一对多场景下的公钥时控性可搜索加密

为有效解决多接收者时间相关密文检索问题,采用广播加密技术提出一对多公钥时控性可搜索加密机制--发送者将加密的数据发送至云服务器,使得仅授权用户组成员可检索下载包含特定关键词的密文,但只能在指定的未来时间之后解密.给出方案及其安全游戏模型的形式化定义,提出两种基于q-DBDHI问题的可证明安全方案,并严格证明所提方案在自适应选择明文攻击下是安全的.效率分析表明,两种方案在执行过程中,实现了计算、存储、传输规模与用户规模无关;与相关方案相比,方案2具有更高效率.     

云环境下安全的可验证多关键词搜索加密方案

云计算的高虚拟化与高可扩展性等优势,使个人和企业愿意外包加密数据到云端服务器。然而,加密后的外包数据破坏了数据间的关联性。尽管能够利用可搜索加密(SE)进行加密数据的文件检索,但不可信云服务器可能篡改、删除外包数据或利用已有搜索陷门来获取新插入文件相关信息。此外,现有单关键词搜索由于限制条件较少,导致搜索精度差,造成带宽和计算资源的浪费。为了解决以上问题,提出一种高效的、可验证的多关键词搜索加密方案。所提方案不仅能够支持多关键词搜索,也能实现搜索模式的隐私性和文件的前向安全性。此外,还能实现外包数据的完整性验证。通过严格的安全证明,所提方案在标准模型下被证明是安全的,能够抵抗不可信云服务器的离线关键词猜测攻击(KGA)。最后,通过与最近3种方案进行效率和性能比较,实验结果表明所提方案在功能和效率方面具有较好的综合性能。     

标准模型下的服务器辅助验证代理重签名方案

代理重签名具有转换签名的功能,在云存储、数据交换、跨域身份认证等领域有广泛的应用前景。目前大多数代理重签名方案需要复杂的双线性对运算,无法适用于计算能力较弱的低端计算设备。为了提高代理重签名的签名验证效率,该文给出了双向服务器辅助验证代理重签名的安全性定义,并提出一个高效的服务器辅助验证代理重签名方案,在标准模型下证明新方案在合谋攻击和选择消息攻击下是安全的。分析结果表明,新方案有效减少了双线性对的计算量,大大降低了签名验证算法的计算复杂度,在效率上优于已有的代理重签名方案。     

层次身份基认证密钥协商方案的安全性分析和改进

该文分析了曹晨磊等人(2014)提出的层次身份基认证密钥协商方案的安全性,指出该方案无法抵抗基本假冒攻击。文中具体描述了对该方案实施基本假冒攻击的过程,分析了原安全性证明的疏漏和方案无法抵抗该攻击的原因。然后,在BONEH等人(2005)层次身份基加密方案基础上提出了一种改进方案。最后,在BJM模型中,给出了所提方案的安全性证明。复杂度分析表明所提方案在效率上同原方案基本相当。     

云存储环境下无密钥托管可撤销属性基加密方案研究

属性基加密因其细粒度访问控制在云存储中得到广泛应用。但原始属性基加密方案存在密钥托管和属性撤销问题。为解决上述问题,该文提出一种密文策略的属性基加密方案。该方案中属性权威与中央控制通过安全两方计算技术构建无密钥托管密钥分发协议解决密钥托管问题。通过更新属性版本密钥的方式达到属性级用户撤销,同时通过中央控制可以实现系统级用户撤销。为减少用户解密过程的计算负担,将解密运算过程中复杂对运算外包给云服务商,提高解密效率。该文基于q-Parallel BDHE假设在随机预言机模型下对方案进行了选择访问结构明文攻击的安全性证明。最后从理论和实验两方面对所提方案的效率与功能性进行了分析。实验结果表明所提方案无密钥托管问题,且具有较高系统效率。     

