一种新的无证书可认证多方密钥协商协议

Joux提出的三方密钥协商方案虽然简洁、高效,但不能抵抗中间人攻击。基于无证书公钥密码体制,提出一种新的无证书可认证多方密钥协商方案,新方案将Joux的三方协议拓展至多方,并且具有认证功能。由于新方案中所用的签名为短签名,所以整个认证过程计算效率较高,另外,新方案还具有简单证书管理、无密钥托管的优点,新方案满足无密钥控制、抗中间人的主动攻击、前向安全性和抗密钥泄露伪装攻击等多种安全特性。     

无证书两方认证密钥协商协议攻击及改进

分析了Kim等人提出的不依赖于双线性对运算的无证书两方认证密钥协商协议,指出该协议在公钥替换攻击下不满足基本伪装攻击安全性,并给出了一个具体攻击。针对该协议存在的安全性缺陷,提出了一个改进的无证书两方认证密钥协商协议。分析表明,所提出的改进协议能够有效地抵抗公钥替换攻击并满足一些必要的安全属性。     

基于身份的认证密钥协商协议

密钥协商协议应该在满足安全性的条件下,使实现协议所需的计算开销尽可能小。文中提出了一个基于身份的认证密钥协商协议BAKAP(ID-Based Authenticated Key Agreement Protocol)。该协议提供了已知密钥安全性、完善前向保密性、密钥泄露安全性、未知密钥共享安全性和密钥控制安全性。在该协议中,参与者只需执行两次椭圆曲线点乘法和一次双线性运算。该协议与已有协议相比,计算代价小。     

一种改进的双线性对的双向基于身份的认证密钥协商协议

使用对的双向认证密钥协商协议已经在密码领域得到了广泛的关注,过去提出的一些这种类型的协议大多数是有缺陷的,这导致了协议被攻击或者无法保证其安全性。在本文中,我们利用一种签名方案的变体,提出了一种有效的、使用线性对的且基于身份的认证密钥协商协议,并证明了其安全性。此外,和现有的一些协议相比,我们所给出的协议更安全有效。     

一种基于ECDH的可认证密钥协商协议

针对Diffie-Hellman密钥交换协议和ECDH密钥协商协议的缺陷,给出了一种改进后的可认证密钥协商协议。该协议具有等献性、密钥不可控、密钥确认、完美前向安全以及抗已知密钥攻击等安全特性。跟以往的密钥协商协议相比,其管理简单、开销较低、安全性高、扩展性较好且实现了身份认证,以较低的计算成本和较高的运算效率实现了通信双方安全的会话密钥协商与密钥验证,能够较好地适用于大规模网络的端到端密钥管理。     

一种基于SD卡的口令认证密钥协商方案

手机恶意软件的日益泛滥对移动支付的安全性带来了巨大的挑战。现有移动支付系统中的认证机制过于依赖静态口令与短信验证码,存在较大的安全隐患。文中针对远程移动支付应用场景,提出了一种基于SD卡的口令认证密钥协商方案,在保证用户与支付系统的双向认证以及会话密钥的安全性的同时,能够抵抗口令猜测攻击、SD卡被盗攻击以及钓鱼软件攻击。     

一种新的三方认证密钥协商协议

目前大部分基于身份的三方认证密钥协商协议都存在安全缺陷,文中在Xu等人提出的加密方案的基础上,设计了一种基于身份的三方认证密钥协商协议.该协议的安全性建立在BDDH假设基础上,经安全性分析,协议具有已知密钥安全,PKG前向安全,并能抵抗未知密钥共享攻击和密钥泄露伪装攻击,因此该协议是一个安全的三方密钥协商协议.     

无双线性对的基于身份的认证密钥协商协议

鉴于目前大多数基于身份的认证密钥协商(ID-AK)协议需要复杂的双线性对运算,该文利用椭圆曲线加法群构造了一个无双线性对的ID-AK协议。协议去除了双线性对运算,效率比已有协议提高了至少33.3%;同时满足主密钥前向保密性、完善前向保密性和抗密钥泄露伪装。在随机预言机模型下,协议的安全性可规约到标准的计算性Diffie-Hellman假设。     

层次身份基认证密钥协商方案的安全性分析和改进

该文分析了曹晨磊等人(2014)提出的层次身份基认证密钥协商方案的安全性,指出该方案无法抵抗基本假冒攻击。文中具体描述了对该方案实施基本假冒攻击的过程,分析了原安全性证明的疏漏和方案无法抵抗该攻击的原因。然后,在BONEH等人(2005)层次身份基加密方案基础上提出了一种改进方案。最后,在BJM模型中,给出了所提方案的安全性证明。复杂度分析表明所提方案在效率上同原方案基本相当。     

基于身份的密钥协商方案

文章利用椭圆曲线上双线性映射的特性,分别提出了基于身份的双方密钥协商方案和三方密钥协商方案。通过较少的步骤,同时实现密钥协商和用户相互认证,其代价低于使用证书的密钥协商方案。文章最后对方案的正确性、安全性进行了简单分析。     

A pairing‐free certificateless authenticated key agreement protocol

Many certificateless two‐party authenticated key agreement schemes using bilinear pairings have been proposed. But the relative computation cost of the pairing is approximately twenty times higher than that of the scalar multiplication over elliptic curve group In order to improve the performance we propose a certificateless two‐party authenticated key agreement scheme without bilinear pairings in this paper. A security proof under random oracle model is also provided. Copyright © 2011 John Wiley & Sons, Ltd.     

