Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer

Protocols for secure two-party computation enable a pair of parties to compute a function of their inputs while preserving security properties such as privacy, correctness and independence of inputs. Recently, a number of protocols have been proposed for the efficient construction of two-party computation secure in the presence of malicious adversaries (where security is proven under the standard simulation-based ideal/real model paradigm for defining security). In this paper, we present a protocol for this task that follows the methodology of using cut-and-choose to boost Yao’s protocol to be secure in the presence of malicious adversaries. Relying on specific assumptions (DDH), we construct a protocol that is significantly more efficient and far simpler than the protocol of Lindell and Pinkas (Eurocrypt 2007) that follows the same methodology. We provide an exact, concrete analysis of the efficiency of our scheme and demonstrate that (at least for not very small circuits) our protocol is more efficient than any other known today.     

基于时序关系的消息推理及安全协议符号迹分析

如何准确地描述敌意环境中的协议运行模型和在统一的框架下分析多种安全属性是安全协议形式化分析中的两个关键问题。提出了基于时序关系的消息推理,把实体的知识与协议的符号迹分析结合起来,构建了协议运行的一般模型。在此模型下,消息间的相互关系被用来统一多种安全属性的形式化表达,定义了相应的属性满足关系,提出了分析安全协议的一般框架。最后给出了一个实例分析,并指出该框架以后的研究方向。     

An ECC‐based authenticated group key exchange protocol in IBE framework

With the rapid demand for various increasing applications, the internet users require a common secret key to communicate among a group. The traditional key exchange protocols involve a trusted key generation center for generation and distribution of the group key among the various group members. Therefore, the establishment of a trusted key generation center server and the generation (and distribution) of common session key require an extra overhead. To avoid this difficulty, a number of group key exchange protocols have been proposed in the literature. However, these protocols are vulnerable to many attacks and have a high computational and communication cost. In this paper, we present an elliptic curve cryptography–based authenticated group key exchange (ECC‐AGKE) protocol, which provides better security and has lower computational cost compared to related proposed schemes. Further, a complexity reduction method is deployed to reduce the overall complexity of the proposed elliptic curve cryptography–based authenticated group key exchange protocol. The security of proposed work is ensured by the properties of elliptic curves. A security adversarial model is given and an extensive formal security analysis against our claim is done in the random oracle model. We also made a comparison of our proposed protocol with similar works and found that ours have better complexity, security and efficiency over others.     

基于ATL的公平电子商务协议形式化分析

针对传统时序逻辑LTL,CTL及CTL*等把协议看成封闭系统进行分析的缺点,Kremer博士(2003)提出用一种基于博弈的ATL(Alternating-time Temporal Logic)方法分析公平电子商务协议并对几个典型的协议进行了公平性等方面的形式化分析。本文讨论了ATL逻辑及其在电子商务协议形式化分析中的应用,进一步扩展了Kremer博士的方法,使之在考虑公平性等特性的同时能够分析协议的安全性。最后本文用新方法对Zhou等人(1999)提出的 ZDB协议进行了严格的形式化分析,结果发现该协议在非保密通道下存在两个可能的攻击:保密信息泄露和重放攻击。     

An improved mutual authentication protocol based on perfect forward secrecy for satellite communications

As the mobile network progresses fast, mobile communications have a far‐reaching influence in our daily life. In order to guarantee the communication security, a myriad of experts introduced many authentication protocols. Recently, Qi et al presented an enhanced authentication with key agreement protocol for satellite communications, and they proclaimed that their protocol could defend various attacks and support varied security requirements. Regrettably, in this paper, we prove that their protocol was fruitless in resisting smart card stolen or loss attack, supporting perfect forward secrecy and had a fundamental error. To solve these problems, we present an improved protocol based on perfect forward secrecy. In addition, the analysis of our improved protocol suggests that it gets possession of faultless security properties and overcomes the flaws in the protocol of Qi et al perfectly. Thus, our improved protocol can be appropriated for the mobile communications.     

两方有理数多重集的保密计算

集合的安全多方计算(SMC)在联合数据分析、敏感数据安全查询、数据可信交换等场景有着广泛的应用。该文基于有理数的几何编码,结合保密内积协议,首次提出了有理数域上两方多重集交集和并集的保密计算协议。应用模拟范例证明了协议在半诚实模型下的安全性,分别通过理论分析和仿真测试验证了协议的高效性。与现有协议相比,所设计协议无需给定包含所有集合元素的全集,可以保护集合势的隐私性,且在协议执行过程主要使用乘法运算,达到了信息论安全。     

标准模型下可托管的基于身份认证密钥协商

现有会话密钥可托管的ID-AKA(IDentity-based Authenticated Key Agreement)协议要么存在已知安全缺陷,要么是在随机预言模型下可证明安全.基于Boneh等人定义的安全陷门函数,提出一种会话密钥可托管的ID-AKA协议.在ID-BJM模型基础上,扩展定义了ID-AKA协议分析的标准安全模型.扩展模型将安全游戏划分为两个阶段,去除了随机预言机,能完备地模拟不同类型敌手的行为.在扩展模型下,新协议的安全性被规约为多项式时间敌手求解判定性BDH(Bilinear Diffie-Hellman)难题和判定性BDHI(Bilinear Diffie-Hellman Inversion)难题,具有可证明安全性.     

