基于身份的可认证非对称群组密钥协商协议

非对称群组密钥协商协议(asymmetric group key agreement,AGKA)能使群组内部成员安全地传递信息.随着大规模分布式网络协同计算的发展,参加安全协同计算的成员可能来自于不同领域、不同时区、不同云端及不同类型的网络.现有的AGKA不能满足来自于跨域及异构网络之间群组成员的安全信息交换,且安全性仅局限于抗被动攻击.提出一种基于身份的可认证非对称群组密钥协商协议(identity-based authenticated asymmetric group key agreement,IB-AAGKA),该协议实现一轮非对称群组密钥协商,解决群组成员因时区差异而不能保持多轮在线密钥协商的问题;可实现匿名性与可认证性;支持节点的动态群组密钥更新,实现了群组密钥向前保密与向后保密安全性.在decisional bilinear Diffie-Hellman(DBDH)困难假设下,证明了协议的安全性,并分析了协议的性能.     

群组密钥协商协议的安全性分析方法研究

群组密钥协商允许多个用户通过不安全的信道建立一个共享的会话密钥,设计安全的群组密钥协商协议是最基本的密码学任务之一。介绍了群组密钥协商协议的两类安全性分析方法:计算复杂性方法和形式化分析方法,详细讨论了计算复杂性方法中的关键技术,包括基于规约的证明技术及基于模拟的证明技术、基于规约的安全模型和基于模拟的安全模型,探讨了安全性分析方法的发展趋势。     

安全高效的群组密钥协商协议

群组密钥协商(GKA)是保证随后安全通信的重要手段之一。提出了一种新的群组密钥协商协议,在协议中,参与者可以通过一系列算法对其他参与者的真伪进行验证。该协议以较低的计算成本实现参与者安全的会话密钥协商,具备可容错性和长期私钥可重用性的特点。分析表明可抵抗多数常见攻击。     

非平衡网络环境下基于身份的组密钥交换协议

针对参与者计算能力不均衡的非平衡无线网络环境,首先对基于身份的群组认证密钥协商(ID-AGKA)协议进行安全性分析,指出该协议不能抵抗临时密钥泄露攻击; 随后通过对该协议签名的生成方式进行改进,使得改进的协议不仅在安全性上有所提高,而且能有效减少计算代价和通信代价,因此更适用于非平衡无线网络; 同时,协议采用了指定验证者签名,能有效地解决签名者的隐私问题; 此外,对非平衡网络中群组密钥协商协议的动态机制进行改进,通过高能量节点合理利用用户动态变化前计算的信息来减少低能量节点不必要的计算,这一改进能极大减少低能量节点的计算代价,更符合实际需求; 最后,在随机预言模型中基于整除判定性Diffie-Hellman(DDDH)假设证明了改进的群组密钥协商(GKA)协议的安全性.     

基于身份的移动网动态群组密钥协商方案

群组密钥协商是群组通信中非常重要的基本工具，如何得到一个安全有效的密钥协商协议是当前密码学研究中的一个重要问题。基于双线性对和随机预言模型，针对移动网络提出了一个动态群组密钥协商方案。此方案就计算复杂度和通信复杂度而言都是高效的，而且满足密钥协商所需要的安全要求。     

基于分层身份的网络密钥协商协议

为保证开放网络环境下的安全通信,在现有基于身份密码体制的基础上,提出一种新的基于分层身份的网络密钥协商协议.新协议满足所有密钥协商的安全属性,计算效率全面领先目前已有协议,能够有效地解决传统公钥系统需要进行证书传递和验证的问题,且能满足大规模网络应用的需求.     

对一个认证密钥协商协议的分析与改进

认证密钥协商协议是一种重要的安全协议,然而设计安全的此类协议却是十分困难的。本文分析了陈铁明等人于2008年提出的一个认证密钥协商协议,指出该协议不能抵抗密钥泄露伪装攻击。首先给出了具体攻击方法,然后在原有协议的基础上提出了一个新的改进协议,最后对改进协议的安全性质进行了分析。分析表明,改进协议满足较高的安全性,提供了已知密钥安全、完善前向安全、抗密钥泄露伪装攻击、未知密钥共享以及无密钥控制等安全属性,并且改进协议在计算效率和安全性方面取得了较好平衡,更加适合实际网络通信需要。     

