基于RBAC的RFID安全认证协议

对于低成本RFID系统,其安全隐私问题一直是研究的热点。为了保护用户的隐私安全,现有的RFID安全认证协议主要采用Hash函数、传统加密算法等来保证标签信息的安全,虽然在一定程度上保证了信息的安全,然而这些协议却忽略了对非授权标签信息的保护。为了弥补以上缺陷和不足,提出了一种基于角色访问控制RBAC的RFID安全认证协议。通过引入RBAC机制,能够有效地确保非授权标签信息的安全性,并且可以抵抗重传攻击、内部阅读器攻击等攻击。同时,利用部分ID、位运算等方法降低系统对标签的硬件要求,更适合低成本RFID系统。     

非线性方程和方程组求解的安全两方计算协议

以实系数一元二次方程为研究对象,给出针对非线性方程的安全计算协议。在半诚实模型下,协议能够完成求解的计算任务,并且协议的正确性和保密性也得到了论述。在求解一元二次方程安全两方协议的基础上,对两种类型的二次方程组进行了研究,进一步给出相应情形下的安全两方计算协议。     

基于多方排序协议的安全电子投票方案

与传统投票相比较, 电子投票拥有许多优势, 也存在重要的安全问题. 电子投票的全隐私性是评估投票方案安全的重要指标, 它是指对投票者的隐私保护和候选者的隐私保护, 特别是落选者的得票数的保护. 利用可验证秘密共享的思想提出了一个安全多方排序协议, 并将它运用到电子投票中, 设计了一个新的安全的电子投票协议, 本协议具有全隐私性.     

基于ECC的支持标签所有权转移的RFID认证协议

针对射频识别（RFID）标签认证及其所有权转移过程的隐私泄露等安全问题,以及认证协议通常与标签所有权转移协议单独设计的现状,基于支持椭圆曲线加密（ECC）的标签,提出了一个适用于开放环境的兼具标签认证和所有权转移的协议。该协议结构类似于Diffie-Hellman密钥交换算法结构,协议的标签隐私保护基于椭圆曲线上的计算性Diffie-Hellman问题的难解性。经证明,该协议满足标签隐私保护要求及认证协议的其他安全需求。与近年来其他基于标签支持ECC的RFID认证协议相比,从支持标签所有权转移、标签计算开销、协议通信开销和标签隐私保护等多方面综合评估,所提出的认证协议优于对比协议。另外,针对较安全的应用场合,给出了阅读器单向认证标签的简化版协议。     

一种基于Hash函数的改进RFID安全认证协议

为了改善RFID系统中阅读器与标签通信的安全隐私问题,针对现有基于Hash函数的安全认证协议的不足,提出了一种改进安全认证协议。通过论证分析,该协议可以有效的提高RFID系统的安全性,具有效率高、标签成本低等特点。     

隐私保护整数点和区间关系判定问题

隐私保护地判断整数点和整数区间的属于关系是一类重要的安全多方计算问题,但该问题的现有解决方案存在效率不高、隐私泄露、甚至可能判断错误等缺陷,针对此类不足,构建解决该判定问题的一个安全双方计算协议。首先,分析已有的解决方案并指出不足之处;其次,定义了整数点和整数区间的一种新的0-1编码规则,在此基础上证明了整数点属于整数区间的一个充分必要条件;最后,以此充分必要条件为判定准则,基于Goldwasser-Micali加密体制构建了判断整数点是否属于整数区间的一个安全双方计算协议,并证明了协议的正确性和半诚实模型下的安全性。分析表明,与已有的解决方案相比,所提协议具有更好的隐私保护特性且不会输出错误结果,且在轮复杂度不变的情况下,其计算复杂度和通信复杂度降低了约一半。     

