传感器网络概率密钥预分配模型的安全弹性比较

提出了一种针对节点沦陷情况下的随机密钥预分配模型的细粒度分析方法．为3种具有代表性的密钥预分配模型：基础密钥预分配模型、q—composite随机密钥预分配模型和非平衡密钥预分配模型,在节点沦陷的情况下,提出了一种更适宜的威胁模型和安全弹性定义．本文的分析工作比以往关于密钥预分配模型的分析更为精确．     

一类高效密钥协商方案的研究

密钥协商是密钥管理中的重要研究课题之一．文中基于Abel有限群上离散对数问题的求解困难性，通过引入可信第三方权威认证机构，提出并实现了一种简单实用的高效密钥协商方案XKAS．该方案无需繁琐的身份鉴别认证过程，也不需要引入时戳服务器，能够抵抗目前已知的各种攻击方案，安全性很高．与之前的各种类似的密钥协商方案相比，XKAS方案操作简单、高效，能够应用于各种软硬件环境中．     

无线传感器网络针对多维网格的密钥预分配方案的改进

WSN自身特点决定了安全是对WSN研究中最为重要和最为基本的问题,尤其是密钥管理机制.本文在深入分析基于二元多项式的多维网格密钥预分配机制的基础上,对该方案进行了改进,保留其在内存需求方面较目前提出的其他方案都要小的优点,克服了不具备密钥更新功能,安全性不够理想的缺点.新的多维网格密钥预分配方案可以进行密钥更新,在只增加少量的内存需求的条件下大大提高了系统的安全性,更适用于WSN的实际应用.     

BB84量子密钥分配协议的改进

以BB84协议为基础，对其中部分内容进行了变形，这种改变的核心思想在不影响量子密钥分配协议的安全性的基础上，通信双方通过在第三方普通公共信道上的对话，提高量子通信的传输效率．发信方在对话过程中故意发出一部分假的信息，诱使窃听者上当，以探测窃听者的存在；同时又通过协商一部分量子接收的规则来提高双方的传输效率．这种改进方案对其他带有噪声的量子密码协议同样适用．     

无线传感器网络密钥管理方案研究

从无线传感器网络的安全分析人手,在分类描述无线传感器网络密钥管理方案并分析其优缺点的基础上,结合树型密钥管理结构,提出了一种新的分簇式密钥管理方案,因不同的消息类型有不同的安全需求,该方案建立了4种通信密钥类型：个体密钥,点对密钥,簇密钥和组密钥．其中点对密钥的建立采用了基于临时认证密钥的方法,加强了对节点的身份认证功能,提高了方案的安全性．     

新型昆合加密方案XHES的研究

将公钥密钥分配技术和对称密码加密体制结合起来，提出并实现了一类高效快捷的混合密码加密方案XHES．该方法兼有两类加密体制的优点：既有对称密码加密体制的加密速度快，强度高的优点，又拥有公钥密码体制在密钥分发与管理上的优势．与之前的各种加密技术相比，不仅具有快速的加密速度，安全高效的密钥管理优势，而且无需各种烦琐的鉴别认证过程以及昂贵的专用保密信道，能够抵抗各种已知的攻击方案，安全性很高，操作简单、高效，能够应用于各种软硬件环境之中．     

基于定点设备的高效随机密钥生成方法的研究

针对现有高质量密钥生成方法的速度慢、效率低的问题，提出了一种基于定点设备的高效随机密钥生成方法，在此基础上设计了一个高效密钥生成系统．按照FIPS 140-2标准中的规定对由该系统产生的随机密钥的质量进行了测试和分析，说明该方法能快速产生具有高质量的、满足信息安全系统标准的高强度安全密钥，可以广泛应用于各种信息安全系统中。     

公开密钥密码算法和密钥共享问题的研究

论述了在RSA公开密钥密码算法下的多重公开密钥密码方案、密钥共享，多重密钥共享的技术，密钥的安全保密是密码系统安全的重要保证，存贮在系统中的所有密钥的安全性取决于主密钥的安全性，研究了分析了密钥的秘密共享的LaGrange插值多项式方案。     

代理签字算法在智能卡认证环境中的应用

智能卡可作为理想的密钥存储介质，但由于资源有限，在其内部做公钥运算效率较低。为解决这个问题，结合智能卡的特点，给出了一个基于代理签字算法的安全解决方案。实验表明，与其它方案相比具有高效的特点，同时又能保证卡内密钥信息的安全。     

IPSec系统中安全联盟及密钥生成过程分析

分析了IPSec系统中IKE协议的功能,构成及工作过程,给出了IKE在生成安全联盟过程中用到的消息格式和各个时期产生的密钥源料和密钥,讨论了在不同认证方式下的信息交换过程及安全强度。     

无线Ad-Hoc网络密钥分发和认证机制研究

针对Ad Hoc网络没有管理中心,资源受限等特点,解决了Ad-Hoc网络面临的新的安全问题,使Ad-Hoc网络得到更广泛的应用.结合基于身份加密和门限秘密共享两个基本理论,提出了一个适用于Ad-Hoc网络、没有管理中心的分布式密钥分发和认证方案.其优点是:减少了运算量,节省了存储空间和带宽,并无需在网络形成之前假设密钥已经分发完毕,从而有效解决了Ad-Hoc网络安全中密钥管理的问题.     

