标准模型中基于身份的多PKG签密方案

在随机预言模型中,现有的基于身份签密的多私钥生成器(PKG)方案都是可证明安全的。基于此,提出在标准模型中基于身份的多PKG签密方案,并证明其安全性。在DBDH假设下,方案的机密性满足在适应性选择密文攻击时,密文不可区分。在CDH假设下,方案的不可伪造性满足在适应性选择消息攻击时,签名存在性不可伪造。和已有方案相比,该方案在签密阶段效率较高。     

基于身份多PKG广义签密

利用双线性对提出了一个基于身份的多(Private key generator)PKG广义签密方案.它能满足具有不同域参数的各PKG之间的用户相互之间进行只加密、只签名或签密操作,使得原来不能安全通信的各PKG之间也能安全地通信,推动基于身份的密码体制在实用化方面向前迈进了一步.证明了在随机预言机模型下,在(Gap Bilinear Diffie-Hellman)GBDH问题难解的假设下方案具有保密性;在(Gap Diffie-Hellman) GDH'问题难解的假设下方案具有不可伪造性.另外,方案还具有不可否认性、前向安全性和公开验证性.最后,对方案的效率进行了分析,分析表明方案是高效的.     

基于身份的无可信中心的环签密方案

环签密不仅实现了消息的保密性和认证性,而且实现了签密者的完全匿名性。给出了基于身份的无可信中心的环签密的方案模型和安全定义,提出和证明了一种有效的基于身份的无可信中心的环签密方案,与已有的方案比较,不需要可信的PKG,解决了基于身份密码体制中的密钥托管问题,提高了效率。该方案满足匿名性、保密性、不可伪造性、身份验证、可追踪性。     

基于身份的跨信任域签密方案

实际网络环境尤其是未来异构网络融合环境中,各个信任域大多都是独立的自治域,使用不同的系统参数.为此提出了一种新的基于身份的跨信任域签密方案,该方案对PKG系统参数不作限制,各PKG可以使用完全不同的系统公开参数、不同的主密钥和公钥.并且在该签密协议的基础上给出了会话密钥的生成方法.在随机预言模型中给出了安全性证明,在BDH问题是困难的的假设下该协议是安全的,其满足机密性、不可伪造性、不可否认性和公开验证性.在与其他跨信任域签密方案计算开销相当的情况下,该方案不仅实现了跨信任域签密,而且对各PKG参数不作限制.     

无随机预言机的基于身份多签密方案

签密是一种能够同时提供加密和签名功能的密码体制,是可以在公开信道上同时保证信息私密性和发送者身份可认证性的重要技术手段.为适应多参与者环境下通信安全的需求,提出了基于身份多签密方案的形式化安全模型,并基于判定双线性Diffie-Hellman假设和计算Diffie-Hellman假设构造了一个无随机预言机的具体方案.新方案在标准模型下是可证安全的,满足自适应选择密文攻击下的密文不可区分性和选择消息攻击下的签名不可伪造性.     

标准模型下基于身份的广义签密方案*

首次对标准模型下基于身份广义签密体制进行了研究。利用双线性对,提出了基于身份的广义签密方案, 并在标准模型下证明了方案的安全性。结果表明,方案的保密性在DBDH假设下是适应性选择密文攻击下不可区分的,在CDHP假设下方案是适应性选择消息攻击下存在性不可伪造的。与其他两个基于身份广义签密方案相比,本方案效率较高,且是在标准模型下可证明是安全的。     

一种无需可信中心的跨信任域身份签密方案

针对现有的基于身份的签密方案中,私钥产生中心(PKG)可以任意伪造域内用户对消息进行签名和解密的弊端,提出了一种新的无需可信中心的基于身份的签密方案.利用一种新的公钥产生机制,在用户的身份信息中加入随机数,使得:PKG无法伪造用户的签名,也无法对用户的消息进行解密,同时还可以实现跨信任域签密.分析表明该方案是安全的.     

