共查询到20条相似文献,搜索用时 31 毫秒
1.
XIANG Guangli ZHU Ping ZHANG Junhong MA Jie 《武汉大学学报:自然科学英文版》2006,11(6):1609-1612
0 IntroductionNow,the encrypt technology is the main means to com-municatein security. Key management is i mportant al-so. The reason is that all encrypt technology depend on keywhichis a complex security problem. Besides , key manage-ment is different to different encrypt system[1-3].Key manage-ment includes production, storage, distribution, delete, pi-geonhole and application of the key. The problems involvesysteminitialization,the production of key,storage,to re-sume, enclose, distributio… 相似文献
2.
对Zheng的可认证密钥协商协议进行改进,提出基于身份签密的可认证密钥协商协议。该协议具有签密技术的优点,在同一个逻辑步内同时实现了认证和加密两项密码功能,提高了协议的效率;基于身份的公钥密码系统的使用,降低了建立和管理公钥基础设施的代价,用户无需存储、管理和传输公钥及其证书;另外,椭圆曲线上双线性对使协议能以短的密钥和小的计算量实现同等安全要求。文中所提的可认证密钥协商协议具有计算量和传输量小,安全性高的特点。 相似文献
3.
Efficient Authenticated Key Agreement Protocol Using Self-Certified Public Keys from Pairings 总被引:1,自引:0,他引:1
SHAOZu-hua 《武汉大学学报:自然科学英文版》2005,10(1):267-270
An efficient authenticated key agreement protocol is proposed, which makes use of bilinear pairings and selfcertified public keys. Its security is based on the security assumptions of the bilinear Diffie-Hellman problem and the computational Diffic-Hellman problem. Users can choose their private keys independently. The public keys and identities of users can bc verified implicitly when the session key being generating in a logically single step. A trusted Key Generation Center is no longer required as in the ID-based authenticated key agreement protocols. Compared with existing authenticated key agreement protocols from pairings, the new proposed protocol is more efficient and secure. 相似文献
4.
群组密钥协商是保证无线网络群组安全通信的重要工具之一。2007年,Tseng等提出一种适合无线移动网络的高效群组密钥协商协议。对Tseng协议安全性进行分析,发现Tseng协议不具备认证性,不能抵御主动攻击。因此,通过改进Tseng协议,提出一种新的动态可认证群组密钥协商协议。该协议基于身份的公钥密码体制,降低了建立和管理公钥基础设施的代价;同时,协议支持节点间的相互认证。分析结果表明:协议满足群组密钥所要求的安全准则,降低了普通节点的计算和通信成本。 相似文献
5.
SHI Yijuan LI Jianhua 《武汉大学学报:自然科学英文版》2007,12(1):71-74
0 Introduction To simplify the management of certificates of tradi- tional PKI, Shamir[1] proposed the identity-based public key cryptography (ID-PKC) in which the public key of each party is derived directly from certain aspects of its identity, for exam… 相似文献
6.
目前对于密钥交换协议的研究越来越多,如基于Diffie-Hellman的密钥交换协议。但是对于密钥的认证却没有很好地解决,如何保证参与方的认证?例如在Diffie-Hellman密钥交换协议中,如何防止中间人攻击。目前的方案需要可信的第三方TTP(Trusted Third Party)的支持;密钥的更新和管理有困难,不同的域无法完成密钥交换。现提出一种新的域间基于身份认证的密钥交换协议,一方面使得在不同域间的用户也可以交换密钥;另一方面用户使用基于身份的密钥产生方案可以对用户进行认证。 相似文献
7.
为了降低计算开销,提高安全性,通过 Diffie-Hellman 协议建立密钥共享,结合用户身份信息,以 VBNNIBS 签名思想作为基础,提出了一种可认证的两方密钥协商方案。密钥生成中心 KGC 结合用户身份信息仅为用户生成部分私钥和公钥,其完整的私钥和公钥由用户结合自己的长期私钥生成,安全性基于椭圆曲线离散对数问题。方案中无双线性对运算,只需椭圆曲线上4次点乘运算、1次模运算、3次哈希运算,通信双方只需2次通信就可实现双方认证和密钥协商,提高了密钥产生的效率。分析表明,该方案具有完美前向保密性、抗密钥泄露伪装攻击、已知会话密钥通信安全、非密钥控制、抗重放攻击等安全属性。性能及安全性比较表明,该方案在安全性和性能方面具有较大的优势,适用于资源受限的无线网络通信环境中。 相似文献
8.
