Efficient Authenticated Key Agreement Protocol Using Self-Certified Public Keys from Pairings

An efficient authenticated key agreement protocol is proposed, which makes use of bilinear pairings and selfcertified public keys. Its security is based on the security assumptions of the bilinear Diffie-Hellman problem and the computational Diffic-Hellman problem. Users can choose their private keys independently. The public keys and identities of users can bc verified implicitly when the session key being generating in a logically single step. A trusted Key Generation Center is no longer required as in the ID-based authenticated key agreement protocols. Compared with existing authenticated key agreement protocols from pairings, the new proposed protocol is more efficient and secure.     

An efficient two-party key exchange protocol with strong security

Combined public key (CPK) cryptography does not need certificates to guarantee the authenticity of public keys and avoids the inherent key escrow problem of identity-based cryptography. Based on the efficient CPK scheme, we present an efficient three-round two-party authenticated key exchange protocol with strong security, which is provably secure in the standard model under the decisional Diffie-Hellman (DDH) assumption. The protocol can keep the session key secret from the adversary except that one party’s ephemeral private key and static private key are all revealed to the adversary. Compared to the existing protocols, this protocol not only assures strong security but also is more efficient.     

基于格的两方口令认证密钥交换协议

口令认证密钥交换协议能使共享低熵的通信方在开放的网络中建立安全的会话密钥,基于Gorce-Katz框架提出了基于格的两方口令认证密钥交换(password-based authenticated key exchange,2PAKE)协议,协议采用具有近似平滑投射哈希函数(approximate smooth projective Hash,ASPH)性质的选择明文攻击(chosen plaintext attack, CPA)安全的和带有标签的选择密文攻击(chosen ciphertext attack, CCA)安全的密码体制,利用平滑投射函数的纠错性生成随机参数,通过伪随机函数计算会话密钥;与同类协议相比,该方案降低客户端密钥长度,减少服务器端投射密钥的生成次数,具有较高的效率以及完美前向安全性,在抵抗量子攻击的同时可实现显式双向认证。     

ID-Based Public Auditing Protocol for Cloud Storage Data Integrity Checking with Strengthened Authentication and Security

Cloud storage service reduces the burden of data users by storing users’ data files in the cloud. But, the files might be modified in the cloud. So, data users hope to check data files integrity periodically. In a public auditing protocol, there is a trusted auditor who has certain ability to help users to check the integrity of data files. With the advantages of no public key management and verification, researchers focus on public auditing protocol in ID-based cryptography recently. However, some existing protocols are vulnerable to forgery attack. In this paper, based on ID-based signature technology, by strengthening information authentication and the computing power of the auditor, we propose an ID-based public auditing protocol for cloud data integrity checking. We also prove that the proposed protocol is secure in the random oracle model under the assumption that the Diffie-Hellman problem is hard. Furthermore, we compare the proposed protocol with other two ID-based auditing protocols in security features, communication efficiency and computation cost. The comparisons show that the proposed protocol satisfies more security features with lower computation cost.     

Security Analysis of Broadcaster Group Key Exchange Protocols

0 IntroductionAs a result of the increased development of network,group communication occursin many different settings .Anumber of group key exchange protocols have been pub-lished duringthelast years[1-11].This paper discusses thefirsttype; we calledit broadcaster protocols .Secure group communicationis not a si mple extension ofsecure two-party communication. They should provide dy-namic security that is the most complicated aspect . Groupcommunication mutates ( members leave and join) afte…     

An Improved ID-Based Group Key Agreement Protocol

ID-based constant-round group key agreement protocols are efficient in both computation and communication, but previous protocols did not provide valid message authentication. An improvement based on attack analysis is proposed in this paper. The improved method takes full advantage of the data transmitted at various stages of the protocol. By guaranteeing the freshness of authentication messages, the authenticity of the generator of authentication messages, and the completeness of the authenticator, the improved protocol can resist various passive and active attacks. The forward secrecy of the improved protocol is proved under a Katz-Yung （KY） model. Compared with existing methods, the improved protocol is more effective and applicable.     

