一种改进的TPM检测方案

在保持TPM高匿名度的前提下,针对可信计算(TC)的直接匿名验证(DAA)协议中使用可变名字基时检测克隆可信平台模块(TPM)存在的困难,提出了一种基于DAA证书颁发者的检测方案,该方案不仅可以保证平台验证过程中的完全匿名性,而且在必要时可以揭露一个平台的真实身份,便于部署到可信任第三方(TTP)可依赖的系统中。通过仿真、性能分析和安全性分析,结果表明该方案具有高检测率、低漏警率等特性。     

One-time proxy signatures revisited

Proxy signatures are useful constructions in grid computing, mobile agents and many other emerging applications. In a recent work [Huaxiong Wang and Josef Pieprzyk: Efficient One-Time Proxy Signatures. Proc. ASIACRYPT'03, LNCS 2894, Springer 2003.], Wang and Pieprzyk proposed a one-time signature scheme which allows full delegation to a proxy with an added feature that allows tracing the authorship of the signature in case of a dispute. In this paper we present a simple alternative approach that eliminates public-key cryptography in key generation, offers certainty and simplicity in the dispute resolution and avoids swallow attacks. We also introduce the concept of 1-out-of-n threshold traceable one-time signatures as an efficiency improvement.     

改进的跨域直接匿名认证方案

针对现有的直接匿名认证方案在不同信任域之间无法有效实现的问题,在原来直接匿名认证方案的基础上,设计了一种跨域的直接匿名认证方案,将外域的证书颁发者作为一个代理,直接由外域的证书颁发者颁发证书,有效解决了可信计算平台在不同信任域内的隐私保护问题;另外,对不同信任域内的可信计算平台进行了权限设计。经分析论证,改进的方案满足匿名性、不可伪造性和能够防范重放攻击,进一步提高了认证方案的执行效率。     

一种基于概率可靠多播的MANET证书更新协议

完全自组织的密钥管理方案中证书库的更新策略只考虑了负载平衡,证书库更新效率不高。该文提出了一种基于概率可靠多播的证书更新协议。新协议包含两个阶段：更新信息传递和分布式更新服务。第1阶段在本地证书库中选取可靠并且在本地路由表中已具备路由信息的节点进行多播。第2阶段当未接收到更新信息的节点发送更新请求时,由目的节点的证书库中已经获得更新信息的节点来满足请求服务。它利用了现有的路由信息,降低了寻找路由带来的通信开销,通过将服务请求任务分散到网络中的多个节点上减少了证书颁发节点的负载,实现了负载平衡,同时可以预先概率分析其工作效率。     

RFID重加密技术中的一种防置换攻击算法

重加密技术是解决RFID（射频识别）安全问题的一种方法,它周期性地改变标签名以防止标签跟踪。重加密要求标签名可修改,这就使得攻击者可以交换两个合法标签的标签名,形成置换攻击。防置换攻击仍然是重加密中未完全解决的问题,其难点在于防置换攻击时需保持标签匿名性。提出了一种重加密中的防置换攻击算法,在“攻击失效”模型下,实现了防ID置换攻击和公钥置换攻击,并给出了证明。该算法要求标签内增加一个硬件乘法器,目前的RFID芯片水平可实现该要求。     

基于特定区间承诺值证明机制改进的DAA认证方案

针对目前可信计算平台直接匿名认证(DAA)机制的不足,提出一种改进的匿名认证方案。该方案先采用CA验证示证者的EK证书,协助示证者和DAA颁布者各自生成会话密钥,使DAA颁布者能够为示证者颁发秘密的DAA证书;然后示证者用两承诺值相等协议及CFT证明协议来证明承诺值位于某个特定区间的方法,向验证者证明其平台的真实合法性。分析表明,该方案具有较高的安全性,还具备不可欺骗性、匿名性、撤消性,效率更高。     

一种基于SPKI的匿名支付方案

SPKI is a proposed standard for public-key certificates. One important property of SPKI is that SPKI is key-oriented rather than name-oriented, and the public-key is globally unique. In this paper we propose an anonymous paymentscheme based on SPKI aiming at the problem of anonymous payment in B2C e-commerce. In the scheme we use the key-oriented characteristic of SPKI to link the public key to the account, and use authorization certificates to pay. The scheme achieves the anonymity very well.     