基于LPN问题的RFID安全协议设计与分析

该文对现有的基于LPN问题的RFID安全协议进行了系统分析,总结了这类协议存在的一些设计缺陷。为了克服这类协议中存在的安全漏洞,对其中一个最新版本的协议HB+进行改进,设计了一个新的RFID安全协议HB#,并在随机预言模型下给出了新协议的归约性证明。     

协议认证性安全属性测试方法

认证性建立通信双方的信任关系,是安全通信的重要保障.传统的协议测试方法只关注协议功能的正确性,无法满足认证性等安全属性测试的要求.因此,提出了一种针对协议认证性的安全属性测试方法,利用带目标集合的有限状态机模型SPG-EFSM来扩展描述协议安全属性,并在攻击场景分类的基础上设计了认证攻击算法.通过攻击算法找到了Woo-lam协议和μTESLA协议的认证性漏洞,该方法具有可行性、覆盖率高等特点.     

网络隐蔽通道检测系统模型设计

利用TCP／IP协议中建立隐蔽通道来进行非法通信已经成为网络安全的重要威胁。论文首先以IP协议和TCP协议为例,简要介绍了TCP／IP协议下网络隐蔽通道的建立方法和检测特点,针对目前检测工具主要面向特定隐蔽通道的特点,结合协议分析和流量分析方法提出了一种网络隐蔽通道检测系统的设计模型,为隐蔽通道的综合性检测提供了一种新的思路。     

传感器网络安全协议的分析和改进

分析A.Perrig提出的传感器网络安全协议套件的安全性,发现其中的节点密钥协商协议存在攻击,即攻击者可以冒充合法节点发送密钥协商请求。针对以上攻击,给出了一个改进协议。为了分析改进协议的安全性,对原始串空间理论进行了扩展,并使用扩展后的理论从保密性和认证性两个方面分析了改进协议的安全性。分析结果显示,改进后的协议是安全的。同时,对串空间理论的扩展,为其能够分析较复杂的安全协议打下了基础。     

An efficient pairing‐free identity‐based authenticated group key agreement protocol

An authenticated group key agreement protocol allows participants to agree on a group key that will be subsequently used to provide secure group communication over an insecure network. In this paper, we give a security analysis on a pairing‐free identity‐based authenticated group key agreement because of Islam et al. We show that the protocol of Islam et al. cannot satisfy the minimal security requirements of the key agreement protocols. We propose an efficient pairing‐free identity‐based authenticated group key agreement for imbalanced mobile network. The proposed protocol can be implemented easily for practical application in mobile networks as it is free from bilinear. Under the difficulty of the InvCDH and CDH we demonstrate that the proposed protocol provides perfect forward secrecy, implicit key authentication and the dynamic functionality. As compared with the group key agreement protocols for imbalanced mobile network, the proposed protocol provides stronger security properties and high efficiency. Copyright © 2013 John Wiley & Sons, Ltd.     

Two-party certificateless authenticated key agreement protocol with enhanced security

Two-party certificateless authenticated key agreement（CL-AKA） protocol is a hot topic in the field of wireless communication security. An improved two-party CL-AKA protocol with enhanced security is proposed,which is of provable security and unforgeability in the extended Canetti-Krawczyk (eCK) security model based on the hardness assumption of the computational Diffie Hellman (CDH) problem. Compared with other similar protocols, it is more efficient and can satisfy security properties such as free of the centralized management of certificate and key, free of bilinear pairings, two-party authentication, resistant to unknown key-share attack, key compromise impersonation attacks, the man-in-the-middle-attack of key generation center (KGC), etc. These properties make the proposed protocol have better performance and adaptability for military communication.     

两个认证密钥协商协议的前向安全性分析

目前,网络安全及隐私受到广泛关注。前向安全性是Günther在1989年提出的一种认证密钥协商协议(AKA)的安全属性(doi:10.1007/3-540-46885-4＿5),该性质经过30年的蓬勃发展已经成为研究领域的热点之一。该文主要分析了MZK20和VSR20两个AKA协议。首先在启发式分析的基础上,利用BAN逻辑分析了MZK20协议不具有弱前向安全性;其次利用启发式分析和Scyther工具证明了VSR20协议不具备前向安全性。最后,在分析VSR20协议设计缺陷的基础上,提出了改进方案,并在eCK模型下证明了改进后协议的安全性;并且,结合Scyther软件证明了改进VSR20协议与VSR20协议相比明显提高了安全性。     

A lightweight and secure NFC‐base mobile payment protocol ensuring fair exchange based on a hybrid encryption algorithm with formal verification

During the past few years, many near‐field communication (NFC) mobile payment protocols have been widely used and received more and more attentions. This could be an essential factor for the growth of the world economy and leads to the improvement of the quality of life for human beings. The NFC mobile payment is one prominent approach in allowing m‐commerce to conduct a sales transaction. However, fair exchange and information security are significant concerns in creating trust among the parties participating in the transaction. Many NFC mobile payment protocols have been introduced by researchers. But, most of them still lack some crucial properties of information security and fair exchange, and this can be an obstacle to their uses. In this article, we propose an NFC mobile payment protocol that possesses comprehensive properties of both information security and fair exchange for sales transaction processing. The protocol employs both symmetric and asymmetric encryptions, hash function, and the technique of offline session key generation, in order to improve the security while maintaining the lightweight property. The fairness analysis shows that the proposed protocol is more competent and effective than others. It can resolve any dispute in case one party misbehaves. Finally, the proposed protocol's security has been successfully verified using both Burrows, Abadi and Needham (BAN logic) and the Scyther tool.     

