高效可证明安全的无证书代理签名方案

为提高无证书代理签名方案的计算效率,提出了一个高效的无证书代理签名方案。该方案的安全性基于椭圆曲线离散对数难题,不使用双线性对,其效率比现有的无证书代理签名方案有很大提高。在部分代理钥生成阶段只需1个标量乘,在部分代理钥验证阶段只需2个标量乘,在代理签名阶段只需1个标量乘,在代理签名验证阶段只需6个标量乘,且签名长度较短。所提方案对于超级攻击者在适应性选择消息与身份下是存在性不可伪造的,适用于对计算和存储等资源有严格限制的实际应用场合。     

一种有效的安全组通信模式

今天大量的组播应用要求安全组播服务来支持组播通信的安全,然而现有的因特网不支持这种服务。为此建议了一种非集中式密钥管理的安全组通信模式。该模式处理子组及组成员的动态性非常有效,并且有很好的扩展性和很高的安全性。     

Linux中构造基于ACE的安全高效通信平台

当把Linux操作系统作为大型安全管理系统的服务器的时候,构建安全的通信平台显的尤为重要。自适配通信环境(ACE)是一种面向对象(OO)的工具包,它实现了通信软件的许多基本的设计模式。文中介绍了ACE和整个系统模型的设计,然后重点阐述了如何利用SSL实现安全通信,以及数据传输过程中的效率问题的解决方案。实践中经过sniffer抓包分析和压力测试,可以达到预期要求。     

Linux中构造基于ACE的安全高效通信平台

当把Linux操作系统作为大型安全管理系统的服务器的时候，构建安全的通信平台显的尤为重要。自适配通信环境（ACE）是一种面向对象（OO）的工具包，它实现了通信软件的许多基本的设计模式。文中介绍了ACE和整个系统模型的设计，然后重点阐述了如何利用SSL实现安全通信，以及数据传输过程中的效率问题的解决方案。实践中经过sniffe，抓包分析和压力测试，可以达到预期要求。     

高效的无证书签名和群签名方案

研究新兴无证书密码体制下的群签名问题,提出无证书群签名的安全模型.利用双线性映射提出一个无证书签名方案,并在随机预言模型下给出它正式的安全证明.利用所给的签名方案设计了一个无证书群签名方案.前者在签名和验证阶段只需一个双线性运算, 后者只需两个, 故它们具有执行性能上的优势.它们的安全性建立在计算Diffie-Hellman问题困难性上.该群签名方案满足群签名的各种安全要求, 还允许用户动态的加入与离开且不需更新群公钥和其他群成员的签名私钥.群签名的长度不依赖于群成员的数目.鉴于群签名方案安全、高效和无证书管理的优点,它可广泛应用于电子商务、电子投票等方面.     

一种有效的安全层次性组通信模式

介绍一种简单、有效的安全层次性组通信模式，该模式适合于一种典型的层次结构树结构，基于子组索引（indices of subgroups)，可以有效处理子组动态性（subgroup dynamic)和成员动态性（member dynamic)，同时也分析了该模式的安全性和时空性能。     

高效无证书签名方案的分析及改进

在基于身份的高效无证书签名方案中,签名者在生成签名时既不受公钥证书认证的约束,又无需PKG为其生成基于身份的部分公钥,从而导致任何人均可伪造其他人的签名。针对该问题,给出安全的无证书签名方案必须具备的一个条件,并对原方案做出改进。改进后的方案保持了原方案高效的优点且安全性更高。     

一个强安全的无证书签名方案的分析和改进

无证书公钥密码体制结合了基于身份的密码体制和传统PKI公钥密码体制的优势,克服了基于身份的公钥密码体制的密钥托管问题及PKI系统的证书管理问题,具有明显的优势.对Hassouna等提出的一个强安全无证书签名方案进行安全分析.结果表明,该方案不能验证消息的完整性,存在消息篡改攻击,且方案未使用根据系统主密钥生成的私钥进行...     