基于防篡改Token和加密电路的指纹认证方案

针对基于加密电路的指纹认证方案运用于移动设备时所面临的带宽受限问题,提出了一种基于防篡改Token和加密电路的安全函数计算协议,该协议的使用能够明显减轻服务器与移动设备之间的通讯压力。在此基础上设计了指纹认证方案。分析和实验结果表明,该方案可以解决上述困难,并使得移动设备在指纹认证时的个人隐私得以保护。     

一种字符串近似匹配的安全查询协议

数据库中字符串近似匹配查询不能完全保护查询双方的隐私信息。针对该问题,提出一种对数据库中字符串数据的近似匹配查询协议。采用安全计算编辑距离协议、同态加密、茫然传输等安全技术,在有效保护查询双方隐私信息的情况下,实现对字符串近似匹配的查询,并分析该协议的正确性、安全性及复杂性,结果表明,该方案是安全有效的。     

Privacy-preserving public auditing for educational multimedia data in cloud computing

Nowadays, as distance learning is being widly used, multimedia data becomes an effective way for delivering educational contents in online educational systems. To handle the educational multimedia data efficiently, many distance learning systems adopt a cloud storage service. Cloud computing and storage services provide a secure and reliable access to the outsourced educational multimedia contents for users. However, it brings challenging security issues in terms of data confidentiality and integrity. The straightforward way for the integrity check is to make the user download the entire data for verifying them. But, it is inefficient due to the large size of educational multimedia data in the cloud. Recently many integrity auditing protocols have been proposed, but most of them do not consider the data privacy for the cloud service provider. Additionally, the previous schemes suffer from dynamic management of outsourced data. In this paper, we propose a public auditing protocol for educational multimedia data outsourced in the cloud storage. By using random values and a homomorphic hash function, our proposed protocol ensures data privacy for the cloud and the third party auditor (TPA). Also, it is secure against lose attack and temper attack. Moreover, our protocol is able to support fully dynamic auditing. Security and performance analysis results show that the proposed scheme is secure while guaranteeing minimum extra computation costs.     

分布式数据集极差与极值和的保密计算

随着信息通信技术的不断突破与发展,信息获取变得非常便利.与此同时,隐私信息也更容易泄露.将智能领域与安全多方计算技术相结合,有望解决隐私保护问题.目前,安全多方计算已经解决了许多不同隐私保护问题,但还有更多的问题等待人们去解决.对于极差、极值和的安全多方计算问题目前研究的结果很少,极差、极值和作为统计学的常用工具在实际中有广泛的应用,研究极差、极值和的保密计算具有重要意义.提出新编码方法,用新编码方法解决了两种不同的安全多方计算问题,一是极差的保密计算问题,二是极值和的保密计算问题.新编码方法结合Lifted ElGamal门限密码系统,设计多方参与、每方拥有一个数据场景下分布式隐私数据集极差的保密计算协议;将新编码方法稍作改动解决相同场景下保密计算极值和的问题.以此为基础,对新编码方法进一步修改,结合Paillier密码系统设计了两方参与、每方拥有多个数据情况下分布式隐私数据集极差、极值和的保密计算协议.用模拟范例方法证明协议在半诚实模型下的安全性.最后,用模拟实验测试协议的复杂性.效率分析和实验结果表明所提协议简单高效,可广泛用于实际应用中,是解决其他很多安全多方计算问题的重要工具...     

PUF-enhanced offline RFID security and privacy

RFID (Radio Frequency IDentification) based communication solutions have been widely used nowadays for mobile environments such as access control for secure system, ticketing systems for transportation, and sport events. These systems usually depend on readers that are not continuously connected to a secure backend system. Thus, the readers should be able to perform their duties even in offline mode, which generally requires the management by the readers of the susceptible data. The use of RFID may cause several security and privacy issues such as traceability of tag owner, malicious eavesdropping and cloning of tags. Besides, when a reader is compromised by an adversary, the solution to resolve these issues getting worse. In order to handle these issues, several RFID authentication protocols have been recently proposed; but almost none of them provide strong privacy for the tag owner. On the other hand, several frameworks have been proposed to analyze the security and privacy but none of them consider offline RFID system.Motivated by this need, in this paper, we first revisit Vaudenay's model, extend it by considering offline RFID system and introduce the notion of compromise reader attacks. Then, we propose an efficient RFID mutual authentication protocol. Our protocol is based on the use of physically unclonable functions (PUFs) which provide cost-efficient means to the fingerprint chips based on their physical properties. We prove that our protocol provides destructive privacy for tag owner even against reader attacks.     