一种新的适于Ad hoc网可认证密钥协商协议

提出一种新的适于Ad hoc网可认证密钥协商协议。基于签密技术。在同一逻辑步内同时实现了认证和加密功能,提高了密钥协商效率;基于身份的公钥密码系统,降低了建立和管理公钥基础设施的代价;应用椭圆曲线上双线性对,使得该协议能以短的密钥和小的计算量实现同等安全要求。与已有密钥协商协议相比,新协议计算和传输量小,带宽要求低,安全性高,适合能源和带宽受限的Ad hoc网络。     

无证书的层次认证密钥协商协议

提出了一种无证书的层次认证密钥协商协议,协议的安全性基于计算性Diffie-Hellman困难假设,并在eCK（extended Canetti–Krawczyk）模型下证明了该协议的安全性。该协议中,根PKG为多层的域PKG验证身份并生成部分私钥,域PKG为用户验证身份并生成部分私钥,私钥则由用户选定的秘密值和部分私钥共同生成。与已有协议相比,协议不含双线性映射配对运算,且具有较高的效率。     

Two-factor authenticated key agreement protocol based on biometric feature and password

A new two-factor authenticated key agreement protocol based on biometric feature and password was proposed.The protocol took advantages of the user’s biological information and password to achieve the secure communication without bringing the smart card.The biometric feature was not stored in the server by using the fuzzy extractor technique,so the sensitive information of the user cannot be leaked when the server was corrupted.The authentication messages of the user were protected by the server’s public key,so the protocol can resist the off-line dictionary attack which often appears in the authentication protocols based on password.The security of the proposed protocol was given in the random oracle model provided the elliptic computational Diffie-Hellman assumption holds.The performance analysis shows the proposed protocol has better security.     

A new authenticated key agreement for session initiation protocol

The session initiation protocol (SIP) is an authentication protocol used in 3G mobile networks. In 2009, Tsai proposed an authenticated key agreement scheme as an enhancement to SIP. Yoon et al. later pointed out that the scheme of Tsai is vulnerable to off‐line password guessing attack, Denning–Sacco attack, and stolen‐verifier attack and does not support perfect forward secrecy (PFS). Yoon et al. further proposed a new scheme with PFS. In this paper, we show that the scheme of Yoon et al. is still vulnerable to stolen‐verifier attack and may also suffer from off‐line password guessing attack. We then propose several countermeasures for solving these problems. In addition, we propose a new security‐enhanced authentication scheme for SIP. Our scheme also maintains low computational complexity. Copyright © 2011 John Wiley & Sons, Ltd.     

AN IMPROVED AUTHENTICATED KEY AGREEMENT PROTOCOL

In 1999, Seo and Sweeney proposed a simple authenticated key agreement protocol that was designed to act as a Diffie-Hellman key agreement protocol with user authentication. Various attacks on this protocol are described and enhanced in the literature. Recently, Ku and Wang proposed an improved authenticated key agreement protocol, where they asserted the protocol could withstand the existing attacks. This paper shows that Ku and Wang＇s protocol is still vulnerable to the modification attack and presents an improved authenticated key agreement protocol to enhance the security of Ku and Wang＇s protocol. The protocol has more efficient performance by replacing exponentiation operations with message authentication code operations.     

支持用户撤销的属性认证密钥协商协议

用户撤销是基于属性的认证密钥协商(ABAKA, attribute-based authenticated key agreement)协议在实际应用中所必需解决的问题。通过将Waters的基于属性的加密方案和Boneh-Gentry-Waters的广播加密方案相结合,提出了一个支持用户撤销的ABAKA协议。该协议能够实现对用户的即时撤销且不需要密钥权威对所有未被撤销的用户私钥进行定期更新。相比于现有的协议,该协议具有较高的通信效率,并能够在标准模型和修改的ABCK模型下可证安全,具有弱的完美前向安全性,并能够抵抗密钥泄露伪装攻击。     

An ECC‐based authenticated group key exchange protocol in IBE framework

With the rapid demand for various increasing applications, the internet users require a common secret key to communicate among a group. The traditional key exchange protocols involve a trusted key generation center for generation and distribution of the group key among the various group members. Therefore, the establishment of a trusted key generation center server and the generation (and distribution) of common session key require an extra overhead. To avoid this difficulty, a number of group key exchange protocols have been proposed in the literature. However, these protocols are vulnerable to many attacks and have a high computational and communication cost. In this paper, we present an elliptic curve cryptography–based authenticated group key exchange (ECC‐AGKE) protocol, which provides better security and has lower computational cost compared to related proposed schemes. Further, a complexity reduction method is deployed to reduce the overall complexity of the proposed elliptic curve cryptography–based authenticated group key exchange protocol. The security of proposed work is ensured by the properties of elliptic curves. A security adversarial model is given and an extensive formal security analysis against our claim is done in the random oracle model. We also made a comparison of our proposed protocol with similar works and found that ours have better complexity, security and efficiency over others.