Secure Node Discovery in Ad-hoc Networks and Applications

Designing secure protocols over ad-hoc networks has proved to be a very challenging task, due to various features of such networks, such as partial connectivity, node mobility, and resource constraints. Furthermore, their lack of physical infrastructures deprives their users of even basic network functions such as message routing, for which nodes are themselves responsible.In this paper we consider a very basic network function, node discovery, in ad-hoc networks, where a node with limited network information would like to establish a session with a given number of other nodes in the network (of which the node may not be aware about). We formally define correctness, security and efficiency properties of node discovery protocols, and investigate the problem of designing such protocols under appropriate network topology assumptions. Here, the security of these protocols is against Byzantine adversaries that can corrupt up to a limited number of nodes in the network and make them arbitrarily deviate from their protocol. After presenting some secure node discovery protocols, we show their application to secure service architectures in ad-hoc networks.     

Efficient Broadcasting Using Network Coding and Directional Antennas in MANETs

In this paper, we consider the issue of efficient broadcasting in mobile ad hoc networks (MANETs) using network coding and directional antennas. Network coding-based broadcasting focuses on reducing the number of transmissions each forwarding node performs in the multiple source/multiple message broadcast application, where each forwarding node combines some of the received messages for transmission. With the help of network coding, the total number of transmissions can be reduced compared to broadcasting using the same forwarding nodes without coding. We exploit the usage of directional antennas to network coding-based broadcasting to further reduce energy consumption. A node equipped with directional antennas can divide the omnidirectional transmission range into several sectors and turn some of them on for transmission. In the proposed scheme using a directional antenna, forwarding nodes selected locally only need to transmit broadcast messages, original or coded, to restricted sectors. We also study two extensions. The first extension applies network coding to both dynamic and static forwarding node selection approaches. In the second extension, we design two approaches for the single source/single message issue in the network coding-based broadcast application. Performance analysis via simulations on the proposed algorithms using a custom simulator and ns2 is presented.     

一种可证安全高效无证书短签名方案

在无证书密码学体制中,公钥与持有者之间没有认证关系,可能产生恶意用户替换用户公钥的问题。为此,对无证书签名定义进行改进,提出一种可证安全的无证书短签名方案。方案的安全性基于Inv-CDH问题,并在随机预言机模型下给出完整的安全性证明,证明其在新敌手下的适应性选择消息攻击中抗存在性伪造。利用C语言实现此方案,并将其与经典短签名方案以及近年无证书短签名方案进行性能分析与比较。结果表明,在签名阶段该方案仅需1次倍点运算,在验证阶段需要2次倍点运算和2次双线性对运算,其签名长度短、运算效率高。     

Generic Certificateless Encryption Secure Against Malicious-but-Passive KGC Attacks in the Standard Model

Despite the large number of certificateless encryption schemes proposed recently, many of them have been found insecure under a practical attack, called malicious-but-passive KGC (Key Generation Center) attack. In this work we propose the first generic construction of certificateless encryption, which can be proven secure against malicious-but-passive KGC attacks in the standard model. In order to encrypt a message of any length, we consider the KEM/DEM (key encapsulation mechanism/data encapsulation mechanism) framework in the certificateless setting, and propose a generic construction of certificateless key encapsulation mechanism (CL-KEM) secure against malicious-but-passive KGC attacks in the standard model. It is based on an identity-based KEM, a public key encryption and a message authentication code. The high efficiency of our construction is due to the efficient implementations of these underlying building blocks, and is comparable to Bentahar et al.’s CL-KEMs, which have only been proven secure under the random oracle model with no consideration of the malicious-but-passive KGC attack. We also introduce the notion of certificateless tag-based KEM (CL-TKEM), which is an extension of Abe et al.’ s work to the certificateless setting. We show that an efficient CL-TKEM can be constructed by modifying our CL-KEM scheme. We also show that with a CL-TKEM and a data encapsulation mechanism secure under our proposed security model, an efficient certificateless hybrid encryption can be constructed by applying Abe et al.'s transformation in the certificateless setting.     

主动网络节点研究及安全实现

主动网络是可编程网络，用户可对网络进行个性化的编程和设置。文章论述了主动网络的体系结构，重点探讨主动网络节点操作系统及安全实现。最后提出一种安全节点结构，它可以为主动应用提供认证，授权，完整性认证以及满足主动应用的动态安全要求及策略。     

主动网络节点研究及安全实现

主动网络是可编程网络,用户可对网络进行个性化的编程和设置.文章论述了主动网络的体系结构,重点探讨主动网络节点操作系统及安全实现.最后提出一种安全节点结构,它可以为主动应用提供认证,授权,完整性认证以及满足主动应用的动态安全要求及策略.     