One-time encryption-key technique for the traditional DL-based encryption scheme with anonymity

In modern cryptosystem, Anonymity means that in some sense any adversary cannot tell which one of public keys has been used for encrypting a plaintext, and was first formally defined as the indistinguishability of keys by Bellare et al. in 2001. Recently, several well-known techniques have been proposed in order to achieve the anonymity of public-key encryption schemes. In this paper, anonymity is considered first from a new perspective. And then basing on this new perspective, a one-time encryption-key technique is proposed to achieve the anonymity of traditional discrete-logarithm-based (DL-based) encryption scheme. In this new technique, for each encryption, a random one-time encryption-key will be generated to encrypt the plaintext, instead of the original public-key. Consequently, in roughly speaking, by the randomness of the generated one-time encryption-key, this new technique should achieve the anonymity. Furthermore, in the formal proof of anonymity, only based on several weaker conditions, the one-time encryption-key technique efficiently achieves the provable indistinguishability of keys under chosen ciphertext attack (IK-CCA anonymity). As a result, compared with the work of Hayashi and Tanaka in 2006, the one-time encryption-key technique presented here has fewer requirements for achieving the provable anonymity.     

Efficient and secure two-factor dynamic ID-based password authentication scheme with provable security

Password-based remote user authentication schemes using smart cards are designed to ensure that only a user who possesses both the smart card and the corresponding password can gain access to the remote servers. Despite many research efforts, it remains a challenging task to design a secure password-based authentication scheme with user anonymity. The author uses Kumari et al.’s scheme as the case study. Their scheme uses non-public key primitives. The author first presents the cryptanalysis of Kumari et al.’s scheme in which he shows that their scheme is vulnerable to user impersonation attack, and does not provide forward secrecy and user anonymity. Using the case study, he has identified that public-key techniques are indispensable to construct a two-factor authentication scheme with security attributes, such as user anonymity, unlinkability and forward secrecy under the nontamper resistance assumption of the smart card. The author proposes a password-based authentication scheme using elliptic curve cryptography. Through the informal and formal security analysis, he shows that proposed scheme is secure against various known attacks, including the attacks found in Kumari’s scheme. Furthermore, he verifies the correctness of mutual authentication using the BAN logic.     

Privacy-preserving similarity evaluation and application to remote biometrics authentication

In this paper, a new method for secure remote biometric authentication preventing the vulnerability of compromised biometrics is presented. The idea is based on a public-key cryptographical protocol, referred as zero-knowledge proof, which allows a user to prove that she has surely a valid biometric data without revealing the data. Hence, the scheme is free from the risk of disclosure of biometric data. Even if a malicious administrator has a privilege access to the private database, it is infeasible for him to learn the private template. This paper studies two well-known definitions, the cosine correlation and the Euclidean distance as similarities of given two feature vectors. Both similarities are defined with some multiplications and additions, which can be performed in privacy-preserving way because of the useful property of public-key commitment scheme, additive homomorphism. The estimation based on the experimental implementation shows that the private Euclidean distance scheme archives better accuracy in terms of false acceptance and rejection than the private cosine coloration scheme, but it requires about $5/2 n \ell$ overhead to evaluate $n$ -dimension feature vectors consisting of $\ell$ -bit integers.     

