基于双线性对的域间认证与密钥协商协议

结合代理签名和签密方案的特点,以双线性对为工具,设计了一个域间电子商务的认证与密钥协商协议。该协议能够实现移动用户与服务提供商之间的双向认证和移动用户的匿名性,并且会话密钥保持了新鲜性,做到一次一密钥,保证了协议的公平性和实用性,能够克服重放攻击、拒绝服务攻击、中间人攻击和密钥泄漏假冒攻击。     

一个高效的匿名口令认证密钥协商协议

匿名口令密钥协商(APAKE)协议在保持用户匿名性的同时,可以为网络上共享口令的通信双方建立会话密钥.分析了一个高效APAKE协议存在的安全问题,进而提出了新的高效匿名口令认证密钥协商协议,并对所提协议的安全性、匿名性和抗字典攻击等安全需求进行了分析.服务器和用户完成协议需要2次模幂运算,运算效率较高.     

可证明的基于扩展混沌映射的匿名多服务器身份认证协议

现有多服务器环境下的身份认证方案大多存在无法抵御各种安全攻击,不能实现匿名性等问题,基于扩展的混沌映射和生物特征方法提出了一种多服务器环境下的身份认证协议,实现用户与多服务器之间的身份认证,并在认证过程中协商了会话密钥。利用BAN逻辑对提出的协议进行了安全证明。安全性分析结果表明,本文的协议可抵御假冒攻击、离线口令猜测攻击、偷取智能卡攻击等,并具有强匿名性。最后,与现有的相关协议比较,本文的协议更安全高效,适合在实际中应用。     

一个基于SIP安全的三因子密钥认证协议

Yoon和Yoo运用椭圆曲线密码提出了一个新的基于会话发起协议(SIP)的三因子密钥认证方案并声称能够抵抗多种攻击.然而,作者研究发现Yoon和Yoo的方案不能抵挡伪造攻击和中间人攻击.为了改进以上缺陷,提出了一个安全、有效的三因子远程认证新方案并进行了安全性分析,分析表明新方案可以抵挡以上攻击并实现了用户匿名性.     

基于Hash函数与状态锁定的RFID认证协议研究

针对射频识别(RFID)系统中存在的标签数据机密、安全等问题,研究Hash函数相关协议与对称密钥机制的优缺点,提出一种基于Hash函数与状态锁定的安全认证协议.该协议采用单向Hash函数与对称加密方法,结合后台数据库与标签状态的锁定设置,并在认证结束后及时更新ID和密钥值,有效处理RFID认证阶段的安全风险问题.通过安全性分析表明,该协议既保证了标签的匿名性、完整性、机密性,又抵御了攻击者假冒、重传、去同步攻击,能较好地完成RFID系统中阅读器与标签的相互认证.     

安全的基于身份认证密钥协商协议

由于移动互联网络的快速发展,在不安全的移动通信环境中如何构造安全的密钥协商协议是一个富有挑战性的问题.2012年高海英设计并实现了一个在标准模型下的安全的认证密钥协商协议.通过对该协议的安全性分析,发现该协议在无会话密钥托管模式下并不满足PKG前向安全性.为了弥补该协议的不足,提出了一个安全的基于身份认证密钥协商协议.该协议能够抵抗未知密钥共享和密钥泄露伪装攻击,同时具有前向安全性和已知密钥安全等安全性质.方案的安全性分析表明,新的方案比高海英的协议具有更高的安全性.     

基于Pairing的可认证的群密钥协商协议

基于Pairing计算和密钥树提出了一种高效的动态群密钥协商方案.通过引入群公钥证书并在群密钥中结合群以及成员的长期密钥和临时密钥,提供了隐含密钥认证,以有效地对抗中间人攻击.此外,该方案的设计思想可以作为一种通用方法,把可认证两方Diffile-Hellman协议扩展到群环境.     

