Cryptanalysis and Improvement of Digital Multisignature Scheme Based on RSA

Introduction Multisignature is a joint signature generated by agroup of signers. The group has a security policy thatrequires a multisignature to be signed by all groupmembers with the knowledge of multiple privatekeys. Digital multisignatures should have…     

Efficient Dynamic Threshold Group Signature Scheme Based on Elliptic Curve Cryptosystem

The short secret key characteristic of elliptic curve cryptosystem （ECC） are integrated with the （ t, n ） threshold method to create a practical threshold group signature scheme characterized by simultaneous signing. The scheme not only meets the requirements of anonymity and traceability of group signature but also can withstand Tseng and Wang＇s conspiracy attack. It allows the group manager to add new members and delete old members according to actual application, while the system parameters have a little change. Cryptanalysis result shows that the scheme is efficient and secure.     

Secure and efficient digital rights management mechanisms with privacy protection

In the Internet or cloud computing environments, service providers provide more and more content services. Users can use these convenient content services in daily life. The major data of the user are maintained by the service providers except that some personal privacy data are stored at the client device. An attacker may try to invade the systems, and it will cause the damage of users and service providers. Also, users may lose their mobile devices and then it may cause the data disclosure problem. As a result, the data and privacy protection of users become an important issue in these environments. Besides, since many mobile devices are used in these environments, secure authentication and data protection methods must be efficient in these low resource environments. In this paper, we propose an efficient and privacy protection digital rights management （DRM） scheme that users can verify the valid service servers and the service servers can ensure the legal users. Since the key delegation center of the third party has the robust security protection, our proposed scheme stores the encrypted secret keys in the key delegation center. This approach not only can reduce the storage space of the user devices, but also can recover the encrypted secret keys in the key delegation center when a user loses her/his devices for solving the device losing problem.     

An authenticated group key distribution scheme for wireless sensor networks

In wireless sensor networks (WSNs), group key distribution is the core of secure communications since sensor nodes usually form groups and cooperate with each other in sensing data collection and in-network processing. In this paper, we present a scalable authenticated scheme for group key distribution based on a combinatorial exclusion basis system (EBS) for efficiency and one-way hash chains for authentication. The proposed scheme guarantees a lightweight authenticated group key updating procedure and is efficient in terms of storage, communication and computation overheads. Foundation item: the National High Technology Research and Development Program (863) of China (Nos. 2006AA01Z436, 2007AA01Z455, and 2007AA01Z473).     

Simple three-party password authenticated key exchange protocol

Three-party password authenticated key exchange (3PAKE) protocol plays a significant role in the history of secure communication area in which two clients agree a robust session key in an authentic manner based on passwords. In recent years, researchers focused on developing simple 3PAKE (S-3PAKE) protocol to gain system efficiency while preserving security robustness for the system. In this study, we first demonstrate how an undetectable on-line dictionary attack can be successfully applied over three existing S-3PAKE schemes. An error correction code (ECC) based S-3PAKE protocol is then introduced to eliminate the identified authentication weakness.     

具有可追查性的抗合谋攻击(t,n)门限签名方案

在分析王斌和李建华的无可信中心门限签名方案(王-李方案)以及X ie-Yu改进方案安全缺陷的基础上,提出了一种新的具有可追查性的抗合谋攻击(t,n)门限签名方案;对新方案的安全性进行了分析,并与现有方案的效率进行了比较.结果表明:该方案不仅能够从根本上抵抗合谋攻击和伪造签名攻击,而且在保证匿名性的前提下,能够真正实现签名成员身份的可追查性,同时通过构造安全的分布式密钥生成协议保证群私钥的不可知性,因此比现有方案具有更高的安全性.此外,新方案的计算量和通信量与王-李方案接近,但优于X ie-Yu方案.     

