An efficient identity-based secret key management scheme for MANETs

This paper put forward an identity-based key management scheme for mobile ad hoc networks (MANETs), it provids an efficient secret key management mechanism for security schemes, which be implemented over any cyclic group in that the strong Diffie-Hellman problem is supposed to be hard. By employing identity-based and threshold cryptography, the proposed scheme eliminates the burden of certificates management and can be high level tolerance to node compromise. The scheme is based on threshold Schnorr signature (TSch), for higher efficiency, we transform TSch to a simpler form, donated by SimpleTSch, and prove that SimpleTSch is unforgeable under passive attacks in the random oracle model. However, to cope with active attacks, we enforce the security by introducing Fiore et al's key agreement. We can say that the proposed key management scheme gives lots of help for design of security protocols in MANETs.     

A secure and enhanced elliptic curve cryptography‐based dynamic authentication scheme using smart card

In remote system security, 2‐factor authentication is one of the security approaches and provides fundamental protection to the system. Recently, numerous 2‐factor authentication schemes are proposed. In 2014, Troung et al proposed an enhanced dynamic authentication scheme using smart card mainly to provide anonymity, secure mutual authentication, and session key security. By the analysis of Troung et al's scheme, we observed that Troung et al' s scheme does not provide user anonymity, perfect forward secrecy, server's secret key security and does not allow the user to choose his/her password. We also identified that Troung et al's scheme is vulnerable to replay attack. To fix these security weaknesses, a robust authentication scheme is proposed and analyzed using the formal verification tool for measuring the robustness. From the observation of computational efficiency of the proposed scheme, we conclude that the scheme is more secure and easy to implement practically.     

密钥隔离的无证书聚合签名

无证书的聚合签名的提出是为了解决密钥托管问题以及复杂的证书管理问题.然而在无证书的聚合签名中,一旦某一签名者的密钥发生泄漏,所有由此签名者参与生成的聚合签名都将不再安全.为了减小无证书的聚合签名中密钥泄漏带来的危害,本文首次将密钥隔离安全机制嵌入到无证书的聚合签名中,提出了密钥隔离的无证书聚合签名的概念和安全模型,并给出了一个实用的方案,通过与协助器的交互,实现了对签名者密钥的定时更新.同时证明了方案在随机预言机模型下是安全的,即,满足密钥隔离安全、强密钥隔离安全和安全密钥更新的性质.     

基于椭圆曲线的无可信中心(t,n)门限群签名

基于有限域上椭圆曲线离散对数难解性,提出了无可信方的(t,n)门限签名方案和可验证的密钥协商方案。利用一个改进的椭圆曲线签名方程,我们得到一个从计算和安全上都比现有的椭圆曲线数字签名算法(ECDSA)更高效的签名方案。此方案具有更短的密钥,更快的计算和更好的安全性。     

一种新的基于椭圆曲线密码体制的 Ad hoc组密钥管理方案

在安全的组通信中,组密钥管理是最关键的问题.论文首先分析了组密钥管理的现状和存在的问题,然后基于椭圆曲线密码体制,针对Ad hoc网络提出了一种安全有效的分布式组密钥管理方案,并对其正确性和安全性进行了证明,由椭圆曲线离散对数困难问题保证协议的安全.针对Ad hoc网络节点随时加入或退出组的特点,提出了有效的组密钥更新方案,实现了组密钥的前向保密与后向保密.与其他组密钥管理方案相比,本方案更加注重组成员的公平性,没有固定的成员结构,并且还具有轮数少、存储开销、通信开销小等特点,适合于在Ad hoc网络环境中使用.     

