Fully secure revocable attribute-based encryption

Distributed information systems require complex access control which depends upon attributes of protected data and access policies. Traditionally, to enforce the access control, a file server is used to store all data and act as a reference to check the user. Apparently, the drawback of this system is that the security is based on the file server and the data are stored in plaintext. Attribute-based encryption (ABE) is introduced first by Sahai and Waters and can enable an access control mechanism over encrypted data by specifying the users’ attributes. According to this mechanism, even though the file server is compromised, we can still keep the security of the data. Besides the access control, user may be deprived of the ability in some situation, for example paying TV. More previous ABE constructions are proven secure in the selective model of security that attacker must announce the target he intends to attack before seeing the public parameters. And few of previous ABE constructions realize revocation of the users’ key. This paper presents an ABE scheme that supports revocation and has full security in adaptive model. We adapt the dual system encryption technique recently introduced by Waters to ABE to realize full security.     

The gap between intractable problem and adaptive chosen ciphertext security

To describe the design approaches of IND-CCA2 (adaptive chosen ciphertext attack) secure public key encryption schemes systematically, the gaps between different kinds of intractable problems and IND-CCA2 security are studied. This paper points out that the construction of IND-CCA2 secure schemes is essentially to bridge these gaps. These gaps are categorized, analyzed and measured. Finally the methods to bridge these gaps are described. This explains the existing design approaches and gives an intuition about the difficulty of designing IND-CCA2 secure public key encryption schemes based on different types of assumptions.     

基于Pairing抗选择密文攻击的新门限密码体制

为提高Baek-Zheng方案的解密效率,用逆运算代替Baek-Zheng方案中所用的点乘运算设计验证过程.由于验证过程只需1次Pairing操作,故在保持Baek-Zheng方案的加密速度以及密文和解密碎片的长度的前提下,新方案将每个门限解密参与者的效率提高了近1倍.新方案在O rac le D iffie-Hellm an假设下被证明可以抗选择密文攻击.     

Visual multi-secret sharing with friendliness

Visual secret sharing （VSS） was used in the literature to encode and decode secret images until visual multi-secret sharing （VMSS） was proposed. Distinctly, multiple secret images can be encoded or decoded at a time in VMSS; however, only one secret image can be done in VSS. In VMSS, secrets are encoded into noise-like shares which have finally been stacked altogether so as to disclose each of the secrets by specific operations, such as rotating, flipping and sliding. Though the noise-like shares can be decoded by those operations, it is just like a fly in the ointment since they are hard to manage, to recognize and even to stack orderly. Based on some researches about user-friendly VSS for generating meaningful shares, a new friendly VMSS scheme is presented in this paper for achieving two main goals. One is trying to encode multiple secrets at a time and the other is making the decoding process easy to manage. The experimental results prove that our proposed scheme does work.     

Identity-based Encryption with Non-Interactive Opening

An identity-based encryption(IBE) was studied with non-interactively opening property that the plain text of a ciphertext can be revealed without affecting the security of the encryption system.Two kinds of non-interactive opening properties for IBE schemes were defined along with a concrete scheme in each case.     

Differential fault analysis and meet-in-the-middle attack on the block cipher KATAN32

We investigate the lightweight block cipher KATAN family which consists of three variants with 32, 48 and 64-bit block sizes, called KATAN32, KATAN48 and KATAN64 respectively. However, three variants all have the same key length of 80 bits. On the basis of the bit-oriented faulty model and the differential analysis principle, we describe the attack that combines differential fault attack with the meet-in-the-middle (MITM) attack on the KATAN32. More precisely, inducing a fault at a bit, we can recover some linear differential fault equations on the key bits. During solving equations, without the help of computer, we need only algebraic deduction to obtain relations of some key bits. The complexity in this process is neglectable. The secret key of the full cipher can be recovered faster than exhaustive search for all three block sizes in the KATAN family. Our result describes that KATAN32 is vulnerable.     