一个基于身份的无需可信中心的签密方案

由于现有的基于身份的签密方案中,所有用户的私钥都由无条件信任私钥中心（PKG）产生,因此不诚实的PKG就可以伪造任意用户的签名。基于此,提出了一个基于身份的无需可信中心的签密方案,该方案中签密密钥由PKG和用户共同产生,可防止PKG的伪造行为,方案具有可验证性、不可伪造性和不可否认性,并且只有指定的接收者才能验证签密的正确性。     

标准模型下安全基于身份代理签密方案

针对现实中代理签密的安全问题,提出一种基于Gu等（GU K, JIA W J, JIANG C L. Efficient identity-based proxy signature in the standard model. The Computer Journal, 2013:bxt132）代理签名的标准模型下可证安全的基于身份代理签密方案。代理签密允许原始签密者授权签密能力给代理签密者,后者能够代表前者生成密文。该方案通过结合基于身份签密和代理签名,既保持了基于身份签密的优点,又具有代理签名的功能。分析表明,基于Diffie-Hellman问题假设下,所提方案满足机密性性和不可伪造性。与已知方案相比,代理密钥生成算法和代理签密算法中各需要2个对运算和1个对运算,方案效率更高。     

标准模型下高效安全的基于身份多签密方案

针对已提出的基于身份多签密方案效率不高的问题,提出了一种高效安全的基于身份多签密方案。新方案消除了多次乘法运算,增加了密钥验证过程,并在标准模型下进行安全性分析及效率分析,证明了新方案可归约于CDH困难假定,计算量减少。与现有方案相比,新方案的安全性和多签密效率都得到了提高。     

一种新的基于身份数字签名方案

在现有的基于身份的签名方案中,签名者必须绝对信任密钥产生机构（PKG）。由于签名者用于签名的密钥是由PKG产生的,那么PKG就可以伪造签名者的签名。因此,在有些方案中,提出了引入多个PKG,如果能够确保至少一个PKG是诚实可信的,就可以确保方案的安全性。但是足够多的PKG还是能够伪造用户的签名,所以并没有从根本上解决这个问题。本文提出一个无需PKG诚实可信的一个签名方案,从根本上解决了密钥暴露的问题。     

How to construct identity-based signatures without the key escrow problem

The inherent key escrow problem is one of the main reasons for the slow adoption of identity-based cryptography. The existing solution for mitigating the key escrow problem is by adopting multiple Private Key Generators (PKGs). Recently, there was a proposal that attempted to reduce the trust of the PKG by allowing a malicious PKG to be caught if he reveals the user’s identity-based private key illegally. Nonetheless, the proposal does not consider that the PKG can simply decrypt the ciphertext instead of revealing the private key itself (in the case of identity-based encryption schemes). The aim of this paper is to present an escrow-free identity-based signature (IBS) scheme, in which the malicious PKG will be caught if it releases a signature on behalf of the user but signed by itself. We present a formal model to capture such a scheme and provide a concrete construction.     

Provably secure identity-based authenticated key agreement protocols with malicious private key generators

Identity-based authenticated key agreement is a useful cryptographic primitive and has received a lot of attention. The security of an identity-based system relies on a trusted private key generator (PKG) that generates private keys for users. Unfortunately, the assumption of a trusted PKG (or a curious-but-honest PKG) is considered to be too strong in some situations. Therefore, achieving security without such an assumption has been considered in many cryptographic protocols. As a PKG knows the private keys of its users, man-in-the-middle attacks (MIMAs) from a malicious PKG is considered as the strongest attack against a key agreement protocol. Although securing a key agreement process against such attacks is desirable, all existent identity-based key agreement protocols are not secure under such attacks. In this paper, we, for the first time, propose an identity-based authenticated key agreement protocol resisting MIMAs from malicious PKGs that form a tree, which is a commonly used PKG structure for distributing the power of PKGs. Users are registered at a PKG in the tree and each holds a private key generated with all master keys of associated PKGs. This structure is much more efficient, in comparison with other existing schemes such as threshold-based schemes where a user has to register with all PKGs. We present our idea in two protocols. The first protocol is not secure against MIMAs from some kinds of malicious PKGs but holds all other desirable security properties. The second protocol is fully secure against MIMAs. We provide a complete security proof to our protocols.     

