一个挂号电子邮件协议的缺陷及改进

Nenadic等设计了一个公平的挂号电子邮件协议,协议的目的是实现互不信任的双方以一种公平的方式交换电子邮件和收据并提供发方不可否认证据和收方不可否认证据,这是通过构造一个可验证和可恢复的加密数字签名(VRES)来实现的,由于采用离线TTP,且没有使用零知识证明,效率非常高。该文通过分析指出该协议在构造可验证的加密数字签名时存在缺陷,从而使得它不能保证公平性,并对其进行了修改。     

基于身份的多接收者(多消息)匿名混合签密机制

为满足广播环境下通信数据的机密性和认证性需求以及消息收发双方的匿名性,本文提出基于身份的多接收者匿名混合签密机制,满足收发双方的匿名性保护需求,并且接收者具有解密独立性;正确性分析及安全性证明表明本文机制是安全、有效的多接收者匿名混合签密机制;相较与现有方案而言,除具有保密性和不可伪造性之外,本文机制具有更优的性能,如更高的匿名性、公开验证性等.同时,将本文机制改进后,提出具有收发双方匿名性、公开验证性、不可否认性等安全属性的多接收者多消息混合签密机制,实现广播通信环境下用户的多消息发送需求.     

一个多方认证邮件协议的分析与改进

多方认证邮件协议被广泛用于在多方网络环境中传递具有保密性、不可否认性、公平性、无排斥性以及时限 性性的电子邮件。指出了一个典型的多方认证邮件协议存在不满足公平性、可追究性以及个别不诚实参与方行为导 致整个协议执行失败等安全隐患。基于签密方案,对该协议进行了改进,并利用Kailar逻辑对改进后的协议的安全属 性进行了分析。研究结果表明,该协议能够满足保密性、不可否认性及公平性等要求,并具有杭篡改、重放、合谋等攻 击的特点。     

一种新的多方不可否认协议

首次指出不可否认协议运行结果可分为认证强公平和期望强公平,其中后者优于前者。利用GPS数字签,提出一个新的带离线可信第三方的多方不可否认协议,该协议实现了期望强公平且允许发方给不同的接收方同的消息,突破了先前协议只允许发方给不同的接收方发送同一消息的局限性。协议同时允许发方自由选择,使得交易灵活而符合实际。最后给出协议的安全性分析。     

一种有效的可证实的电子邮件协议

文章提出了一个具有完善保密的、公正的、ElGamal签名的、可证实的电子邮件协议。该协议保证了只有在发送者收到了接收者的电子收据后,接收者才能阅读信件内容。协议完全执行后,发送者不能否认自己所发的邮件,接收者也不能否认自己已阅读了该邮件。该协议具有完善的安全性,在协议的执行过程中,除了发送者和接收者,任何信任三方都不可能知道邮件的内容。     

Fair multi-party non-repudiation protocols

In this paper we introduce the concept of multi-party non-repudiation protocols. We define the aims of multi-party non-repudiation protocols, compare them to multi-party fair exchange and show some fundamental differences. We present two protocols, the first one using an online trusted third party and the second one using an offline trusted third party. We also show how to modify each of these protocols in order to provide confidentiality. The definitions and the resulting protocols are more general than the only comparable work, a multi-party certified e-mail protocol.     

Providing Certified Mail Services on the Internet

Even though email is an increasingly important application, the Internet doesn't yet provide a reliable messaging infrastructure. Thus, an email message's sender can never be certain - and doesn't receive any evidence -that his or her message was actually delivered to and received by its intended recipients. Furthermore, a recipient can always deny having received a particular message, and the sender can't do much to prove the opposite. This lack of evidence for message delivery and reception is actually a missing piece in the infrastructure required for the more widespread and professional use of email. Against this background, several value-added services come to mind such as non-repudiation services and the digital analog of certified mail. In this article, the author addresses the problem of how to provide certified mail services on the Internet, focusing on the two-party scenario     