Efficient and provably-secure certificateless proxy re-encryption scheme for secure cloud data sharing

In current cloud computing system, large amounts of sensitive data are shared to other cloud users. To keep these data confidentiality, data owners should encrypt their data before outsourcing. We choose proxy reencryption （PRE） as the cloud data encryption technique. In a PRE system, a semi-trusted proxy can transform a ciphertext under one public key into a ciphertext of the same message under another public key, but the proxy cannot gain any information about the message. In this paper, we propose a certificateless PRE （CL-PRE） scheme without pairings. The security of the proposed scheme can be proved to be equivalent to the computational Dire- Hellman （CDH） problem in the random oracle model. Compared with other existing CL-PRE schemes, our scheme requires less computation cost and is significantly more efficient. The new scheme does not need the public key certificates to guarantee validity of public keys and solves the key escrow problem in identity-based public key cryptography.     

基于KFS分布式文件系统元数据模型的改进

研究了云计算环境下的分布式文件系统KFS的系统架构,对于海量数据存储的云存储系统来说元数据管理效率是关键,通过分析KFS文件系统的元数据模型,提出了基于KFS分布式文件系统元数据的改进模型,即利用内存缓冲策略,对待插入的元数据进行预处理并批量插入,减少查找和分裂次数,大大提高了KFS文件系统的数据访问效率.最后通过算法复杂度的分析,证明该改进算法能有效提高分布式文件系统KFS的元数据服务器的效率.同时该改进模型对于采用B^＋树索引机制来集中管理元数据的类似系统同样适用.     

Chosen ciphertext secure identity-based broadcast encryption in the standard model

To give concurrent consideration both the efficiency and the security (intensity of intractable problem) in the standard model, a chosen ciphertext secure identity-based broadcast encryption is proposed. Against the chosen ciphertext security model, by using identity (ID) sequence and adding additional information in ciphertext, the self-adaptive chosen identity security (the full security) and the chosen ciphertext security are gained simultaneously. The reduction of scheme’s security is the decisional bilinear Diffie-Hellman (BDH) intractable assumption, and the proof of security shows that the proposed scheme is indistinguishable against adaptive chosen ciphertext attacks in the standard model under the decisional BDH intractable assumption. So the security level is improved, and it is suitable for higher security environment.     

A Secure Session Key Distribution Scheme for Group Communications

Introduction Inrecentyears,groupcommunicationshave becomethefocusofresearchandapplicationsde-velopment[1-4].Usingminimumresources,wecan employbroadcasttechniquescanbeemployedto transmitdatatoallngroupmemberssimultane-ously.Themajorsecuritychallengeforgroupcom-municationistoprovideefficientmethodsforcon-trollingauthorizedaccess.Anefficientmethodoflimitingaccessto broadcastmessagesisthroughasymmetricencryp-tion.Asymmetricencryptionusestransposition andsubstitutionskillstoprocesstheoriginalmes-s…     

Secure and efficient digital rights management mechanisms with privacy protection

In the Internet or cloud computing environments, service providers provide more and more content services. Users can use these convenient content services in daily life. The major data of the user are maintained by the service providers except that some personal privacy data are stored at the client device. An attacker may try to invade the systems, and it will cause the damage of users and service providers. Also, users may lose their mobile devices and then it may cause the data disclosure problem. As a result, the data and privacy protection of users become an important issue in these environments. Besides, since many mobile devices are used in these environments, secure authentication and data protection methods must be efficient in these low resource environments. In this paper, we propose an efficient and privacy protection digital rights management （DRM） scheme that users can verify the valid service servers and the service servers can ensure the legal users. Since the key delegation center of the third party has the robust security protection, our proposed scheme stores the encrypted secret keys in the key delegation center. This approach not only can reduce the storage space of the user devices, but also can recover the encrypted secret keys in the key delegation center when a user loses her/his devices for solving the device losing problem.     

Verifiable Secret Redistribution for Proactive Secret Sharing Schemes

Introduction Ina(t,n)secretsharingscheme[1,2],asecret issharedamongnshareholders.Anytsharehold-erscancooperatetoreconstructthesecret,while fewerthantcan't.Theverifiablesecretsharing(VSS)[3,4]canverifythecorrectnessofthesecret sharesdistributedbyadealer.Animportantex-tensionofsecretsharingsystemsisthresholdcryp-tosystemschemes[5,6].Inproactiveschemes[7-11],thewholelifetimeofthesecretisdividedinto manytimeperiods,andsharesarerenewedineach period.PSSschemescanrenewthesharesofthe secret,butcan'…     

An identity-based encryption scheme with compact ciphertexts

This paper proposes an identity-based encryption scheme with the help of bilinear pairings, where the identity information of a user functions as the user's public key. The advantage of an identity-based public key system is that it can avoid public key certificates and certificate management. Our identity-based encryption scheme enjoys short ciphertexts and provable security against chosen-ciphertext attack (CCA).     

