Wavelength reservation scheme with switch fabric status in distributed mesh optical networks

A new wavelength reservation scheme is proposed to mitigate the connection setup time and minimize the reconfiguration times of optical cross-connects (OXCs) for WDM optical networks in this study. In this scheme, we consider the reconfiguration information of switch fabrics in the signaling protocol, which is designated as the signaling with switch fabric status (SWFS). Distributed reservation algorithms will reserve the wavelength with minimum of reconfiguration times of OXCs along the route. Simulation results indicate that the proposed schemes with switch fabrics status have shorter setup time, lower switching ratio as well as better blocking performance than those of the traditional classic schemes. Moreover, the proposed schemes with SWFS significantly reduce the number of switch fabrics that need to be reconfigured. Foundation item: the National Natural Science Foundation of China (Nos. 60632010 and 60572029) and the National High Technology Research and Development Program (863) of China (No. 2006AA01Z251)     

Filling the gap between voters and cryptography in e-voting

Cryptography is an important tool in the design and implementation of e-voting schemes since it can provide verifiability, which is not provided in the traditional voting. But in the real life, most voters can neither understand the profound theory of cryptography nor perform the complicated cryptographic computation. An e-voting system is presented in this paper to leverage the use of cryptography. It combines the advantages of voting scheme of Moran-Naor and voting scheme based on homomorphic encryption. It makes use of the cryptographic technique, but it hides the details of cryptographic computation from voters. Compared with voting scheme of Moran-Naor, the new system has three advantages: the ballots can be recovered when the voting machine breaks down, the costly cut-and-choose zero-knowledge proofs for shuffling votes made by the voting machine are avoided and the partial tally result in each voting machine can be kept secret. Foundation item: the National Natural Science Foundation of China (No. 60673076) and the National High Technology Research and Development Program (863) of China (No. 2008AA01Z403)     

Free-riders impact on throughputs of peer-to-peer file-sharing systems

In a peer-to-peer file-sharing system, a free-rider is a node which downloads files from its peers but does not share files to other nodes. Analyzing the free-riders’ impact on system throughputs is essential in examining the performance of peer-to-peer file-sharing systems. We find that the free-riders’ impact largely depends on nodes behavior, including their online time and greed of downloading files. We extend an existing peer-to-peer system model and classify nodes according to their behavior. We focus on two peer-to-peer architectures: centralized indexing and distributed hash tables. We find that when the cooperators in a system are all greedy in downloading files, the system throughput has little room to increase while the cooperators throughput degrade badly with the increasing percent of greedy free-riders in the system. When all the cooperators are non-greedy with long average online time, the system throughput has much room to increase and the cooperators throughput degrade little with a high percent of greedy free-riders in the system. We also find that if a system can tolerate a high percent of greedy free-riders without suffering much throughput degradation, the system must contain some non-greedy cooperators that contribute great idle service capacity to the system. Foundation item: the National High Technology Research and Development Program (863) of China (No. 2007AA01Z457), and the Shanghai Science and Technology Development Funds (No. 07QA14033)     

ID-Based Authenticated Dynamic Group Key Agreement

IntroductionIn many modern collaborative and distributedapplications such as multicast communication, au-dio-video conference and collaborative tools, scal-able and reliable group communication is one of thecritical problems. A group key agreement (GKA)protocol allows a group of users to share a key,which may later be used to achieve some crypto-graphic goals. In addition to this basic tool an au-thentication mechanism provides an assurance ofkey shared with intended users. A protocol achiev…     

Robust stability of neutral systems: A discretized Lyapunov functional method

This paper focuses on the robust stability for time-delay systems of neutral type. A new complete Lyapunov-Krasovskii function (LKF) is developed. Based on this function and discretization, stability conditions in terms of linear matrix inequalities are obtained. A class of time-varying uncertainty of system matrices can be studied by the method. Foundation item: the National High Technology Research and Development Program (863) of China (No. 2006AA05Z148)     

A loss-tolerant group key management scheme with revocation capability for wireless sensor network

A new group key management scheme against the unreliable wireless communication channel and unsafe environment was proposed for wireless sensor network (WSN). In the proposed scheme, broadcast polynomial, generated over finite field Fq based on the secret sharing, was employed to revoke compromised sensor nodes. In order to tolerate key-update message loss, group session keys were generated as one-way hash chain sequence and distributed in advance. The analysis showes that the scheme has better performance in terms of the computation and communication overhead.     

