一种基才可验证秘密分享的密钥管理方案

介绍了一种应用于PKI系统中安全的密钥管理方案。利用秘密分享的方法来备份和恢复私钥，有效维护私钥的安全性．防止由一方单方面独享私钥。该方案采用可验证的秘密分享协议有效地解决了分享者欺骗的问题。     

一种基于可验证秘密分享的密钥管理方案

介绍了一种应用于PKI系统中安全的密钥管理方案.利用秘密分享的方法来备份和恢复私钥,有效维护私钥的安全性.防止由一方单方面独享私钥.该方案采用可验证的秘密分享协议有效地解决了分享者欺骗的问题.     

抗密钥委托滥用的可追踪属性基加密方案

针对可追踪属性基加密方案利用追踪功能解决密钥委托滥用问题的不完备性,提出了一种抗密钥委托滥用的可追踪属性基加密方案。将秘密参数分享给用户私钥中关联属性的全部组件,使解密过程必须由全部组件共同参与完成,仅由用户私钥的一部分不能进行解密操作,从而实现真正的抗密钥委托滥用。利用一种短签名技术保护用户私钥中的追踪参数,防止追踪参数被伪造,从而获得对用户的追踪能力。同时支持抗密钥委托滥用和可追踪增强了所提方案的安全性。与相关方案的对比分析表明,所提方案在参数尺寸和计算代价上具有更好的性能优势。     

基于双线性变换的可证明安全的秘密共享方案

提出了利用双线性对构建可证明安全的秘密共享方案的新方法.首先,基于公钥密码体制的语义安全的标准定义,提出了适合秘密共享方案的语义安全定义.然后,提出了一个新的基于双线性对的门限秘密共享方案,并对其正确性、安全性和性能进行分析讨论和证明.相比较于现有的大多数方案,此方案是可证明安全的,同时,该方案将参与者私钥计算和秘密分发过程分离,且秘密分发者无需安全保存参与者私钥,具有更好的安全性和效率,更适合实际应用.     

适用于任意接入结构的可验证多秘密分享方案

对一般接入结构上的可验证多秘密分享进行了研究，给出了可适用于任意接入结构的一类可验证多秘密分享方案的构造方法。用这种方法构造的可验证多秘密分享方案具有以下性质：可在一组分享者中同时分享多个秘密；分发者发送给每一分享者的秘密份额都是可公开验证的；关于每一秘密的公开信息也是可公开验证的；恢复秘密时可防止分享者提供假的份额。分析表明，用此方法构造的可验证多秘密分享方案不仅是安全的，而且是高效的。     

一种可验证的（t,n）门限秘密共享方案

秘密共享能够避免秘密过于集中,分散安全风险,提高系统的安全性和健壮性,是信息安全专业一个重要的分支。本文提出了一种可验证的（t,n）门限秘密共享方案,该方案中,所有用户的私钥由自己产生,无需可信中心,可以防止可信中心的权威欺骗。此外,该方案中,验证者之间不需要互相交换秘密份额,有效的保证了方案的公平性。     

一种无损多秘密分享视觉密码方案

针对分享多幅秘密图像存在信息损失的问题,该文给出(n, n)无损多秘密分享视觉密码的定义,在此基础上基于环状共享份设计了一种(n, n)多秘密视觉密码方案,使秘密图像的信息损失为零。实验结果表明,该方案不仅实现了在多个参与者之间分享多幅秘密图像,而且秘密图像能够完全恢复。     

一种基于身份加密的可验证秘密共享方案

 提出了一种使用IBE公钥算法实现的可验证秘密共享方案.该方案中秘密分发者将IBE私钥作为共享秘密在接入结构中分发,任何参与者可以通过公开的验证信息验证影子秘密的正确性.随后在随机预言模型中证明了所提方案的语义安全性.理论分析和仿真实验表明,方案可以有效检测来自内外部攻击者的欺骗攻击,并具有较低的时间复杂度和通信开销.     

