基于ECC的入侵容忍数字签字方案

入侵容忍是网络安全中的一种新方法,该方法保证系统在遭受攻击的情况下信息的机密性、完整性和可用性.本文基于安全的椭圆曲线,结合门限体制、可验证秘密共享体制以及主动秘密共享方案,给出一种新的入侵容忍签字方案.新方案在签名时可以避免密钥重构,防止了密钥的泄漏.     

A Provably Secure Asynchronous Proactive RSA Scheme

The drawback of the first asynchronous proactive RSA scheme presented by Zhou in 2001, is that the security definition and security proof do not follow the approach of provable security. This paper presented a provably secure asynchronous proactive RSA scheme, which includes three protocols： initial key distribution protocol, signature generation protocol and share refreshing protocol. Taken these protocols together, a complete provably secure proactive RSA scheme was obtained. And the efficiency of the scheme is approximate to that of the scheme of Zhou.     

Simple and efficient password-based authenticated key exchange protocol

Password-based authenticated key exchange (PAKE) protocols are cryptographic primitives which enable two entities, who only share a memorable password, to identify each other and to communicate over a public unreliable network with a secure session key. In this paper, we propose a simple, efficient and provably secure PAKE protocol based on Diffie-Hellman key exchange and cryptographic hash function. Our protocol is secure against dictionary attacks. Its security is proved based on the hardness of the computational Diffie-Hellman problem in the random oracle model.     

抗临时秘密指数泄露攻击的认证群密钥协商协议

为克服大部分现有的认证群密钥协商(AGKA)协议的不足,基于双指数挑战-应答数字签名(DCR签名)和BD方案,提出了具有常数轮AGKA协议.该协议除具有相关AGKA协议的安全性外,还有抗临时秘密指数泄露攻击能力,效率也有所提高.     

Ad Hoc网络中基于移动Agent的密钥管理及认证

提出了在Ad Hoc网络中一种基于移动Agent的密钥管理及认证方法.移动Agent在网络中根据一定的运行策略进行移动,并不断地和所经历的节点进行数据交换,在此基础上形成一个节点信息矩阵表,矩阵表中包含了密钥信息.各节点使用其身份作为公钥,主密钥由各节点的私钥分享,从而形成基于身份的门限分布式密钥管理.该方法使用很少的Agent获得较多的全局信息并快速交换密钥信息,减少了系统的开销,具有很高的效率和鲁棒性.     

无线感测网络上节能的事件驱动数据汇集机制

针对无线感测网络上动态改变的事件,设计一套有效率的数据汇集机制.采用网格架构,建立数据汇集树将事件数据传送至汇集点.在初始建立数据汇集树架构时便尽量减少多余的回传节点,以减少感测点的能量消耗.而在事件产生变动时,可应事件变化的调整机制让树架构依然有效率的运作.本文提出的方法与无线感测网络中的3个数据汇集技术EADA、Dual-Tree-Based和Range Query做比较,仿真结果显示本文的方法能够有效的延长网络存活时间,且在总能量消耗及系统开销（overhead）皆有良好表现.     

Efficient Protocol-Proving Algorithm Based on Improved Authentication Tests

A new efficient protocol-proving algorithm was proposed for verifying security protocols. This algorithm is based on the improved authentication tests model, which enhances the original model by formalizing the message reply attack. With exact causal dependency relations between messages in this model, the protocol-proving algorithm can avoid the state explosion caused by asynchronous. In order to get the straight proof of security protocols, three authentication theorems are exploited for evaluating the agreement and distinction properties. When the algorithm terminates, it outputs either the proof results or the potential flaws of the security protocol. The experiment shows that the protocol-proving algorithm can detect the type flaw attack on Neuman-Stubblebine protocol, and prove the correctness of NSL protocol by exploring only 10 states.     