一种基于双密钥的无线传感网络动态密钥管理方案

针对无线传感网络节点的存储空间、能量等的限制,以及动态密钥管理的无身份认证的安全问题等,提出一种类似一次一密的双密钥管理方案.该方案增加了身份认证模块,以及新节点的认证机制.同时在更新动态密钥时引入盐值,这一特性又进一步增强了无线传感器网络的抗毁性能.最后分析了方案的存储量、连通性以及安全性：在超过6 000个节点的网络环境下,该方案单个节点的密钥存储量大幅降低,仅有E-G方案的一半左右;在连通性方面,E-G方案是基于概率的,一般为0.9,而该方案的连通率为1;在安全性方面,该方案降低了密钥环的数量,未捕获节点的密钥暴露概率比E-G方案低很多.     

On the security and improvement of privacy‐preserving 3‐factor authentication scheme for TMIS

The telecare medicine information system (TMIS) enables patients from different regions to remotely share the same telecare services, which significantly enhances the quality and effectiveness of medical treatment. On the other hand, patients' electronic health records usually involve their privacy information, they thus hesitate to directly transmit these information in TMIS over the public network due to the threat of privacy disclosure. The authenticated key agreement, as a core building of securing communications over the public network, is considered to be necessary for strengthening the security of TMIS. Recently, we note Zhang et al introduced a 3‐factor authenticated key agreement scheme for TMIS and asserted that the proposed scheme can resist various well‐known attacks. Unfortunately, in this paper, we point out that the scheme of Zhang et al cannot achieve the claimed security guarantees. Specifically, their scheme is vulnerable to offline password/identity guessing attack and user/server impersonation attack. To conquer the above security pitfalls, we put forward a new 3‐factor authenticated key agreement scheme with privacy preservation for TMIS. The security evaluation and performance discussion indicate that our scheme can be free from those well‐known and classical attacks including offline guessing attack and impersonation attack, without increasing additional computation cost when compared with related works. Consequently, the new authentication scheme would be more desirable for securing communications in TMIS.     

Centralized Key Management Scheme in Wireless Sensor Networks

Today, key management is widely recognized as an important aspect of security in wireless sensor networks. In these networks, sensor nodes can be either mobile or static. Therefore, supporting the mobility of the nodes can be regarded as a purpose of key management schemes. In our previous work, we presented a key management scheme that was more efficient with respect to security and connectivity compared to the other ones. In that scheme, it is assumed that the nodes are static. In this paper we are going to present a scheme that supports the mobility of the nodes and makes the initial scheme more flexible. The basic criterion for the evaluation of the scheme is the communication overhead. First, the nodes establish a secure link with the cluster heads and then establish a secure link among themselves with the help of the cluster heads. We have analyzed this scheme with regards to the communication overhead and we will compare it with the other schemes.     

标准模型下安全的基于证书密钥封装方案

混合加密是将公钥加密与对称加密结合的一种加密技术.将密钥封装机制引入到基于证书加密方案中,提出了基于证书密钥封装机制的形式化定义及安全模型,构造了一个基于证书密钥封装方案.基于判定双线性Diffie-Hellman困难问题假定,在标准模型下证明提出的方案是自适应选择密文安全的.     

An improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks

In this paper, we cryptanalyze Rhee et al.'s ‘Remote user authentication scheme without using smart cards’, and prove that their scheme is not completely secure against user impersonation attack. The security flaw is caused by mathematical homomorphism of the registration information. In addition, their scheme lacks key agreement procedures for generating the session key to encrypt the communication messages after mutual authentication. Furthermore, a modification is proposed to improve the security, practicability and robustness of such scheme. Firstly, we introduce elliptic curve cryptosystem to enhance the security. Secondly, in order to improve the practicability, our improvement is much more easily implemented using portable devices in global mobility networks; moreover, a synchronized clock system, traditional password table or ancillary equipment are not required in our improvement. Finally, the proposed scheme not only achieves mutual authentication, but also provides the procedure for key agreement and update of secrets for users and servers to increase the robustness. Copyright © 2013 John Wiley & Sons, Ltd.     

