A three round authenticated group key agreement protocol for ad hoc networks

Group Key Agreement (GKA) protocols enable the participants to derive a key based on each one’s contribution over a public network without any central authority. They also provide efficient ways to change the key when the participants change. While some of the proposed GKA protocols are too resource consuming for the constraint devices often present in ad hoc networks, others lack a formal security analysis. In this paper, we propose a simple, efficient and secure GKA protocol well-suited to ad hoc networks and present results of our implementation of the same in a prototype application.     

Certificateless and identity-based authenticated asymmetric group key agreement

Group key agreement (GKA) is one of the traditional ways to guarantee the subsequent secure group communications. However, conventional GKA protocols face two limitations, i.e., they require two or more rounds to establish secure channels and are sender restricted. Asymmetric group key agreement (AGKA) eliminates above two limitations of GKA. It allows a group of users to establish a public group encryption key and a different secret decryption key of each group member in one round. Any user who knows the group encryption key can encrypt to the group members. This paper studies authenticated AGKA in certificateless and identity-based public key cryptosystems. We formalize the security model of certificateless authenticated asymmetric group key agreement and realize a one-round certificateless authenticated asymmetric group key agreement protocol to resist active attacks in the real world. We also investigate the relation between certificateless authenticated AGKA and identity-based authenticated AGKA. We propose a concrete conversion from certificateless authenticated AGKA to session key escrow-free identity-based authenticated AGKA.     

Guiding knowledge communication in CSCL via group knowledge awareness

Computer-mediated collaboration is not in and of itself a beneficial setting for learning. Environments for computer-mediated collaboration need to trigger learning-productive interactions. In this paper, we propose to implement tools providing group knowledge awareness (GKA), i.e., information about collaborators’ knowledge. GKA is typically restricted in CSCL environments. A GKA tool visualizing self-assessed learner knowledge, their partner’s self-assessed knowledge, and thus the distribution of knowledge, was studied in a computer-mediated collaborative learning scenario. Thirty-eight dyads were randomly assigned to either the GKA condition (GKA tool) or a control condition (only learner’s own knowledge was visualized). Results show that the GKA tool guided learners in their collaboration and, more specifically, in designing their communicative acts. Depending on the self- vs. partner-oriented purpose of the communicative act, the learner’s own vs. the partner’s knowledge guided communication. Guided communication was a mechanism for perceived learning gains and perceived knowledge convergence. A knowledge test failed to reveal a significant difference between the GKA and the control condition. In this paper, we will discuss characteristics of GKA tools and their impact on collaboration.     

改进的基于口令的群密钥协商协议

群密钥协商协议是保证后续群组安全通信的重要手段之一。为此,研究Byun和Lee提出的基于口令的群密钥协商协议,指出该协议不能抵抗不可检测的在线字典攻击。基于这个发现,对该方案进行改进,提出一种新的群密钥协商协议。安全性分析表明,该协议可以抵抗基于口令的群密钥协商协议的常见攻击。     

Genetic K-means algorithm

In this paper, we propose a novel hybrid genetic algorithm (GA) that finds a globally optimal partition of a given data into a specified number of clusters. GA's used earlier in clustering employ either an expensive crossover operator to generate valid child chromosomes from parent chromosomes or a costly fitness function or both. To circumvent these expensive operations, we hybridize GA with a classical gradient descent algorithm used in clustering, viz. K-means algorithm. Hence, the name genetic K-means algorithm (GKA). We define K-means operator, one-step of K-means algorithm, and use it in GKA as a search operator instead of crossover. We also define a biased mutation operator specific to clustering called distance-based-mutation. Using finite Markov chain theory, we prove that the GKA converges to the global optimum. It is observed in the simulations that GKA converges to the best known optimum corresponding to the given data in concurrence with the convergence result. It is also observed that GKA searches faster than some of the other evolutionary algorithms used for clustering.     

A protocol to achieve independence in constant rounds

Independence is a fundamental property needed to achieve security in fault-tolerant distributed computing. In practice, distributed communication networks are neither fully synchronous or fully asynchronous, but rather loosely synchronized. By this, we mean that in a communication protocol, messages at a given round may depend on messages from other players at the same round. These possible dependencies among messages create problems if we need n players to announce independently chosen values. This task is called simultaneous broadcast. In this paper, we present the first constant round protocol for simultaneous broadcast in a reasonable computation model (which includes a common shared random string among the players). The protocol is provably secure under general cryptographic assumptions. In the process, we develop a new and stronger formal definition for this problem. Previously known protocols for this task required either O(log n) or expected constant rounds to complete (depending on the computation model considered)     