MTCP: scalable TCP-like congestion control for reliable multicast

We present MTCP, a congestion control scheme for large-scale reliable multicast. Congestion control for reliable multicast is important, because of its wide applications in multimedia and collaborative computing, yet non-trivial, because of the potentially large number of receivers involved. Many schemes have been proposed to handle the recovery of lost packets in a scalable manner, but there is little work on the design and implementation of congestion control schemes for reliable multicast. We propose new techniques that can effectively handle instances of congestion occurring simultaneously at various parts of a multicast tree.Our protocol incorporates several novel features: (1) hierarchical congestion status reports that distribute the load of processing feedback from all receivers across the multicast group, (2) the relative time delay concept which overcomes the difficulty of estimating round-trip times in tree-based multicast environments, (3) window-based control that prevents the sender from transmitting faster than packets leave the bottleneck link on the multicast path through which the sender's traffic flows, (4) a retransmission window that regulates the flow of repair packets to prevent local recovery from causing congestion, and (5) a selective acknowledgment scheme that prevents independent (i.e., non-congestion-related) packet loss from reducing the sender's transmission rate. We have implemented MTCP both on UDP in SunOS 5.6 and on the simulator ns, and we have conducted extensive Internet experiments and simulation to test the scalability and inter-fairness properties of the protocol. The encouraging results we have obtained support our confidence that TCP-like congestion control for large-scale reliable multicast is within our grasp.     

SET协议系统缺陷及其改进方案

电子商务的流行与接受主要取决于下述属性:安全、原子、匿名和不可否认性。文章对现在流行的安全电子交易SET标准进行分析,指出SET协议存在不满足数字商品交易的原子性以及确认发送原子性等缺陷。并在原有SET基础上对其协议流程进行改进,使其不仅具有交易原子性,而且还使用交易双方具有不可否认性以及公平交易等特点。     

Touch gestures in communicating emotional intention via vibrotactile stimulation

Remote communication between people typically relies on audio and vision although current mobile devices are increasingly based on detecting different touch gestures such as swiping. These gestures could be adapted to interpersonal communication by using tactile technology capable of producing touch stimulation to a user's hand. It has been suggested that such mediated social touch would allow for new forms of emotional communication. The aim was to study whether vibrotactile stimulation that imitates human touch can convey intended emotions from one person to another. For this purpose, devices were used that converted touch gestures of squeeze and finger touch to vibrotactile stimulation. When one user squeezed his device or touched it with finger(s), another user felt corresponding vibrotactile stimulation on her device via four vibrating actuators. In an experiment, participant dyads comprising a sender and receiver were to communicate variations in the affective dimensions of valence and arousal using the devices. The sender's task was to create stimulation that would convey unpleasant, pleasant, relaxed, or aroused emotional intention to the receiver. Both the sender and receiver rated the stimulation using scales for valence and arousal so that the match between sender's intended emotions and receiver's interpretations could be measured. The results showed that squeeze was better at communicating unpleasant and aroused emotional intention, while finger touch was better at communicating pleasant and relaxed emotional intention. The results can be used in developing technology that enables people to communicate via touch by choosing touch gesture that matches the desired emotion.     

基于可信计算的企业云签证协议设计与证明

为解决当前企业云内部部门之间通信时缺乏身份认证的问题,提出基于可信计算的企业云签证方法与协议,并对其进行证明和分析。在可信云vTPM架构基础上,通过设计vAIK签证协议,建立vTPM与企业云部门终端之间的身份对应关系并保证了vTPM签名能力的合法性。通过设计vTPM远程证明协议使得企业云内部通信时的消息发送方身份可验。vAIK签证过程中的报告由云平台签名、远程证明过程中的报告由云平台和vTPM共同签名以保证消息发送方的身份真实性,并在vAIK签证和远程证明过程中加入随机数保证报告新鲜性。最后使用SVO逻辑对vTPM证书签证和远程证明协议进行了证明与分析,结果表明该设计能够达到理想目标。     

基于离线条件可信第三方的挂号邮件协议

扩展了半可信第三方的思想，提出条件可信第三方，给出可接受的第三方必须满足的条件，并结合离线可信第三方提出一个基于离线条件可信第三方的挂号邮件协议，目的是在保证可接受的公平结果的前提下尽可能减少对可信第三方的依赖；新协议在离线可信第三方介入的情况下能够达到可接受的公平结果；而且协议中的证据是第三方可验证的，未使用特殊的签名和加密技术，具有较好的适用性。     

