基于身份的移动网动态可认证群组密钥协商协议

群组密钥协商是保证无线网络群组安全通信的重要工具之一。2007年,Tseng等提出一种适合无线移动网络的高效群组密钥协商协议。对Tseng协议安全性进行分析,发现Tseng协议不具备认证性,不能抵御主动攻击。因此,通过改进Tseng协议,提出一种新的动态可认证群组密钥协商协议。该协议基于身份的公钥密码体制,降低了建立和管理公钥基础设施的代价;同时,协议支持节点间的相互认证。分析结果表明：协议满足群组密钥所要求的安全准则,降低了普通节点的计算和通信成本。     

Two-Party Authenticated Key Agreement in Certificateless Public Key Cryptography

0 Introduction To simplify the management of certificates of tradi- tional PKI, Shamir[1] proposed the identity-based public key cryptography (ID-PKC) in which the public key of each party is derived directly from certain aspects of its identity, for exam…     

基于签密技术的可认证密钥协商协议

对Zheng的可认证密钥协商协议进行改进，提出基于身份签密的可认证密钥协商协议。该协议具有签密技术的优点，在同一个逻辑步内同时实现了认证和加密两项密码功能，提高了协议的效率；基于身份的公钥密码系统的使用，降低了建立和管理公钥基础设施的代价，用户无需存储、管理和传输公钥及其证书；另外，椭圆曲线上双线性对使协议能以短的密钥和小的计算量实现同等安全要求。文中所提的可认证密钥协商协议具有计算量和传输量小，安全性高的特点。     

一种安全高效的认证密钥协商协议

SAKA协议不具有密钥泄露安全性。为此，按照L．Law所定义的认证密钥协商协议的安全特性，提出一种基于椭圆曲线密码体制的安全高效认证密钥协商协议——SEAK协议。对本协议的安全性进行分析，证明了它在ECDH难解的前提下是安全的协议；因为SEAK协议平均只需2个整乘和2次信息交换次数，所以它是一个高效率的协议。     

基于Pairing的可认证的群密钥协商协议

基于Pairing计算和密钥树提出了一种高效的动态群密钥协商方案.通过引入群公钥证书并在群密钥中结合群以及成员的长期密钥和临时密钥,提供了隐含密钥认证,以有效地对抗中间人攻击.此外,该方案的设计思想可以作为一种通用方法,把可认证两方Diffile-Hellman协议扩展到群环境.     

一种基于椭圆曲线的多方密钥交换协议

在分析已有的Differ-Hellman两方密钥交换协议的基础上,提出了一种基于椭圆曲线的多方密钥协商协议,把椭圆曲线公钥密码体制运用于密钥协商的认证过程,能够有效地防止中间人攻击和重放攻击,保证了密钥协商协议的安全性和实用性.     

Efficient Authenticated Key Agreement Protocol Using Self-Certified Public Keys from Pairings

An efficient authenticated key agreement protocol is proposed, which makes use of bilinear pairings and selfcertified public keys. Its security is based on the security assumptions of the bilinear Diffie-Hellman problem and the computational Diffic-Hellman problem. Users can choose their private keys independently. The public keys and identities of users can bc verified implicitly when the session key being generating in a logically single step. A trusted Key Generation Center is no longer required as in the ID-based authenticated key agreement protocols. Compared with existing authenticated key agreement protocols from pairings, the new proposed protocol is more efficient and secure.     

Escrow-Free Certificate-Based Authenticated Key Agreement Protocol from Pairings

Key agreement protocols are essential for secure communications. In this paper, to solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement （CB-AK） protocol with perfect forward secrecy is proposed. Our protocol makes use of pairings on elliptic curves. The protocol is described and its properties are discussed though comparison with Smart＇s protocol.     

基于可信第三方的快速域间垂直切换认证协议

针对异构无线网络中的域间垂直切换,提出一种基于可信第三方的切换认证和密钥协商协议,协议分别考虑了向上切换和向下切换两种切换场景.文中还改进了一种三方密钥分配协议,用于实现域间垂直切换认证过程中的临时密钥分配.分析比较表明,该方案在安全和性能上具有较好的折中性.     

一个动态的安全有效的群密钥协商协议

提出一个动态对等网中的2轮密钥协商协议，并证明此协议抗被动攻击，满足完全前向安全性和密钥独立性. 协议由ElGamal加密和签名算法组合而成，简单而且有效. 此外，协议基于广播信道，所以也适用于无线网络(尤其是ad hoc)中的群成员协商会话密钥.     