一种高效的匿名口令认证密钥交换协议

针对云计算等网络新应用中用户隐私保护问题,提出了基于椭圆曲线CDH假设的匿名口令认证密钥交换APAKE协议,通过它用户既能与服务器建立共享会话密钥,又不会暴露其真实身份信息.通过系统模型、安全模型定义及严格的形式化证明,验证了此APAKE协议满足正确性、PAKE安全性及用户匿名性.通过与现有协议对比分析表明:所提APAKE协议既能抵抗身份冒充攻击及离线口令猜测攻击,也提供双向认证;协议效率得到很大提高,客户端及服务器端计算复杂度均有大幅降低.     

基于SRP-6协议的认证与密钥交换方案

针对Web服务中身份认证的问题,分析了SRP-6(Secure Remote Password-6)协议的密钥交换机制,提出了一种基于简单对象访问协议(SOAP)和SRP-6协议的认证与密钥交换方案(SRP-over-SOAP).该方案将SOAP消息进行扩展,通过在SOAP头中加入标记,实现了SOAP消息对SRP认证信息的传递.文中还将该方案用于Web服务,实现了服务器和客户机间的双向身份认证.     

一种新的域间基于身份认证密钥协商协议

目前对于密钥交换协议的研究越来越多,如基于Diffie-Hellman的密钥交换协议。但是对于密钥的认证却没有很好地解决,如何保证参与方的认证？例如在Diffie-Hellman密钥交换协议中,如何防止中间人攻击。目前的方案需要可信的第三方TTP（Trusted Third Party）的支持;密钥的更新和管理有困难,不同的域无法完成密钥交换。现提出一种新的域间基于身份认证的密钥交换协议,一方面使得在不同域间的用户也可以交换密钥;另一方面用户使用基于身份的密钥产生方案可以对用户进行认证。     

移动支付的安全性与解决措施探讨

随着移动电子商务的迅速发展．移动支付越来越融入到人们的生活中．移动支付是移动电子商务的关键．针对移动支付的分类、发展、移动支付的安全性等方面进行分析,并提出了基于硬件安全模块SE的保护、客户端与服务器间加密认证及采取合理的监管措施等移动支付安全的措施．以求为用户移动支付寻找一个安全性较高的环境．     

Scheme on Cross-Domain Identity Authentication Based on Group Signature for Cloud Computing

In the cloud computing, different cloud service providers are often in different trust domains. As the traditional identity authentication mode cannot be applied to the cloud computing, the cross-domain identity authentication mechanism is needed to solve the identity authentication problem in the cloud computing. In view of the security problems in cloud computing, a cross-domain identity authentication scheme based on group signature is proposed. This scheme introduces a group of cloud service providers and users who are located in different trust domains. Any member of the group can generate the signature on behalf of the whole group, making the user access the cloud service provider in the case of privacy security. At the same time, with traceability it can track illegal operation of illegal users. In addition, the scheme uses the Chinese Remainder Theorem to integrate the message, and it can control the length of the data in the calculation process, simplifying the calculation process. It also realizes the join and revocation of group members without changing the key of other legitimate group members, and the maintenance cost of authentication schemes is low. The results show that the scheme has the advantages of anonymity, anti-counterfeit, traceability, anti-joint attack and so on. It can not only realize tracking function under the condition of guaranteeing user's privacy, but can also simplify the authentication calculation process to improve the efficiency of the cross domain identity authentication, and its performance is more suitable for large-scale cloud computing environment.     

A solution to the anonymity of the mobile subscriber

The user anonymity mechanism provided in GSM and UMTS network is analyzed,and a new approach to solve the anonymity of mobile subscriber is proposed in this paper.Using the ciphering algorithm with a dynamic key and a static key,the method allows mobile subscribers to connect network with user anonymity,and it can be seamlessly integrated with the existing authentication algorithms.The analyses reveal that the proposed scheme can provide the integrity protection of messages,prevent the replay attacks,and be implemented easily.     