Provable Efficient Certificateless Group Key Exchange Protocol

Certificateless public key cryptography （CL-PKC） avoids the inherent escrow of identity-based cryptography and does not require certificates to guarantee the authenticity of public keys. Based on CL-PKC, we present an efficient constant-round group key exchange protocol, which is provably secure under the intractability of computation Diffie-Hellman problem. Our protocol is a contributory key exchange with perfect forward secrecy and has only two communication rounds. So it is more efficient than other protocols. Moreover, our protocol provides a method to design efficient constant-round group key exchange protocols and most secret sharing schemes could be adopted to construct our protocol.     

基于验证元的多密钥跨域交换协议

摘要:跨域的口令密钥交换协议(C2C-PAKE),可以使处于不同区域的用户通过不同的口令协商出共享会话密钥。本文针对大多数现存的跨域交换协议均需要依赖公钥密码算法效率较低的情况,在一个高效的三方密钥交换协议的基础上,提出了一个基于验证元的跨域密钥交换协议,该协议执行一次就能生成四把会话密钥,且无需使用公钥密码算法,与同类协议相比具有很高的效率。通过安全性分析证明,本文提出的协议能够抵御已知的各种攻击。     

群密钥协商协议的效率分析

给出了两类群密钥协商协议的效率比较,它们分别是基于口令群密钥协商协议和基于双线性对群密钥协商协议。比较的结果为对密钥协商协议的安全性分析,形式化证明及设计更有效、更安全的群密钥协商协议提供了很大的帮助。     

多PKG环境下无双线性对的基于身份AKA协议

提出一种多PKG环境下无双线性对的基于身份AKA协议, 且在随机预言模型下, 将协议的安全性证明规约到标准的计算性CDH假设。提出了相应的基于身份XCR与DCR签名体制, 通过对两处体制进行安全性证明, 实现对新协议的安全性证明。通过与已有协议的相关性能比较体现了新协议的优点。     

基于IPSec的虚拟专用网络密钥交换实现及其安全分析

本文研究了基于IPSec结构的虚拟专用网密钥交换的基本概念和原理，详细地阐述了通过一系列参数的协商在非安全的公共IP网络中建立安全通信的密钥交换机制，给出了基于Linux系统的客户机／服务器VPN密钥交换的软件实现，对其安全特性作出了分析，指出其具有抗服务拒绝攻击，抗中间人攻击，抗连接插入攻击和防止窍听等安全性能，最后对今后研究发展的方向作了进一步的展望。     

一种可抵抗内部攻击的高效群组密钥协商协议编译器

目前设计可抵抗内部攻击的群组密钥协商协议需要调用2个不同的协议编译器,使得协议的执行效率较低而且协议设计的复杂度较高,为此,通过改进上述2个协议编译器,提出了一种新的编译器.该编译器只需对群组密钥协商协议进行一次编译,即可生成具有抵抗内部攻击能力的群组密钥协商协议.然后在随机预言机模型下,针对提出的编译器所生成的协议进行了安全性分析,并严格证明了生成的协议是具有抵抗内部攻击能力的群组密钥协商协议.最后对比分析表明,利用提出的编译器生成的协议与现有编译器生成的协议相比,具有较高的效率和较低的设计复杂度.     

基于签密技术的可认证密钥协商协议

对Zheng的可认证密钥协商协议进行改进,提出基于身份签密的可认证密钥协商协议。该协议具有签密技术的优点,在同一个逻辑步内同时实现了认证和加密两项密码功能,提高了协议的效率;基于身份的公钥密码系统的使用,降低了建立和管理公钥基础设施的代价,用户无需存储、管理和传输公钥及其证书;另外,椭圆曲线上双线性对使协议能以短的密钥和小的计算量实现同等安全要求。文中所提的可认证密钥协商协议具有计算量和传输量小,安全性高的特点。     

