车载网络中基于群签名的可保护隐私的车辆认证

安全和隐私是配置车载网络时所需要的2个重要条件,具有保护隐私功能的认证是实现这2个条件的关键技术.不同于已有的认证方案,文中用群签名来实现车载网络中能保护隐私的车辆认证.为了满足认证的快速性要求,基于目前安全性最强、效率较高和签名较短的ZL 06局部验证者撤销短群签名方案,提出了2个具有隐私保护功能的车载网络中的车辆认证方案.群签名所具有的良好性质保证了所提出的认证方案具有实用性和隐私保护功能.     

A Layer-Cluster Key Agreement Protocol for Ad Hoc Networks

Mobile ad hoc networks create additional challenges for implementing the group key establishment due to resource constraints on nodes and dynamic changes on topology. The nodes in mobile ad hoc networks are usually low power devices that run on battery power. As a result, the costs of the node resources should be minimized when constructing a group key agreement protocol so that the battery life could be prolonged. To achieve this goal, in this paper we propose a security efficient group key agreement protocol based on Burmester-Desmedt (BD) scheme and layer-cluster group model, referred to as LCKM-BD, which is appropriate for large mobile ad hoc networks. In the layer-cluster group model, BD scheme is employed to establish group key, which can not only meet security demands of mobile ad hoc networks but also improve executing performance. Finally, the proposed protocol LCKM-BD are compared with BD, TGDH (tree-based group Diffe-Hellman), and GDH (group Diffie-Hellman) group key agreement protocols. The analysis results show that our protocol can significantly decrease both the computational overhead and communication costs with respect to these comparable protocols.     

基于ECC的移动自组网成员控制方案

基于Pederson分布式密钥产生方案,采用椭圆曲线密码体制提出一个分布式密钥产生协议,该方案高效且能抵制内外恶意节点的攻击,并采用门限数字签名方案给出一个安全的移动自组网的成员控制方案.通过方案的性能和安全性分析得出结论,该成员控制策略非常适合于资源受限的移动自组网.     

DESIGN OF A DIGITAL SIGNATURE SCHEME BASED ON FACTORING AND DISCRETE LOGARITHMS

Objective Focusing on the security problem of authentication and confidentiality in the context of computer networks, a digital signature scheme was proposed based on the public key cryptosystem. Methods Firstly,the course of digital signature based on the public key cryptosystem was given. Then, RSA and ELGamal schemes were described respectively. They were the basis of the proposed scheme. Generalized ELGamal type signature schemes were listed. After comparing with each other, one scheme, whose Signature equation was (m r)x=j s modФ(p) , was adopted in the designing. Results Based on two well-known cryptographic assumptions, the factorization and the discrete logarithms, a digital signature scheme was presented. It must be required that s“ was not equal to p‘q“ in the signing procedure, because attackers could forge the signatures with high probabilities if the discrete logarithms modulo a large prime were solvable. The variable public key “e“ is used instead of the invariable parameter “3“ in Ham‘s signature scheme to enhance the security. One generalized ELGamal type scheme made the proposed scheme escape one multiplicative inverse operation in the signing procedure and one modular exponentiation in the verification procedure.Conclusion The presented scheme obtains the security that Harn‘s scheme was originally claimed. It is secure if the factorization and the discrete logarithms are simultaneously unsolvable.     

On constructing certificateless proxy signature from certificateless signature

In proxy signature schemes, an original signer A delegates its signing capability to a proxy signer B, in such a way that B can sign message on behalf of A.The recipient of the final message verifies at the same time that B computes the signature and that A has delegated its signing capability to B.Recently many identity-based(ID-based) proxy signature schemes have been proposed, however, the problem of key escrow is inherent in this setting.Certificateless cryptography can overcome the key escrow problem.In this paper, we present a general security model for certificateless proxy signature scheme.Then, we give a method to construct a secure certificateless proxy scheme from a secure certificateless signature scheme, and prove that the security of the construction can be reduced to the security of the original certificateless signature scheme.     

An Adaptive Scheme for Neighbor Discovery in Mobile Ad Hoc Networks

The neighbor knowledge in mobile ad hoc networks is important information. However, the accuracy of neighbor knowledge is paid in terms of energy consumption. In traditional schemes for neighbor discovery, a mobile node uses fixed period to send HELLO messages to notify its existence. An adaptive scheme was proposed. The objective is that when mobile nodes are distributed sparsely or move slowly, fewer HELLO messages are needed to achieve reasonable accuracy, while in a mutable network where nodes are dense or move quickly, they can adaptively send more HELLO messages to ensure the accuracy. Simulation results show that the adaptive scheme achieves the objective and performs effectively.     

