可证明安全的后量子两方口令认证密钥协商协议

口令认证密钥协商可以在客户机和服务器之间建立安全的远程通信,且可以将一个低熵口令放大为一个高熵的会话密钥。然而,随着量子计算技术的快速发展,基于大数分解和离散对数等经典数学难题的PAKA协议面临着严峻的安全挑战。因此,为了构建一个高效安全的后量子PAKA协议,依据改进的Bellare-Pointcheval-Rogaway(BPR)模型,提出了一个基于格的匿名两方PAKA协议,并且使用给出严格的形式化安全证明。性能分析结果表明,该方案与相关的PAKA协议相比,在安全性和执行效率等方面有一定优势,更适用于资源受限的物联网(Internet of Things, IoT)智能移动设备。     

Group key agreement for secure group communication in dynamic peer systems

Self-organizing group key agreement protocols without a centralized administrator are essential to secure group communication in dynamic peer systems. In this paper, we propose a generic construction of a one-round self-organizing group key agreement protocol based on the Chinese Remainder Theorem. In the proposed construction, all group members contribute their own public keys to negotiate a shared encryption public key, which corresponds to all different decryption keys. Using his/her own secret key, each group member is able to decrypt any ciphertext encrypted by the shared encryption key. Following the generic construction, we instantiate a one-round self-organizing group key agreement protocol using the efficient and computationally inexpensive public key cryptosystem NTRU. Both the public key and the message in this protocol are secure against the known lattice attacks. Furthermore, we also briefly describe another concrete scheme with our generic idea, based on the ElGamal public key cryptosystem.     

Provably secure identity-based authenticated key agreement protocols with malicious private key generators

Identity-based authenticated key agreement is a useful cryptographic primitive and has received a lot of attention. The security of an identity-based system relies on a trusted private key generator (PKG) that generates private keys for users. Unfortunately, the assumption of a trusted PKG (or a curious-but-honest PKG) is considered to be too strong in some situations. Therefore, achieving security without such an assumption has been considered in many cryptographic protocols. As a PKG knows the private keys of its users, man-in-the-middle attacks (MIMAs) from a malicious PKG is considered as the strongest attack against a key agreement protocol. Although securing a key agreement process against such attacks is desirable, all existent identity-based key agreement protocols are not secure under such attacks. In this paper, we, for the first time, propose an identity-based authenticated key agreement protocol resisting MIMAs from malicious PKGs that form a tree, which is a commonly used PKG structure for distributing the power of PKGs. Users are registered at a PKG in the tree and each holds a private key generated with all master keys of associated PKGs. This structure is much more efficient, in comparison with other existing schemes such as threshold-based schemes where a user has to register with all PKGs. We present our idea in two protocols. The first protocol is not secure against MIMAs from some kinds of malicious PKGs but holds all other desirable security properties. The second protocol is fully secure against MIMAs. We provide a complete security proof to our protocols.     

Provably secure authenticated key agreement scheme for distributed mobile cloud computing services

With the rapid development of mobile cloud computing, the security becomes a crucial part of communication systems in a distributed mobile cloud computing environment. Recently, in 2015, Tsai and Lo proposed a privacy-aware authentication scheme for distributed mobile cloud computing services. In this paper, we first analyze the Tsai–Lo’s scheme and show that their scheme is vulnerable to server impersonation attack, and thus, their scheme fails to achieve the secure mutual authentication. In addition, we also show that Tsai–Lo’s scheme does not provide the session-key security (SK-security) and strong user credentials’ privacy when ephemeral secret is unexpectedly revealed to the adversary. In order to withstand these security pitfalls found in Tsai–Lo’s scheme, we propose a provably secure authentication scheme for distributed mobile cloud computing services. Through the rigorous security analysis, we show that our scheme achieves SK-security and strong credentials’ privacy and prevents all well-known attacks including the impersonation attack and ephemeral secrets leakage attack. Furthermore, we simulate our scheme for the formal security analysis using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, and show that our scheme is secure against passive and active attacks including the replay and man-in-the-middle attacks. More security functionalities along with reduced computational costs for the mobile users make our scheme more appropriate for the practical applications as compared to Tsai–Lo’s scheme and other related schemes. Finally, to demonstrate the practicality of the scheme, we evaluate the proposed scheme using the broadly-accepted NS-2 network simulator.     

