主动攻击下公钥加密的计算可靠性研究

本文引入公钥加密方案的新安全定义N-PAT,最后针对协议的迹性质与秘密性证明了扩展后方法的可靠性,即如公钥加密方案满足N-PAT,则符号形式化分析系统或者该系统所得到的结论在计算模型中也是正确的。     

电力智能单元传输规约安全性分析模型研究

电力智能单元传输规约的安全性是保障智能电网中智能通信实现高速、可靠、安全的基础。为了构建适用于电力智能单元传输规约的安全性分析模型,概述了主流的协议安全性分析理论与方法。基于符号模型的形式化方法包括逻辑推理、模型检验、定理证明;基于计算模型的计算方法包括RO模型、BCP模型、CK模型以及UC模型;基于计算可靠性理论的方法包括映射方法、模型方法、形式化方法的计算可靠性以及计算方法的直接形式化。提出了面向智能电网领域的电力智能单元传输规约安全性分析模型,为进一步的电力智能化单元传输规约的安全性分析奠定了基础。     

一种调和两种观点的安全协议分析法

在安全协议的形式化分析中,有两种完全不同的观点：符号方法和计算方法,两者各有优缺点．通过对两种观点的研究,按照优势互补的原则将两者相调和,建立了一种新的形式化分析方法．该方法将协议的安全性分为完全性和正确性,通过分析这两种性质,不仅能考察协议在逻辑上能否达到预期目标,而且能考察敌手在计算上的攻击能力．第一次从逻辑可靠性和计算可靠性两方面对协议进行了综合的安全性分析．     

基于迹语义的网络安全协议形式化分析

形式化方法是提高软件系统,特别是safety-critical系统的安全性与可靠性的重要手段.本文提出了一种新的简单的迹语义,用于刻画协议部分安全性质,即只针对协议规约的单个主体,此技术支持协议设计者对安全性质进行形式化规约.运用此技术和模型检测器SPIN找到了两种针对TMN协议的攻击,证明了此方法的实用性,可方便地用于其它网络安全协议验证.     

改进的OpenID Connect协议及其安全性分析

OpenID Connect协议是最新的单点登录协议之一,已经广泛应用于用户身份认证领域,其安全性受到了人们的重点关注。为增强OpenID Connect协议的安全性,首先引入数字签名及非对称加密技术,对其进行改进,重点关注改进后协议的秘密性和认证性;其次基于符号模型,应用应用PI演算对改进的OpenID Connect协议进行形式化建模;然后为验证改进后协议的认证性和秘密性,分别使用非单射性和query对认证性和秘密性进行建模;最后把改进的OpenID Connect协议的应用PI演算模型转换为安全协议分析工具ProVerif的输入,应用ProVerif对其进行形式化分析。实验结果表明,改进后的OpenID Connect协议具有认证性和秘密性。     

网络安全认证协议形式化分析

形式化方法是提高软件系统,特别是safety-critical系统的安全性与可靠性的重要手段。安全协议的形式化分析正成为国际上的研究热点。用于安全协议分析的逻辑需要对入侵者进行形式化建模,用于刻画入侵者能力。我们运用一种基于算法知识概念的逻辑分析安全协议,入侵者假定使用算法来计算其知识,入侵者的能力也通过对其所使用的算法作适当的限制来获得。运用模型检测器SPIN对TMN协议进行分析,实验结果证明了此方法的有效性,可方便地用于其他网络安全协议验证。     

计算可靠的密码协议形式化分析综述

密码协议的描述和分析有两类截然不同的方法:一类以形式化方法为主要手段,另一类以计算复杂性理论为基础.Abadi和Rogaway首次试图将这两类不同的方法关联起来,证明一个协议在形式化模型下具有某种安全属性,那么在计算模型下也保持相应的安全属性.在这一工作的带动下,形式化方法的计算可靠性研究越来越受到关注,成为密码协议分析研究的一个重要内容.围绕这一热点问题,人们做了大量的工作.该文首先对两类分析方法做概要介绍;其次对形式化分析的计算可靠性研究成果进行分类和总结,并对各种方法的主要思想进行了介绍;最后对该领域未来的研究方向进行了展望.     