一种高效的移动云服务环境下隐私保护认证协议

为了解决移动云服务环境的互相认证和隐私保护问题,设计了一种改进的移动云服务环境下隐私保护认证协议.该协议结合基于身份的签密技术和多服务器认证技术,保证用户只需注册一次,就可以访问多个移动云服务提供者,同时认证过程不需要可信第三方参与;该协议在移动终端未使用计算复杂度高的双线性对运算和映射到域上的hash运算,其计算效率显著提高. 通过理论分析和实验结果可知:该协议与目前已有的同类协议相比,在移动端的计算时间为45.242 s,其计算效率约为已有同类协议的2倍;具有用户匿名和不可追踪等安全性质;能够抵抗错误口令登录、更改攻击.      

广义椭圆曲线数字签名链口令认证方案

一次性口令是身份认证的重要技术。文章构造了一个基于椭圆曲线数字签名链的一次性口令认证和密钥协商方案。该方案使用了具有消息恢复功能、无须求逆的椭圆曲线数字签名算法,椭圆曲线认证密钥协商协议,密钥进化算法和椭圆曲线数字签名链等。方案有以下优点:服务器无需维护口令和验证列表;允许用户自主选择和更改口令,实现了双向认证;无需系统时钟同步和传输时延限制;能够抵抗重放攻击、离线字典攻击、中间人攻击和内部人攻击;具备口令错误敏感性和强安全修复性;生成的会话密钥具有新鲜性、机密性、已知密钥安全性和前向安全性。经对比,该方案具有更好的安全性能,适合强安全性需求的场合。     

IP ADDRESS AUTOCONFIGURATION FOR WIRELESS AD HOC NETWORKS

IntroductionWireless ad hoc networks are gaining increas-ing popularity in recent years because of their easeof deployment. No wired base station or infras-tructure is supported,and each hostcommunicatesone anothervia packetradios. In ad hoc networks,routing protocols are challenged with establishingand maintaining multihop routes in the face of mo-bility,bandwidth limitation and power con-straints. In ad hoc networks,each node( host)acts as a router since routes are mostly multihop.Nodes in …     

A universal composability framework for analysis of proxy threshold signature

The universal composability framework is a new approach for designing and analyzing the security of cryptographic protocols. In this framework, the security of protocols is maintained under a general protocol composition operation. In the paper, we propose the universal composability framework for the analysis of proxy threshold signature and present a universally composable secure proxy threshold signature scheme which is the first one in this area. The proposed scheme is suitable for the mobile agents, which should migrate across different environment through network. Furthermore, we give the concrete analysis of the reduction to prove the security of the proposed scheme.     

一种分布式Ad hoc网络广播算法

在无线Ad hoc网络中,广播作为一种重要的通信方式被许多单播和多播协议用来完成其路由建立和维护工作.文中假设网络中所有的移动节点共享信道,并且节点不知道全局网络拓扑信息.因此网络中每个节点只能通过洪泛进行通信.但是采用洪泛方式广播,由于每个节点都要向其相邻节点转发报文,协议效率低、通信代价昂贵,而且还会带来广播风暴问题.为避免由于洪泛造成的广播风暴问题,文中提出一种分布式Ad hoc网络广播算法.该算法无需任何控制报文.算法简单易行,适合移动无线网络环境.仿真实验结果表明新的算法与现有算法相比更加有效和健壮.     

Identity-based broadcast encryption with shorter transmissions

This paper describes two identity-based broadcast encryption(IBBE) schemes for mobile ad hoc networks.The first scheme proposed achieves sub-linear size cipertexts and the second scheme achieves O(1)-size ciphertexts.Furthermore, when the public keys are transmitted, the two schemes have short transmissions and achieve O(1) user storage cost, which are important for a mobile ad hoc network.Finally, the proposed schemes are provable security under the decision generalized bilinear Di?-Hellman(GBDH) assumption in the random oracles model.     