基于身份的增强三方认证密钥协商协议

现有的三方认证密钥协商协议安全性低且计算开销较大,提出一种基于身份的增强三方认证密钥协商协议。新协议在实现密钥协商基本安全属性的同时,利用短签名和时间戳技术进一步提高安全性。分析表明,增强协议能满足现有已知的三方密钥协商安全属性,且仅需两次双线性对运算,计算开销更低。此外,提出更强的抗密钥泄露伪装属性,首次指出陈浩等人以及陈家琪等人方案存在重大缺陷。     

一个消息策略基于属性的密钥协商协议

提出一个消息策略基于属性的密钥协商协议.基于属性的密钥协商协议具有很多特性,其中主要的特性是模糊鉴别.讨论了模糊鉴别特性在密钥协商协议中的应用,并具体构建了一个两方的消息策略基于属性的密钥协商协议,所实现的消息策略为两值属性上的与门访问结构.此外,基于判定双线形Diffie-Hellman假定,在标准模型下证明了协议的安全性.     

两种安全的密钥协商协议

研究一种集成DSA数字签名的Diffie Hellman密钥协商协议,对Phan改进协议进行安全性分析和优化。然后,基于RSA-OAEP密钥算法设计了一种新的密钥协商协议。该协议形式简单,计算速度快,并满足密钥协商协议所需的安全属性。     

An energy efficient security protocol for IEEE 802.11 WLANs

Security protocols in wired and wireless networks make use of computationally intensive cryptographic primitives and several message exchanges for authenticated key exchange at the session level and data confidentiality and integrity at the packet level. Moreover, changes in connectivity require mobile stations to repeatedly authenticate themselves, thereby expending more energy. In this paper, we propose an energy efficient security protocol for wireless local area networks (WLANs) that employs (a) different cryptographic primitives based on their suitability in terms of energy consumption and security level, (b) different levels of security and types of security services depending on the type of packet in 802.11 WLANs, and (c) a light-weight hashed key chain to reduce the number of expensive authentication transactions due to connectivity losses. We use packet traces from three different networks to compare the performance of the energy efficient security protocol with that of the standard 802.11 WLAN security protocol and show significant reduction in energy consumption.     

Algebra model and security analysis for cryptographic protocols

With the rapid growth of the Internet and the World Wide Web a large number of cryptographic protocols have been deployed in distributed systems for various application requirements, and security problems of distributed systems have become very important issues. There are some natural problems: does the protocol have the right properties as dictated by the requirements of the system? Is it still secure that multiple secure cryptographic protocols are concurrently executed? How shall we analy…     

One-round identity-based key exchange with Perfect Forward Security

Identity-based authenticated key exchange (IBAKE) protocol is one of the most important cryptographic primitives that enables two parties using their identities to establish their common secret keys without sending and verifying public key certificates. Recently, many works have been dedicated to design efficient and secure IBAKE protocols without bilinear pairings which need the heavy computational cost. Unfortunately, most of the proposed protocols cannot provide Perfect Forward Security (PFS) which is a major security goal of authenticated key exchange protocols. In this paper we present an efficient and provably secure IBAKE protocol with PFS. Our protocol relies on the technique known as the concatenated Schnorr signature and it could be viewed as a variant of the protocol proposed by Fiore et al. in 2010. By using the Canetti–Krawczyk security model, we prove that the protocol is secure with PFS under the Computational Diffie–Hellman assumption in the random oracle model. The protocol is of interest since it offers a remarkable combination of advanced security properties and efficiency and its security proof is succinct and intelligible.     

IKE2协议的安全性分析

本文首先扩展了串空间的理想理论,然后应用此扩展理论分析IKE2协议的核心安全：秘密性和认证性。通过分析,证明了IKE2协议的密钥交换和认证安全性,但同时发现它不能在主动攻击模式下保护发起者身份,对此我们提出了一个修改意见。对IKE2的分析也为扩展串空间理论在复杂协议分析中的应用提供了一个实践基础。     

JFK协议的安全性分析

重新定义了串空间理想概念，并扩展了有关命题和定理，从而使串空间理论能分析包含丰富密码原语的安全协议，进一步应用此扩展串空间理论分析JFK协议（一个新提出的IPsec密钥交换协议）的桉心安全属性：秘密性和认证性．通过分析证明了JFK协议的密钥和认证安全性，对JFK的分析也为扩展串空间理论的广泛应用打下了一个坚实的基础．     