AR-Dedupe: An Efficient Deduplication Approach for Cluster Deduplication System

As data are growing rapidly in data centers,inline cluster deduplication technique has been widely used to improve storage efficiency and data reliability.However,there are some challenges faced by the cluster deduplication system:the decreasing data deduplication rate with the increasing deduplication server nodes,high communication overhead for data routing,and load balance to improve the throughput of the system.In this paper,we propose a well-performed cluster deduplication system called AR-Dedupe.The experimental results of two real datasets demonstrate that AR-Dedupe can achieve a high data deduplication rate with a low communication overhead and keep the system load balancing well at the same time through a new data routing algorithm.In addition,we utilize application-aware mechanism to speed up the index of handprints in the routing server which has a 30%performance improvement.     

一类SPN结构密码设备的故障注入攻击技术

提出了一种有效的故障注入攻击技术,能够攻击一类使用特定结构SPN密码的设备．这种攻击方法基于字节错误模型,仅需要少量故障密文即可攻破一类具有特定置换层的SPN密码算法．分析给出了故障和特定置换层如何导致秘密信息泄露的原因．同时,对于具体的密码算法ARIA和PRESENT进行了攻击实例．     

NETWORK MANAGEMENT WITH SECURED MOBILE AGENT

IntroductionMobile Agents equipped with intelligence,of-fer new technology that helps automate NetworkManagement activities,which are increasingly be-coming complex due to exponential growth of in-ternet users,and thus demanding higher levels ofhuman manager expertise and involvement.Well-known network management protocols that areused to monitor and manage network devices in-clude Simple Network Management Protocol ( SN-MP) and Common Management Information Proto-col ( CMIP) ,SNMP be…     

Identity-based threshold decryption on access structure

For the applied limitation of the existing threshold decryption schemes based on the (t, n) structure, an identity-based threshold decryption scheme which can be applied on the access structure is proposed through designing a special distribution algorithm of the private key shares. The generation and distribution of private key shares, the encryption, the decryption and the combination are introduced in detail. The validity and security of the scheme are proved and analyzed. Comparisons with the existing schemes show that the proposed scheme is more flexible.     

基于混沌系统和DNA编码的量子图像加密算法

为了确保量子信息的安全,结合混沌系统和DNA编码理论,提出了一种基于混沌系统和DNA编码的量子图像加密算法. 首先将图像进行量子编码;然后利用Logistic混沌产生幺正矩阵对量子图像进行置乱;再利用Lorenz混沌产生自然DNA矩阵并且动态选择DNA加法操作进行DNA运算,计算后得到幺正矩阵对量子图像再次加密;最后对量子图像进行测量得到经典密文图像. 通过仿真实验和直方图、相关性、NPCR （number of pixel change rate）像素改变率等指标分析,结果表明加密后的图像灰度分布均匀,各灰度级均分布于在1 000左右,相邻像素相关性更低,相关系数平均值0.002,NPCR像素改变率为99.6%,加密效果好且具有良好的安全性.      

用于云存储数据服务器的I/O请求调度算法

在云存储系统的体系架构中,当前对数据服务器守护进程的I/O请求调度采用先来先服务（first in first out）策略,这种调度策略没有考虑不同类型I/O请求的时效性要求,容易造成时效性要求高的I/O请求因被阻塞而无法得到及时处理,从而降低整个系统的服务质量.为解决该问题,本文提出一种用于云存储数据服务器的I/O请求调度算法.该算法首先对来自客户端的I/O请求进行分类,并赋予不同的优先级;然后以合适的时长作为周期、以分时间片的方式对不同优先级的I/O请求进行周期性的调度.分布式文件系统仿真实验结果表明,该算法在重负载情况下对实时请求的响应速度提高了20%,同时也兼顾了低优先级请求的响应性能.      

科技论文关键词的析取原则

分析了科技论文关键词标引的随意性、混乱性与不规范性,提出了关键词标引的逻辑性、精确性与规范性原则,给出了关键词选取的主题分割方法。应用表明此原则与方法能有效提高关键词的查全率与查准率。