具有隐私保护的安全电子交易协议

电子交易的普及在给用户带来便利的同时,其在交易支付中所暴露出的隐私保护和安全性问题也受到不同程度的挑战。针对此问题,提出一个安全的电子交易协议。协议中,优化后的签密算法可保证交易的安全性;同时支付服务商具有去匿名性功能,可以在保护用户隐私的基础上进行追责。经性能分析,本协议在提高通信性能的基础上,满足消息的机密性和不可否认性、购买者的匿名性和可追踪性以及电子交易的公平性。     

Preserving worker privacy in crowdsourcing

This paper proposes a crowdsourcing quality control method with worker-privacy preservation. Crowdsourcing allows us to outsource tasks to a number of workers. The results of tasks obtained in crowdsourcing are often low-quality due to the difference in the degree of skill. Therefore, we need quality control methods to estimate reliable results from low-quality results. In this paper, we point out privacy problems of workers in crowdsourcing. Personal information of workers can be inferred from the results provided by each worker. To formulate and to address the privacy problems, we define a worker-private quality control problem, a variation of the quality control problem that preserves privacy of workers. We propose a worker-private latent class protocol where a requester can estimate the true results with worker privacy preserved. The key ideas are decentralization of computation and introduction of secure computation. We theoretically guarantee the security of the proposed protocol and experimentally examine the computational efficiency and accuracy.     

PPSS: A privacy-preserving secure framework using blockchain-enabled federated deep learning for Industrial IoTs

The growing reliance of industry 4.0/5.0 on emergent technologies has dramatically increased the scope of cyber threats and data privacy issues. Recently, federated learning (FL) based intrusion detection systems (IDS) promote the detection of large-scale cyber-attacks in resource-constrained and heterogeneous industrial systems without exposing data to privacy issues. However, the inherent characteristics of the latter have led to problems such as a trusted validation and consensus of the federation, unreliability, and privacy protection of model upload. To address these challenges, this paper proposes a novel privacy-preserving secure framework, named PPSS, based on the use of blockchain-enabled FL with improved privacy, verifiability, and transparency. The PPSS framework adopts the permissioned-blockchain system to secure multi-party computation as well as to incentivize cross-silo FL based on a lightweight and energy-efficient consensus protocol named Proof-of-Federated Deep-Learning (PoFDL). Specifically, we design two federated stages for global model aggregation. The first stage uses differentially private training of Stochastic Gradient Descent (DP-SGD) to enforce privacy protection of client updates, while the second stage uses PoFDL protocol to prove and add new model-containing blocks to the blockchain. We study the performance of the proposed PPSS framework using a new cyber security dataset (Edge-IIoT dataset) in terms of detection rate, precision, accuracy, computation, and energy cost. The results demonstrate that the PPSS framework system can detect industrial IIoT attacks with high classification performance under two distribution modes, namely, non-independent and identically distributed (Non-IID) and independent and identically distributed (IID).     

An efficient client–client password-based authentication scheme with provable security

Recently, Tso proposed a three-party password-based authenticated key exchange (3PAKE) protocol. This protocol allows two clients to authenticate each other and establish a secure session key through a server over an insecure channel. The main security goals of such protocols are authentication and privacy. However, we show that Tso’s protocol achieves neither authentication goal nor privacy goal. In this paper, we indicate that the privacy and authentication goals of Tso’s protocol will be broken by off-line password guessing attack and impersonation attack, respectively. To overcome the weaknesses, we propose an improved 3PAKE protocol to achieve more security and performance than related protocols. The security of the proposed improved protocol is proved in random oracle model.     

