新型组织隐藏的认证密钥交换协议

提出了一个实现组织集合交集认证策略的新型组织隐藏的密钥协商协议,2个匿名用户从属的组织集合存在交集且元素个数至少为一个门限值时可以完成一次成功的秘密认证和密钥协商,同时保证集合交集之外的组织信息机密性。新协议在随机预言机模型下可证安全,并且在计算和通信性能上仍具备一定的优势。     

一种基于椭圆曲线的前向安全数字签名方案的分析与改进

针对已提出的一种基于椭圆曲线的前向安全数字签名方案进行安全性分析,发现该方案存在安全隐患,不具备前向安全性.利用椭圆曲线上Weil配对的双线性性质对原方案进行改进,构造了一种新的基于椭圆曲线的前向安全数字签名方案,方案的安全性建立在目前还没有有效攻击方法的有限域上的非超奇异椭圆曲线离散对数问题之上.新方案具有前向安全性、抗伪造性等性质,有一定的理论和实用价值.     

Further cryptanalysis of the McEliece public-key cryptosystem

We further analyze the security of the McEliece (1978) public-key cryptosystem according to the notions of public-key encryption security. We show that the McEliece scheme is insecure against adaptive chosen-ciphertext attacks. In addition, we also point out that the McEliece scheme does not satisfy the nonmalleability property     

基于J2ME的金融POS应用安全方案设计

传统金融POS作为一种嵌入式设备,在符合PCIPOS-PED安全标准上面临困难。J2ME是适合于嵌入式设备的Java平台,在此基础上扩展POS应用基础类库实现的POS应用方案,综合运用类属性、类编译、类控件和下载管理等安全策略,满足PCIPOS—PED安全标准的各项要求。此方案已在NL8320金融POS上试用并通过安全测试。     

等级系统中的访问控制方案研究

本文基于Lagrange插值多项式,提出了等级系统中的一个访问控制方案,并从空间复杂度和时间复杂度角度分析了其性能.该方案具有很强的安全性,并且允许所有用户自主选择秘密密钥.提出了基于门限秘密共享体制的一般性访问控制方案,阐述了一般性的访问控制方案的基本思想、方案的构造算法及安全性.     

高效的属性基远程证明方案

In order to ensure the security of the prop-erty-based remote attestation scheme, an improved, more efficient, formal security model of property-based remote attestation is proposed, with which we prove that the user platform satisfies the security property requirements predefined by a remote rel-ying party. Under the co-Computational Diffie-Hell-man (CDH) assumption, the proposed scheme is proved to be secure in the random oracle model. Compared with the existing schemes, the proposed scheme has a short property certificate and signature size, and requires less computational cost.     

一种鲁棒的无线传感器网络用户认证方案安全性的增强

In order to remedy the security weaknesses of a robust user authentication framework for wireless sensor networks, an enhanced user authentication framework is presented. The enhanced scheme requires proof of the possession of both a password and a smart card, and provides more security guarantees in two aspects: 1) it addresses the untraceability property so that any third party accessing the communication channel cannot link two authentication sessions originated from the same user, and 2) the use of a smart card prevents offline attacks to guess passwords. The security and efficiency analyses indicate that our enhanced scheme provides the highest level of security at reasonable computational costs. Therefore, it is a practical authentication scheme with attractive security features for wireless sensor networks.     

Secure mediated certificateless signature scheme

Ju et al. proposed a certificateless signature scheme with instantaneous revocation by introducing security mediator (SEM) mechanism. This article presents a detailed cryptoanalysis of this scheme and shows that, in their proposed scheme, once a valid signature has been produced, the signer can recover his private key information and the instantaneous revocation property will be damaged. Furthermore, an improved mediated signature scheme, which can eliminate these disadvantages, is proposed, and security proof of the improved scheme under elliptic curve factorization problem (ECFP) assumption and bilinear computational diffie-hellman problem (BCDH) assumption is also proposed.     

融合时间戳和同态签名的安全网络编码方法

针对无线多跳网络编码的安全性问题,提出了一种融合时间戳和同态签名的安全网络编码方法。在利用基于RSA的同态签名方案抵御污染攻击的基础上,引入时间戳设计新型同态签名方案来抵御网络中的重放攻击,以时间戳为源生成网络编码的随机系数来保证签名的同态性。重点分析了本方案产生随机系数的方式对网络编码解码概率的影响,并建立了攻击模型证明方案可同时抵御网络中的污染攻击和重放攻击。性能分析表明本方案与基于RSA的同态签名方案开销比值接近于1。     

An efficient three factor–based authentication scheme in multiserver environment using ECC

Recently, Li et al have developed a smartcard‐based remote user authentication scheme in multiserver environment. They have claimed that their scheme is secured against some possible cryptographic attacks. However, we have analyzed that the scheme of Li et al cannot preserve all the proclaimed security goals, which are given as follows: (1) It is not withstanding password‐guessing, user impersonation, insider, and smartcard theft attacks, and (2) it fails to facilitate user anonymity property. To remedy these above‐mentioned security flaws, we have proposed an efficient three factor–based authentication scheme in a multiserver environment using elliptic curve cryptography. The Burrows‐Abadi‐Needham logic is used to confirm the security validation of our scheme, which ensures that it provides mutual‐authentication and session‐key agreement securely. Then, the random oracle model is also considered to analyze the proposed scheme, and it shows that the backbone parameters, ie, identity, password, biometrics, and the session key, are secure from an adversary. Further, the informal security analysis confirms that the suggested scheme can withstand against some possible mentioned attacks. Later, the Automated Validation of Internet Security Protocols and Applications tool is incorporated to ensure its security against passive and active attacks. Finally, the performance comparison of the scheme is furnished to confirm its enhanced security with other relevant schemes.     

