具有指定接收组门限共享验证签名加密方案

本文提出了一个具有指定接收者验证的签名加密方案.该方案是数字签名与公钥密码体制的有机集成.与普通数字签名方案相比,除了具有认证性、数据完整性外还具有保密性和接收方的隐私性.然后又利用门限方案构造了一个(t,n)门限共享验证签名加密方案.与现有的门限共享验证签名加密方案相比具有数据传输安全、通信代价更小、执行效率更高、能够确切地检查出哪个验证者篡改子密钥等特点.     

一个新的具有指定接收者(t,n)门限签名加密方案

提出了一个具有指定接收考验证的签名加密方案。该方案是数字签名与公钥密码体制的有机集成。与普通数字签名方案相比，除了具有认证性、数据完整性外还具有保密性和接收方的隐私性。然后又利用门限方案首次构造了一个（t,n)门限签名加密方案。该(t,n)门限签名方案具有数据传输安全、顽健性、通信代价更小、执行效率更高等特点。     

具有隐私保护的云存储访问控制方案

针对传统的访问控制方案无法在云计算环境下保护用户的属性隐私,提出了具有隐私保护的云存储访问控制方案。采用混合加密体制实现了数据的机密性,即利用对称密钥加密明文数据,再利用公钥密码体制对对称密钥进行加密。在新的访问控制方案中,公钥加密采用了匿名的密文策略下基于属性的加密技术。安全性分析表明,新方案在保护用户属性隐私的同时,达到了选择明文安全性,可抵抗恶意用户及云存储服务器的合谋攻击。     

基于簇的ad hoc网络密钥管理方案

将自认证公钥的概念和组合公钥的思想相结合,为ad hoc网络提出了一种新的门限密钥分发方案,在此基础上,和"簇"的组网方式结合,提出一种完整的密钥管理方案.该方案公钥自身具有认证功能,不需要证书管理,密钥分发过程简单,消除了IBE(identity-based encryption)方案中存在的密钥托管问题.方案能够灵活地适应ad hoc网络动态拓扑性,适用于各种规模的网络.理论和仿真分析表明,该方案计算量和通信量都比较小,与PKI、IBE方案相比,具有更高的安全性和实用性.     

基于Ad hoc的门限密钥更新研究

研究了群通信,并重点分析了门限密钥管理方案,提出了一种基于Ad hoc的门限密钥更新方案,实现了在动态的Ad hoc中进行群通信,保证门限密钥秘密更新的安全性,同时简化了通信流程,提高了管理效率.     

无双线性对的基于身份的在线/离线门限签名方案

为了减少公钥密码体制中证书管理带来的开销和提高在线/离线门限签名方案的性能,利用分布式密钥生成协议和可验证秘密共享协议,提出了一种基于身份的在线/离线门限签名方案,并在离散对数假设下证明了新方案满足顽健性和不可伪造性。分析结果表明,新方案避免了传统公钥证书的管理问题和复杂的双线性对运算,大大降低了离线门限签名算法和签名验证算法的计算复杂度,在效率上优于已有的在线/离线门限签名方案。     

一个预防欺诈的(t,n)门限数字签名方案

基于离散对数的安全机制,该文提出了一个预防欺诈的ElGamal型(t, n)门限数字签名方案。在密钥生成阶段,参与者的公、私钥以及群公钥由所有参与者共同协商而无需可信中心支持;在签名生成阶段,参与者之间不需要进行任何安全通信;能够抵御合法参与者间的相互欺诈和外部攻击者的攻击。方案的安全性是基于离散对数问题的难解性。分析发现,该方案具有良好的安全性和执行效率。     

基于RSA的门限密钥托管方案

本文借鉴D.Boneh(1997)中密钥产生和Y.Desmedt(1991)中的密钥分拆思想,提出了一种有t个容错能力的(t+1,n)门限托管方案,方案可以避免阈下攻击,验证用户的托管密钥正确性,有效地检查出失效的托管代理,并具有密钥备份的能力。方案可用于多种通信方式。     

基于多项式秘密共享的前向安全门限签名方案

采用多项式秘密共享的方法,提出了一种新的前向安全的门限数字签名方案.该方案有如下特点:即使有多于门限数目的成员被收买,也不能伪造有关过去的签名;保持了公钥的固定性;在规则的时间间隔内更新密钥:可抵御动态中断敌手.假设因式分解是困难的,证明了该方案在随机预言模型中是前向安全的.     