具有强安全性的不含双线性对的无证书签名方案

该文提出了一种满足强安全性的不需双线性对运算的无证书签名方案,能抵抗适应性选择消息和适应性选择身份的存在性伪造攻击,并且在随机预言模型下基于离散对数难题给出了完整的安全性证明。与现有的绝大多数无证书签名方案都是基于双线性对的不同,该文提出的新方案没有复杂的双线性对运算,具有明显的效率优势。另外,通过对王会歌等人的无证书签名方案进行分析,指出此方案是不安全的,并给出了具体的攻击方法。     

前向安全的密文策略基于属性加密方案

为降低密文策略基于属性加密（ABE, ciphertext-policyattribute-based encryption）体制中私钥泄漏带来的损害,首先给出了前向安全CP-ABE体制的形式化定义和安全模型,然后构造了一个前向安全的CP-ABE方案。基于判定性l-BDHE假设,给出了所提方案在标准模型下的安全性证明。从效率和安全性2个方面讨论了所提方案的性能,表明所提方案在增强CP-ABE体制安全性的同时,并没有过多地增加计算开销和存储开销,更适合在实际中应用。     

可验证外包解密的离线/在线属性基加密方案

属性基加密可以为雾-云计算中的数据提供机密性保护和细粒度访问控制,但雾-云计算系统中的移动设备难以承担属性基加密的繁重计算负担。为解决该问题,该文提出一种可验证外包解密的离线/在线属性基加密方案。该方案能够实现离线/在线的密钥生成和数据加密,同时支持可验证外包解密。然后,给出方案的选择明文攻击的安全证明和可验证性的安全证明。之后,该文将转换阶段所需双线性对的计算量降为恒定常数。最后,从理论和实验两方面对所提方案进行性能分析,实验结果表明该方案是有效且实用的。     

签密的仲裁安全与仲裁安全的签密方案

签密能高效地同时完成数据加密与认证,可用于设计紧凑的安全通信协议.签密中的仲裁机制用于保护签密的不可抵赖性,但同时用于仲裁的信息可能危及协议安全.本文指出签密仲裁中存在仲裁者解密攻击和仲裁机制无法保护明文完整性两种安全隐患,归纳其原因并指出解决方法.提出一个可安全仲裁的安全混合签密方案SASC,并在随机预言机模型下证明SASC方案具有IND-CCA2和UF-CMA安全性;SASC基于明文仲裁,不仅能维护明完整性而且能抵抗仲裁者解密攻击.SASC方案不增加计算量和通信量,且对明文的长度没有限制.     

标准模型下前向安全公钥加密方案的新构造

针对已有的可证安全的前向安全公钥加密方案仅满足较弱的选择明文安全性,难以满足实际应用的安全需求这一问题,提出了一个新的前向安全公钥加密方案,基于判定性截断q-ABDHE问题的困难性,该方案在标准模型下被证明满足选择密文安全性。在该方案中,解密算法的计算代价和密文的长度独立于系统时间周期总数。对比分析表明,该方案的整体性能优于已有的前向安全公钥加密方案。     

一种支持解密外包的KP-ABE方案

针对现有密钥策略基于属性加密KP-ABE（Key-Policy Attribute-Based Encryption）方案在解密时存在用户端计算开销大、解密时间长等问题,一些方案提出将解密外包给云服务器,但这些方案并未给出外包解密的并行化方法,存在解密效率低的问题.本文提出一种支持解密外包的KP-ABE方案.在该方案中,把大部分解密计算外包给Spark平台;并根据KP-ABE的解密特点设计并行化解密算法,完成对叶子节点和根节点的并行化解密.性能分析表明,用户端仅需进行一次指数运算即可解密出共享数据,同时并行化设计能有效提高云端解密速率.     

