Merkle Tree Digital Signature and Trusted Computing Platform

0 IntroductionDigital signatureis a key technique to provide datainteg-rity andsource authenticationcapabilities to enhance da-ta trustworthiness in trusted computing platform. Most cur-rent digital signature schemes are based on complex mathe-matical problems , such as integer factoring, discrete log-arithm,and discrete logarithm on elliptic curves . The hard-ness of these underlying mathematical problems is really un-certain at present . Merkle treeis a method used for authenti-cation and di…     

A new chaotic function and its cryptographic usage

Wheeler pointed ouuailat the period of Matthews＇ chaotic function （MCF） is often too short to be suitable for crypto- graphic usage in the manner of computer statistics, but this statement was given only through digital computation. In this paper, we proved by theoretical and practical method that period exists in MCF and analyzed the underlying reason. With two chaotic functions working together we presented a modified MCF （MMCF） that is non-periodic. The simulation tests with reconstruction of phase space showed that our modified MCF is of no period. And we described how to implement a cryptographic usage with MMCF.     

A Secure Anonymous Internet Electronic Voting Scheme Based on the Polynomial

In this paper, we use the polynomial function and Chaum＇s RSA （Rivest, Shamir, Adleman） blind signature scheme to construct a secure anonymous internet electronic voting scheme. In our scheme, each vote does not need to be revealed in the tallying phase. The ballot number of each candidate gets is counted by computing the degrees of two polynomials＇ greatest common divisor. Our scheme does not require a special voting channel and communication can occur entirely over the current internet.     

Using Combinational Logic Function to Watermark IP Based on FPGA

In the field of digital circuit design, the extensive applications of reusable intellectual property （IP） simplify the design procedure based on very large scale field programmable gate array （FPGA）, and shorten the time to market （TTM）. However, the flexibility of reusable IP makes itself easy to be stolen and illegally distributed by intruders. The protection method proposed in this paper maps IP owner＇s signature to combinational logic functions, and then implements these functions into unused lookup tables （LUTs） in the design based on FPGA, which can be used as a strong proof of IPs ownership. The related experiment results show that this protection method has favorable characteristics such as low overhead, few effects on performance, and high security.     

A new algorithm for routing in ad-hoc network

In this paper, we propose a new algorithm for wireless mobile and ad-hoc network, which establishes dynamic cluster of nodes. The proposed algorithm, namely, the Mobility Sensitive Routing Protocol (MSRP), consists of routing in cluster and routing between clusters. Ad-hoc network can utilize MSRP to reduce information exchange and communication bandwidth, to shorten route acquisition delay, and to accommodate more nodes. Foundation item: Supported by the National Natural Science Foundation of China (60133010,60073043,70071042). Biography: Zhang Jian (1976-), male, Ph. D candidate. Lecturer, research direction: computer network, network optimization.     

Binary Sequences from a Pair of Elliptic Curves

A family of binary sequences were constructed by using an elliptic curve and its twisted curves over finite fields. It was shown that these sequences possess ＂good＂ cryptographie properties of 0-1 distribution, long period and large linear complexity. The results indicate that such se quences provide strong potential applications in cryptography.     

Study on security enhancement technology for disaster tolerant system

This paper proposes a security enhancement scheme for disaster tolerant system based on trusted computing technology which combines with the idea of distributed threshold storage. This scheme takes advantage of trusted computing platform with trusted computing module, which is provided with such excellent features as security storage, remote attestation, and so on. Those features effectively ensure trustworthiness of disaster tolerant point. Furthermore, distributed storage based on Erasure code not only disposes the storage problem about a great deal of data, but also preferably avoids one node invalidation, alleviates network load and deals with joint cheat and many other security problems. Consequently, those security enhancement technologies provide mass data with global security protection during the course of disaster tolerance. Foundation Items: Supported by the National High Technology Research and Development Program of China (863 Program) (2008AA01Z404), the Science and Technical Key Project of Ministry of Education (108087) and the Scientific and Technological Project of Wuhan City (200810321130)     

An FPGA Implementation of GF （p） Elliptic Curve Cryptographic Coprocessor

A GF (p) elliptic curve cryptographic coprocessor is proposed and implemented on Field Programmable Gate Array (FPGA). The focus of the coprocessor is on the most critical, complicated and time-consuming point multiplications. The technique of coordinates conversion and fast multiplication algorithm of two large integers are utilized to avoid frequent inversions and to accelerate the field multiplications used in point multiplications. The characteristic of hardware parallelism is considered in the implementation of point multiplications. The coprocessor implemented on XILINX XC2V3000 computes a point multiplication for an arbitrarypoint on a curve defined over GF(2^192-2^64-1) with the frequency of 10 MHz in 4.40 ms in the average case and 5.74ms in the worst case. At the same circumstance, the coprocessor implemented on XILINX XC2V4000 takes 2.2 ms in the average case and 2.88 ms in the worst case.     

Breaking and repairing the certificateless key agreement protocol from ASIAN 2006

The certificateless authenticated key agreement protocol proposed by Mandt et al does not haVE the property of key-compromise impersonation （K-CI） resilience. An improved protocol with a simple modification of their protocol is proposed in this paper. In particular, our improved protocol is proved to be immune to the K-CI attack and at the same time possess other security properties.     

Verifiable （ t, n） Threshold Signature Scheme Based on Elliptic Curve

Based on the difficulty of solving the ECDLP (elliptic curve discrete logarithm problem) on the finite field, we present a (t, n) threshold signature scheme and a verifiable key agreement scheme without trusted party. Applying a modified elliptic curve signature equation, we get a more efficient signature scheme than the existing ECDSA (ellipticcurve digital signature algorithm) from the computability and security view. Our scheme has a shorter key, faster computation, and better security.     