An Anti-Counterfeiting RFID Privacy Protection Protocol

The privacy problem of many RFID systems has been extensively studied. Yet integrity in RFID has not received much attention as regular computer systems. When we evaluate an identification protocol for an RFID system for anti-counterfeiting, it is important to consider integrity issues. Moreover, many RFID systems are accessed by multiple level trust parties, which makes comprehensive integrity protection even harder. In this paper, we first propose an integrity model for RFID protocols. Then we use the model to analyze the integrity problems in Squealing Euros protocol. Squealing Euros was proposed by Juels and Pappu for RFID enabled banknotes that will support anti-forgery and lawful tracing yet preserve individual＇s privacy. We analyze its integrity, we then discuss the problems that arise and propose some solutions to these problems. Then an improved protocol with integrity protection for the law enforcement is constructed, which includes an unforgeable binding between the banknote serial number and the RF ciphertext only readable to law enforcement. This same protocol can be applied in many other applications which require a privacy protecting anti-counterfeiting mechanism.     

隐私保护DNA序列汉明距离计算问题

DNA序列承载着人体重要的生物学信息，如何在保护隐私的情况下正确地对不同的DNA序列进行比对，成为亟待研究的科学问题。汉明距离在一定程度上刻画了两个DNA序列的相似程度，在保护隐私的情况下，研究DNA序列的汉明距离计算问题。首先定义了DNA序列的0-1编码规则，该规则将长度为n的DNA序列编码成长度为4n的0-1串，证明了两个DNA序列的汉明距离等于它们的0-1编码串的汉明距离的一半。以此结论为基础，以GM加密算法为主要密码学工具，构造了计算DNA序列汉明距离的一个安全两方计算协议。在半诚实攻击者模型下，证明了协议的正确性，给出了基于模拟器的安全性证明，并对协议的效率进行了分析。     

Design of a password-based authenticated key exchange protocol for SIP

The Session Initiation Protocol (SIP) is a signaling communications protocol, which has been chosen for controlling multimedia communication in 3G mobile networks. In recent years, password-based authenticated key exchange protocols are designed to provide strong authentication for SIP. In this paper, we address this problem in two-party setting where the user and server try to authenticate each other, and establish a session key using a shared password. We aim to propose a secure and anonymous authenticated key exchange protocol, which can achieve security and privacy goal without increasing computation and communication overhead. Through the analysis, we show that the proposed protocol is secure, and has computational and computational overheads comparable to related authentication protocols for SIP using elliptic curve cryptography. The proposed protocol is also provably secure in the random oracle model.     

向量等分量数的保密计算及应用

随着信息技术的快速发展, 在保护数据隐私的条件下进行多方合作计算变得越来越普及, 安全多方计算已经成为解决这类保密计算问题的核心技术. 向量的保密计算是安全多方计算的重要研究方向, 目前有很多研究成果, 包括保密计算向量的点积, 保密的向量求和等. 但关于保密计算向量等分量数的研究成果还很少, 且主要研究向量分量在有全...     

A novel group key agreement protocol for wireless mesh network

Group key agreement is the core of secure group communication. In wireless networks, the privacy problem becomes more crucial and urgent for mobile users due to the open nature of radio media. In this paper, we proposed a novel group key agreement protocol based on trusted third Party, applied in collaboration between mobile users for wireless Mesh network. The security verification (PCL logic) and performance analysis show that, our protocol not only provides privacy protection for group members, but also authenticates all participants by adopting certificates. More important, in the proposed protocol, the computation cost and traffics for each group member are largely reduced to improve the implementation efficiency of the protocol. Therefore, our protocol is a novel, reliable group key agreement protocol, and it is well suited for wireless mesh network.