共查询到20条相似文献,搜索用时 31 毫秒
1.
Based on the computational Diffie-Hellman problem, this paper proposes an identity-based authenticated key agreement protocol which removes bilinear pairings. Compared with previous protocols, the new protocol minimizes message exchange time with no extra cost. The protocol provides strong security guarantees including key compromise impersonation resilience, perfect forward secrecy, and master key forward secrecy. A security proof with the modular approach in the modified Bellare-Rogaway model is also provided. 相似文献
2.
现有的基于身份的一轮认证密钥协商方案没能实现强的完美前向性.采用强不可伪造的签名算法对临时公钥进行签名,提出一种改进的基于身份认证密钥协商方案.首先,对Boneh和Boyen提出的强不可伪造的短签名方案进行改造,提出一种强不可伪造的基于身份签名方案;然后,将新签名方案与Ni等人提出的eCK安全的基于身份一轮认证密钥协商方案相结合,提出新的密钥协商方案.进一步,为了实现新方案的可证明安全性,在对比分析eCK-PFS模型和eCK模型的基础上,融合现有安全模型,定义了基于身份认证密钥协商方案分析的强安全模型ID-eCK-PFS.在ID-eCK-PFS模型下,通过安全性规约,证明了新提出的基于身份认证密钥协商方案实现了强安全性,包括抗密钥泄露伪装、抗临时秘密泄露和完美前向安全性等. 相似文献
3.
In this paper, a general framework for designing and analyzing password-based security protocols is presented. First we introduce the concept of "weak computational indistinguishability" based on current progress of password-based security protocols. Then, we focus on cryptographic foundations for password-based security protocols, i.e., the theory of "weak pseudorandomness". Furthermore, based on the theory of weak pseudorandomness, we present a modular approach to design and analysis of password-based security protocols. Finally, applying the modular approach, we design two kinds of password-based security protocols, i.e., password-based session key distribution (PSKD) protocol and protected password change (PPC) protocol. In addition to having forward secrecy and improved efficiency, new protocols are proved secure. 相似文献
4.
Escrowable identity-based authenticated key agreement protocols are welcome in certain closed groups applications, where audit trail is a legal requirement. In this paper, we present a strongly secure one-round escrowable identity-based two-party authenticated key agreement protocol, which captures all basic desirable security properties including perfect forward secrecy, ephemeral secrets reveal resistance and so on, and is provably secure in the extended Canetti–Krawczyk (eCK) model. We show that the security of the protocol can be reduced to the standard computational bilinear Diffie–Hellman assumption in the random oracle model. Assuming that no adversary can obtain the master private key for the escrow mode, our scheme is secure as long as each party has at least one uncompromised secret. To the best of our knowledge, our scheme is the first escrowable identity-based authenticated key agreement protocol provably secure in the eCK model. 相似文献
5.
6.
Escrowable identity-based authenticated key agreement(AKA) protocols are desirable under certain circumstances especially in certain closed groups applications.In this paper,we focus on two-party identitybased AKA schemes in the escrow mode,and present a strongly secure escrowable identity-based AKA protocol which captures all basic desirable security properties including perfect forward secrecy,ephemeral secrets reveal resistance and so on.The protocol is provably secure in the extended Canetti-Krawczyk model,and its security can be reduced to the standard computational bilinear Diffie-Hellman assumption in the random oracle model.Assuming no adversary can obtain the master private key for the escrow mode,our scheme is secure as long as each party has at least one uncompromised secret.Also,we present two strongly secure variants of the protocol,which are computationally more efficient than the original scheme. 相似文献
7.
IPv6 protocol plays an important role in the next generation of Internet (NGI). It is expected that the elegant coexistence of IPv4 and IPv6 is the key point of IPv6 transition. To solve the transition problem, we propose a mesh unicast framework and a multicast framework in this paper. We describe two reference models for the mesh unicast framework, and put forward two potential solutions for the multicast framework. A Linux-based prototype is implemented for IPv4 over IPv6 scenario and a test bed is deployed with 8 nodes on CERNET2. The deployment demon- strates the advantages of the framework. 相似文献
8.
ChuanKun Wu 《中国科学F辑(英文版)》2009,52(8):1346-1357
There are many constraints in the use of digital signatures. This paper proposes a new way of using digital signatures with
some restrictions, i.e. set signatures. It works in such a way that when the signing algorithm is given, one can use it to
create a valid signature on a message if and only if the message belongs to a pre-defined set, and given the information about
the signing algorithm, it is computationally infeasible to create valid signatures on any other arbitrary messages outside
of the set. This special property enables the signing algorithm to be made public, which seems to contradict with the traditional
signature where a private key is needed, which must be kept secret. What makes the problem challenging is that the signing
algorithm does not reveal the secret signing key, and hence forging normal signatures for arbitrary messages is computationally
infeasible. In many cases, the signing algorithm does not reveal the elements in the authorized set. As an application of
the new concept, set signatures for intelligent mobile agents committing “smaller than” condition is studied, which shows
the applicability of set signatures on small sets.
Supported in part by the National Basic Research Program of China (Grant No. 2007CB807902), and the National High-Tech Research
& Development Program of China (Grant No. 2006AA01Z423) 相似文献
9.
基于身份的认证密钥协商协议存在密钥托管、ID管理、ID唯一性和私钥的安全分发等问题,目前的可信计算技术为此提供了很好的解决方案。利用TPM平台中EK和tpmproof唯一性的特点,结合McCullagh-Barreto认证密钥协商协议思想,提出了一个在可信计算环境下基于TPM的认证密钥协商协议,该协议较好地解决了上述基于身份的密钥协商协议所存在的问题。用CK模型对所提协议进行了安全性分析,结果表明该协议具备已知密钥安全性,完善前向保密性及密钥泄露安全性等CK安全模型下相应的安全属性。 相似文献
10.