Probabilistic Analysis on Connectivity for Sensor Grids with Unreliable Nodes

0 IntroductionWireless sensor networks consist of manynodes , each containing application-specificsensors ,a wirelesstransceiver ,anda si mple proces-sor[1-4]. Sensor networks have extensive applica-tions . A large number of research results can beseenin Refs .[5-7] .This paper mainly concerns with sensor net-works that are inherently unreliable. We consider anetwork with mn nodes ,arranged in a grid over asquare region of areaA. This model was presentedin[8 ,9].Each nodeis a sensor ,and can…     

Dynamic Vector Space Secret Sharing Based on Certificates

A vector space secret sharing scheme based on certificates is proposed in this paper. The difficulties of solving discrete logarithm assure confidential information＇s security, and the use of each participant＇s certificate makes the dealer have no need to transfer secret information to the participants. The proposed scheme is dynamic. It can effectively check cheaters and does not have secure channel requirements.     

A mobile accessible closed multi-part group communication scheme in IPv6 network

To solve the problems of current IP multicast which includes poor inter-domain many-to-many group support, security vulnerabilities and dependency to specific multicast infrastructure, a mobile accessible closed multi-part group （MACMPG） communication protocol in IPv6 network is proposed. By extending the single source multicast protocol, the communication channel for multi-part group communication across domains is established. Based on lPv6 CGA, the secure closed group communication scheme is designed. The access to the multicast traffic only confined to the authorized senders and receivers and only trusted routers are allowed to be the branch points of MACMPG tree. By tunneling mechanism, the MACMPG traffic can be transmitted across non-MACMPG routing area, and the mobile nodes can join the group remotely and roam freely between domains, which eliminates the dependency on specific IP multicast routing.     

An Efficient Multicast Source Authentication Protocol

We propose an efficient multicast source authentication protocol called efficient multi-tree-chains scheme （EMTC）, which shows more loss resistibility, less communication cost, and no delay at receivers. The EMTC scheme is based on combination of single Chain scheme and Hash Tree Chains scheme, and integrates the advantages of both. In this scheme, stream is firstly divided into blocks with n packets, and each block consists of m clusters, everyone of which contains a tree of packets. All clusters are chained together. Through EMTC, packets of one cluster can be authenticated by any packet of the previous cluster. Compared to other multicast authentication protocols, the proposed scheme has the following advantages： ① dramatically improves the resistance to burst packets loss; ② low computation and communication overhead; ③ imposes low delay on the sender side and no delay on the receiver side.     

Analysis and Application for Integrity Model on Trusted Platform

To build a trusted platform based on Trusted Computing Platform Alliance (TCPA)‘s recommendation, we analyze the integrity mechanism for such a PC platform in this paper. By combinning access control model with information flow model, we put forward a combined process-based lattice model to enforce security. This model creates a trust chain by which we can manage a series of processes from a core root of trust module to some other application modules. In the model,once the trust chain is created and managed correctly,the integrity of the computer‘s hardware and sofware has been mainfained, so does the confidentiality and authenticity. Moreover, a relevant implementation of the model is explained.     

Transmutation Scheme of Coin Flipping Protocol and Utilization

Coin flipping by telephone protocol（CFP） is utilized in a system to exchange a binary sequence at random between two person apart far from each other. However, CFP cannot he used in a system with many users like in a group environment system. A transmutation of CFP named T-CFP is proposed in this paper. The precondition of T-CFP is the system＇s user trusts the system center and center＇s cheating is meaningless at the same time. The significant difference between CFP and T-CFP is that CFP supports only two users while T-CFP can support many users to exchange special information. The security and efficiency of T-CFP are discussed with a detailed example on T-CFP utilization is demonstrated in this paper.     

Trustworthiness Technologies of DDSS

The most significant strategic development in information technology over the past years has been ＂trusted computing＂ and trusted computers have been produced. In this paper trusted mechanisms adopted by PC is imported into distributed system, such as chain of trust, trusted root and so on. Based on distributed database server system （DDSS）, a novel model of trusted distributed database server system （TDDSS） is presented ultimately. In TDDSS role-based access control, two-level of logs and other technologies are adopted to ensure the trustworthiness of the system.     

Security Considerations Based on PKI/CA in Manufacturing Grid

In the manufacturing grid environment, the span of the consideration of security issues is more extensive, and the solutions for them are more complex, therefore these problems in manufacturing grid can＇t longer be addressed by existing security technologies. In order to solve this problem, the paper first puts forward the security architecture of manufacturing grid on the basis of the proposal of the security strategies for manufacturing grid; then the paper introduces key technologies based on public key infrastructure-certificate authority （PKI/CA） to ensure the security of manufacturing grid, such as single sign-on, security proxy, independent authentication and so on. Schemes discussed in the paper have some values to settle security problems in the manufacturing grid environment.     

一种用于复杂移动网络的安全路由协议设计

在复杂移动网络中,当前路由协议认证过程较为复杂,无效路径较多。设计一种用于复杂移动网络的安全路由协议。协议设计过程包括身份认证阶段和路由发现阶段,通过对复杂移动网络中新的邻居节点进行身份认证,判断该节点是否可加入到其他各节点的通信路由表中。通过建立路由请求消息RREQ,将其向相邻节点广播,获取目标节点。通过建立路由响应信息RREP,传输至其前趋节点。获取由前趋节点重新建立的路由响应消息RREP,继续传输至其前趋节点。以此类推,直至回到源节点,将路由发现过程经历的所有路径进行存储,最终得到有效路由协议。以振动环境下复杂传感网络为基础进行测试,结果表明,所设计安全路由协议具有较优的包传输率、网络吞吐量和包丢失率,安全性高。