借助通信双方的预先设定数与时间戳，生成接收方恢复指纹密钥时所需的辅助信息；利用发送方指纹密钥加密数据，实现密文数据的传输。结果 本文方法在仿真通信双方数据加解密的实现中，测试再生指纹密钥的识别率（GAR）与误识率（FAR）。通过实验数据分析，表明了本文提出的指纹密钥生成方法的可用性，以及指纹密钥作为数字身份所具备的可认证性，其中真实发送方的再生指纹密钥识别率可高达99.8%，并且本方案还可用于即时通信、对称加密等多种场景当中。结论 本文方法利用时间戳确定了通信事件的唯一性与不可否认性，同时实现了指纹密钥恢复时的"一次一密"。此外，方案通过保密随机矩阵实现了发送方指纹密钥的可撤销，极大程度保障了指纹数据的安全性。     

支持等式测试的身份基可否认认证加密方案及其在电子投票系统的应用

电子投票系统被认为是现代生活中高效提供政府服务和进一步加强民主活力的方法。但是,现有构建电子投票系统的方法存在以下问题:第一,在面临贿选及胁迫的压力时,选民无法无视外在压力独立投票。其次,审计投票结果的实体可以在审计的同时获知有关投票内容的额外信息。为了解决上述两个问题,我们首次将可否认认证加密技术与身份基等式测试加密技术相结合,提出了一种支持等式测试的身份基可否认认证加密方案。该方案可以在第三方服务器不解密的情况下提供密文可比性,还能保证接收方验证发送方的身份的同时,不能向第三方证明信息来自发送方,从而保护发送方的隐私。该方案利用可否认认证加密技术在技术层面保证了选民独立投票的能力,并额外增加了身份基下的等式测试功能以确保审计机构在逻辑结构上拥有访问权限。在使用本方案的电子投票系统中,审计机构在审计投票结果的同时,不获得有关选票的任何其他信息。我们证明了我们的方案在随机预言模型中是安全的,并且可以在电子投票系统中确保不可胁迫性和可审计性。该方案与已有相关方案相比,在开销和安全性能均有较好表现的同时,实现了更为丰富的功能。此外,我们使用所提出的密码学方案设计了一个安全的电子投票系统,其...     

不经意传输协议研究综述

在互联网快速发展、大数据的挖掘与应用已渗透到各行各业的今天, 如何安全且高效地共享、使用海量数据成为新的热点研究问题. 安全多方计算是解决该问题的关键技术之一, 它允许一组参与方在不泄露隐私输入的前提下进行交互, 共同计算一个函数并得到输出结果. 不经意传输协议, 也叫茫然传输协议, 是一种保护隐私的两方通信协议, 消息发送者持有两条待发送的消息, 接收者选择一条进行接收, 事后发送者对接收者获取哪一条消息毫不知情, 接收者对于未选择的消息也无法获取任何信息. 不经意传输协议是安全多方计算技术的关键模块之一, 其效率优化可有效推动安全多方计算技术的应用落地, 对于特殊的两方安全计算协议如隐私集合交集计算尤为重要. 总结了不经意传输协议的分类及几种常见的变体, 分别阐述了基于公钥密码的不经意传输协议的构造和研究进展, 以及不经意传输扩展协议的构造和研究进展, 由此引出不经意传输扩展协议的效率优化研究的重要性. 同时, 在半诚实敌手和恶意敌手这两种敌手模型下, 分别对不经意传输协议和不经意传输扩展协议的效率优化研究进展进行了全面梳理. 另一方面, 从应用角度对不经意传输协议和不经意传输扩展协议在工程实现中常用的优化技术进行了系统化分析. 最后, 总结了不经意传输协议和不经意传输扩展协议研究目前所面临的主要问题及未来发展趋势.     

基于ECC签名的接入控制不经意传输方案

在椭圆曲线数字签名和不经意的基于签名的电子信封基础上,提出一种增强的不经意传输协议,解决不经意传输的接入控制问题。该方案除了具有一般不经意传输的特性外,还具有只有持有权威机构发放签名的接收者才能打开密文,且发送者既不能确定接收者选择了哪条消息,又不能确定其是否为授权用户。与现有的基于有限域上离散对数问题的不经意传输协议相比,该方案具有数据量更小、计算速度更快、开销更小等优点,具有广泛的应用领域。     

一种基于身份的代理签密体制

基于身份的代理签密结合身份的密码学和代理签密的特点,允许实体将签密的权力交由可信的代理执行,同时原始发送者、代理发送者以及接收者的公钥都由其唯一身份来确定。运用双线性配对构造一个基于身份的代理签密体制,该代理签密体制在传输过程中不需要安全通道,在通信和计算方面较同类体制具有更高的效率。分析结果表明,该代理签密体制在随机预言模型下是安全的。     

New constructions of OSBE schemes and their applications in oblivious access control

Oblivious signature-based envelope (OSBE) schemes have demonstrated their potential applications in the protection of users privacy and rights. In an OSBE protocol, an encrypted message can only be decrypted by the receiver who holds a valid signature on a public message, while the sender (encrypter) does not know whether the receiver has the signature or not. Our major contributions in this work lie in the following aspects. We improve the notion of OSBE so that a valid credential holder cannot share his/her credential with other users (i.e., all-or-nothing non-transferability). We clarify the relationship between one-round OSBE and identity-based encryption (IBE) and show that one-round OSBE and semantically secure IBE against the adaptively chosen identity attack (IND-ID-CPA) are equivalent, if the signature in the OSBE scheme is existentially unforgeable against adaptively chosen message attacks. We propose an oblivious access control scheme to protect user privacy without the aid of any zero-knowledge proof. Finally, we also highlight some other novel applications of OSBE, such as attributed-based encryption.