基于OWDP的高速IP网络性能实时监测技术及其安全实现

本文旨在提出一种安全的基于 OWDP的高速 IP网络性能监测方案 .在分析了 OWDP协议以及基于 OWDP的高速 IP网络性能实时监测体系的基础上 ,本文分析了协议以及该监测体系所存在的安全性问题 ,并提出了一种面向OWDP的基于改进的 Otway- Rees身份认证协议的安全性实现方案 .这一方案面向网络性能实时监测要求 ,既保留了OWDP协议简单高效的特点 ,也为高速 IP网络性能监测过程的抗攻击性提供了强有力的安全保障     

基于身份密码的轻量级SIP安全方案

针对基于会话初始协议(SIP)的IP多媒体子系统(IMS)网络安全机制,分析了SIP协议存在的安全隐患,将身份密钥协商协议IBAKA和头域敏感信息完整性保护等机制有效结合,提出了基于身份密码的轻量级SIP安全方案。分析了该方案的安全性,并从安全性和抗攻击性方面与几种典型方案进行比较。比较结果表明,该方案克服了SIP协议的安全隐患,提高了协议的安全性。     

一种基于指纹特征的Kerberos协议改进方案

概述了Kerberos协议,详细分析了该协议的安全性,并针对其存在的安全缺陷,提出了一种基于指纹特征的Kerheros协议改进方案.通过详细对比,改进的Kerberos协议安全性更高,能有效抵制口令猜测攻击、重放攻击和恶意软件攻击,还能提供抗否认机制.     

可证安全的移动互联网可信匿名漫游协议

文中提出了移动互联网下移动可信终端(MTT)的可信漫游协议,协议仅需1轮消息交互即可实现MTT的匿名漫游证明,远程网络认证服务器通过验证MTT注册时家乡网络认证服务器为其签发的漫游证明信息的合法性,完成对MTT相关属性的认证,同时保证了MTT隐私信息的安全性和匿名性.最后运用CK安全模型证明了协议是会话密钥安全的,在继承传统漫游协议身份匿名性和不可追踪性的同时,具有较高的安全性、抗攻击性和通信效率.     

抗同步化攻击的轻量级RFID双向认证协议

针对现有的RFID认证协议在安全认证过程中,由于协议的设计缺陷,导致协议安全性不足的问题,提出了一种利用同步化随机数以及PUF改进的轻量级RFID认证协议。首先提出了一种对RFID协议的去同步化攻击方法,并分析其原因;然后通过在标签和读写器两端设置一个同步化随机数,增强协议抗去同步化攻击的能力;最后,在标签中引入了PUF,通过PUF的不可克隆性提高了标签密钥的抗攻击能力。分析结果表明,新协议能有效地抵抗多种攻击,在保证一定效率和开销的同时具有更高的安全性。     

RC4流密码算法的分析与改进

RC4流密码算法易受弱密钥攻击、区分攻击和错误引入攻击。针对上述攻击,提出了一种基于随机置换的改进算法,该算法采用动态的状态表进行非线性运算,扩展状态表中的元素的取值空间,密钥序列的输出由状态表的前一状态和后一状态共同决定,提高了算法的安全性。分析了改进算法的正确性、安全性以及抗攻击性。实验验证了改进算法的密钥流随机性和效率优于RC4算法。     

对一个认证密钥协商协议的分析与改进

认证密钥协商协议是一种重要的安全协议,然而设计安全的此类协议却是十分困难的。本文分析了陈铁明等人于2008年提出的一个认证密钥协商协议,指出该协议不能抵抗密钥泄露伪装攻击。首先给出了具体攻击方法,然后在原有协议的基础上提出了一个新的改进协议,最后对改进协议的安全性质进行了分析。分析表明,改进协议满足较高的安全性,提供了已知密钥安全、完善前向安全、抗密钥泄露伪装攻击、未知密钥共享以及无密钥控制等安全属性,并且改进协议在计算效率和安全性方面取得了较好平衡,更加适合实际网络通信需要。     

基于Hash函数的RFID认证协议改进设计

提出了一种改进的RFID认证协议,它具有安全、高效的优点.首先,介绍了系统的认证需求;接着,对Hash-Lock协议与Hash链协议进行了分析;然后,对改进协议流程进行详细地说明并对其安全性进行分析;最后,对三种协议的安全性与高效性进行对比,说明改进协议具有较好的安全性和高效性.     