一个安全有效的门限签名方案

文章通过引入秘密分享成员的身份代码附加参数,构造了一个可以阻止恶意成员数大于门限值时进行伪造签名的门限数字签名方案,此方案的安全性是基于在特定条件下求解二次剩余的困难性。并讨论了该方案的有效性和安全性。     

一个安全有效的电子支付系统

电子现金是一种非常重要的电子支付系统,具有传统货币的优点并克服其不足是设计电子现金的主要原则之一。文章设计了一个基于RSA盲签名和ElGamal签名体制的新的不可追踪的电子支付系统,并分析了它的特点和安全性。系统的主要特点是在提取协议里银行利用RSA盲签名算法签发电子现金,而在支付协议里用户用ElGamal签名体制支付现金。该电子支付系统除了具有较强的安全性,即可避免用户和银行的欺骗行为外,还具有用户一次可以提取在银行限额内的任何金额等特点。     

一个安全有效的多重数字签名方案

文章基于离散对数问题提出一个多重数字签名方案,其安全性类似于ElGamal签名体制,因而较为肯定,其验证计算量与参与签名的人数无关,保证了有效性。     

安全高效的水印认证协议

基于完全零知识交互证明系统和位委托方案,提出了可证明的安全水印认证协议.现有文献大都使用基于Cox的扩频数字水印方案或对其进行修改后的扩频水印方案.采用了鲁棒性较强的更适合于版权保护的乘法嵌入规则,在宿主信号中嵌入水印;水印检测时,在充分考虑了不同的变换域、信道特性以及人类视觉特性的基础上,采用基于广义高斯分布和Weibull分布模型的各种变换域的鲁棒优化检测器.使用位委托方案对数字水印信息进行委托,并联合使用随机序列隐藏水印嵌入位置信息.协议确保了在证明相应水印存在的同时,没有泄露任何有关水印的敏感信息,防止了蓄意攻击者利用认证过程中泄露的有关水印的敏感信息(如水印、水印位置、提取密钥等)来移除或伪造水印.数字水印方案对各种变换域的水印检测器给予了较全面的考虑,所以,应用该协议进行水印认证,其安全性、有效性、鲁棒性和实用性都有较大提高.     

Hydra: Efficient multicast routing in MANETs using sender-initiated multicast meshes

We present Hydra, the first multicast routing protocol for MANETs that establishes a multicast routing structure approximating the set of source-rooted shortest-path trees from multicast sources to receivers, without requiring the dissemination of control packets from each source of a multicast group. Hydra accomplishes this by dynamically electing a core for the mesh of a multicast group among the sources of the group, and aggregating multicast routing state in the nodes participating in multicast meshes, so that only control packets from the core are disseminated towards the receivers of a group. We prove that Hydra establishes correct routes from senders to receivers of a multicast group when multicast state information is aggregated. We also present simulation results illustrating that Hydra attains comparable or higher delivery ratios than the On-Demand Multicast Routing Protocol (ODMRP), but with considerably lower end-to-end delays and far less communication overhead. Results are shown for scenarios using 802.11 DCF and TDMA as the MAC layer protocols and using random waypoint and group mobility as mobility models.     

Efficient self-organized backbone formation in mobile ad hoc networks (MANETs)

In wireless networks other than source and destination nodes, intermediate nodes play a major role for routing and other control transfer functions. Hence the network must be formed by self-organized intermediate nodes. This feature of the node is also used to protect the network from uncertainties like link, node failures. The main objective of this paper is to give the characteristics of intermediate nodes; how they support the quality of service issues. Existing research work in this area mainly concentrates on backbone construction and there is no solution for self-organized backbone formation. A new distributed localized algorithm is proposed to construct and maintain the backbone network named as SOB-T or M (self-organized backbone- tree or mark), which means that tree or marking scheme are used to construct the backbone network. The QoS parameters like throughput, delay and number of control messages are analyzed in this paper.