Fingerprinting protocol for images based on additive homomorphic property.

Homomorphic property of public-key cryptosystems is applied for several cryptographic protocols, such as electronic cash, voting system, bidding protocols, etc. Several fingerprinting protocols also exploit the property to achieve an asymmetric system. However, their enciphering rate is extremely low and the implementation of watermarking technique is difficult. In this paper, we propose a new fingerprinting protocol applying additive homomorphic property of Okamoto-Uchiyama encryption scheme. Exploiting the property ingenuously, the enciphering rate of our fingerprinting scheme can be close to the corresponding cryptosystem. We study the problem of implementation of watermarking technique and propose a successful method to embed an encrypted information without knowing the plain value. The security can also be protected for both a buyer and a merchant in our scheme.     

属性隐藏的基于谓词的认证密钥交换协议

针对已有基于谓词的认证密钥交换协议在隐私保护方面的不足,通过结合一个内积加密方案和NAXOS技巧,提出了一个全新的基于谓词的认证密钥交换协议。并在修改的eCK模型下,将协议的安全性归约到了GBDH假设,同时,由于继承了内积加密方案隐藏用户属性的安全性质,新协议能够防止用户敏感信息的泄露。     

零知识性量子身份认证协议

基于EPR纠缠光子对的相干特性,设计了一个量子身份认证协议。该协议具有零知识性。由于基于量子物理特性,不但满足传统的身份认证的基本性质,还具有无条件安全性,并可以抵抗各种可能的量子攻击。     

基于RSA与离散对数的门限群签名方案

基于RSA的因式分解和离散对数问题,文中提出了一种安全性高,具有良好特性的(t,n)门限群签名方案。其安全性是基于求离散对数和RSA大整数因式分解的困难。方案不仅具有可追踪性和防止群内成员共谋获得系统秘密参数,而且还具有签名验证简单且计算量少,签名的匿名性和防冒充性等优点。     

GSM系统认证算法的设计与安全性分析

本文按照GSM系统认证算法的标准而构造的杂凑函数符合平衡性、高非线性度及严格雪崩特性的设计准则从而能有效地抵抗线性攻击和差分攻击。针对HansDobbertin对MD4 的有效攻击 ,我们提出右移位数不确定性的设计准则     

A matrix key-distribution scheme

A new key-distribution scheme is presented. It is based on the distinctive idea that lets each node have a set of keys of which it shares a distinct subset with every other node. This has the advantage that the numbers of keys that must be generated is proportional to the number of nodes. Moreover, two nodes can start a session with virtually no delay. The scheme suits an environment where there is a certain level of trust among the insiders. The security property to an outsider remains identical to that of other existing schemes. Two versions of the scheme are given. Analysis of security and performance shows it is a practical solution to some key-distribution problems.     

基于PCM/PPK遥测体制的钟控序列加密方案及系统仿真

PCM/PPK telemetry system is a multinary pulse modulation system. It is commonly used to transmit high-accuracy time information and some express signals. To the issue of security that telemetry data is transmitted in the open space, a data encryption scheme in the PCM/PPK telemetry system is proposed. In this scheme, the PCM data of signal source are encrypted by stream cipher in which key streams are generated with clock control LSFR. The scheme can save system resource in the dual-modulation compound telemetry system. A backward key synchronization scheme is also proposed, which has the property of strong real-time and easy to implement. A simplified simulation model of PCM/PPK remote system is established based on the actual framework of telemetry system, and the model is simple and easy to simulate. The error performance of the system is analyzed in theory and tested by computer simulation. Also the security of the system is analyzed. The simulation and analysis results show that the encryption scheme can ensure the security of the telemetry data and does not cause error-diffusion.     

ID‐Based Optimistic Fair Exchange Scheme Based on RSA

Fairness of exchange is a significant property for secure online transactions, and a fair exchange scheme is a useful tool for ensuring the fairness of exchanges conducted over networks. In this paper, we propose an ID‐based optimistic fair exchange scheme based on the RSA function, one which is designed by combining a well‐known RSA‐based signature scheme and the (naive) RSA function. Note that the main contribution of this paper is to give the first provably secure ID‐based fair exchange scheme based on the RSA function, whose security can be proved under fully formalized security models. Our scheme has the following additional strongpoints. The scheme is setup‐free; hence, there is no registration step between a user and an arbitrator. Moreover, the proposed scheme is designed in an ID‐based setting; thus, it is possible to eliminate the need for certificates and avoid some related problems.     

NCS中的信息安全求解策略

网络控制是计算机、通信与控制技术结合发展的必然产物，具有开放性特征的网络控制系统面临着控制信息安全问题。针对网络控制系统的典型体系结构和信息安全需求，提出了基于分层思想和资源匹配的网络控制系统信息安全求解策略。     

改进的基于身份的代理盲签名方案

盲签名和代理签名在密码学中有各自的特殊用途。结合二者的优点，利用椭圆曲线上的Weil配对的双线性性质，在基于身份的签名基础上构造了一种改进基于身份的代理盲签名方案。该方案继承了前人的基于身份的代理盲签名方案的优点同时，运算效率进一步提高，代理人受到进一步的保护。最后对该方案的安全性进行了简要分析，从而证明了该方案是可行的。