无线传感器网络密钥管理方案研究

从无线传感器网络的安全分析人手,在分类描述无线传感器网络密钥管理方案并分析其优缺点的基础上,结合树型密钥管理结构,提出了一种新的分簇式密钥管理方案,因不同的消息类型有不同的安全需求,该方案建立了4种通信密钥类型：个体密钥,点对密钥,簇密钥和组密钥．其中点对密钥的建立采用了基于临时认证密钥的方法,加强了对节点的身份认证功能,提高了方案的安全性．     

Highly resilient key distribution strategy for multi-level heterogeneous sensor networks by using deployment knowledge

The most important problem in the security of wireless sensor network (WSN) is to distribute keys for the sensor nodes and to establish a secure channel in an insecure environment. Since the sensor node has limited resources, for instance, low battery life and low computational power, the key distribution scheme must be designed in an efficient manner. Recently many studies added a few high-level nodes into the network, called the heterogeneous sensor network (HSN). Most of these studies considered an application for two-level HSN instead of multi-level one. In this paper, we propose some definitions for multi-level HSN, and design a novel key management strategy based on the polynomial hash tree (PHT) method by using deployment knowledge. Our proposed strategy has lower computation and communication overheads but higher connectivity and resilience.     

一种动态门限群签名方案的弱点

已有的门限群签名方案几乎都存在弱点,设计性能良好的门限群签名是密码学中的一个公开问题。针对一种动态门限群签名方案详细分析了其存在的弱点,其中最主要的弱点是:部分成员可以合谋得到系统的秘密参数,从而伪造群签名。     

Democratic group signatures with threshold traceability

This paper presents a concrete democratic group signature scheme which holds (t, n)-threshold trace-ability. In the scheme, the capability of tracing the actual signer is distributed among n group members. It gives a valid democratic group signature such that any subset with more than t members can jointly reconstruct a secret and reveal the identity of the signer. Any active adversary cannot do this even if he can corrupt up to t - 1 group members.     

一个安全有效的会议密钥分配方案

提出了M．Steiner等人提出的会议密钥分配方案GDH．2存在的安全漏洞，并提出了一个新的安全有效的密钥分配方案，该方案适合多个用户通过不安全的通信网络进行信息交流。相对于GDH．2而言，本文案只以增加很小的计算量和通信负荷为代价，使安全性能得到较大的提高。     

A Layer-Cluster Key Agreement Protocol for Ad Hoc Networks

Mobile ad hoc networks create additional challenges for implementing the group key establishment due to resource constraints on nodes and dynamic changes on topology. The nodes in mobile ad hoc networks are usually low power devices that run on battery power. As a result, the costs of the node resources should be minimized when constructing a group key agreement protocol so that the battery life could be prolonged. To achieve this goal, in this paper we propose a security efficient group key agreement protocol based on Burmester-Desmedt (BD) scheme and layer-cluster group model, referred to as LCKM-BD, which is appropriate for large mobile ad hoc networks. In the layer-cluster group model, BD scheme is employed to establish group key, which can not only meet security demands of mobile ad hoc networks but also improve executing performance. Finally, the proposed protocol LCKM-BD are compared with BD, TGDH (tree-based group Diffe-Hellman), and GDH (group Diffie-Hellman) group key agreement protocols. The analysis results show that our protocol can significantly decrease both the computational overhead and communication costs with respect to these comparable protocols.     

The Homomorphic Key Agreement

Introduction As a result of the increased popularity ofgroup-oriented applications and protocols, groupcommunication occurs in many different settings:from network layer to application layer. Regard-less of the underlying environment, it is necessaryto pr…     

Distributed model predictive control with one-step delay communication for large-scale systems and a case study

A distributed model predictive control（MPC） scheme with one-step delay communication is proposed for on-line optimization and control of large-scale systems in this paper. Cooperation between subsystems is achieved by exchanging information with neighbor-to-neighbor communication and by optimizing the local problem with the improved performance index in the neighborhood. A distributed MPC algorithm with one-step delay communication is developed for the situation that there is a one-step delay in the information available from its neighbors when a subsystem solves the local optimization problem. The nominal stability is employed for the whole system under the distributed MPC algorithm without the inequality constraints. Finally, the case study of the reactor-storage-separator（RSS） system is illustrated to test the practicality of the presented control algorithm.     