有效的强安全组群密钥交换协议

组合公钥密码(CPK)体制无需证书来保证公钥的真实性,克服了用户私钥完全由密钥管理中心生成的问题。基于CPK设计了一个常数轮的组群密钥交换协议,该协议在CDH假设下可证安全并具有完美的前向安全性,只需两轮通信即可协商一个组群会话密钥,在通信和计算方面都很高效;并且高效地支持组群成员动态加入/离开,尤其对于多成员加入/离开的情况,只需额外的少量通信和计算即可更新组群密钥,确保了前向保密性和后向保密性。此外,本协议提供了强安全性保证,它能保持密钥的秘密性,除非某一方的临时私钥和长期私钥同时被泄露。最后,该协议提供了一个设计常数轮强安全组群密钥交换协议的方法,大部分的秘密共享体制均可直接应用于该协议。     

Private and oblivious set and multiset operations

Privacy-preserving set operations are a popular research topic. Despite a large body of literature, the great majority of the available solutions are two-party protocols and expect that each participant knows her input set in the clear. In this work, we put forward a new framework for secure multi-party set and multiset operations in which the inputs can be arbitrarily partitioned among the participants, knowledge of an input (multi)set is not required for any party, and the secure set operations can be composed and can also be securely outsourced to third-party computation providers. In this framework, we construct a comprehensive suite of secure protocols for set operations and their various extensions. Our protocols are secure in the information-theoretic sense and are designed to minimize the round complexity. We then also build support for multiset operations by providing (i) a generic conversion from a multiset to a set, which makes the protocols for set operations applicable to multisets and (ii) direct instantiations of multiset operations of improved performance. All of our protocols have communication and computation complexity of \(O(m \log m)\) and logarithmic round complexity for sets or multisets of size m, which compares favorably with prior work. Practicality of our solutions is shown through experimental results, and novel optimizations based on set compaction allow us to improve performance of our protocols in practice. Our protocols are secure in both semi-honest and malicious security models.     

A two-round honest-verifier zero-knowledge protocol

Since the concept of zero-knowledge protocols was introduced, it has attracted a lot of attention and in turn showed significant effect on the development of cryptography, complexity theory and other areas. The round complexity of a zero-knowledge protocol is a very important efficiency consideration, and it is required to be as small as possible. Generally, it is desirable to have zero-knowledge protocols with constant numbers of rounds. Goldreich and Oren proved that only languages in BPP have one-round a...     

自适应最小转换代价分簇形成策略

现有传感器网络分簇结构设计都没有考虑簇头转换过程中的能量消耗问题,而且每一轮次的间隔时间也必须是预先已知的,与具体应用密切相关。本文提出一种自适应最小转换代价分簇形成策略,簇头根据自己能量状况自适应地决定是否开始新一轮次选举,通过连通子集的设置保证分簇之间的轮次转换过程互不影响。仿真结果表明,这种白适应应最小转换代价分簇形成策略比其它的分簇协议簇头转换次数少,而且能量开销也较小。     

A group key agreement protocol for intelligent internet of things system

The application of intelligent computing in Internet of Things (IoTs) makes IoTs systems such as telemedicine, in-vehicle IoT, and smart home more intelligent and efficient. Secure communication and secure resource sharing among intelligent terminals are essential. A secure communication channel for intelligent terminals can be established through group key agreement (GKA), thereby ensuring the security communication and resource sharing for intelligent terminals. Taking into account the confidentiality level of the shared resources of each terminal, and the different permissions of the resource sharing of each terminal, a GKA protocol for intelligent IoTs is proposed. Compared with previous work, this protocol mainly has the following advantages: (1) The hidden attribute identity authentication technology can achieve the security of identity authentication and protect personal privacy from being leaked; (2) Only intelligent terminals satisfying the threshold required of the GKA can participate in the GKA, which increases the security of group communication; (3) Low-level group terminals can obtain new permissions to participate in high-level group communication if they meet certain conditions. High-level group terminals can participate in low-level group communication through permission authentication, which increases the flexibility and security of group communication; (4) The intelligent terminals in the group can use their own attribute permission parameters to calculate the group key. They can verify the correctness of the calculated group key through a functional relationship, and does not need to exchange information with other members in the same group. Under the hardness assumption of inverse computational Diffie-Hellman problem and discrete logarithm problem, it is proven that the protocol has high security, and compared with the cited literatures, it has good advantages in terms of computational complexity, time cost and communication energy cost.     

The perfectly synchronized round-based model of distributed computing

The perfectly synchronized round-based model provides the powerful abstraction of crash-stop failures with atomic and synchronous message delivery. This abstraction makes distributed programming very easy. We describe a technique to automatically transform protocols devised in the perfectly synchronized round-based model into protocols for the crash, send omission, general omission or Byzantine models. Our transformation is achieved using a round shifting technique with a constant time complexity overhead. The overhead depends on the target model: crashes, send omissions, general omissions or Byzantine failures. Rather surprisingly, we show that no other automatic non-uniform transformation from a weaker model, say from the traditional crash-stop model (with no atomic message delivery), onto an even stronger model than the general-omission one, say the send-omission model, can provide a better time complexity performance in a failure-free execution.     

