Universal designated multi verifier signature scheme without random oracles

In this paper, we re-formalize the security notions of universal designated multi verifier signature （UDMVS） schemes. Then the first UDMVS scheme is presented in the standard model （i.e. without random oracles） based on Waters＇ signature scheme. In this setting, a signature holder can to designate the signature to multi verifiers. Moreover, the security of our proposed scheme is based on the Gap Bilinear Difffie-Hellman assumption.     

基于模糊属性的跨校无线漫游认证机制研究

随着移动互联的发展,针对多个学校网络用户漫游时的认证问题,利用双线性对的特性,基于Shamir的拉格朗日差值多项式,提出了一种基于模糊属性的跨校无线漫游认证机制,方案中只有拥有不少于系统发布的授权属性集中一定个数的用户才可以被认证成功。该机制不涉及用户身份隐私信息,通过用户属性更新机制及漫游用户更新机制,对被认证用户的描述更加灵活,确保了认证的正确执行及用户信息的安全;同时不需要将用户信息返 回到原属学校进行认证,提高了认证效率。分析和实践表明,此机制可抵抗中间人攻击、重放攻击和合谋攻击,可满足无线网络环境用户漫游认证的安全需求,为多个学校间学术交流和资源共享提供了保障。     

Fuzzy Privacy Decision for Context-Aware Access Personal Information

A context-aware privacy protection framework was designed for context-aware services and privacy control methods about access personal information in pervasive environment. In the process of user＇s privacy decision, it can produce fuzzy privacy decision as the change of personal information sensitivity and personal information receiver trust. The uncertain privacy decision model was proposed about personal information disclosure based on the change of personal information receiver trust and personal information sensitivity. A fuzzy privacy decision information system was designed according to this model. Personal privacy control policies can be extracted from this information system by using rough set theory. It also solves the problem about learning privacy control policies of personal information disclosure.     

An efficient identity-based anonymous signcryption scheme

Signcryption is a cryptographic primitive that performs encryption and signature in a single logical step more efficiently than sign-then-encrypt approach. Till now, various kinds of signcryption schemes have been proposed. Among them, the requirement of signcrypter＇s privacy protection is needful in some practical applications. In this paper, a new identity-based anonymous signcryption scheme from hilinear pairings, which is the organic combination of identity-based ring signature and encryption scheme, is proposed. The proposed scheme is indistinguishable against the chosen ciphertext attack under the Decisional Bilinear Diffie-Hellman assumption in the random oracle model. Its unforgeability relies on the computational Diffieellman problem. Compared with the previous schemes, the new scheme is more efficient in computation.     

Another ID-Based Proxy Signature Scheme and Its Extension

So fur, the security of many proxy signatures has seldom been considered in a formal way and most of them cannot satisfy nonepudiation. In this work, a novel ID-based （Identity-based） proxy signature scheme is proposed by combining the proxy signature with ID-based public cryptography, and they formalize the notion of security for ID-based proxy signature schemes. And show that the security of the proposed scheme is secure. Compured with other proxy signature schemes, it does not need a secure channel. Thus, it is particularly suitable for the unreliable network computation environment. Finally, they extend proposed scheme to a proxy multi-signature which has the following advantages （1） the size of proxy multi- signature is independent of the number of delegating users; （2） the computation cost of proxy multi-signature only need two Weil paring.     

A secure and efficient ( t, n ) multi-secret sharing scheme

Based on Shamir's secret sharing, a (t, n) multi-secret sharing scheme is proposed in this paper.p secrets can be shared amongn participants, andt or more participants can co-operate to reconstruct these secrets at the same time, butt−1 or fewer participants can derive nothing about these secrets. Each participant's secret shadow is as short as each secret. Compared with the existing schemes, the proposed scheme is characterized by the lower complexity of the secret reconstruction and less public information. The security of this scheme is the same as that of Shamir's threshold scheme. Analyses show that this scheme is an efficient, computationally secure scheme. Foundation item: Supported by the Special Funds for Major State Basic Research Program of China (973 Program) (G19990358-04) Biography: PANG Liao-jun(1978-), male, Ph. D candidate, research direction: Internet security, cryptography, secure mobile agent system and e-commerce security technology.     