An improved ring signature scheme without trusted key generation center for wireless sensor network

Security of wireless sensor network (WSN) is a considerable challenge, because of limitation in energy, communication bandwidth and storage. ID-based cryptosystem without checking and storing certificate is a suitable way used in WSN. But key escrow is an inherent disadvantage for traditional ID-based cryptosystem, i.e., the dishonest key generation center (KGC) can forge the signature of any node and on the other hand the node can deny the signature actually signed by him/herself. To solving this problem, we propose an ID-based ring signature scheme without trusted KGC. We also present the accurate secure proof to prove that our scheme is secure against existential forgery on adaptively chosen message and ID attacks assuming the complexity of computational Diffie-Hellman (CDH) problem. Compared with other ring signature schemes, we think proposed scheme is more efficient.     

A Secret Sharing Featured Secure Communication System Based on Dual Synchronization of Chaos in Colpitts Circuits

Introduction Synchronizationofchaoshasrecentlyattract-edgreatinterestbecauseofitspotentialapplica-tionsinsecurecommunications[1]andspreadspec-trumcommunications.Inasecurecommunication system,itcanbeusedforsharingtheidentical chaosinthetransmitterandreceiverasacrypto-graphiccode.Synchronizationofchaosinonewaycoupled onepairchaoticcircuitshasbeenstudiedinalarge volumeofliteratures[2-4].Inrecentyears,anew conceptofchaossynchronization,namely“dual synchronizationofchaos”,israised[5].Dualsyn-chr…     

基于关联环签名的抗第三方欺诈安全电子投票方案

为解决电子投票中存在选票碰撞、第三方机构欺诈选民、需借助匿名通信信道发送选票和投票效率低等问题,结合电子投票的基本原理,采用关联环签名技术实现匿名注册,利用盲签名盲化选票和引入身份序列码保证选票唯一性的方法,设计了一个抗第三方欺诈的安全电子投票方案.该方案不仅实现了投票协议应具备的基本安全要求,并且具有抗选票碰撞、可在任意阶段弃权、不依赖于任何可信第三方和匿名通信信道的功能,同时能够高效实现.实验对比表明,本文方案投票时间复杂度仅为961个模乘运算,且与投票者规模无关,较同等安全性下的现有方案效率至少提高42.9%,适合于大群体选举.      

A Distributed Authentication Algorithm Based on GQ Signature for Mobile Ad Hoc Networks

Introduction Mobile ad hoc networks (MANETs) are newinfrastructureless networks without the usual rout-ing infrastructure like fixed routers and routingbackbones. A mobile ad hoc network is a multi-hop temporary self-organizing system compromisedof a group of mobile nodes with radios. MANETshave some special characteristics: self organizing,dynamic topology, limited bandwidth, resourceconstraint nodes, multi-hop routing, vulnerable tosecurity attacks etc. Recently, MANET has beenone of t…     

Distributed certificateless key encapsulation mechanism secure against the adaptive adversary

This paper proposes an adaptively secure solution to certificateless distributed key encapsulation mechanism from pairings by using Canetti's adaptive secure key generation scheme based on discrete logarithm. The proposed scheme can withstand adaptive attackers that can choose players for corruption at any time during the run of the protocol, and this kind of attack is powerful and realistic. In contrast, all previously presented threshold certificateless public key cryptosystems are proven secure against the more idealized static adversaries only. They choose and fix the subset of target players before running the protocol. We also prove security of this scheme in the random oracle model.     

可验证的动态多秘密共享

提出了一种新的可验证的动态门限多秘密共享方案。该方案的安全性基于Shamir的秘密共享体制和椭圆曲线加密算法的安全性以及椭圆曲线离散对数问题的求解困难性。共享秘密可以周期性的改变,秘密分发者周期性的改变公告栏上的信息以增强系统的健壮性。对于不同的共享秘密,秘密分发者可以动态调整该秘密的门限值。此外,方案能有效检测和识别参与者的欺骗行为,参与者也可以验证其接受到的信息,且无需改变私有信息在任何时候都可以重构秘密。由于公告栏上的信息是定期更新的,所以不会影响新秘密的共享。