基于RSA的门限密钥托管方案

本文借鉴Ｄ．Ｂｏｎｅｈ（１９９７）中密钥产生和Ｙ．Ｄｅｓｍｅｄｔ（１９９１）中的密钥分拆思想,提出了一种有ｔ个容错能力的（ｔ＋１,ｎ）门限托管方案,方案可以避免阈下难用户的托管密钥正确性,有效地检查出失效的托管代理,并具有密钥备份的能力,方案可用于多种通信方式。     

Cloud data secure deduplication scheme via role-based symmetric encryption

The rapid development of cloud computing and big data technology brings prople to enter the era of big data,more and more enterprises and individuals outsource their data to the cloud service providers.The explosive growth of data and data replicas as well as the increasing management overhead bring a big challenge to the cloud storage space.Meanwhile,some serious issues such as the privacy disclosure,authorized access,secure deduplication,rekeying and permission revocation should also be taken into account.In order to address these problems,a role-based symmetric encryption algorithm was proposed,which established a mapping relation between roles and role keys.Moreover,a secure deduplication scheme was proposed via role-based symmetric encryption to achieve both the privacy protection and the authorized deduplication under the hierarchical architecture in the cloud computing environment.Furthermore,in the proposed scheme,the group key agreement protocol was utilized to achieve rekeying and permission revocation.Finally,the security analysis shows that the proposed role-based symmetric encryption algorithm is provably secure under the standard model,and the deduplication scheme can meet the security requirements.The performance analysis and experimental results indicate that the proposed scheme is effective and efficient.     

Security of account and privacy of transaction for bitcoin

As a kind of cryptocurrency, bitcoin has attracted much attention with its decentralization. However, there is two problems in the bitcoin transactions: the account security and transaction privacy. In view of the above problems, a new partially blind threshold signature scheme is proposed, which can both enhance the security of bitcoin account and preserve the privacy of transaction. Firstly, transaction amounts are encrypted by employing the homomorphic Paillier cryptosystem, and output address is disturbed by using one-time public key. Then the encrypted or disrupted transaction information is signed by multiple participants who are authorized by using threshold secret sharing. Compared with partially blind fuzzy signature scheme, the proposed scheme can fully preserve the transaction privacy. Furthermore, performance analysis shows that the proposed scheme is secure and effective in practical applications.     

协议组合逻辑安全的4G无线网络接入认证方案

针对4G无线网络中移动终端的接入认证问题,基于自证实公钥系统设计了新的安全接入认证方案,并运用协议演绎系统演示了该方案形成的过程和步骤,用协议组合逻辑对该方案的安全属性进行了形式化证明.通过安全性证明和综合分析,表明该方案具有会话认证性和密钥机密性,能抵御伪基站攻击和重放攻击,并能提供不可否认服务和身份隐私性,同时提高了移动终端的接入效率     

Secure and privacy-preserving DRM scheme using homomorphic encryption in cloud computing

Cloud computing provides a convenient way of content trading and sharing. In this paper, we propose a secure and privacy-preserving digital rights management （DRM） scheme using homomorphic encryption in cloud computing. We present an efficient digital rights management framework in cloud computing, which allows content provider to outsource encrypted contents to centralized content server and allows user to consume contents with the license issued by license server. Further, we provide a secure content key distribution scheme based on additive homomorphic probabilistic public key encryption and proxy re-encryption. The provided scheme prevents malicious employees of license server from issuing the license to unauthorized user. In addition, we achieve privacy preserving by allowing users to stay anonymous towards the key server and service provider. The analysis and comparison results indicate that the proposed scheme has high efficiency and security.     

An independent three‐factor mutual authentication and key agreement scheme with privacy preserving for multiserver environment and a survey

In the past decades, the demand for remote mutual authentication and key agreement (MAKA) scheme with privacy preserving grows rapidly with the rise of the right to privacy and the development of wireless networks and Internet of Things (IoT). Numerous remote MAKA schemes are proposed for various purposes, and they have different properties. In this paper, we survey 49 three‐factor–based remote MAKA schemes with privacy preserving from 2013 to 2019. None of them can simultaneously achieve security, suitability for multiserver environments, user anonymity, user untraceability, table free, public key management free, and independent authentication. Therefore, we propose an efficient three‐factor MAKA scheme, which achieves all the properties. We propose a security model of a three‐factor–based MAKA scheme with user anonymity for multiserver environments and formally prove that our scheme is secure under the elliptic curve computational Diffie‐Hellman problem assumption, decisional bilinear Diffie‐Hellman problem assumption, and hash function assumption. We compare the proposed scheme to relevant schemes to show our contribution and also show that our scheme is sufficiently efficient for low‐power portable mobile devices.     

