一个无证书代理盲签名方案

将无证书公钥密码体制和代理盲签名相结合,利用两者的优点,提出一个无证书代理盲签名方案。该方案具有盲签名的盲性以及不可追踪性,同时消除了对证书的依赖,能够解决密钥的托管问题。在适应性选择消息及适应性选择身份攻击下,该方案可以体现出存在性不可伪造的特点,能够有效抵抗公钥替换攻击。     

无线传感器网络中具有匿名性的用户认证协议

对He等人提出的无线传感器网络用户认证协议(Ad-Hoc Sensor Wireless Networks, 2010, No.4)进行研究,指出该协议无法实现用户匿名性,不能抵抗用户仿冒攻击和网关节点旁路攻击,并利用高效的对称密码算法和单向hash函数对其进行改进。理论分析结果证明,改进协议可以实现用户匿名性、不可追踪性及实体认证,抵抗离线字典攻击、用户仿冒攻击和网关节点旁路攻击,与同类协议相比,计算效率更高。     

代理盲签名的不可跟踪性分析

张学军在《基于身份的代理盲签名方案的分析与改进》(《计算机工程》,2009年第23期)一文中分析指出,农强等的代理盲签名方案(《计算机应用》,2008年第8期)不具有不可跟踪性。对此,通过反证法证明张学军的方法有误,在此基础上提出一种新的分析方法,利用其证明胡江红的方案(《计算机工程与应用》,2007年第18期)不满足不可跟踪性,并对该方案进行改进,使其满足不可跟踪性且效率得到提高。     

一种基于虚拟应用的安全防泄漏系统

针对目前日益严重的信息资产泄露问题,在对比已有的信息泄露的防御技术基础上,提出一种＂基于虚拟应用的安全防泄漏系统＂,通过集中运算、虚拟应用技术,在服务器上为每一个用户的应用构建独立的计算环境;采用远程桌面、SSLVPN技术保证集中计算环境中数据与用户操作终端的安全隔离;同时基于信息在服务器集中存储和运算,实现终端无痕（用户终端没有数据计算痕迹）,防止数据在应用过程中泄露;最后采用统一认证和应用授权发布,管理用户对数据的访问和输出控制。     

Provably secure authenticated key agreement scheme for distributed mobile cloud computing services

With the rapid development of mobile cloud computing, the security becomes a crucial part of communication systems in a distributed mobile cloud computing environment. Recently, in 2015, Tsai and Lo proposed a privacy-aware authentication scheme for distributed mobile cloud computing services. In this paper, we first analyze the Tsai–Lo’s scheme and show that their scheme is vulnerable to server impersonation attack, and thus, their scheme fails to achieve the secure mutual authentication. In addition, we also show that Tsai–Lo’s scheme does not provide the session-key security (SK-security) and strong user credentials’ privacy when ephemeral secret is unexpectedly revealed to the adversary. In order to withstand these security pitfalls found in Tsai–Lo’s scheme, we propose a provably secure authentication scheme for distributed mobile cloud computing services. Through the rigorous security analysis, we show that our scheme achieves SK-security and strong credentials’ privacy and prevents all well-known attacks including the impersonation attack and ephemeral secrets leakage attack. Furthermore, we simulate our scheme for the formal security analysis using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, and show that our scheme is secure against passive and active attacks including the replay and man-in-the-middle attacks. More security functionalities along with reduced computational costs for the mobile users make our scheme more appropriate for the practical applications as compared to Tsai–Lo’s scheme and other related schemes. Finally, to demonstrate the practicality of the scheme, we evaluate the proposed scheme using the broadly-accepted NS-2 network simulator.     

前向安全代理盲签名方案的分析及改进

通过对肖红光等人提出的一种前向安全的代理盲签名方案进行安全性分析,指出该方案不能够抵抗原始签名人的伪造攻击,不诚实的原始签名人可以伪造代理签名密钥。同时,该方案也不具有不可追踪性和前向安全性。针对上述问题,提出一个改进的方案。通过对代理授权方式和盲签名过程的改进,使得改进后的方案克服了原方案存在的安全性问题,并基于离散对数困难问题以及二次剩余困难问题,对方案的不可伪造性、强盲性、前向安全性进行了分析。分析结果表明,改进后的方案满足前向安全代理盲签名方案的安全要求。     

An independent three‐factor mutual authentication and key agreement scheme with privacy preserving for multiserver environment and a survey

In the past decades, the demand for remote mutual authentication and key agreement (MAKA) scheme with privacy preserving grows rapidly with the rise of the right to privacy and the development of wireless networks and Internet of Things (IoT). Numerous remote MAKA schemes are proposed for various purposes, and they have different properties. In this paper, we survey 49 three‐factor–based remote MAKA schemes with privacy preserving from 2013 to 2019. None of them can simultaneously achieve security, suitability for multiserver environments, user anonymity, user untraceability, table free, public key management free, and independent authentication. Therefore, we propose an efficient three‐factor MAKA scheme, which achieves all the properties. We propose a security model of a three‐factor–based MAKA scheme with user anonymity for multiserver environments and formally prove that our scheme is secure under the elliptic curve computational Diffie‐Hellman problem assumption, decisional bilinear Diffie‐Hellman problem assumption, and hash function assumption. We compare the proposed scheme to relevant schemes to show our contribution and also show that our scheme is sufficiently efficient for low‐power portable mobile devices.     

可证明UC安全的前后向不可追踪的RFID双向认证协议

文章基于通用可组合安全模型,设计了一个RFID双向认证协议,该协议实现了前向和后向不可追踪性,能抵御RFID系统中常见的弱攻击或者强攻击,并且基于通用可组合安全模型证明了该协议在任意未知环境中也不会降低其安全性。     

RFID标签的不可追踪性

为了形式化分析无线射频识别(RFID)协议中标签的不可追踪性,对串空间模型进行了扩展,引入了分析标签不可追踪性的能力,并给出了不可追踪性的判定定理. 基于扩展的串空间模型,对Feldhofer协议和O′FRAP协议进行了分析. 结果表明,Feldhofer协议能实现不可追踪性,O′FRAP协议对于主动攻击者不能实现不可追踪性.     

Untraceability Analysis of Two RFID Authentication Protocols

With the development of Radio frequency identification (RFID) technologies,theoretical study on the protocol's design promotes the increasing reality applications of this product.The protocol designers attach significance to untraceability analysis on key-update RFID authentication protocols.This paper analyzes two RFID authentication protocols in terms of forward untraceability and backward untraceability,which are two necessary conditions for key-update RFID protocols and ownership transfer protocols.This paper introduces impersonation attacks as well as desynchronization attacks to two protocols.This paper presents two enhanced protocols,which can achieve forward untraceability and backward untraceability privacy.This paper shows the outstanding efficiency and security properties of two improved schemes through detailed analysis and comparisons.