An Improved and Secure Two-factor Dynamic ID Based Authenticated Key Agreement Scheme for Multiserver Environment

The smart card based password authentication scheme is one of the most important and efficient security mechanism, which is used for providing security to authorized users over an insecure network. In this paper, we analyzed major security flaws of Jangirala et al.’s scheme and proved that it is vulnerable to forgery attack, replay attack, user impersonation attack. Also, Jangirala et al.’s scheme fail to achieve mutual authentication as it claimed. We proposed an improved two factor based dynamic ID based authenticated key agreement protocol for the multiserver environment. The proposed scheme has been simulated using widely accepted AVISPA tool. Furthermore, mutual authentication is proved through BAN logic. The rigorous security and performance analysis depicts that the proposed scheme provides users anonymity, mutual authentication, session key agreement and secure against various active attacks.     

An efficient three factor–based authentication scheme in multiserver environment using ECC

Recently, Li et al have developed a smartcard‐based remote user authentication scheme in multiserver environment. They have claimed that their scheme is secured against some possible cryptographic attacks. However, we have analyzed that the scheme of Li et al cannot preserve all the proclaimed security goals, which are given as follows: (1) It is not withstanding password‐guessing, user impersonation, insider, and smartcard theft attacks, and (2) it fails to facilitate user anonymity property. To remedy these above‐mentioned security flaws, we have proposed an efficient three factor–based authentication scheme in a multiserver environment using elliptic curve cryptography. The Burrows‐Abadi‐Needham logic is used to confirm the security validation of our scheme, which ensures that it provides mutual‐authentication and session‐key agreement securely. Then, the random oracle model is also considered to analyze the proposed scheme, and it shows that the backbone parameters, ie, identity, password, biometrics, and the session key, are secure from an adversary. Further, the informal security analysis confirms that the suggested scheme can withstand against some possible mentioned attacks. Later, the Automated Validation of Internet Security Protocols and Applications tool is incorporated to ensure its security against passive and active attacks. Finally, the performance comparison of the scheme is furnished to confirm its enhanced security with other relevant schemes.     

An effective key management scheme for heterogeneous sensor networks

Security is critical for sensor networks used in military, homeland security and other hostile environments. Previous research on sensor network security mainly considers homogeneous sensor networks. Research has shown that homogeneous ad hoc networks have poor performance and scalability. Furthermore, many security schemes designed for homogeneous sensor networks suffer from high communication overhead, computation overhead, and/or high storage requirement. Recently deployed sensor network systems are increasingly following heterogeneous designs. Key management is an essential cryptographic primitive to provide other security operations. In this paper, we present an effective key management scheme that takes advantage of the powerful high-end sensors in heterogeneous sensor networks. The performance evaluation and security analysis show that the key management scheme provides better security with low complexity and significant reduction on storage requirement, compared with existing key management schemes.     

移动漫游中强安全的两方匿名认证密钥协商方案

由于低功耗的移动设备计算和存储能力较低,设计一种高效且强安全的两方匿名漫游认证与密钥协商方案是一项挑战性的工作.现有方案不仅计算开销较高,而且不能抵抗临时秘密泄露攻击.针对这两点不足,提出一种新的两方匿名漫游认证与密钥协商方案.在新方案中,基于Schnorr签名机制,设计了一种高效的基于身份签密算法,利用签密的特性实现实体的相互认证和不可追踪;利用认证双方的公私钥直接构造了一个计算Diffie-Hellman（Computational Diffie-Hellman,CDH）问题实例,能抵抗临时秘密泄露攻击.新方案实现了可证明安全,在eCK（extended Canetti-Krawczyk）模型基础上,探讨两方漫游认证密钥协商方案安全证明过程中可能出现的情形,进行归纳和拓展,并给出新方案的安全性证明,其安全性被规约为多项式时间敌手求解椭圆曲线上的CDH问题.对比分析表明：新方案安全性更强,需要实现的算法库更少,计算和通信开销较低.新方案可应用于移动通信网络、物联网或泛在网络,为资源约束型移动终端提供漫游接入服务.     