Collaboration IoT-Based RBAC with Trust Evaluation Algorithm Model for Massive IoT Integrated Application

With the recent advances in ubiquitous communications and the growing demand for low-power wireless technology, smart IoT device (SID) to access various Internet of Things (IoT) resources through Internet at any time and place alternately. There are some new requirements for integration IoT servers in which each one is individually gathering its local resources in Internet, which cooperatively supports SID to get some flexibility or temporary contract(s) and privileges in order to access their corresponding desired service(s) in a group of collaboration IoT servers. However, traditional access control schemes designed for a single server are not sufficient to handle such applications across multiple collaboration IoT servers to get rich services in IoT environments. It does not take into account both security and efficiency of IoT servers, which securely share their resources. Therefore, the collaboration IoT-based RBAC (Role-based Access Control) with trust evaluation (TE) algorithm model to reducing internal security threats in intra-server and inter server for the massive IoT integrated application is proposed in this paper. Finally, the three trust evaluation algorithms including a local trust evaluation algorithm, a virtual trust evaluation algorithm and a cooperative trust evaluation algorithm in the proposed collaboration IoT-based RBAC model, which are designed and presented for reducing internal security threats in collaborative IoT servers.

     

An improved and secure multiserver authentication scheme based on biometrics and smartcard

With the advancement in internet technologies, the number of servers has increased remarkably to provide more services to the end users. These services are provided over the public channels, which are insecure and susceptible to interception, modification, and deletion. To provide security, registered entities are authenticated and then a session key is established between them to communicate securely. The conventional schemes allow a user to access services only after their independent registration with each desired server in a multiserver system. Therefore, a user must possess multiple smartcards and memorize various identities and passwords for obtaining services from multiple servers. This has led to the adoption of multiserver authentication in which a user accesses services of multiple servers after registering himself at only one central authority. Recently, Kumar and Om discussed a scheme for multiserver environment by using smartcard. Since the user-memorized passwords are of low entropy, it is possible for an attacker to guess them. This paper uses biometric information of user to enhance the security of the scheme by Kumar and Om. Moreover, we conducted rigorous security analyses (informal and formal) in this study to prove the security of the proposed scheme against all known attacks. We also simulated our scheme by using the automated tool, ProVerif, to prove its secrecy and authentication properties. A comparative study of the proposed scheme with the existing related schemes shows its effectiveness.     

基于服务器组的群组密钥协商机制

为了解决现有的组密钥协商机制需要组成员在本地全部参与协商,从而严重制约安全群组通信系统可扩展性与高效性的问题,提出一种基于服务器端的密钥协商策略.该机制中,仅需要与每个组成员连接的服务器组间密钥协商,降低了群组的存储开销和通信开销.同时在客户端函数库内通过设计一个单向映射机制实现从服务器组密钥到群组密钥变换.与基于客户端函数库的密钥协商机制相比,其可扩展性及密钥协商效率更高.     

An enhanced bilinear pairing based authenticated key agreement protocol for multiserver environment

To circumvent using of multiple single servers, the theory of multiserver communication exists and numerous authentication protocols put forward for providing secure communication. Very recently, Amin‐Biswas proposes bilinear pairing–based multiserver scheme by describing some security pitfalls of Hsieh‐Leu protocol and claims that it is secured against related security threats. However, this paper claims that Amin‐Biswas protocol is still susceptible to off‐line identity and password guessing attack, user untraceability attack, and server masquerading attack. The cryptographic protocol should be attacks‐free for real‐time application. To achieve attacks‐free security, we put forward smart card–based multiserver authentication protocol by using the concept of bilinear pairing operation. The formal method strand space model has been used to prove the correctness of the proposed scheme. Additionally, rigorous security analysis ensures pliability of common security threats. The performance and security features of our scheme are also compared with that of the similar existing schemes. The comparison results show that our protocol achieves more security features with less complexity.     