Verifiable Secret Redistribution for Proactive Secret Sharing Schemes

Introduction Ina(t,n)secretsharingscheme[1,2],asecret issharedamongnshareholders.Anytsharehold-erscancooperatetoreconstructthesecret,while fewerthantcan't.Theverifiablesecretsharing(VSS)[3,4]canverifythecorrectnessofthesecret sharesdistributedbyadealer.Animportantex-tensionofsecretsharingsystemsisthresholdcryp-tosystemschemes[5,6].Inproactiveschemes[7-11],thewholelifetimeofthesecretisdividedinto manytimeperiods,andsharesarerenewedineach period.PSSschemescanrenewthesharesofthe secret,butcan'…     

Efficient Dynamic Threshold Group Signature Scheme Based on Elliptic Curve Cryptosystem

The short secret key characteristic of elliptic curve cryptosystem （ECC） are integrated with the （ t, n ） threshold method to create a practical threshold group signature scheme characterized by simultaneous signing. The scheme not only meets the requirements of anonymity and traceability of group signature but also can withstand Tseng and Wang＇s conspiracy attack. It allows the group manager to add new members and delete old members according to actual application, while the system parameters have a little change. Cryptanalysis result shows that the scheme is efficient and secure.     

可验证的动态多秘密共享

提出了一种新的可验证的动态门限多秘密共享方案。该方案的安全性基于Shamir的秘密共享体制和椭圆曲线加密算法的安全性以及椭圆曲线离散对数问题的求解困难性。共享秘密可以周期性的改变,秘密分发者周期性的改变公告栏上的信息以增强系统的健壮性。对于不同的共享秘密,秘密分发者可以动态调整该秘密的门限值。此外,方案能有效检测和识别参与者的欺骗行为,参与者也可以验证其接受到的信息,且无需改变私有信息在任何时候都可以重构秘密。由于公告栏上的信息是定期更新的,所以不会影响新秘密的共享。     

成渝通道客运市场竞争博弈分析

考虑博弈三要素,包括成渝通道客运市场博弈局中人、竞争策略集、益损值,建立博弈模型。根据市场分担率函数、成本变动函数构建赢得函数,采用非集计模型计算市场占有率,求得市场占有率与策略集的函数关系,研究博弈模型求解思路,并对博弈模型进行简化求解与分析,为通道客运市场的分析提供可靠方法。     

BB84量子密钥分配协议的改进

以BB84协议为基础，对其中部分内容进行了变形，这种改变的核心思想在不影响量子密钥分配协议的安全性的基础上，通信双方通过在第三方普通公共信道上的对话，提高量子通信的传输效率．发信方在对话过程中故意发出一部分假的信息，诱使窃听者上当，以探测窃听者的存在；同时又通过协商一部分量子接收的规则来提高双方的传输效率．这种改进方案对其他带有噪声的量子密码协议同样适用．     

一体化网络中可证明安全的三方认证协议

为了有效地保证终端、接入交换路由器和认证中心的安全,本文提出了一体化网络中可证明安全的三方认证协议．该协议实现了终端和认证中心之间及接入交换路由器和认证中心之间的相互认证,不仅可以有效防止非授权终端接入网络,还可以防止伪造的认证中心和接入交换路由器对终端的欺骗．在BR扩展模型下,可证明该协议是安全的．通过性能分析得出,协议具有很高的效率．     

基于博弈论的公平安全两方计算协议

针对传统安全两方计算无法实现完全公平性的问题,结合博弈论方法,将参与者看作是理性的,提出了理性安全两方计算协议。首先,在扩展式博弈框架下,给出安全两方计算的博弈模型;其次,根据博弈模型描述,给出理性安全两方计算理想函数FRPCP以及理性安全两方计算协议RPCP;最后对协议的安全性、公平性及纳什均衡进行了分析。分析结果表明,在混合模型下,协议RPCP能安全地实现理想函数FRPCP,并且在BDH困难假设下,协议RPCP中各理性参与者的最佳策略是选择合作,当博弈达到纳什均衡时,参与者双方能公平地获得计算结果。      

Distributed certificateless key encapsulation mechanism secure against the adaptive adversary

This paper proposes an adaptively secure solution to certificateless distributed key encapsulation mechanism from pairings by using Canetti's adaptive secure key generation scheme based on discrete logarithm. The proposed scheme can withstand adaptive attackers that can choose players for corruption at any time during the run of the protocol, and this kind of attack is powerful and realistic. In contrast, all previously presented threshold certificateless public key cryptosystems are proven secure against the more idealized static adversaries only. They choose and fix the subset of target players before running the protocol. We also prove security of this scheme in the random oracle model.     

