抗自适应泄漏的基于身份加密方案

针对基于身份的加密(IBE)体制中缺乏有效抗自适应泄漏方案的问题,运用熵抗泄漏的基本思想,定义了自适应泄漏攻击下IBE的安全性;利用基于身份的散列证明系统(IB-HPS)和提取器,提出了抗自适应泄漏的IBE方案;并对其进行实例化,构建了基于q-TABDHE假设的抗自适应泄漏的IBE方案。安全性分析表明,设计的IBE方案是选择明文攻击安全的,它不仅能够有效地抵抗自适应泄漏,而且能够容忍较大的密钥泄漏量。     

ID-based authentication scheme combined with identity-based encryption with fingerprint hashing

Current identity-based （ID） cryptosystem lacks the mechanisms of two-party authentication and user＇s private key distribution. Some ID-based signcryption schemes and ID-based authenticated key agreement protocols have been presented, but they cannot solve the problem completely. A novel ID-based authentication scheme based on ID-based encrypfion （IBE） and fingerprint hashing method is proposed to solve the difficulties in the IBE scheme, which includes message receiver authenticating the sender, the trusted authority （TA） authenticating the users and transmitting the private key to them. Furthermore, the scheme extends the application of fingerprint authentication from terminal to network and protects against fingerprint data fabrication. The fingerprint authentication method consists of two factors. This method combines a token key, for example, the USB key, with the user＇s fingerprint hash by mixing a pseudo-random number with the fingerprint feature. The security and experimental efficiency meet the requirements of practical applications.     

一种新的三方认证密钥协商协议

目前大部分基于身份的三方认证密钥协商协议都存在安全缺陷,文中在Xu等人提出的加密方案的基础上,设计了一种基于身份的三方认证密钥协商协议.该协议的安全性建立在BDDH假设基础上,经安全性分析,协议具有已知密钥安全,PKG前向安全,并能抵抗未知密钥共享攻击和密钥泄露伪装攻击,因此该协议是一个安全的三方密钥协商协议.     

移动漫游中强安全的两方匿名认证密钥协商方案

由于低功耗的移动设备计算和存储能力较低,设计一种高效且强安全的两方匿名漫游认证与密钥协商方案是一项挑战性的工作.现有方案不仅计算开销较高,而且不能抵抗临时秘密泄露攻击.针对这两点不足,提出一种新的两方匿名漫游认证与密钥协商方案.在新方案中,基于Schnorr签名机制,设计了一种高效的基于身份签密算法,利用签密的特性实现实体的相互认证和不可追踪;利用认证双方的公私钥直接构造了一个计算Diffie-Hellman（Computational Diffie-Hellman,CDH）问题实例,能抵抗临时秘密泄露攻击.新方案实现了可证明安全,在eCK（extended Canetti-Krawczyk）模型基础上,探讨两方漫游认证密钥协商方案安全证明过程中可能出现的情形,进行归纳和拓展,并给出新方案的安全性证明,其安全性被规约为多项式时间敌手求解椭圆曲线上的CDH问题.对比分析表明：新方案安全性更强,需要实现的算法库更少,计算和通信开销较低.新方案可应用于移动通信网络、物联网或泛在网络,为资源约束型移动终端提供漫游接入服务.     

一个可证安全的基于身份多密钥认证协商协议

An authentication multiple key agreement protocol allows the users to compute more than one session keys in an authentication way. In the paper, an identity-based authentication multiple key agreement protocol is proposed. Its authentication part is proven secure against existential forgery on adaptively chosen message and ID attacks under the random oracle model upon the CDH assumptions. The session keys are proven secure in a formal CK security model under the random oracle model upon the CBDH assumptions. Compared with the previous multiple key agreement protocols, it requires less communication cost.     

<Emphasis Type="Italic">EIAS-CP:</Emphasis> new efficient identity-based authentication scheme with conditional privacy-preserving for VANETs

In VANETs, vehicles broadcast traffic-related messages periodically according to Dedicated Short Range Communication protocol. To ensure the reliability and integrity of messages, authentication schemes are involved in VANETs. As traffic-related messages are time-sensitive, they must be verified and processed timely, or it may cause inestimable harm to the traffic system. However, the OBUs and the RSUs are limited in computation ability and cannot afford vast messages’ verification. Recently, some identity-based authentication schemes using bilinear pairing have been proposed to improve the efficiency of message verification for VANETs. Nevertheless, the bilinear pairing is not suited for VANETs due to its complex operations. The design of an efficient and secure authentication scheme with low computation cost for VANETs still is a rewarding challenge. To settle this challenge, a new efficient identity-based authentication scheme is proposed in this paper. The proposed scheme ensures reliability and integrity of messages and provides conditional privacy-preserving. Compared with the most recent proposed authentication schemes for VANETs, the computation costs of the message signing and verification in the proposed scheme reduce by 88 and 93 % respectively, while security analysis demonstrates that our proposed scheme satisfies all security and privacy requirements for VANETs.     