Verifiable secret sharing in a total of three rounds

Verifiable secret sharing (VSS) is an important building block in the design of secure multi-party protocols, when some of the parties are under the control of a malicious adversary. Henceforth, its round complexity has been the subject of intense study. The best known unconditionally secure protocol takes 3 rounds in sharing phase, which is known to be optimal, and 1 round in reconstruction. Recently, by introducing a negligible probability of error in the definition of VSS, Patra et al. [CRYPTO 2009] have designed a novel protocol which takes only 2 rounds in sharing phase. However, the drawback of their protocol is that it takes 2 rounds in reconstruction as well. Hence, the total number of rounds required for VSS remains the same.In this paper, we present a VSS protocol which takes a total of 3 rounds only—2 rounds in sharing and 1 round in reconstruction.     

基于身份的可认证非对称群组密钥协商协议

非对称群组密钥协商协议(asymmetric group key agreement, AGKA)能使群组内部成员安全地传递信息.随着大规模分布式网络协同计算的发展,参加安全协同计算的成员可能来自于不同领域、不同时区、不同云端及不同类型的网络.现有的AGKA不能满足来自于跨域及异构网络之间群组成员的安全信息交换,且安全性仅局限于抗被动攻击.提出一种基于身份的可认证非对称群组密钥协商协议(identity-based authenticated asymmetric group key agreement, IB-AAGKA),该协议实现一轮非对称群组密钥协商,解决群组成员因时区差异而不能保持多轮在线密钥协商的问题;可实现匿名性与可认证性;支持节点的动态群组密钥更新,实现了群组密钥向前保密与向后保密安全性.在decisional bilinear Diffie-Hellman(DBDH)困难假设下,证明了协议的安全性,并分析了协议的性能.     

基于软计算的资信评估研究

提出了一种基于软计算的企业资信评估模型,它集成模糊数学和遗传算法,用快速遗传k-均值算法进行聚类。结果表明,FGKA和GKA均可得到全局最优解,但FGKA速度远高于GKA。本模型用PowerBuilder和Sybase数据库实现,为ERP中的企业资信评估提供了一个新的方案。     

Secure three-party computational protocols for triangle area

In this work, we have put forth two different protocols to address a concrete secure multi-party computational (MPC) problem related to a triangle, of which the coordinates of the three vertices are confidentially kept by the three participants, respectively. The three parties wish to collaboratively compute the area of this triangle while preserving their own coordinate privacy. As one of the merits, our protocols employ weaker assumptions of the existence of pseudorandom generators. In particular, unlike massive secure MPC protocols that rely a lot on oblivious transfer, ours utilize a new computing idea called “pseudorandom-then-rounding” method to avoid this burdensome obstacle. The two protocols are based on different theorems, while they both make use of the same underlying idea. At last, we provide a detailed proof for the first protocol by a series of security reductions of our newly defined games, which seems somewhat stronger than the previous simulation-based proofs and a proof sketch for the second one. Analysis and discussion about the reasons are provided as well to round off our work.     

Efficient and provably secure password-based group key agreement protocol

This paper considers the issue on authenticated group key agreement protocol among n users broadcasting communication over an insecure public network. Many authenticated group Diffie-Hellman key agreement protocols have been proposed to meet the challenges. However, existing protocols are either limited by the use of public key infrastructure or by their scalability, requiring O(n) rounds. To overcome these disadvantages, we propose an efficient password-based group key agreement protocol resistant to the dictionary attacks by adding password-authentication services to a non-authenticated multi-party key agreement protocol proposed by Horng. The proposed protocol is very efficient since it only requires constant rounds to agree upon a session key, and each user broadcasts a constant number of messages and only requires four exponentiations. Under the Decisional Diffie-Hellman assumption, we will show the proposed protocol is provably secure in both the ideal-cipher model and the random-oracle model.     

消息处理层的软件开销分析及优化

本文在现行基于主动消息的消息处理层基础上，对几种典型通信协议的实现过程中进行了一般性概括，阐述了各种软件开销的来源。通过对典型大规模并行机的分析表明：４０－５５％的通信开销来自缓冲管理、握手协议和消息应答。     

安全的常数轮多用户k-均值聚类计算协议

在多数聚类计算的实际应用中,样本数据通常来自于不同的用户,聚类算法往往需要在用户的联合数据集上进行计算. 而出于隐私保护的目的,用户并不希望与其他参与方共享其私有数据. 因此,如何以隐私保护的方式实现多用户的聚类计算便得到了人们的广泛关注.针对多用户持有数据的场景,研究了k-均值(k-means)聚类算法的安全计算问题,设计了常数轮交互的多用户k-means聚类安全计算协议. 在该协议中,用户使用加法同态加密方案对样本数据加密并上传至独立的辅助计算服务器. 服务器通过与持有私钥的聚类计算方交互,实现了乘法和欧氏距离的安全计算. 此外,基于ABY混合协议框架设计了针对同态密文的最小元素标记协议和除法协议. 协议通过常数轮交互,实现了同态密文、算术分享份额、Yao分享份额之间的相互转换,并利用Yao混乱电路技术实现了对同态密文的最小元素标记以及除法运算,该过程无需使用昂贵的比特分解技术. 在半诚实模型下给出了主协议及所有子协议的安全性证明.