一个安全高效的车载网认证方案

为了解决车载通信网中的信息安全问题,根据数字签名原理,综合考虑车载通信网实际状况,基于适合大规模群体的双线性对技术,提出快速高效并具有隐私保护功能的信息认证方案,把车辆分成私家车辆和公用车辆,分别采用群签名和基于身份签名的方法对相应信息进行认证,并引入积聚信息批量验证和矛盾信息量化对比确认技术,使车载通信网中信息认证效率比现有方案提高33%以上.仿真结果表明,信息认证的效率与预期分析符合,具有较强的鲁棒性和可扩充性,能够满足车载通信网的运行需求.     

基于自更新哈希链的安全高效车-地鉴权方案

针对下一代高速铁路无线通信系统LTE-R （long term evolution-railway）对安全性和实时性的特殊需求，基于哈希链技术，提出一种完全基于对称密码体制的的车-地通信鉴权方案. 用户归属服务器（home subscriber sever，HSS）利用身份授权主密钥为车载设备（on-board unit，OBU）生成动态可变的匿名身份（temporary identity，TID），以在接入认证请求信令中保护车载设备的隐私，同时能够抵挡去同步攻击. 在列车高速移动过程中，方案采用高效的哈希链代替认证向量完成列车和服务网络之间的双向认证，哈希链的本地更新可解决认证向量耗尽导致的全认证重启问题. 此外，通过引入身份证明票据实现基于基站协同的高效无缝切换认证. 安全性和性能分析表明:在同样条件下，所提出的全认证协议、重认证协议和切换认证协议与目前性能最优的LTE （long term evolution）标准协议相比，计算量分别下降41.67%、44.44%和45.45%，通信量分别下降62.11%、50.91%和84.91%，能够满足LTE-R接入网络的安全性和实时性要求.      

一个基于Schnorr算法的可公开验证的加密方案

基于离散对数问题和Schnorr算法提出了一个新的有效的认证加密方案,新方案具有以下优点:该方案在不暴露消息明文的情况下,任何第三方都可验证签名的有效性,实现公开验证;降低了计算量和占用带宽;在签名中加入了时间戳,能够有效防止重发密文攻击.     

抗临时秘密指数泄露攻击的认证群密钥协商协议

为克服大部分现有的认证群密钥协商(AGKA)协议的不足,基于双指数挑战-应答数字签名(DCR签名)和BD方案,提出了具有常数轮AGKA协议.该协议除具有相关AGKA协议的安全性外,还有抗临时秘密指数泄露攻击能力,效率也有所提高.     

适用于无线通信的用户认证方案设计与分析

提出了一种基于Elgamal签名,适用于无线通信系统的用户认证方案.该方案能实现双方相互认证,抵抗各种攻击(包括网内攻击).对该方案的安全性进行了分析,得出了该方案是一个安全性高、符合无线通信要求的结论.     

基于椭圆曲线的可控代理签名方案的研究

提出了一种具有限制代理签名者行使代理签名权力的新型可控代理签名方案XECLPS，以解决目前的各种代理签名方案所存在的无法实现对代理签名者的代理签名权力进行全面、完整、可靠地控制的问题．同时对这一方案的复杂性和安全性进行了分析．新方案不仅推广和丰富了代理签名的研究成果和应用范围，而且也扩展了椭圆曲线密码体系的功能，为信息安全同题的解决提供了新的密码学方法．     

铁路物流中基于短签名的实时跟踪协议

随着铁路物流软硬件建设的快速发展,大数据和物联网技术在铁路物流中得到广泛应用,以云计算、人工智能和实时在线监控技术为基础的智慧铁路物流系统研究成为一个热门课题。针对当前一些铁路智慧物流系统和设计方案在信息交互过程中缺乏安全认证和数据完整性保护的缺点,提出了一个基于身份标识的高效短签名方案,进一步以此签名方案为基础,设计了一种适用于铁路实时物流跟踪协议。对签名方案进行了协议交互的实验仿真,结果表明签名方案计算量小,效率较高,协议交互次数少,可有效的解决实时物流信息数据完整性保护和可靠性认证问题。     

新型车辆导航监控系统研究

将蓝牙通讯技术引进车辆的定位,研究了基于卡尔曼滤波算法的GPS/DR/MM/BB组合车辆导航监控系统;设计了基于DSP的车载导航计算机,实现了USB通讯及大容量数据存储,在导航定位功能基础上实现了"黑匣子"的多种功能.研究实现的原理样机进行了大量的跑车实验,结果表明:所采用的车辆组合导航方法是有效的、可行的,具有很好的应用价值.     