EPON中安全机制的研究

基于以太网的无源光网络(EPON)是一个点到多点的系统,面临着很多安全隐患。针对EPON系统中存在的几种安全威胁,提出了一种解决EPON安全隐患的综合性方案。     

SecCloudSharing: Secure data sharing in public cloud using ciphertext‐policy attribute‐based proxy re‐encryption with revocation

An efficient cryptography mechanism should enforce an access control policy over the encrypted data to provide flexible, fine‐grained, and secure data access control for secure sharing of data in cloud storage. To make a secure cloud data sharing solution, we propose a ciphertext‐policy attribute‐based proxy re‐encryption scheme. In the proposed scheme, we design an efficient fine‐grained revocation mechanism, which enables not only efficient attribute‐level revocation but also efficient policy‐level revocation to achieve backward secrecy and forward secrecy. Moreover, we use a multiauthority key attribute center in the key generation phase to overcome the single‐point performance bottleneck problem and the key escrow problem. By formal security analysis, we illustrate that our proposed scheme achieves confidentiality, secure key distribution, multiple collusions resistance, and policy‐ or attribute‐revocation security. By comprehensive performance and implementation analysis, we illustrate that our proposed scheme improves the practical efficiency of storage, computation cost, and communication cost compared to the other related schemes.     

基于共扼编码的量子概率加密方案(英文)

We present a quantum probabilistic encryption algorithm for a private-key encryption scheme based on conjugate coding of the qubit string. A probabilistic encryption algorithm is generally adopted in public-key encryption protocols. Here we consider the way it increases the unicity distance of both classical and quantum private-key encryption schemes. The security of quantum probabilistic privatekey encryption schemes against two kinds of attacks is analyzed. By using the no-signalling postulate, we show that the scheme can resist attack to the key. The scheme’s security against plaintext attack is also investigated by considering the information-theoretic indistinguishability of the encryption scheme. Finally, we make a conjecture regarding Breidbart’s attack.     

量子密码协议的改进

本文研究了量子密钥分发方案。结果表明以前的量子密钥分发方案存在安全漏洞。为保证方案安全性,本文提出了两种改进方案,使量子密钥实现真正上的安全密钥分发。     

Secure Remote User Mutual Authentication Scheme with Key Agreement for Cloud Environment

Authentication schemes are widely used mechanisms to thwart unauthorized access of resources over insecure networks. Several smart card based password authentication schemes have been proposed in the literature. In this paper, we demonstrate the security limitations of a recently proposed password based authentication scheme, and show that their scheme is still vulnerable to forgery and offline password guessing attacks and it is also unable to provide user anonymity, forward secrecy and mutual authentication. With the intention of fixing the weaknesses of that scheme, we present a secure authentication scheme. We show that the proposed scheme is invulnerable to various attacks together with attacks observed in the analyzed scheme through both rigorous formal and informal security analysis. Furthermore, the security analysis using the widely-accepted Real-Or-Random (ROR) model ensures that the proposed scheme provides the session key (SK) security. Finally, we carry out the performance evaluation of the proposed scheme and other related schemes, and the result favors that the proposed scheme provides better trade-off among security and performance as compared to other existing related schemes.

     

一种支持悬赏的匿名电子举报方案的安全性分析及设计

 对Miao-Wang-Miao-Xiong匿名电子举报方案进行了安全性分析,指出其存在的安全性缺陷,该方案不满足其要求的举报信息机密性,以及不满足对举报人提供有效的激励机制.设计了破坏这两种性质的攻击方法.为设计满足要求的支持悬赏的匿名电子举报方案,利用安全的基于双线性对的举报受理者公钥加密方案、安全的指定验证者的环签名方案提出了一种支持悬赏的匿名电子举报方案设计模式.经安全性分析,设计模式是安全的.