In the cloud computing, different cloud service providers are often in different trust domains. As the traditional identity authentication mode cannot be applied to the cloud computing, the cross-domain identity authentication mechanism is needed to solve the identity authentication problem in the cloud computing. In view of the security problems in cloud computing, a cross-domain identity authentication scheme based on group signature is proposed. This scheme introduces a group of cloud service providers and users who are located in different trust domains. Any member of the group can generate the signature on behalf of the whole group, making the user access the cloud service provider in the case of privacy security. At the same time, with traceability it can track illegal operation of illegal users. In addition, the scheme uses the Chinese Remainder Theorem to integrate the message, and it can control the length of the data in the calculation process, simplifying the calculation process. It also realizes the join and revocation of group members without changing the key of other legitimate group members, and the maintenance cost of authentication schemes is low. The results show that the scheme has the advantages of anonymity, anti-counterfeit, traceability, anti-joint attack and so on. It can not only realize tracking function under the condition of guaranteeing user's privacy, but can also simplify the authentication calculation process to improve the efficiency of the cross domain identity authentication, and its performance is more suitable for large-scale cloud computing environment. 相似文献
9.
为了提供密钥认证并降低开销,将三叉树引入到群密钥协商中,使计算开销降低到O(log3n).通过引入群长期密钥(群公钥证书)为密钥树中的内部节点提供身份信息,并在群密钥中结合了成员和群的长期密钥及临时密钥,该方案提供了隐含密钥认证,能够抵抗主动攻击.该设计思想可以作为把可认证的两方和三方密钥协商协议扩展到多方的一种通用方法. 相似文献
10.
TANG Xueming WANG Xiaofei HONG Fan CUI Guohua 《武汉大学学报:自然科学英文版》2006,11(5):1267-1270
0 IntroductionThe security of most commonly used cryptographicschemesis essentially based onthree families of compu-tational problems :the integer factoring problem(RSAprob-lem) ,the Diffie-Hell man problemand the discrete logarithmproblem,andthe elliptic curve variants thereof .Inthe middleof 1990s , Shor[1], Bonehet al[2]presented some remarkablequantumalgorithms which can solveinteger factoring problemand discrete logarithmproblemover any group including Ga-lois fields and elliptic curve… 相似文献
11.
基于Pairing计算和密钥树提出了一种高效的动态群密钥协商方案.通过引入群公钥证书并在群密钥中结合群以及成员的长期密钥和临时密钥,提供了隐含密钥认证,以有效地对抗中间人攻击.此外,该方案的设计思想可以作为一种通用方法,把可认证两方Diffile-Hellman协议扩展到群环境. 相似文献
12.
HAO Liming SUN Xun YANG Shutang LU Songnian 《武汉大学学报:自然科学英文版》2007,12(1):101-104
Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by which a trusted computer assures a remote computer whose platform is not tampered with. There are two protocols that implement attestation without disclosing the platform's real identity, which are Privacy CA-based protocol and direct anonymous attestation (DAA) protocol. However, in the first protocol the privacy CA is the bottleneck and the platform's identity will be disclosed if the privacy CA is compromise, while DAA protocol can do profiling when dealing with rogue hardware device. In this paper, we propose a DAA-extended new approach to ensure full anonymous attestation that can not only detect a rogue TPM, but also reveal rogue TPM's real identity. 相似文献
13.
Protocols for authentication and key establishment have special requirements in a wireless environment. This paper presents a new key agreement protocol HAKA (home server aided key agreement) for roaming scenario. It is carried out by a mobile user and a foreign server with the aid of a home server, which provides all necessary authentications of the three parties. The session key can be obtained by no one except for the mobile user and the foreign server. HAKA is based on Diffie-Hellman key exchange and a secure hash function without using any asymmetric encryption. The protocol is proved secure in Canetti-Krawczyk (CK) model. 相似文献
14.