具有VME总线的车载安全计算机MVB通信板卡

在研究多功能车辆总线MVB、轨道交通车载ATP安全计算机系统的基础上,开发了基于VME总线接口、2乘3取2冗余结构的MVB网络通信控制板,可靠地实现车载ATP安全计算机系统中MVB接口通信功能.在对比了几种冗余结构的基础上,建立数学模型,分析了系统的可靠性和安全性,并详述了VME总线Slave接口的设计及在3取2表决中的同步和容错技术,最后对通信板卡进行了安全测试,在满足IEC61375-1标准的同时,也实现了冗余容错机制,为车载安全计算机控制网络的进一步研究奠定基础.     

具有可追查性的抗合谋攻击(t,n)门限签名方案

在分析王斌和李建华的无可信中心门限签名方案(王-李方案)以及X ie-Yu改进方案安全缺陷的基础上,提出了一种新的具有可追查性的抗合谋攻击(t,n)门限签名方案;对新方案的安全性进行了分析,并与现有方案的效率进行了比较.结果表明:该方案不仅能够从根本上抵抗合谋攻击和伪造签名攻击,而且在保证匿名性的前提下,能够真正实现签名成员身份的可追查性,同时通过构造安全的分布式密钥生成协议保证群私钥的不可知性,因此比现有方案具有更高的安全性.此外,新方案的计算量和通信量与王-李方案接近,但优于X ie-Yu方案.     

A Distributed Authentication Algorithm Based on GQ Signature for Mobile Ad Hoc Networks

Introduction Mobile ad hoc networks (MANETs) are newinfrastructureless networks without the usual rout-ing infrastructure like fixed routers and routingbackbones. A mobile ad hoc network is a multi-hop temporary self-organizing system compromisedof a group of mobile nodes with radios. MANETshave some special characteristics: self organizing,dynamic topology, limited bandwidth, resourceconstraint nodes, multi-hop routing, vulnerable tosecurity attacks etc. Recently, MANET has beenone of t…     

一种高效的移动云服务环境下隐私保护认证协议

为了解决移动云服务环境的互相认证和隐私保护问题,设计了一种改进的移动云服务环境下隐私保护认证协议.该协议结合基于身份的签密技术和多服务器认证技术,保证用户只需注册一次,就可以访问多个移动云服务提供者,同时认证过程不需要可信第三方参与;该协议在移动终端未使用计算复杂度高的双线性对运算和映射到域上的hash运算,其计算效率显著提高. 通过理论分析和实验结果可知:该协议与目前已有的同类协议相比,在移动端的计算时间为45.242 s,其计算效率约为已有同类协议的2倍;具有用户匿名和不可追踪等安全性质;能够抵抗错误口令登录、更改攻击.      

Fast Confidentiality-Preserving Authentication for Vehicular Ad Hoc Networks

This paper studies the existing problems of message authentication protocols in vehicular ad hoc networks(VANETs) due to their significance in the future of commuting and transportation. Our contribution has been devoted to implementing a new protocol for VANETs so that inherent security problems in past works are resolved. Exclusive security measures have been considered for the system which protects the users against threat of any attack. The new protocol shows a great hardness guaranteed by certificate based 80 bit security which assures messages to remain confidential in any time. Also, new unprecedented features like V2 X which improves system performance effectively have been instantiated. The simulation results indicate that message signature generation and verification both take place in much less time than present comparable rival protocols.     

DESIGN OF A DIGITAL SIGNATURE SCHEME BASED ON FACTORING AND DISCRETE LOGARITHMS

Objective Focusing on the security problem of authentication and confidentiality in the context of computer networks, a digital signature scheme was proposed based on the public key cryptosystem. Methods Firstly,the course of digital signature based on the public key cryptosystem was given. Then, RSA and ELGamal schemes were described respectively. They were the basis of the proposed scheme. Generalized ELGamal type signature schemes were listed. After comparing with each other, one scheme, whose Signature equation was (m r)x=j s modФ(p) , was adopted in the designing. Results Based on two well-known cryptographic assumptions, the factorization and the discrete logarithms, a digital signature scheme was presented. It must be required that s“ was not equal to p‘q“ in the signing procedure, because attackers could forge the signatures with high probabilities if the discrete logarithms modulo a large prime were solvable. The variable public key “e“ is used instead of the invariable parameter “3“ in Ham‘s signature scheme to enhance the security. One generalized ELGamal type scheme made the proposed scheme escape one multiplicative inverse operation in the signing procedure and one modular exponentiation in the verification procedure.Conclusion The presented scheme obtains the security that Harn‘s scheme was originally claimed. It is secure if the factorization and the discrete logarithms are simultaneously unsolvable.     