CCA2 secure (hierarchical) identity-based parallel key-insulated encryption without random oracles

In order to mitigate the damages of key-exposure, key-insulated encryption introduces a helper key used to periodically update the decryption key. Under the usual circumstances, frequent updating increases the risk of helper key-exposure. Parallel key-insulated encryption (PKIE) supports frequent key updates without increasing the risk of helper key-exposure. In an identity-based cryptosystem, a private key generator (PKG) uses a master secret key to issue private keys to users based on their identities. In this paper, we propose a new identity-based parallel key-insulated encryption (IBPKIE) scheme which achieves IND-ID-KI-CCA2 security without random oracles. Our IBPKIE scheme has short public parameters and a tight reduction with an additive factor.Hierarchical identity-based cryptography was first proposed in 2002. It allows a root PKG to distribute workload by delegating private key generation and entity authentication tasks to lower-level PKGs. In this paper, we formalize the syntax and security model for a hierarchical identity-based parallel key-insulated encryption (HIBPKIE) scheme. We then propose an HIBPKIE scheme with constant size ciphertext, and prove that it achieves IND-ID-KI-CCA2 security without random oracles. To the best of our knowledge, this is the first HIBPKIE scheme up to now.     

Target tracking using Interactive Multiple Model for Wireless Sensor Network

Target tracking in a Wireless Sensor Network (WSN) environment is a challenging research problem. Interactive Multiple Model (IMM) is a popular scheme for accurate target tracking. The existing target tracking scheme used in WSN employs Kalman Filter (KF) which fails to track the target accurately due to non availability of target data at regular intervals and missing of packets. Though existing KF based tracking in WSN scheme detects the target, it fails to identify the target. To overcome these problems, this paper proposes a IMM based Target Tracking in WSN named ITTWSN that uses multiple models (velocity and acceleration) to handle both maneuvering and non maneuvering targets and multiple sensors to detect and identify the targets. The performance of the proposed ITTWSN is compared with the KF scheme and it is found that the accuracy of the proposed ITTWSN is better than the existing KF based approach.     

ID-Based Fair Off-Line Electronic Cash System with Multiple Banks

ID-based public key cryptography （ID-PKC） has many advantages over certificate-based public key cryptography （CA-PKC）, and has drawn researchers＇ extensive attention in recent years. However, the existing electronic cash schemes are constructed under CA-PKC, and there seems no electronic cash scheme under ID-PKC up to now to the best of our knowledge. It is important to study how to construct electronic cash schemes based on ID-PKC from views on both practical perspective and pure research issue. In this paper, we present a simpler and provably secure ID-based restrictive partially blind signature （RPBS）, and then propose an ID-based fair off-line electronic cash （ID-FOLC） scheme with multiple banks based on the proposed ID-based RPBS. The proposed ID-FOLC scheme with multiple banks is more efficient than existing electronic cash schemes with multiple banks based on group blind signature.     

基于分类器联合的联机图形识别方法研究

研究基于不同模式特征的多分类器联合问题，提出一种新的分类器联合方法，将该方法应用于联机几何图形的识别，实验中联合了3种分类器，每种分类器的机制各不相同，并且都基于不同的模式特征，将该分类器联合方法与现有的几种联合方法进行实验比较，实验结果表明该方法具有较高的识别率。     

一个多授权中心的属性基签密方案

属性基签密体制能同时保证消息的保密性和存在性不可伪造,并能实现一对多的密文数据共享和细粒度访问控制。现有的属性基签密方案均是在单一授权机构下实现,容易产生单点失效和负担过重等问题。本文通过将用户的多个属性交由不同的授权中心分别管理,从而构造出一个适用于个人健康管理系统（PHR）的多授权中心属性基签密方案,并通过性能分析和仿真实验说明本文所提方案具有较短的用户密钥长度和较小的解签密时间开销。方案的安全性在标准模型下被规约到双线性Diffle-Hellman假设和计算Diffle-Hellman假设。     

Fault detection and accommodation of a class of nonlinear systems with unknown multiple time-delayed faults

This paper investigates a fault detection and accommodation (FDA) problem of a class of nonlinear time-delay systems in the presence of unknown multiple time-delayed faults. Compared with existing literature, a main contribution of this paper is to design a time-delay independent FDA scheme, namely, the exact information on time delays is not required to implement the proposed FDA scheme. Under the assumption that the magnitude and occurrence time of multiple faults are unknown, we first design a delay-independent fault detection scheme with a detection threshold for time-delay systems and analyze the fault detectability. Then, an approximation-based fault accommodation design activated after the detection of the first fault is presented for compensating multiple faults. The robustness of the fault detection scheme and asymptotic stability of the tracking error are established through Lyapunov stability analysis. A simulation example is used to illustrate the proposed FDA scheme.