Three-party password authenticated key agreement protocol with user anonymity based on lattice

With the rapid development of quantum theory and the existence of polynomial algorithm in quantum computation based on discrete logarithm problem and large integer decomposition problem,the security of the algorithm was seriously threatened.Therefore,two authentication key agreement protocols were proposed rely on ring-learning-with-error (RLWE) assumption including lattice-based implicit authentication key agreement scheme and lattice-based explicit authentication key agreement scheme and proved its security.The implicit authentication key agreement protocol is less to communicate and faster to authentication,the explicit authentication key agreement protocol is more to secure.At the same time,bidirectional authentication of users and servers can resist unpredictable online dictionary attacks.The new protocol has higher efficiency and shorter key length than other password authentication key agreement protocols.It can resist quantum attacks.Therefore,the protocol is efficient,secure,and suitable for large-scale network communication.     

基于身份的密码系统及其实现

基于身份的认证体制是一种以用户的身份信息作为公钥的认证体制,首先介绍了IBE技术的基础知识,并就IBE中所存在的公开问题作了较详细的分析,提出了一种基于中间公钥、门限和密钥隔离的IBE认证体制方案,解决了PKG密钥安全、私钥的安全传输、密钥托管、公钥撤销等问题,提高了IBE认证体制的安全性和实用性,还给出了系统的具体实现,并就其安全性作了具体分析。     

Efficient Privacy-Preserving Anonymous Authentication Protocol for Vehicular Ad-Hoc Networks

Vehicular ad-hoc network (VANET) has been considered as one of the most promising wireless sensor technologies, which could enhance driving convenience and traffic efficiency through real-time information interaction. Nevertheless, emerging security issues (e.g., confidentiality, integrity, identity privacy, message authentication) will hinder the widespread deployment of VANETs. To address these issues, in this paper, we propose an efficient privacy-preserving anonymous authentication protocol for VANETs. We first design an identity-based signature algorithm, and exploit it with an account information of a vehicle to propose our anonymous authentication protocol. The protocol enables each vehicle to anonymously send an authenticated message to nearby roadside units (RSUs) in a confidential way, and efficiently check the feedback information from nearby RSUs. Simultaneously, the protocol achieves key-exchange functionality, which could produce a session key for later secure communication between vehicles and RSUs. Finally, we give the security analysis of the proposed protocol and conduct a comprehensive performance evaluation, the results demonstrate its feasibility in the secure deployment of VANETs.

     

基于公钥的可证明安全的异构无线网络认证方案

该文针对3G-WLAN异构网络的接入安全,对异构网络的实体进行抽象,建立了一种通用的认证模型。在该模型的基础上,利用Canetti-Krawczyk (CK)模型设计了一种新的接入认证与密钥协商方案。该方案利用公钥基础设施分配公钥,简化接入端服务器和归属端服务器间的认证过程和认证信息;利用椭圆曲线密码机制,减少了移动终端的认证计算量;最后利用CK模型对提出的协议进行了形式化分析和证明。分析表明该方案是安全有效的。     

GUC安全的关系联结算子保密计算协议

分布式数据库系统的关系算子的保密计算协议是多方保密计算(MPC)理论的重要应用领域之一,目前该方向的绝大部分工作主要针对如何构造查询类算子的保密计算协议,对如何构造数据生成类算子的保密计算协议则较少涉及。针对广泛应用的关系联结(join)算子,基于保密及匿名的身份基公钥加密(IBE)方案及其用户私钥盲生成协议给出联结算子的2-方保密计算协议的一种通用的、不依赖于随机oracle(即标准模型)的有效构造,并证明该构造具有GUC(generlized universal composability)安全性。     

一种新的基于身份的门限签名方案

 门限签名能够分散签名权力,比普通单人签名具有更高的安全性.目前大多数门限签名都是随机预言模型下可证明安全的.本文利用椭圆曲线上的双线性对,以Paterson签名方案为基础,提出了一种无随机预言的基于身份的门限签名方案.该方案需要一个可信任的私钥生成中心来生成和管理私钥.在标准模型下对该方案进行了安全性证明,表明该方案是健壮的,并且能够抵抗适应性选择消息攻击.     

无线传感器网络中带消息恢复机制的PBC广播认证协议

为了在无线传感器网络(WSN)中保证安全等级的情况下最小化通信和计算成本,提出了一种带消息恢复机制的基于配对密码学的广播认证协议。该机制不需要同时传输原始签名信息和新生成的签名信息,认证/消息恢复过程能自动恢复原始签名信息。首先初始化系统,基站产生系统参数;然后用户从基站获取密钥,访问WSN;最后当用户需要广播消息给WSN时,用户使用包含消息恢复机制的身份签名(IBS)协议写下签名消息,生成签名后进行消息广播。实验性能分析表明,与IMBAS和IDBAS相比,本文协议的广播消息大小分别减少了30%和22.3%,在112比特位安全等级,总能耗至少减少30%左右,在80比特位安全等级至少可降低15%的总能耗。     