A Secure Anonymous Internet Electronic Voting Scheme Based on the Polynomial

In this paper, we use the polynomial function and Chaum＇s RSA （Rivest, Shamir, Adleman） blind signature scheme to construct a secure anonymous internet electronic voting scheme. In our scheme, each vote does not need to be revealed in the tallying phase. The ballot number of each candidate gets is counted by computing the degrees of two polynomials＇ greatest common divisor. Our scheme does not require a special voting channel and communication can occur entirely over the current internet.     

Research on transferable off-line electronic cash system

In this paper, a new cash scheme is proposed for electronic payment system, in which the cash can be transferred several times. When this kind of cash is used, the fraud such as double spending can be found out but the bank and the trusted party needs not be involved online in each transaction. This cash system is anonymous in normal transactions. But if a fraud happens, the trusted party can withdraw the anonymity to find out the cheater. The new cash scheme is transferable, anonymous, off-line and efficient.     

Trust calculation and delivery control in trust-based access control

Trust management system has been a promising approach to solve the access control problems in open multi-domain environments. However, the calculation of trust and the delivery of the trust are not addressed effectively in the existing trust management systems. To address the problems, this paper proposes a scheme of trust calculation and delivery control. Compared with the other schemes, it is simpler and more flexible, and also easier to be implemented.     

Security and privacy issues in electronic health network

Electronic health network(EHN) is an information system providing functions involved in e-health. In this paper, we devise mechanisms covering three important security and privacy issues of EHN including trust management, privacy preserving, and data sharing. First, we propose an authenticated key agreement scheme based on hierarchical identity-based signature(HIBS). We abstract a hierarchical architecture from the social network architecture of EHN. To support large-scale scenarios, we introduce a virtual signature generation phase into traditional HIBS, thus our scheme will be efficient even the depth is quite big. Second, we propose a fast data searching scheme based on symmetric searchable encryption(SSE). To improve the searching efficiency, we introduce a two-level cache structure into the traditional SSE. Third, we propose an access control scheme based on hierarchical identitybased encryption(HIBE). To make it a fine-grained scheme, we organize the data owner’s file in hierarchy and introduce a virtual key generation phase to traditional HIBE. Also, the scheme can provide delegation and revocation functions easily. Besides, our schemes guarantee known-key secrecy, forward secrecy, and antidirection secrecy and possess the resistance capability to collude-attack. Evaluation results show that our scheme indeed achieves the security and efficiency.     

Transmutation Scheme of Coin Flipping Protocol and Utilization

Coin flipping by telephone protocol（CFP） is utilized in a system to exchange a binary sequence at random between two person apart far from each other. However, CFP cannot he used in a system with many users like in a group environment system. A transmutation of CFP named T-CFP is proposed in this paper. The precondition of T-CFP is the system＇s user trusts the system center and center＇s cheating is meaningless at the same time. The significant difference between CFP and T-CFP is that CFP supports only two users while T-CFP can support many users to exchange special information. The security and efficiency of T-CFP are discussed with a detailed example on T-CFP utilization is demonstrated in this paper.     

A new secure password authentication scheme using smart cards

Thirteen security requirements for an ideal password authentication scheme using smart cards are listed and a new smart card based password authentication scheme with identity anonymity is proposed. The new scheme can satisfy all the listed ideal security requirements and has the following merits： （1） it can resist all the attacks listed in introduction; （2） less storage memory requirement due to no verification table stored in server; （3） low computational cost due to hash functions based operations; （4） even if the smart card is lost, the new system is still secure; （5） As user identity is anonymous, this scheme is more practical. The new proposed scheme can be applied in source constraint networks.     

面向多用户的多层嵌套数据库加密方案

围绕外包数据的安全性问题与用户隐私性问题,展开对加密数据库方案的研究,提出了一个面向多用户的多层嵌套数据库加密方案.该方案根据洋葱模型多层理论,采用多种不同类型的加密算法对用户的外包数据进行多层嵌套加密,实现了既保证数据机密性又满足多种不同SQL查询类型的数据库加密方案.针对用户递交包含敏感信息的查询语句在一定程度上泄露用户自身的隐私这一问题,设计了基于单服务器私有信息检索(private information retrieval,PIR)技术的用户隐私保护机制,实现了用户匿名查询.安全性分析表明,该方案满足数据机密性与用户隐私性.Sysbench基准测试实验分析表明,该方案具有良好的查询处理效率、读写吞吐量以及健壮性.     