无线Ad-Hoc网络密钥分发和认证机制研究

针对Ad Hoc网络没有管理中心,资源受限等特点,解决了Ad-Hoc网络面临的新的安全问题,使Ad-Hoc网络得到更广泛的应用.结合基于身份加密和门限秘密共享两个基本理论,提出了一个适用于Ad-Hoc网络、没有管理中心的分布式密钥分发和认证方案.其优点是:减少了运算量,节省了存储空间和带宽,并无需在网络形成之前假设密钥已经分发完毕,从而有效解决了Ad-Hoc网络安全中密钥管理的问题.     

A Layer-Cluster Key Agreement Protocol for Ad Hoc Networks

Mobile ad hoc networks create additional challenges for implementing the group key establishment due to resource constraints on nodes and dynamic changes on topology. The nodes in mobile ad hoc networks are usually low power devices that run on battery power. As a result, the costs of the node resources should be minimized when constructing a group key agreement protocol so that the battery life could be prolonged. To achieve this goal, in this paper we propose a security efficient group key agreement protocol based on Burmester-Desmedt (BD) scheme and layer-cluster group model, referred to as LCKM-BD, which is appropriate for large mobile ad hoc networks. In the layer-cluster group model, BD scheme is employed to establish group key, which can not only meet security demands of mobile ad hoc networks but also improve executing performance. Finally, the proposed protocol LCKM-BD are compared with BD, TGDH (tree-based group Diffe-Hellman), and GDH (group Diffie-Hellman) group key agreement protocols. The analysis results show that our protocol can significantly decrease both the computational overhead and communication costs with respect to these comparable protocols.     

A more efficient group key distribution scheme for wireless ad hoc networks

As the wireless medium is characterized by its lossy nature, reliable communication cannot be as-sumed in the key management scheme. Therefore self-healing is a good property for key distribution scheme in wireless applications. A new self-healing key distribution scheme was proposed, which is optimal in terms of user memory storage and efficient in terms of communication complexity.     

Certificateless message recovery signatures providing girault’s level-3 security

A digital signature with message recovery is a signature that the message itself (or partial of the message) is not required to be transmitted together with the signature. It has the advantage of small data size of communication comparing with the traditional digital signatures. In this paper, combining both advantages of the message recovery signatures and the certificateless cryptography, we propose the first certificatelss signature scheme with message recovery. The remarkable feature of our scheme is that it can achieve Girault’s Level-3 security while the conventional certificateless signature scheme only achieves Level-2 security. The security of the scheme is rigorously proved in the random oracle model based on the hardness of the k bilinear Diffie-Hellman inverse (k-BDHI) problem.     

A Provably Secure Asynchronous Proactive RSA Scheme

The drawback of the first asynchronous proactive RSA scheme presented by Zhou in 2001, is that the security definition and security proof do not follow the approach of provable security. This paper presented a provably secure asynchronous proactive RSA scheme, which includes three protocols： initial key distribution protocol, signature generation protocol and share refreshing protocol. Taken these protocols together, a complete provably secure proactive RSA scheme was obtained. And the efficiency of the scheme is approximate to that of the scheme of Zhou.     

Robust password and smart card based authentication scheme with smart card revocation

User authentication scheme allows user and server to authenticate each other, and generates a session key for the subsequent communication. How to resist the password guessing attacks and smart card stolen attacks are two key problems for designing smart cart and password based user authentication scheme. In 2011, Li and Lee proposed a new smart cart and password based user authentication scheme with smart card revocation, and claimed that their scheme could be immunity to these attacks. In this paper, we show that Li and Lee＇s sctleme is vulnerable to off-line password guessing attack once the information stored in smart card is extracted, and it does not provide perfect forward secrecy. A robust user authentication scheme with smart card revocation is then proposed. We use a most popular and widely used formal verification tool ProVerif, which is based on applied pi calculus, to prove that the proposed scheme achieves security and authentication.     

Democratic group signatures with linkability from gap Diffie-Hellman group

Democratic group signatures(DGSs) attract many researchers due to their appealing properties, i.e., anonymity, traceability and no group manager.Security results of existing work are based on decisional Diffie-Hellman(DDH) assumption.In this paper, we present a democratic group signature scheme based on any gap Diffie-Hellman(GDH) group where DDH problem is easily but computational Diffie-Hellman(CDH) problem is hard to be solved.Besides the properties of ordinary DGSs, our scheme also provides the property of linkability, i.e., any public verifier can tell whether two group signatures are generated using the same private key.Security properties of our scheme employ a new and independently interesting decisional product Diffie-Hellman(DPDH) assumption which is weaker than DDH one.     

基于关联环签名的抗第三方欺诈安全电子投票方案

为解决电子投票中存在选票碰撞、第三方机构欺诈选民、需借助匿名通信信道发送选票和投票效率低等问题,结合电子投票的基本原理,采用关联环签名技术实现匿名注册,利用盲签名盲化选票和引入身份序列码保证选票唯一性的方法,设计了一个抗第三方欺诈的安全电子投票方案.该方案不仅实现了投票协议应具备的基本安全要求,并且具有抗选票碰撞、可在任意阶段弃权、不依赖于任何可信第三方和匿名通信信道的功能,同时能够高效实现.实验对比表明,本文方案投票时间复杂度仅为961个模乘运算,且与投票者规模无关,较同等安全性下的现有方案效率至少提高42.9%,适合于大群体选举.