基于身份的访问结构上的秘密共享方案

目的设计一个安全的访问结构上的秘密共享方案。方法借助Girault密钥交换协议进行设计。结果与结论设计了一个基于身份的访问结构上的秘密共享方案。新方案中用户自己选择私钥并作为其秘密份额,无需秘密分发者为每个用户分发秘密份额;同时,参与者利用自己的私钥可以共享任意多个秘密;整个方案中计算量小且不需要安全信道,更实用。     

在双线性对下基于身份的非交互通用指定验证者签名证明

通用指定验证者签名证明(UDVSP)系统旨在保护签名拥有者的私有性,即从签名者得到有效签名的拥有者确信某个验证者他拥有有效签名,但是没有泄露签名的任何信息.与通用指定验证者签名相比,现有的UDVSP拥有指定的验证者不必预先建立自己的公私钥对的优点,以及如下缺点:①在签名拥有者和验证者之间存在一个交互协议;②签名拥有者不能验证指定验证者的身份.结果任意的攻击者都可以冒充指定验证者.文章给出了基于身份的非交互UDVSP和它的安全性定义.接着使用双线性对最早构造了基于身份的非交互UDVSP,该证明具有如下的优点:①指定验证者不需建立公私钥对;②证明是非交互的;③只有指定的验证者才能相信签名拥有者拥有签名者的有效签名.而且,在DLP,CDH,SDH和BPI是难的假设下,本系统是安全的.     

基于身份的移动网动态可认证群组密钥协商协议

群组密钥协商是保证无线网络群组安全通信的重要工具之一。2007年,Tseng等提出一种适合无线移动网络的高效群组密钥协商协议。对Tseng协议安全性进行分析,发现Tseng协议不具备认证性,不能抵御主动攻击。因此,通过改进Tseng协议,提出一种新的动态可认证群组密钥协商协议。该协议基于身份的公钥密码体制,降低了建立和管理公钥基础设施的代价;同时,协议支持节点间的相互认证。分析结果表明：协议满足群组密钥所要求的安全准则,降低了普通节点的计算和通信成本。     

基于身份的强壮门限签密方案

基于椭圆曲线双线性对的特殊性质,提出了一些假定密钥生成中心（PKG）是可信任的身份基密码方案,但在现实环境中这个假设并不总是成立的．为了克服这一缺陷,本文使用门限技术设计了一个安全的身份基签密方案．该方案中,门限技术不仅应用在系统主密钥的管理上,而且还使用在群签名的过程中,因而它能够达到可靠的安全性并能够在一定的门限下抵抗恶意攻击．     

一种贡献型的动态群密钥交换协议

利用DH(diffie hellman)问题、数字签名和哈希函数的内容,提出一种贡献型的动态群密钥交换协议,并对协议的安全性和计算效率进行了分析.所提出的协议中,每个群成员都贡献信息而生成会话密钥,协议能实现群成员的加入或离开.安全性分析表明,所提出的协议是安全的,能满足群密钥交换协议的安全性要求.协议效率比较分析表明所提协议的存储量和计算量都较小.     

Identity Based Group Key Agreement in Multiple PKG Environment

Secure and reliable group communication is an increasingly active research area by growing popularity in group-oriented and collaborative applications. In this paper, we propose the first identity-based authenticated group key agreement in multiple private key generators （PKG） environment. It is inspired on a new two-party identity-based key agreement protocol first proposed by Hoonjung Lee et al. In our scheme, although each member comes from different domain and belongs to different PKGs which do not share the common system parameters, they can agree on a shared secret group key. We show that our scheme satisfies every security requirements of the group key agreement protocols.     

无线网中基于ECC的认证和密钥交换协议

为适应密码技术在无线通信中的应用要求,Aydos、Mangipudi等人以椭圆曲线密码为基础,分别提出了适用于无线通信网络的身份认证和密钥交换协议.而研究发现,这些协议中仍存在中间人攻击、服务后否认、假冒攻击等安全隐患,且不能提供前向保密性.为此,本文提出一个安全的身份认证和密钥交换协议,经验证说明该协议不仅能防止上述安全隐患,而且执行效率更好,适于为无线通信环境中用户端与服务器间进行相互认证,建立一个双方共享的会话密钥.