高效的基于ID的无证书签名方案

通过利用gap diffie-hellman(GDH)群,提出了一种高效的基于ID的无证书签名方案,该方案通过将2个部分公钥绑定相同的一个ID,从而解决了密钥托管问题.在这个方案中,私钥生成中心(PKG,private key generator)不能够伪造合法者的签名,因为只能生成一部分私钥,其安全性依赖于CDHP(computational diffie-hellman problem).在随机预言机模型下,新方案被证明能够抵抗适应性选择消息攻击和ID攻击下的存在性伪造.该方案不仅解决了密钥托管问题而且与许多已有的方案相比具有较高的效率.     

Identity-based encryption with wildcards in the standard model

In this article, based on Chatterjee-Sarkar' hierarchical identity-based encryption (HIBE), a novel identity-based encryption with wildcards (WIBE) scheme is proposed and is proven secure in the standard model (without random oracle). The proposed scheme is proven to be secure assuming that the decisional Bilinear Diffie-Hellman (DBDH) problem is hard. Compared with the Wa-WIBE scheme that is secure in the standard model, our scheme has shorter common parameters and ciphertext length.     

Mobile device integration of a fingerprint biometric remote authentication scheme

Various user authentication schemes with smart cards have been proposed. Generally, researchers implicitly assume that the contents of a smart card cannot be revealed. However, this is not true. An attacker can analyze the leaked information and obtain the secret values in a smart card. To improve on this drawback, we involve a fingerprint biometric and password to enhance the security level of the remote authentication scheme Our scheme uses only hashing functions to implement a robust authentication with a low computation property. Copyright © 2011 John Wiley & Sons, Ltd.     

Novel identity-based fully homomorphic encryption scheme from lattice

The previous identity-based homomorphic encryption schemes from lattice was analyzed.That the high complexity in previous schemes was mainly caused by trapdoor generation and preimage sampling was pointed out.A new solution was proposed.A novel identity-based encryption scheme from lattice by combining new trapdoor function and dual-LWE algorithm organically was constructed,and it was transformed to an identity-based fully homomorphic encryption scheme from lattice by employing the idea of eigenvector.Comparative analysis shows that the scheme’s complexity of trapdoor generation has a significant reduction,the complexity of preimage sampling has a nearly three-fold reduction,and the SIVP approximation factor has a $\sqrt{m}$ times reduction.The security of the proposed scheme strictly reduces to the hardness of decisional learning with errors problem in the standard model.     

Secure CAS‐based authentication scheme for mobile pay‐TV systems

Pay‐television has become a popular added‐value service in mobile systems. Recently, Yeh and Tsaur proposed an authentication scheme for mobile pay‐television based on Sun and Leu's scheme. However, we found that Yeh and Tsaur's scheme has some security flaws, ie, impersonation attack with knowing mobile set's identity card, the adversary impersonates the head‐end system attack, the replay attack, the denial‐of‐service attack, and collusion attack. To overcome these problems, in this paper, we propose an improved scheme by storing a head‐end system signature and using a password. In addition, our proposed scheme keeps all the merits of Yeh and Tsaur's scheme. Furthermore, the performance analysis shows that the computation cost and the communication cost of our scheme are decreased dramatically compared to Yeh and Tsaur's scheme.     

Novel hierarchical identity-based encryption scheme from lattice

Aiming at the high complexity in user’s private key extraction and large expansion ratio of trapdoor size in previous hierarchical identity-based encryption (HIBE) schemes,a new HIBE scheme was proposed.The implicit extension method to improve preimage sampling algorithm was used,and then combined the improved algorithm with MP12 trapdoor delegation algorithm to construct an efficient HIBE user’s private key extraction algorithm.Finally,the new extraction algorithm and the Dual-LWE algorithm was integrated to complete the scheme.Compared with the similar schemes,the efficiency of the proposed scheme was improved in system establishment and user’s private key extraction stage,the trapdoor size grows only linearly with the system hierarchical depth,and the improved preimage sample algorithm partly solves the Gaussian parameter increasing problem induced by MP12 trapdoor delegation.The security of the proposed scheme strictly reduces to the hardness of decisional learning with errors problem in the standard model.     