Privacy-preserving attribute-based encryption scheme on ideal lattices

Based on the small key size and high encryption efficiency on ideal lattices,a privacy-preserving attribute-based encryption scheme on ideal lattices was proposed,which could support flexible access policies and privacy protection for the users.In the scheme,a semi-hidden policy was introduced to protect the users’ privacy.Thus,the sensitive values of user’s attributes are hidden to prevent from revealing to any third parties.In addition,the extended Shamir secret-sharing schemes was used to construct the access tree structure which can support “and” “or” and “threshold” operations of attributes with a high flexibility.Besides,the scheme was proved to be secure against chosen plaintext attack under the standard mode.Compared to the existing related schemes,the scheme can yield significant performance benefits,especially the size of system public/secret keys,users’ secret key and ciphertext.It is more effective in the large scale distributed environment.     

Secure encrypted-data aggregation for wireless sensor networks

This paper proposes a secure encrypted-data aggregation scheme for wireless sensor networks. Our design for data aggregation eliminates redundant sensor readings without using encryption and maintains data secrecy and privacy during transmission. Conventional aggregation functions operate when readings are received in plaintext. If readings are encrypted, aggregation requires decryption creating extra overhead and key management issues. In contrast to conventional schemes, our proposed scheme provides security and privacy, and duplicate instances of original readings will be aggregated into a single packet. Our scheme is resilient to known-plaintext attacks, chosen-plaintext attacks, ciphertext-only attacks and man-in-the-middle attacks. Our experiments show that our proposed aggregation method significantly reduces communication overhead and can be practically implemented in on-the-shelf sensor platforms.     

Privacy-preserving authenticated key agreement scheme based on biometrics for session initiation protocol

A secure key agreement scheme plays a major role in protecting communications between the users using voice over internet protocol over a public network like the internet. In this paper we present a strong security authenticated key agreement scheme for session initiation protocol (SIP) by using biometrics, passwords and smart cards. The proposed scheme realizes biometric data protection through key agreement process meanwhile achieving the verification of the biometric value on the SIP server side which is very important in designing a practical authenticated key agreement for SIP. The main merits of our proposed scheme are: (1) the SIP server does not need to maintain any password or verification table; (2) the scheme can provide user identity protection—the user’s real identity is protected by a secure symmetric encryption algorithm and the elliptic curve discrete logarithm problem, and it is transmitted in code; (3) the scheme can preserve the privacy of the user’s biometric data while the biometric matching algorithm is performed at the SIP server side, even if the server does not know the biometric data in the authentication process. Performance and security analysis shows that our proposed scheme increases efficiency significantly in comparison with other related schemes.     

A privacy‐preserving biometrics based authenticated key agreement scheme using ECC

To ensure secure communication over the insecure public network, this work presents a privacy‐preserving biometrics‐based authenticated key agreement scheme using elliptic curve cryptography, making full use of the advantages that the biometrics can be used to uniquely identify a particular human, and the elliptic curve cryptography can provide the same level security with far less key size compared with other public key cryptography. The proposed scheme realizes the mutual authentication of participants, session key agreement, and various security properties and also can resist kinds of known attacks. Moreover, the proposed scheme has perfect user experience in the aspect of changing password by not interacting with the server. In addition, the security features of our new designed scheme are formally proved under the widely used BPR adversary model. Therefore, from the viewpoint of the authors, the proposed scheme can be considered as the authenticated key agreement scheme for mobile users.     

分布式文件交互系统节点身份认证方案

基于分布式云存储系统利用椭圆曲线和散列函数等内容,提出了一种云环境下的双向身份认证方案,实现双向认证过程。新方案的优点在于产生对通信双方公正的会话密钥,同时设计了2种不同类型的认证: 本地网内认证和跨网络认证。最后对该方案进行了安全性和性能分析,证明了本方案具有很强的安全性,能够保护用户的隐私性和抗抵赖性,且具有较低的计算量。该方案满足云存储在通信环境中的需求。