Secure group key establishment revisited

We examine the popular proof models for group key establishment of Bresson et al. (LNCS 2248: 290–309, 2001; Proceedings of the 8th ACM conference on computer and communications security (CCS-8), 2001) and point out missing security properties addressing malicious protocol participants. We show that established group key establishment schemes from CRYPTO 2003 and ASIACRYPT 2004 do not fully meet these new requirements. Next to giving a formal definition of these extended security properties, we prove a variant of the explored proposal from ASIACRYPT 2004 secure in this stricter sense. Our proof builds on the Computational Diffie Hellman (CDH) assumption and the random oracle model.     

手机短信3D动画中光照规划的自动生成

手机短信3D动画自动生成系统是根据发送方短信的内容,经过信息抽取、语义分析等一系列步骤,最终生成一段与短信内容匹配的三维动画并发送给接收方.动画中光照不仅能照明整个场景,还能起到烘托主题、表现氛围等作用.本文重点研究面向手机短信3D动画自动生成系统中光照的自动生成,主要从定性规划和定量计算两方面着手.定性规划的主要任务是通过本体库刻画与光照相关的主题、模板,利用规则库将主题、模板、场景、光照属性等以规则的方式关联起来.定量计算的主要工作是结合具体场景,将定性规划的信息转化为具体数据,然后调用Maya API,将定性规划的结果在Maya场景中实现.     

Anti-localization anonymous routing for Delay Tolerant Network

This paper focuses on the problem of how to allow a source to send a message without revealing its physical location and proposes an anti-localization routing protocol, ALAR, to achieve anonymous delivery in Delay/Disruption Tolerant Networks. The objectives of ALAR are to minimize the probability of a data source being localized and to maximize the destination’s probability of receiving the message. ALAR can protect the sender’s location privacy through message fragmentation and forwarding each segment to different receivers. ALAR is validated on two real-world human mobility datasets. This study indicates that ALAR increases the sender’s anonymity performance by over 81% in different adversary densities with a 5% reduction in delivery ratio.     

Public-key quantum digital signature scheme with one-time pad private-key

A quantum digital signature scheme is firstly proposed based on public-key quantum cryptosystem. In the scheme, the verification public-key is derived from the signer’s identity information (such as e-mail) on the foundation of identity-based encryption, and the signature private-key is generated by one-time pad (OTP) protocol. The public-key and private-key pair belongs to classical bits, but the signature cipher belongs to quantum qubits. After the signer announces the public-key and generates the final quantum signature, each verifier can verify publicly whether the signature is valid or not with the public-key and quantum digital digest. Analysis results show that the proposed scheme satisfies non-repudiation and unforgeability. Information-theoretic security of the scheme is ensured by quantum indistinguishability mechanics and OTP protocol. Based on the public-key cryptosystem, the proposed scheme is easier to be realized compared with other quantum signature schemes under current technical conditions.     

We Are One,We Are Borg

Abstract

According to Symantec's March 2005 threat report, spam, usually defined as junk or unsolicited e-mail, made up over 60 percent of all e-mail traffic during the reporting period from July to December 2004. By anyone's definition, that is a lot of junk e-mail. But, as security professionals know, spam is much more than an annoyance and can adversely affect system and data integrity. Moreover, its existence can be an indicator of a much larger issue.     

