Simple three-party password authenticated key exchange protocol

Three-party password authenticated key exchange (3PAKE) protocol plays a significant role in the history of secure communication area in which two clients agree a robust session key in an authentic manner based on passwords. In recent years, researchers focused on developing simple 3PAKE (S-3PAKE) protocol to gain system efficiency while preserving security robustness for the system. In this study, we first demonstrate how an undetectable on-line dictionary attack can be successfully applied over three existing S-3PAKE schemes. An error correction code (ECC) based S-3PAKE protocol is then introduced to eliminate the identified authentication weakness.     

Identity-based verifiably committed signature scheme without random oracles

An identity-based verifiably committed signature scheme （IB-VCS） was proposed, which is proved secure in the standard model （i.e., without random oracles）. It enjoys the setup-free property and stand-alone property, both of which make an exchange protocol more practical. The scheme is unconditionally secure against the cheating signer, its security against the cheating verifier is reduced to the computational Diffie-Hellman （CDH） problem in the underlying group, it is secure against the cheating trusted third party if the underlying Paterson Schuldt＇s identity based signature （IBS） scheme is secure, which is proven true based on the CDH assumption in the standard model.     

An ID-Based Authenticated Key Agreement Protocol for Peer-to-Peer Computing

Introduction Overrecentyears,withtheemergenceofdis-tributedapplicationsovertheInternet,anewmod-elofcommunicationandcomputation,calledpeer-to-peer(P2P)computing,hasgainedgreatpopu-larity[1-3].Contrarytothetraditionalclient-server model,P2Pcomputingeliminatesthenotionof“server”,andallpeersinP2Psystemcanactas clientsandserversatthesametime.Therefore,thesinglepointoffailureandthebottleneckof“server”encounteredinthetraditionalclient-serv-ermodelcanbeeliminated,andtheperformance andreliabilit…     

A Practical SSL Server Performance Improvement Algorithm Based on Batch RSA Decryption

The secure socket layer/ transport layer security（SSL/TLS） handshake protocol uses public key cryptographic algorithms such as RSA for key establishment. Typically, public key cryptographic algorithm is computational intensive due to the modular multiplications. Therefore, SSL/TLS servers often become swamped while performing public key decryptions when the simultaneous requests increase quickly. A batch RSA decryption algorithm was proposed. The novel algorithm provides the reasonable response time and optimizes server performance significantly. The decryption speedup is proportional to the batch size b, for instance, the speedup factor is 4, while in Shacham＇s scheme the acceleration rate is only 2.5 when b = 4.     

基于博弈论的公平安全两方计算协议

针对传统安全两方计算无法实现完全公平性的问题,结合博弈论方法,将参与者看作是理性的,提出了理性安全两方计算协议。首先,在扩展式博弈框架下,给出安全两方计算的博弈模型;其次,根据博弈模型描述,给出理性安全两方计算理想函数FRPCP以及理性安全两方计算协议RPCP;最后对协议的安全性、公平性及纳什均衡进行了分析。分析结果表明,在混合模型下,协议RPCP能安全地实现理想函数FRPCP,并且在BDH困难假设下,协议RPCP中各理性参与者的最佳策略是选择合作,当博弈达到纳什均衡时,参与者双方能公平地获得计算结果。      

Strong key-insulated signature in the standard model

The only known construction of key-insulated signature (KIS) that can be proven secure in the standard model is based on the approach of using double signing. That is, the scheme requires two signatures: a signature with a master key and a signature with the signer’s secret key. This folklore construction method leads to an inefficient scheme. Therefore it is desirable to devise an efficient KIS scheme. We present the first scheme with such a construction. Our construction derives from some variations of the Waters’ signature scheme. It is computationally efficient and the signatures are short. The scheme is provably secure based on the difficulty of computational Diffie-Hellman (CDH) problem in the standard model.     