通用可组合安全的多重数字签名

针对多重数字签名协议的安全性研究只是专注于单一协议执行时的安全性的现状,在通用可组合安全性框架下研究了多重数字签名协议在多协议并发执行时的安全性问题。首先形式化定义了多重数字签名协议的理想功能,然后基于Waters数字签名提出一个多重数字签名协议并证明其具有通用可组合(UC)安全性。所提出的多重数字签名协议可安全地运行于互联网等多协议并发执行环境。     

一个证实数字签名方案

考虑到现存的证实数字签名方案或者是不安全的，或者是低效的，基于Canmenisch-Michels形式化模型和结构，提出一种新颖的完全基于DSA及RSA的证实数字签名方案。新方案中的证实与否认协议是交互式的零知识证明协议，在证实或否认一个证实签名时，验证者V主动地参与协议的执行与交互，可以有效地避免证实签名的可转移性问题。     

ElGamal数字签名的零知识证明

零知识证明是一种协议,ElGamal数字签名广泛应用.给出ElGamal签名的一个零知识证明的GMR模型,该模型计算量小,可靠性高,实现简单.     

Performance study of online batch-based digital signature schemes

A digital signature is an important type of authentication in a public-key (or asymmetric) cryptographic system, and it is widely used in many digital government applications. We, however, note that the performance of an Internet server computing digital signatures online is limited by the high cost of modular arithmetic. One simple way to improve the performance of the server is to reduce the number of computed digital signatures by combining a set of documents into a batch in a smart way and signing each batch only once. This approach could reduce the demand on the CPU but require more network bandwidth of sending extra information to clients.In this paper, we investigate performance of different online digital signature batching schemes. That is, we provide a framework for studying as well as analyzing performance of a variety of such schemes. The results show that substantial computational benefits can be obtained from batching without significant increases in the amount of additional information that needs to be sent to the clients. Furthermore, we explore the potential benefits of considering more sophisticated batching schemes. The proposed analytical framework uses a semi-Markov model of a batch-based digital signature server. Through the emulation and the simulation, the results show the accuracy and effectiveness of our proposed analytic framework.     

一个基于椭圆曲线的可证明安全签密方案*

签密能够在一个合理的逻辑步骤内同时完成数字签名和加密两项功能。与实现信息保密性和认证性的先签名后加密方案相比,签密具有较低的计算和通信代价。提出一个基于椭圆曲线的签密方案,能够同时完成数字签名和加密两项功能。基于可证明安全性理论,在GDH(gap Diffie-Hellman)问题难解的假设之下,该方案在随机预言机模型中被证明是安全的。该方案能够抵御自适应选择明文/密文攻击。     

基于三次剩余的新Paillier签名方案

针对基于二次剩余Paillier数字签名方案标签设置过程和签名过程比较复杂等问题,提出了一个基于三次剩余的新Paillier数字签名方案。分析结果表明所提出的方案在计算效率上优于已有的签名方案。在大整数难以分解的假设下,提出的签名方案可抵抗存在性伪造以及适应性选择消息攻击。     

失败-停止签名方案研究

普通的数字签名方案的安全性几乎都依赖于一个计算假设。为了防止具有无限计算能力的攻击者成功伪造签名,以保护签名者的利益,提出了一个新的更为高效的失败-停止签名方案。方案中使用了两个数学上的困难问题：离散对数和因子分解,从而为接收者提供安全性。该方案具有可证明的安全性以抵抗自适应选择明文攻击。分析比较结果表明该方案在消息长度与签名长度比率方面是最优的,对长消息签名是高效的。     

基于身份聚合签名方案的安全性分析与改进

聚合签名是一种将n个来自不同的签名者对n个不同的消息m的签名聚合成一个单一的签名的数字签名技术。分析了两种签名方案,证明了这两个基于身份聚合签名方案的不安全性。在此基础上,利用双线性技术,提出了改进的基于身份的聚合签名方案。在随机预言模型下,基于Diffie-Hellman问题的计算困难性,证明了提出方案在适应性选择消息和身份攻击下的不可伪造性。     