Highly resilient key distribution strategy for multi-level heterogeneous sensor networks by using deployment knowledge

The most important problem in the security of wireless sensor network (WSN) is to distribute keys for the sensor nodes and to establish a secure channel in an insecure environment. Since the sensor node has limited resources, for instance, low battery life and low computational power, the key distribution scheme must be designed in an efficient manner. Recently many studies added a few high-level nodes into the network, called the heterogeneous sensor network (HSN). Most of these studies considered an application for two-level HSN instead of multi-level one. In this paper, we propose some definitions for multi-level HSN, and design a novel key management strategy based on the polynomial hash tree (PHT) method by using deployment knowledge. Our proposed strategy has lower computation and communication overheads but higher connectivity and resilience.     

广义椭圆曲线数字签名链口令认证方案

一次性口令是身份认证的重要技术。文章构造了一个基于椭圆曲线数字签名链的一次性口令认证和密钥协商方案。该方案使用了具有消息恢复功能、无须求逆的椭圆曲线数字签名算法,椭圆曲线认证密钥协商协议,密钥进化算法和椭圆曲线数字签名链等。方案有以下优点:服务器无需维护口令和验证列表;允许用户自主选择和更改口令,实现了双向认证;无需系统时钟同步和传输时延限制;能够抵抗重放攻击、离线字典攻击、中间人攻击和内部人攻击;具备口令错误敏感性和强安全修复性;生成的会话密钥具有新鲜性、机密性、已知密钥安全性和前向安全性。经对比,该方案具有更好的安全性能,适合强安全性需求的场合。     

Provably secure authenticated Diffie-Hellman key exchange for resource-limited smart card

Authenticated Diffie-Hellman key agreement is quite popular for establishing secure session keys. As resource-limited mobile devices arc becoming more popular and security threats are increasing, it is desirable to reduce computational load for these resource-limited devices while still preserving its strong security and convenience for users. In this paper, we propose a new smart-card-based user authenticated key agreement scheme which allows users to memorize passwords, reduces users＇ device computational load while still preserves its strong security. The proposed scheme effectively improves the computational load of modular exponentiations by 50%, and the security is formally proved.     

ID-based Key-insulated Authenticated Key Agreement Protocol

The basic idea behind an ID-based cryptosystem is that end user's public key can be determined by his identity information.Comparing with the traditional certificate-based cryptography,identity-based cryptography can eliminate much of the overhead associated with the deployment and management of certificate.However,exposure of private keys can be the most devastating attack on a public key based cryptosystem since such that all security guarantees are lost.In this paper,an ID-based authenticated key agreement protocol was presented.For solving the problem of key exposure of the basic scheme,the technique of key insulation was applied and a key insulated version is developed.     

Threshold signature scheme with threshold verification based on multivariate linear polynomial

Secret sharing schemes are multi-party protocols related to key establishment. They also facilitate distributed trust or shared control for critical activities (e.g., signing corporate cheques and opening bank vaults), by gating the critical action on cooperation from t(t ∈ Z ⁺) of n(n ∈ Z ⁺) users. A (t, n) threshold scheme (t < n) is a method by which a trusted party computes secret shares Γ _i (1 ⩽ i ⩽ n) from an initial secret Γ ₀ and securely distributes Γ _i to user. Any t or more users who pool their shares may easily recover Γ ₀, but any group knowing only t−1 or fewer shares may not. By the ElGamal public key cryptophytes and the Schnorr’s signature scheme, this paper proposes a new (t, n) threshold signature scheme with (k,m) (k,m ∈ Z ⁺) threshold verification based on the multivariate linear polynomial.     

Efficient democratic group signatures with threshold traceability

Democratic group signature (DGS) is a group-oriented primitive with great flexibilities, i.e., no group manager, anonymity, and traceability. In a DGS scheme with (t, n)-threshold traceability, any subset of not less than t members can jointly reveal the identity of the signer while preserving security even in the presence of an active adversary can corrupt up to t − 1 group members. This paper proposes an efficient DGS scheme. We use publicly verifiable secret sharing (PVSS) to distribute the trapdoor via which the real signer is revealed. The computation cost and communication overhead of our DGS signatures are greatly reduced, compared with the existing work. For example, the size of the resulting signature contains only 2n + 1 elements of Z _q , except the PVSS output.     