Hong-DaLi XiongYang Deng-GuoFeng BaoLi 《计算机科学技术学报》2004,19(6):0-0
This paper is about distributed oblivious function evaluation (DOFE). In this setting one party (Alice) has a function f(x), and the other party (Bob) with an input α wants to learn f(α) in an oblivious way with the help of a set of servers. What Alice should do is to share her secret function f(x) among the servers.Bob obtains what he should get by interacting with the servers. This paper proposes the model and security requirements for DOFE and analyzes three distributed oblivious polynomial evaluation protocols presented in the paper. 相似文献
11.
12.
基于无证书的两方认证密钥协商协议 总被引:1,自引:0,他引:1
两方认证密钥协商协议的设计主要基于传统公钥密码体制和基于身份的公钥密码体制.基于无证书的认证密钥协商方案避免了基于传统公钥证书方案存在的身份管理复杂性,同时也消除了基于身份方案中所固有的密钥托管问题.Park等人在2007年提出了选择身份安全模型下抗选择明文攻击(IND-sID-CPA)的无证书加密方案,在该方案的启发下提出了基于无证书体制的两方认证密钥协商方案,并与其他方案进行了安全性和有效性比较.该方案满足目前已知的绝大多数安全属性要求,特别是完美前向安全性,PKG前向安全性,已知会话相关临时秘密信息安全性以及无密钥托管等安全特性,同时保持了良好的计算效率. 相似文献
13.
The success of the Internet is largely ascribable to the packet-switching scheme, which, however, also presents major challenges.
Having identified three missing links in the current Internet architecture based on our long-term experiences of designing
and operating large-scale backbones, we put forward a new, but incrementally deployable, network scheme—address switching.
The address switching has both the advantages of packet switching and circuit switching; it supplies the missing links in
the current Internet architecture and can reform the Internet traffic. Our analysis, protocol design and experiments indicate
that the address switching can greatly improve the quality of service (QoS), security and routing scalability of today’s Internet.
So it can provide flexible, high-performance and “per-service” networking for the scientific research communities. Moreover,
it can provide a fairer and more sustainable business model for the commodity Internet.
Supported by the China Next Generation Internet Project (Grant No. CNGI-04-13-2T), and the National Basic Research Program
of China (Grant No. 041710001) 相似文献
14.
15.
16.
The IP packet forwarding of current Internet is mainly destination based. In the forwarding process, the source IP address is not checked in most cases.This causes serious security, management and accounting problems. Based on the drastically increased IPv6 address space, a "source address validation architecture" (SAVA) is proposed in this paper, which can guarantee that every packet received and forwarded holds an authenticated source IP address. The design goals of the architecture are lightweight, loose coupling, "multi-fence support" and incremental deployment. This paper discusses the design and implementation for the architecture, including inter-AS, intra-AS and local subnet. The performance and scalability of SAVA are described. This architecture is deployed into the CNGI-CERNET2 infrastructure a large-scale native IPv6 backbone network of the China Next Generation Internet project. We believe that the SAVA will help the transition to a new, more secure and dependable Internet. 相似文献
17.
WSN中基于ECC的轻量级认证密钥协商协议 总被引:1,自引:0,他引:1
为解决无线传感器网络密钥管理与认证协议设计中由于节点频繁移动所带来的计算量、存储量等资源消耗过大问题,提出了一种基于ECC的轻量级认证密钥协商协议。该协议主要用于网络中任意用户节点之间,以及用户节点与网络之间的双向认证和会话密钥的协商。方案采用ECC进行会话密钥协商,结合AES对称密钥加密技术保证信息传输过程的保密性。与传统的密钥协商协议相比,能够在更小的密钥量下提供更大的安全性,并减少了对节点计算量和存储量的需求。该协议在ID-BJM安全模型下证明了其安全性。分析结果表明,该协议满足前后向安全性和PKG前向安全性。 相似文献
18.
This paper presents the definition of multi-dimensional scalability of the Internet architecture, and puts forward a mathematical method to evaluate Internet scalability based on a variety of constraints. Then, the method is employed to study the Internet scalability problem in performance, scale and service scalability. Based on the examples, theoretical analysis and experimental simulation are conducted to address the scalability issue. The results show that the proposed definition and evaluation method of multi-dimensional Internet scalability can effectively evaluate the scalability of the Internet in every aspect, thus providing rational suggestions and methods for evaluation of the next generation Internet architecture. 相似文献
19.
Bin Sheng 《计算机科学技术学报》2009,24(3):578-587
In this paper,we present a hybrid representation of image-based models combining the textured planes and the hierarchical points.Taking a set of depth images as input,our method starts from classifying input pixels into two categories,indicating the planar and non-planar surfaces respectively.For the planar surfaces,the geometric coefficients are reconstructed to form the uniformly sampled textures.For nearly planar surfaces,some textured planes,called lumiproxies, are constructed to represent the equiva... 相似文献
20.
QoS supported MAC mechanism is a key issue for supporting QoS in wireless ad hoc networks. A new backoff algorithm, named RWBO+BEB, was proposed previ- ously to decrease the packet collision probability significantly. In this paper, it is explored how to make RWBO+BEB support service differentiation in wireless ad hoc networks, and a novel proportional service differentiation algorithm, named p-RWBO, is proposed to allocate the wireless bandwidth according to the band- width ratio of each station. In p-RWBO, station n's walking probability (Pw,n) is selected according to its allocated bandwidth ratio. An analytical model is proposed to analyze how to choose Pw, n according to the bandwidth ratios of station n. The simulation results indicate that p-RWBO can differentiate services in terms of both bandwidth and delay. 相似文献