基于串空间模型的改进型 Otway-Rees 协议分析

串空间模型是一种新兴的密码协议形式化分析工具,其理论中理想和诚实概念的提出大大减少了协议的证明步骤.本文在 Otway-Rees 协议缺陷的基础上对它进行改进,并利用串空间模型的理论对改进后的 Otway-Rees 协议进行了形式化的分析.新的 Otway-Rees 协议满足其安全目标,是安全可行的     

SRGH: A secure and robust group‐based handover AKA protocol for MTC in LTE‐A networks

Machine‐type communication (MTC) is defined as an automatic aggregation, processing, and exchange of information among intelligent devices without humans intervention. With the development of immense embedded devices, MTC is emerging as the leading communication technology for a wide range of applications and services in the Internet of Things (IoT). For achieving the reliability and to fulfill the security requirements of IoT‐based applications, researchers have proposed some group‐based handover authentication and key agreement (AKA) protocols for mass MTCDs in LTE‐A networks. However, the realization of secure handover authentication for the group of MTCDs in IoT enabled LTE‐A network is an imminent issue. Whenever mass MTCDs enter into the coverage area of target base‐station simultaneously, the protocols incur high signaling congestion. In addition, the existing group‐based handover protocols suffer from the huge network overhead and numerous identified problems such as lack of key forward/backward secrecy, privacy‐preservation. Moreover, the protocols fail to avoid the key escrow problem and vulnerable to malicious attacks. To overcome these issues, we propose a secure and robust group‐based handover (SRGH) AKA protocol for mass MTCDs in LTE‐A network. The protocol establishes the group key update mechanism with forward/backward secrecy. The formal security proof demonstrates that the protocol achieves all the security properties including session key secrecy and data integrity. Furthermore, the formal verification using the AVISPA tool shows the correctness and informal analysis discusses the resistance from various security problems. The performance evaluation illustrates that the proposed protocol obtains substantial efficiency compared with the existing group‐based handover AKA protocols.     

多方不可否认协议的增广CSP建模与分析

基于逆向工程的思想,使用前期工作中提出的面向两方不可否认协议分析的增广CSP方法,对典型的Kremer-Markowitch多方不可否认协议的安全性进行了探索性建模与分析。借助该分析成功发现此协议在满足不可否认性和公平性的同时却不具备时限性。这表明在适用于两方不可否认协议安全性验证的同时,增广CSP方法也可作为多方不可否认协议安全性验证的新方法。     

A secure end‐to‐end SMS‐based mobile banking protocol

Short message service (SMS) provides a wide channel of communication for banking in mobile commerce and mobile payment. The transmission of SMS is not secure in the network using global system for mobile communications or general packet radio service. Security threats in SMS restricted the use of SMS in mobile banking within certain limits. This paper proposed a model to address the security of SMS using elliptic curve cryptography. The proposed model provides end‐to‐end SMS communication between the customer and the bank through the mobile application. The main objective of the proposed model is to design and develop a security framework for SMS banking. Further, the protocol is verified for its correctness and security properties because most of the protocols are not having the facility to be verified by using the formal methods. Our proposed framework is experimentally validated by formal methods using model checking tool called automated validation of internet security protocols and Scyther tools. Security analysis shows that the proposed mechanism works better compared to existing SMS payment protocols for real‐world applications.     

A chaotic map‐based anonymous multi‐server authenticated key agreement protocol using smart card

Authenticated key agreement protocols play an important role for network‐connected servers to authenticate remote users in Internet environment. In recent years, several authenticated key agreement protocols for single‐server environment have been developed based on chaotic maps. In modern societies, people usually have to access multiple websites or enterprise servers to accomplish their daily personal matters or duties on work; therefore, how to increase user's convenience by offering multi‐server authentication protocol becomes a practical research topic. In this study, a novel chaotic map‐based anonymous multi‐server authenticated key agreement protocol using smart card is proposed. In this protocol, a legal user can access multiple servers using only a single secret key obtained from a trusted third party, known as the registration center. Security analysis shows this protocol is secure against well‐known attacks. In addition, protocol efficiency analysis is conducted by comparing the proposed protocol with two recently proposed schemes in terms of computational cost during one authentication session. We have shown that the proposed protocol is twice faster than the one proposed by Khan and He while preserving the same security properties as their protocol has. Copyright © 2014 John Wiley & Sons, Ltd.