A provable and secure mobile user authentication scheme for mobile cloud computing services

The mobile cloud computing (MCC) has enriched the quality of services that the clients access from remote cloud‐based servers. The growth in the number of wireless users for MCC has further augmented the requirement for a robust and efficient authenticated key agreement mechanism. Formerly, the users would access cloud services from various cloud‐based service providers and authenticate one another only after communicating with the trusted third party (TTP). This requirement for the clients to access the TTP during each mutual authentication session, in earlier schemes, contributes to the redundant latency overheads for the protocol. Recently, Tsai et al have presented a bilinear pairing based multi‐server authentication (MSA) protocol, to bypass the TTP, at least during mutual authentication. The scheme construction works fine, as far as the elimination of TTP involvement for authentication has been concerned. However, Tsai et al scheme has been found vulnerable to server spoofing attack and desynchronization attack, and lacks smart card‐based user verification, which renders the protocol inapt for practical implementation in different access networks. Hence, we have proposed an improved model designed with bilinear pairing operations, countering the identified threats as posed to Tsai scheme. Additionally, the proposed scheme is backed up by performance evaluation and formal security analysis.     

Research on batch anonymous authentication scheme for VANET based on bilinear pairing

To solve the problem of efficiency of anonymous authentication in vehicular ad hoc network,a batch anonymous authentication scheme was proposed by using bilinear pairing on elliptic curves .The signature was generated by the roadside unit node (RSU) and the vehicle together.Thus,the burden of VANET certification center was reduced and the authentication efficiency was proved.Meanwhile,the difficulty of the attacker to extract the key was increased.Furthermore,security proofs were given to the scheme in the random oracle model.Analysis shows that the proposed scheme can meet the needs of many kinds of security requirements,the computational overhead is significantly reduced,and the authentication efficiency is improved effectively too.Therefore,the scheme has important theoretical significance and application value under computational capability constrained Internet of things (IoT) environment.     

An improved remote password authentication scheme with smart card

This paper analyzes the security performance of a latest proposed remote two-factor user authentication scheme and proposes an improved scheme based on the dynamic ID to avoid the attacks it suffers. Besides this, in our proposed scheme the password is no longer involved in the calculation of verification phase which makes our scheme more secure and costs less than the old one. At last we analyze the performance of our proposed scheme to prove it provides mutual authentication between the user and the server. Moreover, it also resists password guessing attack, server and user masquerade attack and replay attack effectively.     

具有固定公钥和私钥长度的广播加密方案

利用双线性配对技术提出一个新的基于身份的广播加密方案。在标准模型下,证明了该方案具有适应性攻击安全模型下选择明文安全性。方案中的公钥参数和用户私钥均为固定长度,密文长度较短,并且,新方案还满足完全抗同谋攻击。与现有的广播加密方案相比,新方案更适用于存储量小的系统。     

无双线性对的基于身份的在线/离线门限签名方案

为了减少公钥密码体制中证书管理带来的开销和提高在线/离线门限签名方案的性能,利用分布式密钥生成协议和可验证秘密共享协议,提出了一种基于身份的在线/离线门限签名方案,并在离散对数假设下证明了新方案满足顽健性和不可伪造性。分析结果表明,新方案避免了传统公钥证书的管理问题和复杂的双线性对运算,大大降低了离线门限签名算法和签名验证算法的计算复杂度,在效率上优于已有的在线/离线门限签名方案。     

Efficient identity-based signature scheme with batch authentication for delay tolerant mobile sensor network

Identity-based cryptography （IBC） has drawn a lot of attentions in delay tolerant environment. However, the high computational cost of IBC becomes the most critical issue in delay tolerant mobile sensor network （DTMSN） because of the limited processing power. In this paper, an efficient identify-based signature scheme with batch authentication （ISBA） is proposed for DTMSN. ISBA designs an online/offline signature with batch authentication to reduce the computational cost, and improves data delivery mechanism to increase the number of messages for each batch authentication. Simulation results show that ISBA not only realizes a lower computational cost than existed schemes, but also does not induce negative impact on the delivery performance.     