基于LPN 具有一般中间人安全的两轮认证协议

基于LPN设计的认证协议结构简单、计算量低且抗量子攻击,适用于射频识别等轻量级设备,但无法同时满足低成本和强安全性要求。为此,对具有s-MIM安全的两轮认证协议的通用构造方法进行改进,使其能够达到可证明的一般中间人安全。利用改进的构造方法,实例化一个基于LPN的抗一般中间人攻击的两轮认证协议Auth-Hash。实验结果表明,与LPNAP协议相比,该协议具有较小的密钥存储空间和通信开销。     

IKE协议的研究与改进

分析并指出了因特网密钥交换协议的安全漏洞和设计缺陷,提出了一种安全高效的密钥交换协议。对比现有的几种密钥交换协议,改进的协议具有更好的安全性、抗DoS攻击能力、较少的密钥交换时间和消息数。     

基于身份的密封锁会议密钥分配协议

为在不安全信道上进行安全的网络会议,须建立会议密钥分配协议,用以在会议参与者之间建立共享的会议密钥,通过该会议密钥保证安全通信。使用密封锁机制建立一个基于身份的匿名会议密钥分配协议。该协议能抵御被动攻击、仿冒攻击和共谋攻击,同时能提供会议主席的前向安全性,具有较强的实用性。     

基于身份具有错误容忍的会议密钥分配协议

利用Yang等人的一个基于身份的并且错误容忍的会议密钥分配方案,提出了一种改进的会议密钥分配协议算法,并分析了该协议的正确性和安全性。分析结果表明,该方案不但实现了即使存在恶意参与者的情况下,诚实参与者也能协商出一个共同的会议密钥的目的;而且能够有效地抵抗被动攻击和主动攻击,安全高效,具有很强的实用性。     

A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks

Recently, Yang et al. proposed an efficient user identification scheme with key distribution, in which it is possible for the user to anonymously log into a system and establish a secret key shared with the system. Mangipudi and Katti later demonstrated a Deniable-of-Service (DoS) attack on the Yang et al. scheme and then proposed an improvement to withstand such an attack. However, this paper demonstrates an identity disclosure attack to show that neither schemes’ claimed user anonymity requirement can be achieved. We further propose a novel user identification scheme with key distribution preserving user anonymity for distributed computer networks. The proposed scheme not only withstands the attacks mentioned above, but also achieves the following: (i) user anonymity, (ii) key distribution, (iii) mutual authentication, and (iv) key confirmation. The performance of our scheme is of greater efficiency than that of previously proposed schemes in terms of communication costs and computational complexities.     

New conference key agreement protocol with user anonymity

In 2003, Yang et al. presented a conference key distribution system that was intended to provide user anonymity. Subsequently, Lin et al. pointed out a security flaw in Yang et al.'s scheme based on solving linear equations and proposed a modified scheme. Accordingly, the current paper reviews the schemes proposed by Yang et al. and Lin et al., highlights the weakness in both schemes, and then proposes a new conference key agreement scheme with user anonymity.     

Identity-based fault-tolerant conference key agreement

Lots of conference key agreement protocols have been suggested to secure computer network conference. Most of them operate only when all conferees are honest, but do not work when some conferees are malicious and attempt to delay or destruct the conference. Recently, Tzeng proposed a conference key agreement protocol with fault tolerance in terms that a common secret conference key among honest conferees can be established even if malicious conferees exist. In the case where a conferee can broadcast different messages in different subnetworks, Tzeng's protocol is vulnerable to a "different key attack" from malicious conferees. In addition, Tzeng's protocol requires each conferee to broadcast to the rest of the group and receive n - 1 message in a single round (where n stands for the number of conferees). Moreover, it has to handle n simultaneous broadcasts in one round. In this paper, we propose a fault-tolerant conference key agreement protocol, in which each conferee only needs to send one message to a "semitrusted" conference bridge and receive one broadcast message. Our protocol is an identity-based key agreement, built on elliptic curve cryptography. It is resistant to the different key attack from malicious conferees and needs less communication cost than Tzeng's protocol.     