一个基于环签名的安全密封电子拍卖协议

在拍卖过程中如何保护投标者隐私和身份以及防止中标者反悔是设计安全电子拍卖系统的关键技术。基于环签名思想的类群签名方案及同态公钥加密体制,设计了一个新的密封投标的电子拍卖协议。所给协议具有如下特点：安全性好,能够满足投标者匿名、投标价保密、不可否认性以及不可伪造等密封电子拍卖的所有安全性要求;对可信赖第三方的依赖小;安全性高、步骤简略。     

一个具有可公开追踪性的叛逆者追踪方案

广播加密系统中,叛逆者追踪方案起着防止数据盗版的重要作用。基于DDH（Decision Diffie-Hellman）假设,采用用户选择个人密钥并由此计算个人公钥,系统利用用户个人公钥来追踪识别叛逆者的思想,提出一个具有可公开追踪性的完全公钥非对称叛逆者追踪方案。该方案可将追踪过程交给任何信任或不信任的人,能撤销或添加用户而不需更新用户的个人密钥,同时,还具有匿名性、黑盒子追踪等特点。     

Cryptanalysis and improvement of a threshold proxy signature scheme

A (t, n) threshold proxy signature scheme allows any t or more proxy signers to cooperatively sign messages on behalf of an original signer, but t ? 1 or fewer proxy signers cannot. In a recent work [C.H. Yang, S.F. Tzeng, M.S. Hwang, On the efficiency of nonrepudiable threshold proxy signature scheme with known signers, Systems and Software 73(3) (2004) 507–514], C.H. Yang, S.F. Tzeng and M.S. Hwang proposed a new threshold proxy signature scheme (called as YTH scheme), which is more efficient in algorithm and communication than Hsu et al.'s scheme proposed in 2001. However, YTH scheme still has some security weaknesses. In this paper, we show that YTH scheme cannot resist frame attack and public-key substitute attack. A new improvement with high safety and efficiency is proposed. The new scheme remedies the weaknesses of YTH scheme, especially, it can resist public-key substitute attack successfully by Zero-Knowledge Proof. Furthermore, the system doesn't need a security channel and computational complexity can be lowered.     

具有紧凑标签的基于身份匿名云审计方案

云存储技术具有效率高、可扩展性强等优点。用户可以借助云存储技术节省本地的存储开销,并与他人共享数据。然而,数据存储到云服务器后,用户失去对数据的物理控制,需要有相应的机制保证云中数据的完整性。数据拥有证明（PDP,provable data possession）机制允许用户或用户委托的第三方审计员（TPA,third party auditor）对数据完整性进行验证。但在实际应用中,数据通常由多个用户共同维护,用户在进行完整性验证请求的同时泄露了自己的身份。匿名云审计支持TPA在完成数据完整性验证时保证用户的匿名性。在基于身份体制下,匿名云审计方案通常需要借助基于身份的环签名或群签名技术实现,数据标签的构成元素与用户数量相关,使得数据标签不够紧凑,存储效率较低。为了解决这一问题,提出一种基于身份的匿名云审计方案通用构造,使用一个传统体制下的签名方案和一个传统体制下的匿名云审计方案即可构造一个基于身份的匿名云审计方案。基于该通用构造,使用BLS签名和一个传统体制下具有紧凑标签的匿名云审计方案设计了具有紧凑标签的基于身份匿名云审计方案。该方案主要优势在于数据标签短,能够减少云服务器的存储...     

Contract signature in e-commerce

In this paper, we propose a notion of contract signature used in e-commerce applications. We propose a contract signature scheme based on the discrete logarithm assumption. The contract signature scheme adopts a digital multi-signature scheme in public-key cryptography to facilitate fair signature exchange over network. This proposed solution allows multiple signers of a contract signature to exchange their partial signatures which are fully ambiguous for any third party (i.e., 1 out of ∞ ambiguity) to construct a valid contract signature. In case any signer releases the partial signature to others, the signer does not bind to the contract.     