An Association Ring Signature for Block Chain E-Money Transactions

Block chain is widely used in the financial field for its characteristics of decentralization, anonymity and trust. Electronic money payment is an important application hotspot. Ring signature is widely used in strong anonymous authentication such as electronic cash and electronic voting because of its unconditional anonymity, spontaneity and flexible group structure. Among them, the correlation ring signature can prove whether two signatures are issued by the same person without revealing the identity of the real signer. Therefore, the signature right breach can be avoided based on the premise of guaranteeing anonymity, such as repeated voting, electronic money repetition cost and so on. Most of the existing correlation ring signature security is based on the discrete logarithm problem, and most of the schemes result in the degradation of anonymity because of strong association. These methods do not apply to the block chain electronic currency transaction scene with strong anonymity. Therefore, this paper first proposes a blockchain-based electronic currency transaction security model. The model ensures not only the anonymity of both parties but also a certain degree of traceability. In order to support these two characteristics, this paper proposes an association ring signature method based on large integer decomposition problem. This method has strong anonymity and can be applied to blockchain scenes. On the other hand, it can be converted into group signatures in specific scenarios. It is therefore traceable. Finally, the adaptive selection message of the scheme and the unforgeability under the selection of public key attack are proved under the random oracle model.     

一种基于ECDLP有身份认证的ECDH密钥协商方案

为了解决ECDH（elliptic curve key agreement scheme-diffice-hellman version）密钥协商方案中,通信双方在公开信道上通过协议协商会话的临时密钥及双方都不能识别对方身份的问题。在研究ECDH密钥协商算法的基础上,提出了一种基于安全椭圆曲线离散对数问题的有身份认证的ECDH密钥协商方案。该方案可以实现密钥协商双方的双向身份认证,有效地防止了中间人的攻击。通过对密钥协商消息的双重保护,实现了公开信道上安全通信。     

一种基于概率投票的新型高效微支付方案

提出了一种新型的高效微支付方案，它允许客户使用一个由银行签名的公钥证书与多个商家进行交易，通过在支付阶段采用概率投票的方法，大大减少了客户进行超支花费的概率．在本方案中，因客户超支花费而造成的经济损失是由商家和银行共同承担的，且循环交互支付协议也使客户和商家的利益都得到了保障．与PayWord方案相比，其公平性大大提高，并为客户提供了有限的匿名性。     

Fair Micropayment System Based on Hash Chains

Micropayment schemes usually do not provide fairness, which means that either the customer or the merchant, or both, can cheat each other and gain a financial advantage by misusing the protocols. This paper proposes an efficient hash chain-based micropayment scheme, which is an offline, prepaid scheme that supports simpler divisibility of digital coins. In the execution of payment protocol, the customer‘s disbursement and the merchant‘s submittal are performed step by step, whoever cannot gain addition profits even if he breaks off the transaction. The hash chain can also be used for transactions with different merchants. Unlike other micropayment schemes, e.g., PayWord, no public-key operation is required, which improves the efficiency. The scheme also provides restricted anonymity.     

Anonymous Authentication Scheme Based on Smart Card and Biometrics in the Electronic Medical Environment

With the existing anonymous authentication schemes based on biometrics, the user and the server can create the same session key after mutual authentication. If the anonymous authentication scheme is applied in the electronic medical environment, it is also necessary to consider that the patient may access multiple hospital servers. Based on three factors of smart card, random number and biometrics, an anonymous authentication scheme in the electronic medical environment is proposed. In order to reduce the burden of the medical registration and certification center(HC), in the proposed anonymous authentication scheme, the patient only needs to register with HC once, then he/she can apply for visiting each hospital that has joined the medical servers. Security analysis shows that the proposed scheme has anonymity and dual authentication, and can resist various types of attacks, such as insider attack, modification attack, replay attack and smart card loss attack. Efficiency analysis shows that the calculation cost of the proposed scheme in the registration and login phase is lower, and it is slightly higher than Lei's scheme and Khan et al's scheme in the authentication phase. The proposed scheme can not only resist various types of attacks, but also support dual authentication and multi-server environment. With a little modification, the proposed scheme can also be used to other application scenarios requiring anonymous authentication.     

用于互联网多媒体通信的SIP安全方案

针对传统基于软件的SIP安全方案容易被盗用、欺骗和入侵的问题,结合可信计算技术,设计了对终端系统与用户身份的双层认证结构,提出了一种使用SIP进行互联网多媒体通信的安全方案.该方案利用可信平台模块和直接匿名证明算法设计了新的SIP注册协议,提高了多媒体通信系统的安全性.文中还利用可证明安全模型证明了注册协议的安全性,并对整个方案的特点进行了分析.