Cryptanalysis and improvement of a certificateless encryption scheme in the standard model

Certificateless public key cryptography eliminates inherent key escrow problem in identity-based cryptography, and does not yet requires certificates as in the traditional public key infrastructure. In this paper, we give crypt-analysis to Hwang et al.’s certificateless encryption scheme which is the first concrete certificateless encryption scheme that can be proved to be secure against “malicious-but-passive” key generation center (KGC) attack in the standard model. Their scheme is proved to be insecure even in a weaker security model called “honest-but-curious” KGC attack model. We then propose an improved scheme which is really secure against “malicious-but-passive” KGC attack in the standard model.     

一种基于身份的签名方案密码分析与改进

对李继国等人提出的基于身份的高效签名方案(计算机学报,2009年第11期)进行分析,以一个具体的攻击方法,证明任何攻击者都可以伪造任意消息关于任意身份的有效签名,因此方案不满足存在不可伪造性。通过将原方案中签名的一个分量值固定,并将其作为用户的公钥,使方案在保证效率的同时,满足存在不可伪造性。     

Security weaknesses of a signature scheme and authenticated key agreement protocols

At ACISP 2012, a novel deterministic identity-based (aggregate) signature scheme was proposed that does not rely on bilinear pairing. The scheme was formally proven to be existentially unforgeable under an adaptive chosen message and identity attack. The security was proven under the strong RSA assumption in the random oracle model. In this paper, unfortunately, we show that the signature scheme is universally forgeable, i.e., an adversary can recover the private key of a user and use it to generate forged signatures on any messages of its choice having on average eight genuine signatures. This means, that realizing a deterministic identity-based signature scheme in composite order groups is still an open problem. In addition, we show that a preliminary version of the authenticated key exchange protocol proposed by Okamoto in his invited talk at ASIACRYPT 2007 is vulnerable to the key-compromise impersonation attack and therefore cannot be secure in the eCK model. We also show that the two-party identity-based key agreement protocol of Hölbl et al. is vulnerable to the unknown key-share attack.     

New Constructions for Identity-Based Unidirectional Proxy Re-Encryption

We address the cryptographic topic of proxy re-encryption (PRE), which is a special public-key cryptosystem. A PRE scheme allows a special entity, known as the proxy, to transform a message encrypted with the public key of a delegator (say Alice), into a new ciphertext that is protected under the public key of a delegatee (say Bob), and thus the same message can then be recovered with Bob’s private key. In this paper, in the identity-based setting, we first investigate the relationship between so called mediated encryption and unidirectional PRE. We provide a general framework which converts any secure identity-based unidirectional PRE scheme into a secure identity-based mediated encryption scheme, and vice versa. Concerning the security for unidirectional PRE schemes, Ateniese et al. previously suggested an important property known as the master secret security, which requires that the coalition of the proxy and Bob cannot expose Alice’s private key. In this paper, we extend the notion to the identity-based setting, and present an identity-based unidirectional PRE scheme, which not only is provably secure against the chosen ciphertext attack in the standard model but also achieves the master secret security at the same time.     

指定服务器的基于身份加密连接关键字搜索方案

公钥加密关键字搜索(PEKS)允许用户发送关键字陷门给服务器,服务器可以通过陷门定位到包含用户搜索的关键字的密文。为了消除已有基于身份加密的关键字搜索(IBEKS)方案中服务器和接收者之间的安全信道,Wu等人提出了一种指定服务器基于身份加密的关键字搜索(dIBEKS)方案。可是,Wu等人提出的dIBEKS方案不满足密文不可区分性。为了克服Wu等人方案的不足,本文提出一种指定服务器基于身份加密的多关键字搜索方案。安全性分析表明,本文所提方案同时满足了密文不可区分、陷门不可区分和离线关键字猜测攻击的安全性。效率分析显示,本文的方案更高效。 