A New ID-Based Proxy Multi-Signature Scheme from Bilinear Pairings

ID-based public key cryptosystem can be a good alternative for certifieate-based public key setting. This paper provides an efficient ID-based proxy multi signature scheme from pairings. In the random oracle model, we prove that our new scheme is secure against existential delegation forgery with the assumption that Hess＇s scheme-1 is existential unforgeable, and that our new scheme is secure against existential proxy multi-signature forgery under the hardness assumption of the computational Diffie-Hellman problem.     

一种基于指纹特征比特串的可撤销指纹加密方案

本文以指纹作为生物识别的研究对象,在保护指纹隐私安全的前提下,研究基于模糊提取的可撤销指纹加密方案.首先,在注册阶段,通过检测指纹奇异点并以指纹奇异点为基础,从指纹图片中提取二进制串序列作为指纹特征信息,再将二进制串结合BCH纠错编码和模糊提取技术生成指纹密钥和辅助数据.最后只要待鉴别指纹为同源指纹,同时结合辅助数据,便可恢复出指纹密钥,通过身份鉴别.实验结果表明,方案具有较高的鉴别性能.安全性分析表明,该方案具有较高的安全性,可以满足现有需求.     

社交网络基于邻居结点亲密度的信息流控制

Web2.0技术的快速发展推动在线社交网络成为人们传播信息最流行的平台。用户在发布海量数据带来巨大的商业价值的同时,隐私信息泄露问题也随之而来。针对在线社交网络中隐私信息流不可控制的问题,提出了基于邻居结点亲密度的信息流控制模型。该模型通过计算用户授予好友可访问资源的敏感度来衡量邻居结点的亲密关系,并利用用户与好友之间的共同邻居数量对模型进行改进。此外,借鉴多级安全等级(MLS)的思想,将传递信息进行亲密度安全等级划分。社交网络管理者通过对传递信息设置合理的亲密度范围,以实现隐私信息流可控制范围内的传递。最后,通过仿真实验进行参数调整,验证了该模型的有效性和实用性。     

基于 TLS 和 JWT 远程救助系统安全的 API

为满足用户隐私安全的需求, 设计实现了一套相对安全的 API(Application Programming Interface)。 该安 全接口采用 TLS(Transport Layer Security)安全套接技术和 JSON(Java Script Object Notation) Web Token 验证技 术, 通过在 HTTP 传输层加密和用户权限 token 验证的双层验证机制为用户构筑相对安全的 API 访问模式。 通过相关系统安全性测试与分析, 该系统可在实现监护者和被监护者之间的交流、 信息发布及定位等功能的基 础上, 实现安全的信息传输, 以提高用户隐私的安全性。     

一个基于椭圆曲线的无条件匿名签密算法

利用ECDLP和无条件匿名签名的思想,给出了一个基于椭圆曲线的无条件匿名的签密算法,并给出了相应的安全性证明。该方案在普通签密方案已有特性基础上,利用椭圆曲线群体签名隐藏个体身份信息的思想,进一步实现了签密者身份的完全匿名性,从而在最大程度上保护了签密者的隐私。该方案可以应用于许多特殊场合,如电子现金、匿名认证等。     

Privacy Preserving and Delegated Access Control for Cloud Applications

In cloud computing applications, users' data and applications are hosted by cloud providers. This paper proposed an access control scheme that uses a combination of discretionary access control and cryptographic techniques to secure users' data and applications hosted by cloud providers. Many cloud applications require users to share their data and applications hosted by cloud providers. To facilitate resource sharing, the proposed scheme allows cloud users to delegate their access permissions to other users easily. Using the access control policies that guard the access to resources and the credentials submitted by users, a third party can infer information about the cloud users. The proposed scheme uses cryptographic techniques to obscure the access control policies and users' credentials to ensure the privacy of the cloud users. Data encryption is used to guarantee the confidentiality of data. Compared with existing schemes, the proposed scheme is more flexible and easy to use. Experiments showed that the proposed scheme is also efficient.     

An anonymous data collection framework for digital community

Collected data in digital community containing sensitive information about individuals or corporations and such information should be protected. In this paper, a security framework based on (a, k)-anonymity for privacy preserving data collection in digital community is proposed. In our framework, aggregation nodes anonymize the collected data to a basic privacy level. Then, the base stations further anonymize the data to a deeper privacy level with encryption-generalizaiton operations. Experimental results and detailed theory analysis demonstrate that this method is effective in terms of privacy levels and data quality with low resource consumption.