高效的动态安全组播密钥协商方案

组播提供了一种发送者可以同时发送信息到多个接收者的高效通信机制。设计高效的密钥协商方案是实现安全组播的主要环节。以双线性对为工具,本文提出了一个新的基于身份的动态安全组播密钥协商方案,并具体地分析了当新提出的密钥协商方案用于组播时,子组之间的通信过程,以及组成员动态变化时密钥的更新过程,结果表明该方案在降低计算和通信代价方面取得了较好的效果,且满足组播密钥协商的各种安全要求。     

一种强安全的WSN用户认证及密钥协商方案

针对无线传感器网络双因素用户认证方案中智能卡内敏感信息被破译、公共信道信息传输被侦听引起的匿名性隐患及密码猜测等攻击,在T-M方案的基础上,注册阶段采用哈希加密深度隐藏了用户隐私信息,增强智能卡中元素的抗猜测性;又将网关作为消息中转站提前对用户进行验证,调整了信息传输结构及认证方式,减少节点能耗且加强消息传输的安全防护;同时,在网关端添加写保护用户身份日志表,及时记录用户登录信息,以防资源滥用。理论分析及实验显示了所提方案有效抵御了T-M方案的不足,大大减少了传感节点的通信开销,提供更多的安全防护且具有计费功能。     

A secure blockchain-based group key agreement protocol for IoT

The Journal of Supercomputing - Since most Internet of things (IoT) devices are energy-limited, increasingly more manufacturers have chosen to develop IoT applications based on group communication....     

Provably secure and efficient identification and key agreement protocol with user anonymity

Many authentication and key agreement protocols were proposed for protecting communicated messages. In previous protocols, if the user?s identity is transmitted in plaintext, an adversary can tap the communications and employ it to launch some attacks. In most protocols with user anonymity, they focus on satisfaction of several security requirements. From a client?s point of view, those protocols are not admired since the cost of storage, computation and communication is high. In pervasive computing, a client usually uses a limited-resource device to access multiple servers. The storage and computation are very important issues especially in this kind of environments. Also, for a convenience of designing protocol, most protocols use timestamps to prevent the replay attack. As we know, the serious time synchronization problem exists in timestamp-based protocols. Finally, most protocols do not have formal proofs for the security. In this paper, we propose a secure and efficient identification and key agreement protocol with user anonymity based on the difficulty of cracking the elliptic curve Diffie–Hellman assumption. In addition, we also propose an augmented protocol for providing the explicit mutual authentication. Compared with the related protocols, the proposed protocols? computation cost is lower and the key length is shorter. Therefore, our protocols are suitable even for applications in low power computing environments. Finally, we formally prove the security of the proposed protocols by employing the random oracle model.     

A secure and efficient certificateless authenticated key agreement protocol for smart healthcare

As more and more important smart healthcare becomes in people’s daily life, its security issues draw increasing attention. It is stringent to design trusty communication protocol guaranteeing the data security and users privacy. Recently, Wang et al. proposed a certificateless authenticated key agreement (CL-AKA) protocol such that providing a resolution to transmit unforged data over open channel in smart healthcare. Claiming that their protocol could resist attacks from two types of adversaries, Wang et al. also compared their protocol with several related works. However, in this paper, we analyze their protocol and point out that the protocol lacks forward security. Moreover, aiming at remedying such defects, this paper proposes an improved CL-AKA protocol. Not only does the improved CL-AKA protocol satisfy the security requirements but also behaves efficient compared with other related works.     

Efficient and provably secure password-based group key agreement protocol

This paper considers the issue on authenticated group key agreement protocol among n users broadcasting communication over an insecure public network. Many authenticated group Diffie-Hellman key agreement protocols have been proposed to meet the challenges. However, existing protocols are either limited by the use of public key infrastructure or by their scalability, requiring O(n) rounds. To overcome these disadvantages, we propose an efficient password-based group key agreement protocol resistant to the dictionary attacks by adding password-authentication services to a non-authenticated multi-party key agreement protocol proposed by Horng. The proposed protocol is very efficient since it only requires constant rounds to agree upon a session key, and each user broadcasts a constant number of messages and only requires four exponentiations. Under the Decisional Diffie-Hellman assumption, we will show the proposed protocol is provably secure in both the ideal-cipher model and the random-oracle model.     