Dynamic ID-based remote user mutual authentication scheme with smartcard using Elliptic Curve Cryptography

In the literature, several dynamic ID-based remote user mutual authentication schemes are implemented using password, smartcard and Elliptic Curve Cryptography （ECC）, however, none of them provides resilience against different attacks. Therefore, there is a great need to design an efficient scheme for practical applications. In this paper, we proposed such a scheme in order to provide desired security attributes and computation efficiencies. Compared with other existing techniques, our scheme is more efficient and secured. In addition, our scheme is provably secure in the random oracle model under the hardness assumption of computational Diffie-Hellman problem.     

基于身份加密中可验证的私钥生成外包算法

提出了包含私钥生成外包算法的基于身份加密方案,PKG将私钥生成的任务外包给服务器,并能有效验证外包结果的正确性。在标准模型中证明了方案的密文不可区分性和外包结果的可验证性,并对所提方案进行了仿真实现。实验结果表明,外包算法中PKG的计算量远小于直接生成用户私钥,且小于服务器的计算量。     

Efficient and privacy-preserving online face authentication scheme

In traditional face authentication system,the trait template and authentication request were generally matched over plaintext,which may lead to the leakage of users’ sensitive data.In order to address the above-mentioned problem,based on matrix encryption,an efficient and privacy-preserving online face authentication scheme was proposed.Specifically,the users’ face trait template for register and the authentication request were encrypted before being sent to the online authentication server,and the similarity computation between the encrypted face trait template and authentication request was computed by the online authentication server over ciphertexts,which guaranteed the security of users’ sensitive data without affecting the accuracy of face authentication.Security analysis shows that the proposed scheme can achieve multiple security levels according to different security parameters.Moreover,performance evaluation shows that the proposed scheme has low computation cost and communication overhead.Experiments results demonstrate the high efficiency of the proposed scheme,which can be implemented in the real environment effectively.     

Efficient mobile dynamic ID authentication and key agreement scheme without trusted servers

Remote user authentication schemes allow an authorized user to access the resources of remote servers. A dynamic ID authentication scheme further provides the property of user anonymity, that is, information of user identification will not be compromised even if communicated messages are intercepted. When it comes to the mobile user authentication, the client‐side processing capability is usually concerned the most. In this paper, the author proposes an efficient mobile dynamic ID authentication and key agreement scheme without trusted servers. For facilitating the application of mobile devices with limited processing capability, our scheme is optimized for the client‐side computation. Moreover, compared with related works, the proposed scheme is also more secure. Copyright © 2014 John Wiley & Sons, Ltd.     

基于指纹识别技术的双重身份鉴别系统实现

本文依据信息安全等级保护基本要求,利用指纹识别技术,设计了信息化应用的双重身份鉴别系统方案。方案通过建立指纹数据库,采集用户指纹信息并和账户关联,通过认证服务在用户登录时进行指纹认证实现双重身份鉴别。方案具有安全性高、适用面广、使用方便和抗抵赖等特点。     

强不可伪造的基于身份服务器辅助验证签名方案

标准模型下的基于身份签名方案大多数是存在性不可伪造的,无法阻止攻击者对已经签名过的消息重新伪造一个合法的签名,并且验证签名需要执行耗时的双线性对运算。为了克服已有基于身份签名方案的安全性依赖强和计算代价大等缺陷,提出了一个强不可伪造的基于身份服务器辅助验证签名方案,并在标准模型下证明了新方案在合谋攻击、自适应选择身份和消息攻击下是安全的。分析结果表明,新方案有效减少了双线性对的计算量,大大降低了签名验证算法的计算复杂度,在效率上优于已有的基于身份签名方案。     

基于MAC层的EPON双向认证加密方案研究

在分析了以太网无源光网络(EPON)网络中存在的安全隐患基础上,针对EPON网络中存在的安全问题,根据双向认证加密方案及技术路线,提出了一个抗MAC帧窃听和重放攻击的混合加密双向认证方案。该方案在不增加成本的基础上,全面地保障了EPON系统数据的安全,同时也满足了不同用户的需求,系统有一定的实用意义。