多PKG环境下无双线性对的基于身份AKA协议

提出一种多PKG环境下无双线性对的基于身份AKA协议, 且在随机预言模型下, 将协议的安全性证明规约到标准的计算性CDH假设。提出了相应的基于身份XCR与DCR签名体制, 通过对两处体制进行安全性证明, 实现对新协议的安全性证明。通过与已有协议的相关性能比较体现了新协议的优点。     

无线网中基于ECC的认证和密钥交换协议

为适应密码技术在无线通信中的应用要求,Aydos、Mangipudi等人以椭圆曲线密码为基础,分别提出了适用于无线通信网络的身份认证和密钥交换协议.而研究发现,这些协议中仍存在中间人攻击、服务后否认、假冒攻击等安全隐患,且不能提供前向保密性.为此,本文提出一个安全的身份认证和密钥交换协议,经验证说明该协议不仅能防止上述安全隐患,而且执行效率更好,适于为无线通信环境中用户端与服务器间进行相互认证,建立一个双方共享的会话密钥.     

Authenticated Diffie-Hellman key agreement protocol with forward secrecy

Forward secrecy is an important security property in key agreement protocol. Based on Ham＇s protocol, in this paper a new authenticated Diffie-Hellman key agreement protocol with half forward secrecy is proposed. This protocol is also based on a single cryptographic assumption, and is user authentication and shared key authentication. More importantly, our protocol provides forward secrecy with respect to one of the parties. For this reason, besides the advantages of Ham＇s protocol, in practice, our protocol can reduce the damages resulted from the disclosure of the user＇s secret key and it is very beneficial to today＇s communication with portable devices.     

标准模型下基于身份的两方认证密钥协商协议

采用MTI协议族的思想,设计了一个新的标准模型下基于身份的两方认证密钥协商协议IBAKE,并形式化证明了该协议的安全性.与现有的标准模型下基于身份的密钥协商协议相比,IBAKE协议在计算效率、通信效率等方面性能更加优越.     

Homomorphism key agreement based on RSA

0 IntroductionNow,the encrypt technology is the main means to com-municatein security. Key management is i mportant al-so. The reason is that all encrypt technology depend on keywhichis a complex security problem. Besides , key manage-ment is different to different encrypt system[1-3].Key manage-ment includes production, storage, distribution, delete, pi-geonhole and application of the key. The problems involvesysteminitialization,the production of key,storage,to re-sume, enclose, distributio…     

Identity Based Group Key Agreement in Multiple PKG Environment

Secure and reliable group communication is an increasingly active research area by growing popularity in group-oriented and collaborative applications. In this paper, we propose the first identity-based authenticated group key agreement in multiple private key generators （PKG） environment. It is inspired on a new two-party identity-based key agreement protocol first proposed by Hoonjung Lee et al. In our scheme, although each member comes from different domain and belongs to different PKGs which do not share the common system parameters, they can agree on a shared secret group key. We show that our scheme satisfies every security requirements of the group key agreement protocols.     

An efficient identity-based key agreement protocol in a multiple PKG environment

Identity-based key agreement protocol affords a natural way to combine the participant’s identity with its public key.However,most of them just consider the key agreement in a single private key generator(PKG)environment.In addition,the existing key agreement protocols have a great computing overhead for mobile computing which is more and more popular today.This paper proposes a new identity based key agreement protocol.With the help of mathematical tools,we make our protocol applied in multiple PKG environment.It also satisfies all the security properties which is set for key agreement protocol.Moreover,some of its time-consuming operations can be delivered to untrusted public computation resources,so its computing complexity can be greatly reduced.     

一种新的域间基于身份认证密钥协商协议

目前对于密钥交换协议的研究越来越多,如基于Diffie-Hellman的密钥交换协议。但是对于密钥的认证却没有很好地解决,如何保证参与方的认证？例如在Diffie-Hellman密钥交换协议中,如何防止中间人攻击。目前的方案需要可信的第三方TTP（Trusted Third Party）的支持;密钥的更新和管理有困难,不同的域无法完成密钥交换。现提出一种新的域间基于身份认证的密钥交换协议,一方面使得在不同域间的用户也可以交换密钥;另一方面用户使用基于身份的密钥产生方案可以对用户进行认证。     

Breaking and repairing the certificateless key agreement protocol from ASIAN 2006

The certificateless authenticated key agreement protocol proposed by Mandt et al does not haVE the property of key-compromise impersonation （K-CI） resilience. An improved protocol with a simple modification of their protocol is proposed in this paper. In particular, our improved protocol is proved to be immune to the K-CI attack and at the same time possess other security properties.     

A deniable authenticated key agreement protocol

This paper presents a deniable authenticated key agreement protocol. This protocol can provide an authenticated session key while the sender and the receiver can deny their involvement in such a protocol if the protocol is executed successfully. Then both can deny their transmitted messages protected by the authenticated session key. If this protocol fails, no authenticated session key can be established and no protected messages can be transmitted. The protocol can be proved secure against key compromise impersonation attack. The protocol employs a new method to isolate a session key from confirmation keys.