基于n叉树的动态安全群密钥协商协议

将三叉树拓展为n叉树引入到群密钥中,提出了动态安全的基于n叉树的可认证群密钥协商协议。在三叉树的基础上进一步减少了轮数,计算复杂度由O(log3 m)降低为O(logn m),但是单轮内成员间通信量增加。群内成员先进行树结构的划分,每n个节点作为相应上一级节点的孩子节点,n个节点分别选定代表,n个代表通过调用协议BCP协商密钥得到本轮即相应父亲节点的子密钥,重复进行上述过程最终可以得到群组密钥。同时,协议考虑了有成员加入或离开的动态情形并给出了很好的解决方案,一方面保证了动态情形发生时,在前一时刻计算出结     

基于身份的移动网动态群组密钥协商方案

群组密钥协商是群组通信中非常重要的基本工具,如何得到一个安全有效的密钥协商协议是当前密码学研究中的一个重要问题。基于双线性对和随机预言模型,针对移动网络提出了一个动态群组密钥协商方案。此方案就计算复杂度和通信复杂度而言都是高效的,而且满足密钥协商所需要的安全要求。     

A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards

Advancement in communication technology provides a scalable platform for various services, where a remote user can access the server from anywhere without moving from its place. It provides a unique opportunity for online services such that a user does not need to be physically present at the service center. These services adopt authentication and key agreement protocols in order to ensure authorized and secure access to the resources. Most of the authentication schemes proposed in the literature support a single-server environment, where the user has to register with each server. If a user wishes to access multiple application servers, he/she requires to register with each server. The multi-server authentication introduces a scalable platform such that a user can interact with any server using single registration. Recently, Chuang and Chen proposed an efficient multi-server authenticated key agreement scheme based on a user’s password and biometrics (Chuang and Chen, 2014). Their scheme is a lightweight, which requires the computation of only hash functions. In this paper, we first analyze Chuang and Chen’s scheme and then identify that their scheme does not resist stolen smart card attack which causes the user’s impersonation attack and server spoofing attack. We also show that their scheme fails to protect denial-of-service attack. We aim to propose an efficient improvement on Chuang and Chen’s scheme to overcome the weaknesses of their scheme, while also retaining the original merits of their scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against various known attacks including the attacks found in Chuang and Chen’s scheme. Furthermore, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against the replay and man-in-the-middle attacks. In addition, our scheme is comparable in terms of the communication and computational overheads with Chuang and Chen’s scheme and other related existing schemes.     

大规模Ad hoc网络中一种高效的组密钥协商协议

移动Ad hoc网络自身的特点决定了该网络中节点资源的有限性,所以在移动Ad hoc网络中构建组密钥协商协议时,应尽量减少节点的资源开销。为了解决这个问题,提出了一种基于分簇-K叉树组模型结构的组密钥协商协议——CKT-ECC协议。该协议在分簇-K叉树组模型结构上,采用椭圆曲线密码体制实施密钥协商和分配,使得节点在密钥协商过程中具有低计算开销和低通信开销的优势。与GDH、TGDH组密钥协商协议相比,本协议有效地降低了节点在密钥协商过程中的计算开销和通信开销,适用于大规模移动Ad hoc网络。     

动态协作对等组中一种新的组密钥协商协议

动态协作对等组自身的特征使其安全机制面临着严峻的挑战。密钥协商机制则是构建安全的动态协作对等组的核心技术。提出了一种两方Weil对密钥协商协议(A-WGKA2),可以通过较少的步骤同时实现节点之间的密钥协商和认证。该协议具备如下性质：前向安全性;抵抗未知密钥共享;部分密钥泄露的安全性;抵抗密钥控制;抵抗使用泄露的密钥进行假冒攻击。在A-WGKA2协议的基础上,进一步提出了一个新的适用于动态协作对等组的组密钥协商协议(A-WGKAn)。该协议在具有较低的计算和通信开销的同时,实现了节点之间的相互认证,适用于动态协作对等组。     

Provably secure lightweight certificateless lattice-based authenticated key exchange scheme for IIoT

Through the Industrial Internet of Things (IIoT), the manufacturing enterprises have significantly enhanced the production efficiency. The transmission of data in IIoT over public channels has brought about information leakage issues. Therefore, it is crucial to agree on a session key among the participants. In recent years, numerous authenticated key exchange (AKE) schemes have been designed. However, those AKE schemes which adopt the certificateless approach to tackle certificate management and key escrow may remain vulnerable to quantum attacks, and other AKE schemes which are based on lattice hard problem so as to achieve the post quantum security may incur key management issues. To simultaneously address the aforementioned challenges, we propose a lightweight certificateless lattice-based authenticated key exchange (C2LAKE) scheme. Upon the hardness assumptions of the inhomogeneous small integer solution (ISIS) and computational bilateral inhomogeneous small integer solution (CBi-ISIS) problems, the C2LAKE scheme has been demonstrated to be secure in the eCK model and the random oracle model (ROM). Better trade-off among security and functionality features, and communication and computation costs make the C2LAKE scheme suitable and applicable in the IIoT environment.     

A study of application platform for smart contract visualization based blockchain

The Journal of Supercomputing - In recent years, blockchain, which is the base technology of the 4th industrial revolution, is rapidly emerging as an alternative to the centralized data management...