一体化标识网络中的用户身份认证协议

一体化标识网络解决了传统网络中IP地址二义性问题,是一种基于网络的身份与位置分离体系.本文在一体化标识网络中提出一种用户身份认证协议,基于该协议设计了一种利用数字证书构建的接入标识.这种接入标识唯一的表示一体化标识网络中的终端,实现用户身份信息与终端的绑定.该用户身份认证协议基于Diffie-Hellman密钥交换完成用户到用户真实身份的双向认证,采用谜题机制和无认证状态防止应答方受到DoS攻击.通过C-K安全模型分析用户身份认证协议的安全性,分析表明该协议是会话密钥安全的.     

The Homomorphic Key Agreement

Introduction As a result of the increased popularity ofgroup-oriented applications and protocols, groupcommunication occurs in many different settings:from network layer to application layer. Regard-less of the underlying environment, it is necessaryto pr…     

BB84量子密钥分配协议的改进

以BB84协议为基础，对其中部分内容进行了变形，这种改变的核心思想在不影响量子密钥分配协议的安全性的基础上，通信双方通过在第三方普通公共信道上的对话，提高量子通信的传输效率．发信方在对话过程中故意发出一部分假的信息，诱使窃听者上当，以探测窃听者的存在；同时又通过协商一部分量子接收的规则来提高双方的传输效率．这种改进方案对其他带有噪声的量子密码协议同样适用．     

Distributed certificateless key encapsulation mechanism secure against the adaptive adversary

This paper proposes an adaptively secure solution to certificateless distributed key encapsulation mechanism from pairings by using Canetti's adaptive secure key generation scheme based on discrete logarithm. The proposed scheme can withstand adaptive attackers that can choose players for corruption at any time during the run of the protocol, and this kind of attack is powerful and realistic. In contrast, all previously presented threshold certificateless public key cryptosystems are proven secure against the more idealized static adversaries only. They choose and fix the subset of target players before running the protocol. We also prove security of this scheme in the random oracle model.     

A Layer-Cluster Key Agreement Protocol for Ad Hoc Networks

Mobile ad hoc networks create additional challenges for implementing the group key establishment due to resource constraints on nodes and dynamic changes on topology. The nodes in mobile ad hoc networks are usually low power devices that run on battery power. As a result, the costs of the node resources should be minimized when constructing a group key agreement protocol so that the battery life could be prolonged. To achieve this goal, in this paper we propose a security efficient group key agreement protocol based on Burmester-Desmedt (BD) scheme and layer-cluster group model, referred to as LCKM-BD, which is appropriate for large mobile ad hoc networks. In the layer-cluster group model, BD scheme is employed to establish group key, which can not only meet security demands of mobile ad hoc networks but also improve executing performance. Finally, the proposed protocol LCKM-BD are compared with BD, TGDH (tree-based group Diffe-Hellman), and GDH (group Diffie-Hellman) group key agreement protocols. The analysis results show that our protocol can significantly decrease both the computational overhead and communication costs with respect to these comparable protocols.     

An improved ring signature scheme without trusted key generation center for wireless sensor network

Security of wireless sensor network (WSN) is a considerable challenge, because of limitation in energy, communication bandwidth and storage. ID-based cryptosystem without checking and storing certificate is a suitable way used in WSN. But key escrow is an inherent disadvantage for traditional ID-based cryptosystem, i.e., the dishonest key generation center (KGC) can forge the signature of any node and on the other hand the node can deny the signature actually signed by him/herself. To solving this problem, we propose an ID-based ring signature scheme without trusted KGC. We also present the accurate secure proof to prove that our scheme is secure against existential forgery on adaptively chosen message and ID attacks assuming the complexity of computational Diffie-Hellman (CDH) problem. Compared with other ring signature schemes, we think proposed scheme is more efficient.     

Democratic group signatures with linkability from gap Diffie-Hellman group

Democratic group signatures(DGSs) attract many researchers due to their appealing properties, i.e., anonymity, traceability and no group manager.Security results of existing work are based on decisional Diffie-Hellman(DDH) assumption.In this paper, we present a democratic group signature scheme based on any gap Diffie-Hellman(GDH) group where DDH problem is easily but computational Diffie-Hellman(CDH) problem is hard to be solved.Besides the properties of ordinary DGSs, our scheme also provides the property of linkability, i.e., any public verifier can tell whether two group signatures are generated using the same private key.Security properties of our scheme employ a new and independently interesting decisional product Diffie-Hellman(DPDH) assumption which is weaker than DDH one.     