具有传递性质的接入结构上的秘密分享方案的构造

引入了具有传递性质的接入结构的概念,并给出一种构造具有这类接入结构的秘密分享方案的通用方法,该方法简捷易行.对要分享的一个秘密,不管一个参与者属于多少个最小合格子集,他只需保存一个秘密份额.而且用于分享多个秘密时,不需要增加分享者额外的信息保存量.因而优于已有的其他许多方法.文中还给出了实例以说明如何具体地构造具有这类接入结构的秘密分享方案.     

一个可验证的门限多秘密分享方案

基于离散对数计算和大整数分解的困难性,利用RSA加密体制提出了一个新的门限多秘密分享方案.该方案通过零知识证明等协议来防止秘密分发者和秘密分享者的欺诈行为,因而是一个可验证的门限多秘密分享方案.该方案还具有:秘密影子可重复使用;子秘密影子可离线验证;供分享的秘密不须事先作预计算等特点.该方案可用于会议密钥(秘密)分配、安全多方计算、门限数字签名等应用领域.     

基于身份的泛在通信隐私保护方案

针对泛在通信应用场景中数据传输的私密性要求,基于IBE公钥加密算法和Shamir门限秘密共享,提出了一种泛在通信隐私保护方案。方案以不同信任域身份标识为公钥,加密后的影子密钥可通过广播信道分发,满足门限条件的节点可以重构隐私会话密钥。方案具有随机预言模型下可证明的IND-sID-CPA安全性,支持安全的新成员加入策略,具有较小的计算复杂度和存储、通信开销。     

Distributed node selection for threshold key management with intrusion detection in mobile ad hoc networks

In mobile ad hoc networks (MANETs), identity (ID)-based cryptography with threshold secret sharing is a popular approach for the security design. Most previous work for key management in this framework concentrates on the protocols and structures. Consequently, how to optimally conduct node selection in ID-based cryptography with threshold secret sharing is largely ignored. In this paper, we propose a distributed scheme to dynamically select nodes with master key shares to do the private key generation service. The proposed scheme can minimize the overall threat posed to the MANET while simultaneously taking into account of the cost (e.g., energy consumption) of using these nodes. Intrusion detection systems are modeled as noisy sensors to derive the system security situations. We use stochastic system to formulate the MANET to obtain the optimal policy. Simulation results are presented to illustrate the effectiveness of the proposed scheme.     

一种基于主动秘密共享技术的CA私钥保护方案

CA私钥的安全性是CA可信任性的基础.CA的私钥一旦泄露,其签发的所有证书就只能全部作废.因此,保护CA私钥的安全性就十分重要.主动秘密共享技术将时间分成一个个的周期,综合使用门限密码学、秘密周期性刷新、共享份额恢复来保护CA私钥,有效避免了攻击者长期攻击对CA私钥的破坏性,进一步提高了CA私钥的安全性.     

ACDAS: Authenticated controlled data access and sharing scheme for cloud storage

Cloud storage services require cost‐effective, scalable, and self‐managed secure data management functionality. Public cloud storage always enforces users to adopt the restricted generic security consideration provided by the cloud service provider. On the contrary, private cloud storage gives users the opportunity to configure a self‐managed and controlled authenticated data security model to control the accessing and sharing of data in a private cloud. However, this introduces several new challenges to data security. One critical issue is how to enable a secure, authenticated data storage model for data access with controlled data accessibility. In this paper, we propose an authenticated controlled data access and sharing scheme called ACDAS to address this issue. In our proposed scheme, we employ a biometric‐based authentication model for secure access to data storage and sharing. To provide flexible data sharing under the control of a data owner, we propose a variant of a proxy reencryption scheme where the cloud server uses a proxy reencryption key and the data owner generates a credential token during decryption to control the accessibility of the users. The security analysis shows that our proposed scheme is resistant to various attacks, including a stolen verifier attack, a replay attack, a password guessing attack, and a stolen mobile device attack. Further, our proposed scheme satisfies the considered security requirements of a data storage and sharing system. The experimental results demonstrate that ACDAS can achieve the security goals together with the practical efficiency of storage, computation, and communication compared with other related schemes.     