具有可追查性的抗合谋攻击(t,n)门限签名方案

在分析王斌和李建华的无可信中心门限签名方案(王-李方案)以及X ie-Yu改进方案安全缺陷的基础上,提出了一种新的具有可追查性的抗合谋攻击(t,n)门限签名方案;对新方案的安全性进行了分析,并与现有方案的效率进行了比较.结果表明:该方案不仅能够从根本上抵抗合谋攻击和伪造签名攻击,而且在保证匿名性的前提下,能够真正实现签名成员身份的可追查性,同时通过构造安全的分布式密钥生成协议保证群私钥的不可知性,因此比现有方案具有更高的安全性.此外,新方案的计算量和通信量与王-李方案接近,但优于X ie-Yu方案.     

多频无线通信网路由协议

针对多频无线通信网的特点,设计了一种多频无线通信网路由协议（MCWN-RP）.协议采用组播扩散机制优化扩散路径,采用非重传确认机制减少报文种类,采用最短路径树构造算法降低扩散内容,采用自适应定时器调整机制减少网络冲突,从而大大降低了协议开销;同时采用差别拓扑更新方式,提高收敛性能.对MCWN-RP进行了协议开销和收敛时间的性能分析,得出协议性能与拓扑更新包大小和协议包发送间隔的关系.OPNET仿真结果表明,与OSPF、OLSR协议相比,MCWN-RP具有非常小的协议开销和较高的收敛性能,是一种高效的动态路由协议.     

一种分布式Ad hoc网络广播算法

在无线Ad hoc网络中,广播作为一种重要的通信方式被许多单播和多播协议用来完成其路由建立和维护工作.文中假设网络中所有的移动节点共享信道,并且节点不知道全局网络拓扑信息.因此网络中每个节点只能通过洪泛进行通信.但是采用洪泛方式广播,由于每个节点都要向其相邻节点转发报文,协议效率低、通信代价昂贵,而且还会带来广播风暴问题.为避免由于洪泛造成的广播风暴问题,文中提出一种分布式Ad hoc网络广播算法.该算法无需任何控制报文.算法简单易行,适合移动无线网络环境.仿真实验结果表明新的算法与现有算法相比更加有效和健壮.     

A secure and reliable routing protocol for wireless mesh networks

This study proposes an efficient secure routing protocol which considers symmetric and asymmetric links for wireless mesh networks （WMNs）. A wireless mesh network is a group of wireless mesh routers and several kinds of wireless devices （or nodes）. Individual node cooperates by forwarding packets to each other, allowing nodes to communicate beyond the symmetric or asymmetric links. Asymmetric link is a special feature of WMNs because the wireless transmission ranges of different wireless devices may be different. The asymmetric link enhances WMN coverage. Providing security in WMNs has become an important issue over the last few years. Existing research on this topic tends to focus on providing security for routing and data content in the symmetric link. However, most studies overlook the asymmetric link in these networks. This study proposes a novel distributed routing protocol beyond symmetric and asymmetric links, to guarantee the security and high reliability of the established route in a hostile environment, such as WMNs, by avoiding the use of unreliable intermediate nodes. The routes generated by the proposed protocol are shorter than those in prior works. The major objective of the proposed protocol is to allow trustworthy intermediate nodes to participate in the path construction protocol. The mesh clients out of mesh router wireless transmission range may discover a secure route to securely connect to the mesh router for Internet access via the proposed protocol. The proposed protocol enhances wireless mesh network coverage and assures security.     

中美商业秘密侵权救济制度比较研究

在发达国家中,美国的商业秘密保护水平较高,其侵权救济制度较为完善,在实际操作中能够对商业秘密权利人进行充分、有效地保护,非常值得我国借鉴。本文运用比较研究的方法,对中美两国商业秘密侵权的救济措施进行了全面地分析,找出我国目前商业秘密侵权救济制度存在的不足,并对完善我国商业秘密保护法律制度提出了具体建议。