Two Modifications on IKE Protocol with Pre-shared Key Authentication

This paper proposed two modifications on IKE protocol with pre-shared key authentication. The first modification can improve its immunity against DDoS attack by authenticating the initiator before the responder generates the computation-intensive Diffie-Hellman public value. The second modification can improve its efficiency when the attack on messages occurs because it can detect the attack quickly by replacing the centralized authentication in origical IKE protocol with immediate authentication. In addition, the two modifications can be integrated into one protocol compactly.     

Provably secure authenticated Diffie-Hellman key exchange for resource-limited smart card

Authenticated Diffie-Hellman key agreement is quite popular for establishing secure session keys. As resource-limited mobile devices arc becoming more popular and security threats are increasing, it is desirable to reduce computational load for these resource-limited devices while still preserving its strong security and convenience for users. In this paper, we propose a new smart-card-based user authenticated key agreement scheme which allows users to memorize passwords, reduces users＇ device computational load while still preserves its strong security. The proposed scheme effectively improves the computational load of modular exponentiations by 50%, and the security is formally proved.     

Improved ID-Based Signature Scheme Solving Key Escrow

Introduction Inatraditionalpublickeycryptosystem(PKC),theassociationbetweenauser'sidentity andhispublickeyisobtainedthroughadigitalcer-tificateissuedbyacertificationauthority(CA).TheCAchecksthecredentialsofauserbeforeis-suingacertificatetohim.Tosimplifythecertifi-catemanagementprocess,Shamir[1]introducedthe conceptofID-basedcryptosystemin1984,which allowedforauser'sidentityinformationsuchas hisname,IPaddress,telephonenumber,email address,etc.toserveashispublickey.Sucha publickeyisclearlyb…     

A universal composability framework for analysis of proxy threshold signature

The universal composability framework is a new approach for designing and analyzing the security of cryptographic protocols. In this framework, the security of protocols is maintained under a general protocol composition operation. In the paper, we propose the universal composability framework for the analysis of proxy threshold signature and present a universally composable secure proxy threshold signature scheme which is the first one in this area. The proposed scheme is suitable for the mobile agents, which should migrate across different environment through network. Furthermore, we give the concrete analysis of the reduction to prove the security of the proposed scheme.     

基于ECC的移动自组网成员控制方案

基于Pederson分布式密钥产生方案,采用椭圆曲线密码体制提出一个分布式密钥产生协议,该方案高效且能抵制内外恶意节点的攻击,并采用门限数字签名方案给出一个安全的移动自组网的成员控制方案.通过方案的性能和安全性分析得出结论,该成员控制策略非常适合于资源受限的移动自组网.     

Some remarks on the TKIP key mixing function of IEEE 802.11i

Temporal key integrity protocol (TKIP) is a sub-protocol of IEEE 802.11i. TKIP remedies some security flaws in wired equivalent privacy (WEP) protocol. TKIP adds four new algorithms to WEP: a message integrity code (MIC) called Michael, an initialization vector (IV) sequencing discipline, a key mixing function and a re-keying mechanism. The key mixing function, also called temporal key hash, de-correlates the IVs from weak keys. Some cryptographic properties of the substitution box (S-box) used in the key mixing function are investigated in this paper, such as regularity, avalanche effect, differ uniform and linear structure. Moen et al pointed out that there existed a temporal key recovery attack in TKIP key mixing function. In this paper a method is proposed to defend against the attack, and the resulting effect on performance is discussed.     

A Provably Secure Asynchronous Proactive RSA Scheme

The drawback of the first asynchronous proactive RSA scheme presented by Zhou in 2001, is that the security definition and security proof do not follow the approach of provable security. This paper presented a provably secure asynchronous proactive RSA scheme, which includes three protocols： initial key distribution protocol, signature generation protocol and share refreshing protocol. Taken these protocols together, a complete provably secure proactive RSA scheme was obtained. And the efficiency of the scheme is approximate to that of the scheme of Zhou.