SA-IBE:一种安全可追责的基于身份加密方案

基于身份加密(Identity-Based Encryption, IBE)方案中,用户公钥直接由用户身份得到,可以避免公钥基础设施(Public Key Infrastructure, PKI)系统的证书管理负担。但IBE存在密钥托管问题,即私钥生成器(Private Key Generator, PKG)能够解密用户密文或泄漏用户私钥,而现有解决方案一般需要安全信道传输私钥,且存在用户身份认证开销大或不能彻底解决密钥托管问题的缺陷。该文提出一种安全可追责的基于身份加密方案,即SA-IBE方案,用户原私钥由PKG颁发,然后由多个密钥隐私机构并行地加固私钥隐私,使得各机构无法获取用户私钥,也不能单独解密用户密文;设计了高效可追责的单点PKG认证方案;并采用遮蔽技术取消了传输私钥的安全信道。文中基于标准的Diffie-Hellman假设证明了SA-IBE方案的安全性、解决密钥托管问题的有效性以及身份认证的可追责性。     

Distributed servers approach for large-scale secure multicast

In order to offer backward and forward secrecy for multicast applications (i.e., a new member cannot decrypt the multicast data sent before its joining and a former member cannot decrypt the data sent after its leaving), the data encryption key has to be changed whenever a user joins or leaves the system. Such a change has to be made known to all the current users. The bandwidth used for such re-key messaging can be high when the user pool is large. We propose a distributed servers approach to minimize the overall system bandwidth (and complexity) by splitting the user pool into multiple groups each served by a (logical) server. After presenting an analytic model for the system based on a hierarchical key tree, we show that there is an optimal number of servers to achieve minimum system bandwidth. As the underlying user traffic fluctuates, we propose a simple dynamic scheme with low overhead where a physical server adaptively splits and merges its traffic into multiple groups each served by a logical server so as to minimize its total bandwidth. Our results show that a distributed servers approach is able to substantially reduce the total bandwidth required as compared with the traditional single-server approach, especially for those applications with a large user pool, short holding time, and relatively low bandwidth of a data stream, as in the Internet stock quote applications.     

A robust and efficient dynamic identity‐based multi‐server authentication scheme using smart cards

In single‐server architecture, one service is maintained by one server. If a user wants to employ multiple services from different servers, he/she needs to register with these servers and to memorize numerous pairs of identities and passwords corresponding to each server. In order to improve user convenience, many authentication schemes have been provided for multi‐server environment with the property of single registration. In 2013, Li et al. provided an efficient multi‐server authentication scheme, which they contended that it could resist several attacks. Nevertheless, we find that their scheme is sensitive to the forgery attack and has a design flaw. This paper presents a more secure dynamic identity‐based multi‐server authentication scheme in order to solve the problem in the scheme by Li et al. Analyses show that the proposed scheme can preclude several attacks and support the revocation of anonymity to handle the malicious behavior of a legal user. Furthermore, our proposed scheme has a lower computation and communication costs, which make it is more suitable for practical applications. Copyright © 2014 John Wiley & Sons, Ltd.     

Constructing designated server public key encryption with keyword search schemes withstanding keyword guessing attacks

Designated server public key encryption with keyword search (dPEKS) removes the secure channel requirement in public key encryption with keyword search (PEKS). With the dPEKS mechanism, a user is able to delegate the search tasks on the ciphertexts sent to him/her to a designated storage server without leaking the corresponding plaintexts. However, the current dPEKS framework inherently suffers from the security vulnerability caused by the keyword guessing (KG) attack. How to build the dPEKS schemes withstanding the KG attacks is still an unsolved problem up to now. In this work, we introduce an enhanced dPEKS (edPEKS) framework to remedy the security vulnerability in the current dPEKS framework. The edPEKS framework provides resistance to the KG attack by either the outside attacker or the malicious designated server. We provide a semi‐generic edPEKS construction that exploits the existing dPEKS schemes. Our security proofs demonstrate that the derived edPEKS scheme achieves the keyword ciphertext indistinguishability, the keyword ciphertext unforgeability, and the keyword trapdoor indistinguishability if the underlying dPEKS scheme satisfies the keyword ciphertext indistinguishability and the hash Diffie‐Hellman problem is intractable. In addition, a concrete edPEKS scheme is presented to show the instantiation of the proposed semi‐generic construction.