A note on an identity-based ring signature scheme with signer verifiability

Recently, Herranz presented an identity-based ring signature scheme featuring signer verifiability where a signer can prove that he or she is the real signer by releasing an authorship proof. In this paper we show that this scheme is vulnerable to a key recovery attack in which a user’s secret signing key can be efficiently recovered through the use of two known ring signatures and their corresponding authorship proofs. In addition, we present a simple method to fix this security vulnerability by slightly modifying the authorship proof. Our modified scheme simplifies the original scheme and improves performance. To show that the modified scheme is unforgeable, we define two types of unforgeability notions for both signatures and authorship proofs. In these notions an adversary has opening capability to confirm the real signers of ring signatures and thus can manipulate authorship proofs in an adaptive way. We then prove that our modified scheme is secure in terms of these unforgeability notions.     

Secure public-key encryption scheme without random oracles

Since the first practical and secure public-key encryption scheme without random oracles proposed by Cramer and Shoup in 1998, Cramer–Shoup’s scheme and its variants remained the only practical and secure public-key encryption scheme without random oracles until 2004. In 2004, Canetti et al. proposed a generic transformation from a selective identity-based encryption scheme to a public-key encryption by adding a one-time strongly signature scheme. Since then, some transformation techniques from a selective identity-based encryption scheme to a public-key encryption have been proposed to enhance the computational efficiency, for example, Boneh–Katz’s construction and Boyen–Mei–Waters’ scheme. These transformations have either traded-off the publicly verifiable properties or tightness of security reduction. In 2007, Zhang proposed another generic transformation by adding Chameleon hash functions. In this paper, we introduce another technique from the Boneh–Boyen’s selective identity-based encryption scheme to a public-key encryption which is publicly verifiable and is slightly more efficient than Zhang’s transformation. The proposed public-key encryption scheme is based on the decisional bilinear Diffie–Hellman assumption and the target collision resistant hash functions.     

An attack on a payment scheme

Recently, Wang et al. have proposed an offline payment scheme providing scalable anonymity. The authors claim that their scheme can prevent a consumer from spending a coin more than once, since after a double-spending the identity of the consumer is revealed.In this paper, we show that in Wang et al.’s scheme, given a valid coin and without knowing any secret information, everyone is able to spend the coin as many times as he wants. In particular, we show how a cheater, using only public information, can construct a faked proof of ownership of the coin without running any risk of being discovered.     

Key-exchange authentication using shared secrets

Transport Layer Security standard provides connection security with peer entity authentication, data confidentiality and integrity, key generation and distribution, and security parameters negotiation. Its native integration in browsers and Web servers makes TLS the most frequently deployed security protocol. The TLS specifications use public-key certificates for mutual authentication and key establishment. We extend the TLS protocol with a new authentication scheme based on an out-of-band shared secret. Our extension, the TLS key-exchange method (KEM), ensures an end-to-end authenticated session-key exchange and allows identity protection, perfect forward secrecy (PFS), and anonymity. Furthermore, it reduces message flow and thus bandwidth on both wired and wireless networks.     

An enhanced lightweight anonymous biometric based authentication scheme for TMIS

In recent past, Mir and Nikooghadam presented an enhanced biometrics based authentication scheme using lightweight symmetric key primitives for telemedicine networks. This scheme was introduced in an anticipation to the former biometrics based authentication system proposed by Yan et al. Mir and Nikooghadam declared that their scheme is invincible against potential attacks while providing user anonymity. Our study and in-depth analysis unveil that Mir and Nikooghadam’s authentication scheme is susceptible to smart card stolen attack, moreover anonymity violation is still possible despite the claim of Mir and Nikooghadam. We have utilized the random oracle model in order to perform security analysis. The analysis endorses that the proposed scheme is robust enough to provide protection against all potential attacks specially smart card stolen attack and user anonymity violation attack. Analysis is further substantiated through an automated software application ProVerif. The analysis also shows that proposed scheme is computationally efficient than Mir and Nikooghadam’s scheme.