Instant messaging with WebWho

We present a study of how awareness of presence affects content of instant messaging sent between students using WebWh o, an easily accessible web-based awareness tool. WebWho visualizes where people are located in a large university computer lab and allows students to virtually locate one another and communicate via an instant messaging system. As WebWho is there to be accessed through any web browser, it requires no programming skills or special software. It may also be used from outside the computer lab by students located elsewhere. The sender's user name is normally automatically added to the instant messages, but the messages can also be sent anonymously. We were interested in finding out if the sender's conscious hiding of his or her identity seemed to be reflected in the content of anonymous messages, and how these differed from those with identified senders. Awareness of presence seems to be one of several factors influencing message composition, both content and structural aspects. At this stage, we have primarily focused on examining how different factors affects the content of the messages. We cross-analysed the messages for content in relation to parameters such as sender location (collocated, distributed and distant) and sender status (anonymous vs. identified), in order to find out whether awareness of presence seems to be an influencing factor. Computer-mediated communication (CMC) is often claimed to be a sort of hybrid between spoken and written interaction [c.f. Ferrara, Brunner & Whittemore (1991) and and several others]. We compared the messages that were sent using the instant messaging tool in WebWho with data from other types of CMC (email, chat) and also with corpora of spoken language and traditionally written language. The aim of the study was primarily to investigate awareness of presence affects on instant messaging, and only secondarily to investigate spoken vs. written features of the texts. Results show that awareness of both physical and virtual presence affects the content of the messages, and that these factors affects the text differently. Sender status, the nature of the computer-mediated medium, and the written mode shape the messages as well. Results show that the students use the messaging system to support collaborative work and coordinate social activities, and extensively for playful behaviour.     

Compositionality of Statically Scheduled IP

Timing Closure in presence of long global wire interconnects is one of the main current issues in System-on-Chip design. One proposed solution to the Timing Closure problem is Latency-Insensitive Design (LID) [Luca Carloni, Kenneth McMillan, and Alberto Sangiovanni-Vincentelli. Theory of latency-insensitive design. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 20(no. 9):pp. 1059–1076, 2001; Mario R. Casu and Luca Macchiarulo. A new approach to latency insensitive design. In DAC'04: Proceedings of the 41st annual conference on Design automation, pages 576–581, New York, NY, USA, 2004. ACM Press].It was noticed in [Mario R. Casu and Luca Macchiarulo. A new approach to latency insensitive design. In DAC '04: Proceedings of the 41st annual conference on Design automation, pages 576–581, New York, NY, USA, 2004. ACM Press] that, in many cases, the dynamically scheduled synchronisations introduced by latency-insensitive protocols could be computed off-line as a static periodic schedule. We showed in [Julien Boucaron, Jean-Vivien Millo, and Robert De Simone. Latency-insensitive design and central repetitive scheduling. In Formal Methods and Models for Co-Design, 2006. MEMOCODE'06. Proceedings. Fourth ACM and IEEE International Conference on, pages 175–183, Piscataway, NJ, USA, 2006. IEEE Press; Julien Boucaron, Jean-Vivien Millo, and Robert De Simone. Formal methods of scheduling for latency-insensitive designs. EURASIP journal on embedded system, 2007 (not yet published)] how this schedule could then be used to further optimize the protocol resources when they are found redundant. The purpose of the present paper is to study how the larger blocks, obtained as synchronous components interconnected by LID protocols optimized by static schedule informations, can be again made to operate with an environment that provides also I/O connections at its own (synchronous or GALS) rate.We also consider the case of multirate SoC, using results from SDF (Synchronous DataFlow) theory [Edward A. Lee and David G. Messerschmitt. Synchronous data flow. Proceeding of the IEEE, vol. 75(no. 9):pp. 1235–1245, 1987].     

Oblivious signature-based envelope

We propose a new cryptographic primitive called oblivious signature-based envelope (OSBE). Informally, an OSBE scheme enables a sender to send an envelope (encrypted message) to a receiver, and has the following two properties: (1) The receiver can open the envelope if and only if it has a third partys (e.g., a certification authoritys) signature on an agreed-upon message. (2) The sender does not learn whether the receiver has the signature or not. We show that OSBE can be used to break policy cycles in automated trust negotiation (ATN) and to achieve oblivious access control.We develop a provably secure and efficient OSBE protocol for certificates signed using RSA signatures, as well as provably secure and efficient one-round OSBE protocols for Rabin and BLS signatures from recent constructions for identity-based encryption. We also present constructions for Generalized OSBE, where signatures on multiple messages (and possibly by different authorities) are required to open the envelope.Received: 30 July 2003, Accepted: 6 August 2004, Published online: 29 November 2004Ninghui Li: Most of this work was performed while the first author was a Research Associate at the Department of Computer Science, Stanford University in Stanford, CA 94305.Invited submission to the journal Distributed Computing, special issue of selected papers of PODC 2003. Preliminary version appeared in Proceedings of PODC2003 under the same title.