Vehicle ad-hoc networks have developed rapidly these years,whose security and privacy issues are always concerned widely.In spite of a remarkable research on their security solutions,but in which there still lacks con...Vehicle ad-hoc networks have developed rapidly these years,whose security and privacy issues are always concerned widely.In spite of a remarkable research on their security solutions,but in which there still lacks considerations on how to secure vehicleto-vehicle communications,particularly when infrastructure is unavailable.In this paper,we propose a lightweight certificateless and oneround key agreement scheme without pairing,and further prove the security of the proposed scheme in the random oracle model.The proposed scheme is expected to not only resist known attacks with less computation cost,but also as an efficient way to relieve the workload of vehicle-to-vehicle authentication,especially in no available infrastructure circumstance.A comprehensive evaluation,including security analysis,efficiency analysis and simulation evaluation,is presented to confirm the security and feasibility of the proposed scheme.展开更多
Trusted computing is the new trend of information security today. This paper surveys the theory and technology of trusted computing. The development history of trusted computing, and the development of trusted computi...Trusted computing is the new trend of information security today. This paper surveys the theory and technology of trusted computing. The development history of trusted computing, and the development of trusted computing in China are introduced in this paper, and then it analyzes some problems of trusted computing at present which are delay in theory research, some key technologies to be developed and lack of trusted software system. Some fields are worthy to be explored on are pointed out including key technology, basic theory and application in trusted computing.展开更多
This paper interprets the essence of XEN and hardware virtualization technology, which make the virtual machine technology become the focus of people's attention again because of its impressive performance. The secur...This paper interprets the essence of XEN and hardware virtualization technology, which make the virtual machine technology become the focus of people's attention again because of its impressive performance. The security challenges of XEN are mainly researched from the pointes of view: security bottleneck, security isolation and share, life-cycle, digital copyright protection, trusted virtual machine and managements, etc. These security problems significantly affect the security of the virtual machine system based on XEN. At the last, these security measures are put forward, which will be a useful instruction on enhancing XEN security in the future.展开更多
Current delegation mechanism of grid security infrastructure (GSI) can't satisfy the requirement of dynamic, distributed and practical security in grid virtual organization. To improve this situation, a TC-enabled ...Current delegation mechanism of grid security infrastructure (GSI) can't satisfy the requirement of dynamic, distributed and practical security in grid virtual organization. To improve this situation, a TC-enabled GSI is discussed in this paper. With TC-enabled GSI, a practical delegation solution is proposed in this paper through enforcing fine granularity policy over distributed platforms with the emerging trusted computing technologies. Here trusted platform module is treated as a tamper-resistance module to improve grid security infrastructure. With the implement of Project Daonity, it is demonstrated that the solution could gain dynamic and distributed security in grid environment.展开更多
To evaluate the security of cipher algorithms with secret operations, we built a new reverse engineering analysis based on Differential Fault Analysis (DFA) to recover the secret S-boxes in Secret Private Network (SPN...To evaluate the security of cipher algorithms with secret operations, we built a new reverse engineering analysis based on Differential Fault Analysis (DFA) to recover the secret S-boxes in Secret Private Network (SPN) and Feistel structures, which are two of the most typical structures in block ciphers. This paper gives the general definitions of these two structures and proposes the reverse engineering analysis of each structure. Furthermore, we evaluate the complexity of the proposed reverse analyses and theoretically prove the effectiveness of the reverse method. For the Twofish-like and AES-like algorithms, the experimental results verify the correctness and efficiency of the reverse analysis. The proposed reverse analysis can efficiently recover the secret S-boxes in the encryption algorithms with SPN and Feistel structures. It can successfully recover the Twofish-like algorithm in 2.3 s with 256 faults and the AES-like algorithm in 0.33 s with 23 faults.展开更多
Orthomorphism on F n2 is a kind of elementary permutation with good cryptographic properties. This paper proposes a hybrid strategy of Particle Swarm Optimization (PSO) and Simulated Annealing (SA) for finding orthomo...Orthomorphism on F n2 is a kind of elementary permutation with good cryptographic properties. This paper proposes a hybrid strategy of Particle Swarm Optimization (PSO) and Simulated Annealing (SA) for finding orthomorphisms with good cryptographic properties. By experiment based on this strategy, we get some orthomorphisms on F n2(n=5, 6, 7, 9, 10) with good cryptographic properties in the open document for the first time, and the optimal orthomorphism on F 82 found in this paper also does better than the one proposed by Feng Dengguo et al. in stream cipher Loiss in difference uniformity, algebraic degree, algebraic immunity and corresponding permutation polynomial degree. The PSOSA hybrid strategy for optimizing orthomorphism in this paper makes design of orthomorphisms with good cryptographic properties automated, efficient and convenient, which proposes a new approach to design orthomorphisms.展开更多
Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mu...Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mutability to control the usage process and an architecture to illustrate how TC technologies support policy enforcement with bidirectional attestation. The properties required for attestation should include not only integrity measurement value of platform and related application, but also reputation of users and access history, in order to avoid the limitation of the existing approaches. To make a permission, it is required to evaluate both the authorization and conditions of the subject and the object in resource usage to ensure trustable resources to be transferred to trusted users and platform.展开更多