传感器网络概率密钥预分配模型的安全弹性比较

提出了一种针对节点沦陷情况下的随机密钥预分配模型的细粒度分析方法．为3种具有代表性的密钥预分配模型：基础密钥预分配模型、q—composite随机密钥预分配模型和非平衡密钥预分配模型,在节点沦陷的情况下,提出了一种更适宜的威胁模型和安全弹性定义．本文的分析工作比以往关于密钥预分配模型的分析更为精确．     

Can the Polynomial Based Key Predistribution Scheme Be Used Many Times in One Wireless Sensor Network Key Establishment Protocol？

Key establishment is the basic step for the wireless sensor network (WSN) security. The polynomial based key predistribution scheme of Blom and Blundo et al. has been the basic ingredient for the key establishment for WSNs. It is tempting to use many random and different instances of polynomial based key predistribution scheme for various parts of the WSN to enhance the efficiency of WSN key establishment protocols. This paper indicates that it is not secured in general to use many instances of Blom-Blundo et al. polynomial based key predistribution scheme in a WSN key establishment protocol. Thus the previously constructed group-based type WSN key predistribution schemes using polynomial based key predistribution scheme are insecure. We propose new generalized Blom-Blundo et al. key predistribution schemes. These new generalized Blom-Blundo et al. key predistribution schemes can be used many times in one WSN key establishment protocol with only a small increase of cost. The application to group-based WSN key predistribution schemes is given.     

The Homomorphic Key Agreement

Introduction As a result of the increased popularity ofgroup-oriented applications and protocols, groupcommunication occurs in many different settings:from network layer to application layer. Regard-less of the underlying environment, it is necessaryto pr…     

Identity-based threshold decryption on access structure

For the applied limitation of the existing threshold decryption schemes based on the (t, n) structure, an identity-based threshold decryption scheme which can be applied on the access structure is proposed through designing a special distribution algorithm of the private key shares. The generation and distribution of private key shares, the encryption, the decryption and the combination are introduced in detail. The validity and security of the scheme are proved and analyzed. Comparisons with the existing schemes show that the proposed scheme is more flexible.     

抗临时秘密指数泄露攻击的认证群密钥协商协议

为克服大部分现有的认证群密钥协商(AGKA)协议的不足,基于双指数挑战-应答数字签名(DCR签名)和BD方案,提出了具有常数轮AGKA协议.该协议除具有相关AGKA协议的安全性外,还有抗临时秘密指数泄露攻击能力,效率也有所提高.     

Chosen ciphertext secure fuzzy identity based encryption without ROM

Two new constructions of chosen-ciphertext secure fuzzy identity-based encryption(fuzzy-IBE) schemes without random oracle are proposed.The first scheme combines the modification of chosen-plaintext secure Sahai and Waters'"large universe"construction and authenticated symmetric encryption, and uses consistency checking to handle with ill-formed ciphertexts to achieve chosen-ciphertext security in the selective ID model.The second scheme improves the effciency of first scheme by eliminating consistency checking.This improved scheme is more effcient than existing chosen-ciphertext secure fuzzy-IBE scheme in the standard model.     

Lattice-based group signature with verifier-local revocation

Among several post quantum primitives proposed in the past few decades, lattice-based cryptography is considered as the most promising one, due to its underlying rich combinatorial structure, and the worst-case to average-case reductions. The first lattice-based group signature scheme with verifier-local revocation(VLR) is treated as the first quantum-resistant scheme supported member revocation, and was put forward by Langlois et al. This VLR group signature(VLR-GS) has group public key size of O(nm log N log q), and a signature size of O(tm log N log q log β). Nguyen et al. constructed a simple efficient group signature from lattice, with significant advantages in bit-size of both the group public key and the signature. Based on their work, we present a VLR-GS scheme with group public key size of O(nm log q) and signature size of O(tm log q). Our group signature has notable advantages: support of membership revocation, and short in both the public key size and the signature size.