为了解决当前基于云计算技术的弹性应用程序模型安全通信问题,该文提出一种群密钥管理方案。这一方案使用分类预测和基于公钥密码学的密钥交换方法相结合的方式,通过数据挖掘中的分类预测方法来完成密钥协商过程中的认证操作,并使用公钥密码学中的密钥共享技术实现密钥的交换。对所设计的方案进行了能耗分析并与其他方案进行了对比。分析结果表明:本文方案可以有效降低密钥交换协议的能量消耗,适用于移动设备安全通信。 相似文献
15.
在云计算环境中,用户把敏感数据外包在云端,所以数据强制访问控制成为目前云计算研究中亟需解决的问题。当前常用的解决算法是加密数据密钥,但这种算法因密钥分发及数据管理导致计算开销大。因此,提出一种新的云计算环境中数据分布式强制访问控制算法,介绍了云计算环境中数据访问流程,分析基于密文策略和属性的加密算法,利用属性集合对云计算环境中的用户身份进行描述,通过访问控制树表示数据分布式强制访问控制结构,在用户属性集符合既定访问控制结构的情况下,用户才能够完成对数据的解密。通过属性私钥申请、文件上传和文件下载三个过程实现数据分布式强制访问控制。实验结果表明,所提算法在效率、安全性、内存消耗和控制精度四个方面均显示出了很大的优势。 相似文献
16.
A new multi-signature scheme was proposed with the extension of the direct anonymous attestation (DAA) protocol supported
by trusted computing (TC) technology. Analysis and simulation results show that the signer’s privacy is well protected with
dynamic anonymity, the public key and signatures have length independent of the number of signature members, new signers are
allowed to join the signature without modifying the public key, and attacks caused by secret key dumping or leaking can be
avoided.
Biography: HAO Liming (1982–), male, Ph.D. candidate, research direction: trusted computing and trust management in P2P system. 相似文献
17.
针对目前以PKI技术为基础的网格安全基础设施认证机制存在的用户规模小、效率低、依赖第三方机构在线运行等问题,提出了基于组合公钥密码的网格身份认证机制.该机制根据离散对数难题的数学原理构建公开密钥与私有密钥矩阵,生成数量庞大的由公开密钥与私有密钥组成的公私钥对,从而实现基于标识的超大规模的密钥生产与分发.通过在网格应用中实现该机制,和网格安全基础设施的认证效率进行了比较,验证了基于组合公钥密码的网格身份认证机制的可行性和高效性. 相似文献
18.
移动Ad Hoc网络基于椭圆曲线密码体制的安全性研究 总被引:2,自引:0,他引:2
安全性是限制移动Ad Hoc网络广泛应用的主要瓶颈;Ad Hoc网络的安全问题表现为密钥生成、密钥管理和路由安全方面.基于椭圆曲线的密码体制以其更短的密钥长度以及较低的资源需求,更适合应用于资源有限的Ad Hoc环境中、对移动Ad Hoc网络,首先给出基于椭圆曲线密码体制的GDH、3协议产生组密钥的方案;其次利用椭圆曲线密码体制实现安全路由协议SAODV(Securing Ad Hoc on—demand distance vector muting),并通过试验进一步验证了方案的可行性. 相似文献
19.
Cloud storage service reduces the burden of data users by storing users’ data files in the cloud. But, the files might be modified in the cloud. So, data users hope to check data files integrity periodically. In a public auditing protocol, there is a trusted auditor who has certain ability to help users to check the integrity of data files. With the advantages of no public key management and verification, researchers focus on public auditing protocol in ID-based cryptography recently. However, some existing protocols are vulnerable to forgery attack. In this paper, based on ID-based signature technology, by strengthening information authentication and the computing power of the auditor, we propose an ID-based public auditing protocol for cloud data integrity checking. We also prove that the proposed protocol is secure in the random oracle model under the assumption that the Diffie-Hellman problem is hard. Furthermore, we compare the proposed protocol with other two ID-based auditing protocols in security features, communication efficiency and computation cost. The comparisons show that the proposed protocol satisfies more security features with lower computation cost. 相似文献
20.
提出一种基于Paillier同态公钥密码体制的两方安全议价协议,该协议在保障出价信息的私密性和结果正确的前提下,防止了议价成功后,双方对议价的篡改从而欺骗对方,并且不需要第三方的参与,最终的成交价格均可由议价双方计算得到。通过对复杂度和安全性的分析可知,该协议具有较高的执行效率和安全特性。 相似文献