Access control is a key mechanism to secure outsourced data in mobile clouds. Some existing solutions are proposed to enforce flexible access control on outsourced data or reduce the computations performed by mobile d...Access control is a key mechanism to secure outsourced data in mobile clouds. Some existing solutions are proposed to enforce flexible access control on outsourced data or reduce the computations performed by mobile devices. However, less attention has been paid to the efficiency of revocation when there are mobile devices needed to be revoked. In this paper, we put forward a new solution, referred to as flexible access control with outsourceable revocation(FACOR) for mobile clouds. The FACOR applies the attribute-based encryption to enable flexible access control on outsourced data, and allows mobile users to outsource the time-consuming encryption and decryption computations to proxies, with only requiring attributes authorization to be fully trusted. As an advantageous feature, FACOR provides an outsourceable revocation for mobile users to reduce the complicated attribute-based revocation operations. The security analysis shows that our FACOR scheme achieves data security against collusion attacks and unauthorized accesses from revoked users. Both theoretical and experimental results confirm that our proposed scheme greatly reliefs the mobile devices from heavy encryption and decryption computations, as well as the complicated revocation of access rights in mobile clouds.展开更多
The hardness of tensor decomposition problem has many achievements, but limited applications in cryptography, and the tensor decomposition problem has been considered to have the potential to resist quantum computing....The hardness of tensor decomposition problem has many achievements, but limited applications in cryptography, and the tensor decomposition problem has been considered to have the potential to resist quantum computing. In this paper, we firstly proposed a new variant of tensor decomposition problem, then two one-way functions are proposed based on the hard problem. Secondly we propose a key exchange protocol based on the one-way functions, then the security analysis, efficiency, recommended parameters and etc. are also given. The analyses show that our scheme has the following characteristics: easy to implement in software and hardware, security can be reduced to hard problems, and it has the potential to resist quantum computing.Besides the new key exchange can be as an alternative comparing with other classical key protocols.展开更多
基金This work was supported in part by the National Natural Science Foundation of China under Grant No.61170217,61272469,61303212,61332019,and Grant No.U1135004,and by the Fundamental Research Founds for National University,China University of Geosciences
文摘Vehicle ad-hoc networks have developed rapidly these years,whose security and privacy issues are always concerned widely.In spite of a remarkable research on their security solutions,but in which there still lacks considerations on how to secure vehicleto-vehicle communications,particularly when infrastructure is unavailable.In this paper,we propose a lightweight certificateless and oneround key agreement scheme without pairing,and further prove the security of the proposed scheme in the random oracle model.The proposed scheme is expected to not only resist known attacks with less computation cost,but also as an efficient way to relieve the workload of vehicle-to-vehicle authentication,especially in no available infrastructure circumstance.A comprehensive evaluation,including security analysis,efficiency analysis and simulation evaluation,is presented to confirm the security and feasibility of the proposed scheme.
基金Supported by the National Natural Science Foun-dation of China (90104005 ,60373087 ,60473023) Network andInformation Security Key Laboratory Programof Ministry of Educa-tion of China
文摘Trusted computing is the new trend of information security today. This paper surveys the theory and technology of trusted computing. The development history of trusted computing, and the development of trusted computing in China are introduced in this paper, and then it analyzes some problems of trusted computing at present which are delay in theory research, some key technologies to be developed and lack of trusted software system. Some fields are worthy to be explored on are pointed out including key technology, basic theory and application in trusted computing.
基金Supported by the National Natural Science Foundation of China (90104005, 60373087, 60473023) and Network and Information Security Key Laboratory Program of Ministry of Education of China
文摘This paper interprets the essence of XEN and hardware virtualization technology, which make the virtual machine technology become the focus of people's attention again because of its impressive performance. The security challenges of XEN are mainly researched from the pointes of view: security bottleneck, security isolation and share, life-cycle, digital copyright protection, trusted virtual machine and managements, etc. These security problems significantly affect the security of the virtual machine system based on XEN. At the last, these security measures are put forward, which will be a useful instruction on enhancing XEN security in the future.
基金Supported by the National Natural Science Foun-dation of China (60373087 ,60473023 and 90104005)HP Labo-ratories of China
文摘Current delegation mechanism of grid security infrastructure (GSI) can't satisfy the requirement of dynamic, distributed and practical security in grid virtual organization. To improve this situation, a TC-enabled GSI is discussed in this paper. With TC-enabled GSI, a practical delegation solution is proposed in this paper through enforcing fine granularity policy over distributed platforms with the emerging trusted computing technologies. Here trusted platform module is treated as a tamper-resistance module to improve grid security infrastructure. With the implement of Project Daonity, it is demonstrated that the solution could gain dynamic and distributed security in grid environment.