Revocable and traceable key-policy attribute-based encryption scheme

The existing key-policy attribute-based encryption (KP-ABE) scheme can not balance the problem of attribute revocation and user identity tracking.Hence,a KP-ABE scheme which supported revocable and traceable was proposed.The scheme could revoke the user attributes without updating the system public key and user private key with a less update cost.Meanwhile,it could trace the user identity based on decryption key which could effectively prevent anonymous user key leakage problem.The proposed scheme was based on linear secret sharing scheme (LSSS),which was more efficient than tree-based access structure.Based on the deterministic q-BDHE hypothesis,the proposed scheme gave security proof until standard mode.Finally,compared with the existing KP-ABE scheme,the scheme has a shorter public key length,lower computational overhead and realizes the traceability function of user identity based on the revocable attribute,which has obvious advantages.     

Enhanced secure medical data sharing with traceable anddirect revocation

Sharing of the electronic medical records among different hospitals raises serious concern of the leakage of individual privacy for the adoption of the semi trustworthiness of the medical cloud platform. The tracking and revocation of malicious users have become urgent problems. To solve these problems, this paper proposed a traceable and directly revocable medical data sharing scheme. In the scheme, a unique identity parameter(ID), which was generated and embedded in the private key generation ...     

A Secure Key Predistribution Scheme for WSN Using Elliptic Curve Cryptography

Security in wireless sensor networks (WSNs) is an upcoming research field which is quite different from traditional network security mechanisms. Many applications are dependent on the secure operation of a WSN, and have serious effects if the network is disrupted. Therefore, it is necessary to protect communication between sensor nodes. Key management plays an essential role in achieving security in WSNs. To achieve security, various key predistribution schemes have been proposed in the literature. A secure key management technique in WSN is a real challenging task. In this paper, a novel approach to the above problem by making use of elliptic curve cryptography (ECC) is presented. In the proposed scheme, a seed key, which is a distinct point in an elliptic curve, is assigned to each sensor node prior to its deployment. The private key ring for each sensor node is generated using the point doubling mathematical operation over the seed key. When two nodes share a common private key, then a link is established between these two nodes. By suitably choosing the value of the prime field and key ring size, the probability of two nodes sharing the same private key could be increased. The performance is evaluated in terms of connectivity and resilience against node capture. The results show that the performance is better for the proposed scheme with ECC compared to the other basic schemes.     

On the classification of ideal secret sharing schemes

In a secret sharing scheme a dealer has a secret key. There is a finite set P of participants and a set of subsets of P. A secret sharing scheme with as the access structure is a method which the dealer can use to distribute shares to each participant so that a subset of participants can determine the key if and only if that subset is in . The share of a participant is the information sent by the dealer in private to the participant. A secret sharing scheme is ideal if any subset of participants who can use their shares to determine any information about the key can in fact actually determine the key, and if the set of possible shares is the same as the set of possible keys. In this paper we show a relationship between ideal secret sharing schemes and matroids.This work was performed at the Sandia National Laboratories and was supported by the U.S. Department of Energy under Contract No. DE-AC04-76DP00789.     

ITBES：一种基于门限与身份的WSN加密签名方法

为了提高基于身份的加密签名（IBES）系统中密钥生成中心（PKG）的可信性,采用门限密码学中的（t,n）秘密共享方法,对Xavier IBES算法进行了改进,将主密钥s共享于n个对等的可信第三方PKG之间,并且将改进后的新的基于门限与身份的加密签名一体化方法（ITBES）应用于无线传感器网络,从方法的复杂性、存储需求、安全性方面进行了分析,结果表明我们的方法能够提高PKG可信性,加强无线传感器网络的安全。