广义椭圆曲线数字签名链口令认证方案

一次性口令是身份认证的重要技术。文章构造了一个基于椭圆曲线数字签名链的一次性口令认证和密钥协商方案。该方案使用了具有消息恢复功能、无须求逆的椭圆曲线数字签名算法,椭圆曲线认证密钥协商协议,密钥进化算法和椭圆曲线数字签名链等。方案有以下优点:服务器无需维护口令和验证列表;允许用户自主选择和更改口令,实现了双向认证;无需系统时钟同步和传输时延限制;能够抵抗重放攻击、离线字典攻击、中间人攻击和内部人攻击;具备口令错误敏感性和强安全修复性;生成的会话密钥具有新鲜性、机密性、已知密钥安全性和前向安全性。经对比,该方案具有更好的安全性能,适合强安全性需求的场合。     

Democratic group signatures with linkability from gap Diffie-Hellman group

Democratic group signatures(DGSs) attract many researchers due to their appealing properties, i.e., anonymity, traceability and no group manager.Security results of existing work are based on decisional Diffie-Hellman(DDH) assumption.In this paper, we present a democratic group signature scheme based on any gap Diffie-Hellman(GDH) group where DDH problem is easily but computational Diffie-Hellman(CDH) problem is hard to be solved.Besides the properties of ordinary DGSs, our scheme also provides the property of linkability, i.e., any public verifier can tell whether two group signatures are generated using the same private key.Security properties of our scheme employ a new and independently interesting decisional product Diffie-Hellman(DPDH) assumption which is weaker than DDH one.     

对两种代理盲签名体制的密码学分析

代理盲签名结合了代理签名与盲签名的优点，而多级代理签名实现了签名权利在许可范围内逐级向下代理的要求。利用椭圆曲线上的双线性对，陈玲玲等人提出了一种基于身份的代理盲签名方案，胡江红等人提出了一种基于身份的多级强代理盲签名方案。给出了这两个方案的密码学分析，指出在陈玲玲等人的方案中，代理签名人可以利用授权证书计算得到原始签名人的私钥，从而可直接伪造原始签名人的签名或授权，同时指出所提的两个方案也无法满足不可追踪性．代理签名人可以将自己在签名协议中的签名和签名的消息联系起来从而跟踪消息的拥有者，从而证明了这两个方案是不安全的。     

Efficient democratic group signatures with threshold traceability

Democratic group signature (DGS) is a group-oriented primitive with great flexibilities, i.e., no group manager, anonymity, and traceability. In a DGS scheme with (t, n)-threshold traceability, any subset of not less than t members can jointly reveal the identity of the signer while preserving security even in the presence of an active adversary can corrupt up to t − 1 group members. This paper proposes an efficient DGS scheme. We use publicly verifiable secret sharing (PVSS) to distribute the trapdoor via which the real signer is revealed. The computation cost and communication overhead of our DGS signatures are greatly reduced, compared with the existing work. For example, the size of the resulting signature contains only 2n + 1 elements of Z _q , except the PVSS output.     

一种高效的基于身份的代理盲签名方案

在代理签名中,原始签名人能将数字签名的权力委托给代理签名人;而在盲签名方案中,签名者不能看到被签消息的内容。签名被接受者得到后,签名者不能追踪签名,结合代理签名与盲签名的优点,利用基于椭圆曲线上的Weil配对（WeilPair—ing）的双线性映射,构造了一个高效的基于身份的代理盲签名方案．分析表明,该方案不仅满足代理盲签名所要求的所有性质,而且其效率也优于已有同类方案．     

Directed proxy signature in the standard model

A directed signature is a type of signature with restricted verification ability. Directed signatures allow only a designated verifier to check the validity of the signature issued to him, and at the time of trouble or if necessary, any third party can verify the signature with the help of the signer or the designated verifier. Directed signature schemes are widely used in situations where the receiver’s privacy should be protected. Proxy signatures allow an entity to delegate its signing capability to another entity in such a way that the latter can sign message on behalf of the former when the former is not available. Proxy signature schemes have found numerous practical applications such as distributed systems and mobile agent applications. In this paper, we firstly define the notion of the directed proxy signature by combining the proxy signature and directed signature. Then, we formalize its security model and present a concrete scheme in the standard model. Finally, we use the techniques from provable security to show that the proposed scheme is unforgeable under the gap Diffie-Hellman assumption, and invisible under the decisional Diffie-Hellman assumption.