基金This work was supported by the National Natural Science Foundation of China under Cxants No.60970116, No. 60970115, No. 61202386, No. 61003267.
文摘To evaluate the security of cipher algorithms with secret operations, we built a new reverse engineering analysis based on Differential Fault Analysis (DFA) to recover the secret S-boxes in Secret Private Network (SPN) and Feistel structures, which are two of the most typical structures in block ciphers. This paper gives the general definitions of these two structures and proposes the reverse engineering analysis of each structure. Furthermore, we evaluate the complexity of the proposed reverse analyses and theoretically prove the effectiveness of the reverse method. For the Twofish-like and AES-like algorithms, the experimental results verify the correctness and efficiency of the reverse analysis. The proposed reverse analysis can efficiently recover the secret S-boxes in the encryption algorithms with SPN and Feistel structures. It can successfully recover the Twofish-like algorithm in 2.3 s with 256 faults and the AES-like algorithm in 0.33 s with 23 faults.
基金supported by the National Natural Science Foundation of China under Grants No.60673071,No.60970115,No.60970116,No.61003267partially supported by the National Hi-Tech Research and Department Program of China under Grants No.2006AA01Z442,No.2007AA01Z411
文摘Orthomorphism on F n2 is a kind of elementary permutation with good cryptographic properties. This paper proposes a hybrid strategy of Particle Swarm Optimization (PSO) and Simulated Annealing (SA) for finding orthomorphisms with good cryptographic properties. By experiment based on this strategy, we get some orthomorphisms on F n2(n=5, 6, 7, 9, 10) with good cryptographic properties in the open document for the first time, and the optimal orthomorphism on F 82 found in this paper also does better than the one proposed by Feng Dengguo et al. in stream cipher Loiss in difference uniformity, algebraic degree, algebraic immunity and corresponding permutation polynomial degree. The PSOSA hybrid strategy for optimizing orthomorphism in this paper makes design of orthomorphisms with good cryptographic properties automated, efficient and convenient, which proposes a new approach to design orthomorphisms.
基金the National Natural Science Foundation of China (60673071, 60743003,90718005,90718006)the National High Technology Research and Development Program of China (2006AA01Z442,2007AA01Z411)
文摘Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mutability to control the usage process and an architecture to illustrate how TC technologies support policy enforcement with bidirectional attestation. The properties required for attestation should include not only integrity measurement value of platform and related application, but also reputation of users and access history, in order to avoid the limitation of the existing approaches. To make a permission, it is required to evaluate both the authorization and conditions of the subject and the object in resource usage to ensure trustable resources to be transferred to trusted users and platform.
基金supported in part by National High-Tech Research and Development Program of China(“863” Program)under Grant No.2015AA016004National Natural Science Foundation of China under Grants No.61173154,61272451,61572380
文摘Access control is a key mechanism to secure outsourced data in mobile clouds. Some existing solutions are proposed to enforce flexible access control on outsourced data or reduce the computations performed by mobile devices. However, less attention has been paid to the efficiency of revocation when there are mobile devices needed to be revoked. In this paper, we put forward a new solution, referred to as flexible access control with outsourceable revocation(FACOR) for mobile clouds. The FACOR applies the attribute-based encryption to enable flexible access control on outsourced data, and allows mobile users to outsource the time-consuming encryption and decryption computations to proxies, with only requiring attributes authorization to be fully trusted. As an advantageous feature, FACOR provides an outsourceable revocation for mobile users to reduce the complicated attribute-based revocation operations. The security analysis shows that our FACOR scheme achieves data security against collusion attacks and unauthorized accesses from revoked users. Both theoretical and experimental results confirm that our proposed scheme greatly reliefs the mobile devices from heavy encryption and decryption computations, as well as the complicated revocation of access rights in mobile clouds.
基金supported by the National Natural Science Foundation of China(Grant Nos.61303212,61170080,61202386)the State Key Program of National Natural Science of China(Grant Nos.61332019,U1135004)+2 种基金the Major Research Plan of the National Natural Science Foundation of China(Grant No.91018008)Major State Basic Research Development Program of China(973 Program)(No.2014CB340600)the Hubei Natural Science Foundation of China(Grant No.2011CDB453,2014CFB440)
文摘The hardness of tensor decomposition problem has many achievements, but limited applications in cryptography, and the tensor decomposition problem has been considered to have the potential to resist quantum computing. In this paper, we firstly proposed a new variant of tensor decomposition problem, then two one-way functions are proposed based on the hard problem. Secondly we propose a key exchange protocol based on the one-way functions, then the security analysis, efficiency, recommended parameters and etc. are also given. The analyses show that our scheme has the following characteristics: easy to implement in software and hardware, security can be reduced to hard problems, and it has the potential to resist quantum computing.Besides the new key exchange can be as an alternative comparing with other classical key protocols.