协议组合逻辑安全的4G无线网络接入认证方案

针对4G无线网络中移动终端的接入认证问题,基于自证实公钥系统设计了新的安全接入认证方案,并运用协议演绎系统演示了该方案形成的过程和步骤,用协议组合逻辑对该方案的安全属性进行了形式化证明.通过安全性证明和综合分析,表明该方案具有会话认证性和密钥机密性,能抵御伪基站攻击和重放攻击,并能提供不可否认服务和身份隐私性,同时提高了移动终端的接入效率     

对一个基于身份签密方案的分析与改

基于身份的签密方案计算开销小,密钥管理简单,适用于保证信息的保密性和认证性。Zhang等提出了一个高效的基于身份签密方案,并在随机预言模型下证明了该方案的安全性。通过分析发现Zhang等的签密方案存在缺陷,针对缺陷提出了相应的改进方案,并且基于随机预言模型证明了新方案的安全性。理论分析和实验仿真证明,所提方案计算复杂度低,适合于实际应用。     

基于ABE-IBS的无线传感器网络签名加密一体化方法

为了提高无线传感器网络加密与签名的安全性与效率,结合椭圆曲线上双线性对的基于身份的签名体制(IBS),提出了基于属性的加密和基于身份的签名一体化(ABE-IBS)方法和一个有效的无线传感器网络签密方案,分析与实验结果表明,提出的方案复杂性和存储要求低、效率高,能增强无线传感器网络的安全性.     

基于Waters的ID加密的高效选择密文安全公钥密码体制

2004年的欧密会上,Canetti, Halevi和Katz提出了将Selective-ID安全的基于身份加密方案转化为选择密文安全(即, CCA安全)的公钥加密方案的方法。但由于该方法需要用到一次性签名,给所基于的方案增加了明显的通信和计算负载。该文由Waters提出的Adaptive-ID安全的基于身份加密(IDE)方案构造了一个新的CCA安全公钥加密方案。这里的身份由前两部分密文的hash值得到,密文合法性由双线性映射来验证。其效率比直接利用CHK的一般转化得到方案有明显提高。新方案的安全性在标准的决定性双线性Diffie-Hellman假设下被证明。     

LPPA: Lightweight privacy‐preservation access authentication scheme for massive devices in fifth Generation (5G) cellular networks

Because of the requirements of stringent latency, high‐connection density, and massive devices concurrent connection, the design of the security and efficient access authentication for massive devices is the key point to guarantee the application security under the future fifth Generation (5G) systems. The current access authentication mechanism proposed by 3rd Generation Partnership Project (3GPP) requires each device to execute the full access authentication process, which can not only incur a lot of protocol attacks but also result in signaling congestion on key nodes in 5G core networks when sea of devices concurrently request to access into the networks. In this paper, we design an efficient and secure privacy‐preservation access authentication scheme for massive devices in 5G wireless networks based on aggregation message authentication code (AMAC) technique. Our proposed scheme can accomplish the access authentication between massive devices and the network at the same time negotiate a distinct secret key between each device and the network. In addition, our proposed scheme can withstand a lot of protocol attacks including interior forgery attacks and DoS attacks and achieve identity privacy protection and group member update without sacrificing the efficiency. The Burrows Abadi Needham (BAN) logic and the formal verification tool: Automated Validation of Internet Security Protocols and Applications (AVISPA) and Security Protocol ANimator for AVISPA (SPAN) are employed to demonstrate the security of our proposed scheme.     

物联网移动RFID系统匿名访问控制认证密钥交换协议

针对物联网移动RFID系统标签隐私信息的访问控制以及用户身份隐私保护问题,本文采用身份加密和属性加密相结合的方法,建立了IB-AB-eCK安全模型,设计了基于身份及属性的认证密钥交换协议IB-AB-AKE。基于IB-AB-AKE协议,提出了移动RFID手机与信息服务器之间认证密钥交换协议,实现了在保护移动RFID手机用户身份隐私的同时,根据标签所有者定制的访问控制策略进行标签信息的访问控制认证和会话密钥交换,防止了隐私信息被非法访问。分析表明,IB-AB-AKE协议在IB-AB-eCK模型下是安全的,且在通信次数、通信量及计算量方面具有优势。      

标准模型下可公开验证的匿名IBE方案的安全性分析

现有的可公开验证的匿名基于身份的加密（Identity-Based Encryption,IBE）机制声称解决了在静态困难性假设之上构造紧的选择密文安全的IBE机制的困难性问题.然而,本文发现,由于该机制的密文不具备防扩展性,使得任何敌手可基于已知的有效密文生成任意消息的合法加密密文,导致该机制无法满足其所声称的选择密文安全性.我们根据不同的密文相等判定条件分别提出两种方法对原始方案的安全性进行了分析,同时在分析基础上指出原始安全性证明过程中所存在的不足.