具有可追查性的抗合谋攻击(t,n)门限签名方案

在分析王斌和李建华的无可信中心门限签名方案(王-李方案)以及X ie-Yu改进方案安全缺陷的基础上,提出了一种新的具有可追查性的抗合谋攻击(t,n)门限签名方案;对新方案的安全性进行了分析,并与现有方案的效率进行了比较.结果表明:该方案不仅能够从根本上抵抗合谋攻击和伪造签名攻击,而且在保证匿名性的前提下,能够真正实现签名成员身份的可追查性,同时通过构造安全的分布式密钥生成协议保证群私钥的不可知性,因此比现有方案具有更高的安全性.此外,新方案的计算量和通信量与王-李方案接近,但优于X ie-Yu方案.     

移动Ad Hoc网络的安全问题和解决方案

移动Ad Hoc网络的自身特点,使它比有线网络更容易遭受攻击。文章首先分析了威胁移动Ad Hoc网络安全的典型攻击,主要讨论了移动Ad Hoc网络的安全路由技术和入侵检测技术两种安全技术,对一些典型安全方案进行了论述与比较。     

Provably secure and efficient proxy signature with untrustworthy proxy signer

Proxy signature has drawn great concerns.However, there still remains a challenge to construct a provably secure and effcient proxy signature scheme.In this paper, we propose an effcient proxy signature scheme based on factoring, and prove that it is secure in the random oracle.Furthermore, we present a new type of proxy signature, called Proxy Signature with Untrustworthy Proxy Signer, and construct a concrete scheme.     

A Distributed Virtual Backbone Formation for Wireless Ad Hoc and Sensor Networks

The virtual backbone is an approach for solving routing problems in wireless ad hoc and sensor networks. A connected dominating set (CDS) was proposed as a virtual backbone to improve the performance of wireless networks. The quality of a virtual backbone is measured not only by approximation factor, which is the ratio of its size to that of minimum CDS, but also time complexity and message complexity. In this paper, a distributed algorithm is presented to construct a minimum CDS for ad hoc and sensor networks. By destroying triangular loops in the virtual backbone, the proposed algorithm can effectively construct a CDS with smaller size. Moreover, our algorithm, which is fully localized, has a constant approximation ratio, linear message and time complexity, and low implementation complexity. The simulation results and theoretical analysis show that our algorithm has better efficiency and performance than conventional approaches.     

Provably Secure Short Proxy Signature Scheme from Bilinear Maps

An enhanced formal model of security for proxy signature schemes is presented and a provably secure short proxy signature scheme is proposed from bilinear maps. The proposed proxy signature scheme is based on two short secure signature schemes. One is used for delegating the signing rights and computing the standard signature; the other is used for computing proxy signature. Finally, a security proof of the proposed proxy signature scheme is showed by reducing tightly the security of the proposed proxy signature scheme to the security of the two basic signature schemes. The proposed proxy signature scheme has the shortest ordinary signatures and proxy signatures. Moreover, the proxy signature generation needs no pairing operation and verification needs just two pairing operation.     

An Efficient Provable Secure ID-Based Proxy Signature Scheme Based on CDH Assumption

IntroductionMambo, et al.[1]first introduced the conceptof proxy signature. In their scheme, an originalsigner delegates his signing right to a proxy signerin such a way that the proxy signer can sign anymessage on behalf of the original signer and theverifier can verify and distinguish proxy signaturefrom original signature. Proxy signature is of greatuse in such a case that a manager needs to autho-rize his secretary to sign documents on behalf ofhimself before his leaving for a vacation. Du…     

复合可重构Ad Hoc网络

随着众多无线通信网络标准的不断涌现,如何解决不同Ad Hoc网络之间互操作性差这一问题逐渐引起了各界的重视,此方面现有研究成果大都集中在重新设计MAC层协议或是链路选择协议上.本文提出了一种新的Ad Hoc网络结构,并解释了这一网络结构所采用的分簇算法、利用可重构终端实现优选物理链路的实现方案,用于解决互操作性差的网桥机制.针对这种全新的网络结构,文中还给出了基于Matlab的仿真平台的实现方法.仿真结果显示,这一新的网络结构可以在小幅增加网络平均时延的代价下提高全网络的数据包投递率.     

Identity-based verifiably committed signature scheme without random oracles

An identity-based verifiably committed signature scheme （IB-VCS） was proposed, which is proved secure in the standard model （i.e., without random oracles）. It enjoys the setup-free property and stand-alone property, both of which make an exchange protocol more practical. The scheme is unconditionally secure against the cheating signer, its security against the cheating verifier is reduced to the computational Diffie-Hellman （CDH） problem in the underlying group, it is secure against the cheating trusted third party if the underlying Paterson Schuldt＇s identity based signature （IBS） scheme is secure, which is proven true based on the CDH assumption in the standard model.