基于串空间模型的Athena方法的改进

Athena分析方法由于没有抽象更多的密码学原语，因此不能分析较复杂的安全协议。该文针对互联网密钥交换协议(IKEv2)，对Athena方法进行了扩展：修改消息项结构，扩展密码学原语，使其能分析DH（Diffie-Hellman）密钥协商问题，修改内在项关系，使其能应对更复杂的消息构造情况，并对相关命题和定理进行了证明。根据扩展后的Athena方法，对IKEv2协议的秘密性和认证性等进行了分析，对协议的特点作了进一步讨论。     

基于Petri网的密码协议分析

在Federico提出的一种密码协议进程语言的基础上，建立了便于进行密码协议分析的简化Petri网模型，给出了协议满足秘密性的充要条件，并以NS公钥协议为例，用Petri网模型，结合归纳方法和串空间分析方法从密钥、新鲜数和协议主体三个方面的秘密性分析了该协议的秘密性，简化了协议秘密性的分析。     

Relating symbolic and cryptographic secrecy

We investigate the relation between symbolic and cryptographic secrecy properties for cryptographic protocols. Symbolic secrecy of payload messages or exchanged keys is arguably the most important notion of secrecy shown with automated proof tools. It means that an adversary restricted to symbolic operations on terms can never get the entire considered object into its knowledge set. Cryptographic secrecy essentially means computational indistinguishability between the real object and a random one, given the view of a much more general adversary. In spite of recent advances in linking symbolic and computational models of cryptography, no relation for secrecy under active attacks is known yet. For exchanged keys, we show that a certain strict symbolic secrecy definition over a specific Dolev-Yao-style cryptographic library implies cryptographic key secrecy for a real implementation of this cryptographic library. For payload messages, we present the first general cryptographic secrecy definition for a reactive scenario. The main challenge is to separate secrecy violations by the protocol under consideration from secrecy violations by the protocol users in a general way. For this definition, we show a general secrecy preservation theorem under reactive simulatability, the cryptographic notion of secure implementation. This theorem is of independent cryptographic interest. We then show that symbolic secrecy implies cryptographic payload secrecy for the same cryptographic library as used in key secrecy. Our results thus enable formal proof techniques to establish cryptographically sound proofs of secrecy for payload messages and exchanged keys.     

Quantum security analysis of a lattice-based oblivious transfer protocol

Because of the concise functionality of oblivious transfer (OT) protocols, they have been widely used as building blocks in secure multiparty computation and high-level protocols. The security of OT protocols built upon classical number theoretic problems, such as the discrete logarithm and factoring, however, is threatened as a result of the huge progress in quantum computing. Therefore, post-quantum cryptography is needed for protocols based on classical problems, and several proposals for post-quantum OT protocols exist. However, most post-quantum cryptosystems present their security proof only in the context of classical adversaries, not in the quantum setting. In this paper, we close this gap and prove the security of the lattice-based OT protocol proposed by Peikert et al. (CRYPTO, 2008), which is universally composably secure under the assumption of learning with errors hardness, in the quantum setting. We apply three general quantum security analysis frameworks. First, we apply the quantum lifting theorem proposed by Unruh (EUROCRYPT, 2010) to prove that the security of the lattice-based OT protocol can be lifted into the quantum world. Then, we apply two more security analysis frameworks specified for post-quantum cryptographic primitives, i.e., simple hybrid arguments (CRYPTO, 2011) and game-preserving reduction (PQCrypto, 2014).     

Abstraction and resolution modulo AC: How to verify Diffie–Hellman-like protocols automatically

We show how cryptographic protocols using Diffie–Hellman primitives, i.e., modular exponentiation on a fixed generator, can be encoded in Horn clauses modulo associativity and commutativity. In order to obtain a sufficient criterion of security, we design a complete (but not sound in general) resolution procedure for a class of flattened clauses modulo simple equational theories, including associativity–commutativity. We report on a practical implementation of this algorithm in the MOP modular platform for automated proving; in particular, we obtain the first fully automated proof of security of the IKA.1 initial key agreement protocol in the so-called pure eavesdropper model.