一个新的前向安全签名方案

自从Bellare和Miner提出了前向安全数字签名方案的概念后,一些前向安全签名方案相继被提出。由于双线性配对函数表现出的良好密码学特性,目前已经引起了众多关注。本文在一个基于双线性配对函数的签名方案的基础上构造了一个前向安全签名方案。在计算Diffie-Hellman假设成立的情况下,此方案在随机预言模型中是不可伪造的前向安
安全签名方案。 [     

Connectivity of workflow nets: the foundations of stepwise verification

Behavioral models capture operational principles of real-world or designed systems. Formally, each behavioral model defines the state space of a system, i.e., its states and the principles of state transitions. Such a model is the basis for analysis of the system’s properties. In practice, state spaces of systems are immense, which results in huge computational complexity for their analysis. Behavioral models are typically described as executable graphs, whose execution semantics encodes a state space. The structure theory of behavioral models studies the relations between the structure of a model and the properties of its state space. In this article, we use the connectivity property of graphs to achieve an efficient and extensive discovery of the compositional structure of behavioral models; behavioral models get stepwise decomposed into components with clear structural characteristics and inter-component relations. At each decomposition step, the discovered compositional structure of a model is used for reasoning on properties of the whole state space of the system. The approach is exemplified by means of a concrete behavioral model and verification criterion. That is, we analyze workflow nets, a well-established tool for modeling behavior of distributed systems, with respect to the soundness property, a basic correctness property of workflow nets. Stepwise verification allows the detection of violations of the soundness property by inspecting small portions of a model, thereby considerably reducing the amount of work to be done to perform soundness checks. Besides formal results, we also report on findings from applying our approach to an industry model collection.     

On the use of OBDDs in model-based diagnosis: An approach based on the partition of the model

In this paper, we discuss how Ordered Binary Decision Diagrams (OBDDs) can be exploited for the computation of consistency-based diagnoses in model-based diagnosis. Since it is not always possible to efficiently encode the whole system model within a single OBDD, we propose to build a set of OBDDs, each one encoding a portion of the original model. For each portion of the model, we compute an OBDD encoding the set of local diagnoses; the OBDD encoding global diagnoses is then obtained by merging all the local-diagnoses OBDDs. Finally, minimal-cardinality diagnoses can be efficiently computed and extracted.The paper reports formal results about soundness, completeness and computational complexity of the proposed algorithm. Thanks to the fact that encoding diagnoses is in general much simpler than encoding the whole system model, this approach allows for the successful computation of global diagnoses even if the system model could not be compiled into a single OBDD. This is exemplified referring to a challenging combinatorial digital circuit taken from the ISCAS85 benchmark.     

基于改进椭圆曲线数字签名的盲签名*

为了解决盲签名计算过程复杂的问题,在改进椭圆曲线数字签名方案的基础上,提出了一种基于椭圆曲线数字签名的盲签名方案.新方案通过改进签名式和验证式,同时引入三个随机参数,得到了基于椭圆曲线的强盲签名方案.分析表明,新方案加快了算法的运算速度,缩短了盲签名时间,具有更好的安全性.     

Design of DL-based certificateless digital signatures

Public-key cryptosystems without requiring digital certificates are very attractive in wireless communications due to limitations imposed by communication bandwidth and computational resource of the mobile wireless communication devices. To eliminate public-key digital certificate, Shamir introduced the concept of the identity-based (ID-based) cryptosystem. The main advantage of the ID-based cryptosystem is that instead of using a random integer as each user’s public key as in the traditional public-key systems, the user’s real identity, such as user’s name or email address, becomes the user’s public key. However, all identity-based signature (IBS) schemes have the inherent key escrow problem, that is private key generator (PKG) knows the private key of each user. As a result, the PKG is able to sign any message on the users’ behalf. This nature violates the “non-repudiation” requirement of digital signatures. To solve the key escrow problem of the IBS while still taking advantage of the benefits of the IBS, certificateless digital signature (CDS) was introduced. In this paper, we propose a generalized approach to construct CDS schemes. In our proposed CDS scheme, the user’s private key is known only to the user himself, therefore, it can eliminate the key escrow problem from the PKG. The proposed construction can be applied to all Discrete Logarithm (DL)-based signature schemes to convert a digital signature scheme into a CDS scheme. The proposed CDS scheme is secure against adaptive chosen-message attack in the random oracle model. In addition, it is also efficient in signature generation and verification.