In this paper, we point out that Libert and Quisquater’s signcryption scheme cannot provide public verifiability. Then we present a new identity based signcryption scheme using quadratic residue and pairings over ell...In this paper, we point out that Libert and Quisquater’s signcryption scheme cannot provide public verifiability. Then we present a new identity based signcryption scheme using quadratic residue and pairings over elliptic curves. It combines the functionalities of both public verifiability and forward security at the same time. Under the Bilinear Diffie-Hellman and quadratic residue assumption, we describe the new scheme that is more secure and can be some-what more efficient than Libert and Quisquater’s one.展开更多
The Space-Air-Ground Integrated Network(SAGIN) realizes the integration of space, air,and ground networks, obtaining the global communication coverage.Software-Defined Networking(SDN) architecture in SAGIN has become ...The Space-Air-Ground Integrated Network(SAGIN) realizes the integration of space, air,and ground networks, obtaining the global communication coverage.Software-Defined Networking(SDN) architecture in SAGIN has become a promising solution to guarantee the Quality of Service(QoS).However, the current routing algorithms mainly focus on the QoS of the service, rarely considering the security requirement of flow. To realize the secure transmission of flows in SAGIN, we propose an intelligent flow forwarding scheme with endogenous security based on Mimic Defense(ESMD-Flow). In this scheme, SDN controller will evaluate the reliability of nodes and links, isolate malicious nodes based on the reliability evaluation value, and adapt multipath routing strategy to ensure that flows are always forwarded along the most reliable multiple paths. In addition, in order to meet the security requirement of flows, we introduce the programming data plane to design a multiprotocol forwarding strategy for realizing the multiprotocol dynamic forwarding of flows. ESMD-Flow can reduce the network attack surface and improve the secure transmission capability of flows by implementing multipath routing and multi-protocol hybrid forwarding mechanism. The extensive simulations demonstrate that ESMD-Flow can significantly improve the average path reliability for routing and increase the difficulty of network eavesdropping while improving the network throughput and reducing the average packet delay.展开更多
Certificateless one-round key exchange(CL-ORKE)protocols enable each participant to share a common key with only one round of communication which greatly saves communication cost.CLORKE protocols can be applied to sce...Certificateless one-round key exchange(CL-ORKE)protocols enable each participant to share a common key with only one round of communication which greatly saves communication cost.CLORKE protocols can be applied to scenarios with limited communication,such as space communication.Although CL-ORKE protocols have been researched for years,lots of them only consider what secrets can be compromised but ignore the time when the secrets have been corrupted.In CL-ORKE protocols,the reveal of the long-term key attacks can be divided into two different attacks according to the time of the long-term key revealed:the attack to weak Forward Security(wFS)and the attack to strong Forward Security(sFS).Many CLKE protocols did not take into account the sFS property or considered sFS as wFS.In this paper,we first propose a new security model for CL-ORKE protocols which considers the sFS property as well as the Ephemeral Key Reveal attack.Then,we give a CL-ORKE protocol which is called CLORKE-SFS.CLORKE-SFS is provably secure under the proposed model provided the Elliptic Curve Computational Diffie-Hellman(ECCDH)and the Bilinear Computational Diffie-Hellman problem(BCDH)assumption hold.The security model and the protocol may give inspiration for constructing oneround key exchange protocols with perfect forward security in certificateless scenarios.展开更多
Yoon and Yoo recently proposed a robust authenticated encryption scheme and claimed their scheme has the properties of forward secrecy and confidentiality. The current paper, however, points out that Yoon-Yoo's schem...Yoon and Yoo recently proposed a robust authenticated encryption scheme and claimed their scheme has the properties of forward secrecy and confidentiality. The current paper, however, points out that Yoon-Yoo's scheme also can not provide forward secrecy and confidentiality such that any adversary can easily recover the transferred message. Based on intractability of reversing the one-way hash function and discrete logarithm problem, an improved authenticated encryption scheme with messages linkage is proposed. The above security faults get solved perfectly. The new scheme is proven to satisfy all the basic security requirements of the authenticated encryption scheme. And by the concrete comparison, it has the similar efficiency of the original scheme.展开更多
Based on the definition of tamper evidence, the authors define a new notion of tamper evidence forward secure signature scheme (TE-FSig), and propose a general method to build a TE-FSig scheme. Based on this method,...Based on the definition of tamper evidence, the authors define a new notion of tamper evidence forward secure signature scheme (TE-FSig), and propose a general method to build a TE-FSig scheme. Based on this method, they also give out a concrete instance. A TE-FSig scheme is constructed by the standard signature scheme, forward secures signature scheme and the aggregate signature scheme. It has an additional property of tamper evidence besides the property of forward secure, which can detect the time period when the key is exposed. In the standard model, the scheme constructed in the paper is proved to satisfy the prop- erties of forward secure, strong forward tamper-evidence secure, and strongly unforgeable under the chosen-message attack.展开更多
Forward secure signature can protect the security of signatures previous to the key exposure. Server-assisted signature is a special digital signature in which the signer allies one server to produce the signatures. I...Forward secure signature can protect the security of signatures previous to the key exposure. Server-assisted signature is a special digital signature in which the signer allies one server to produce the signatures. In this paper, server-assisted for-ward-secure threshold signature is proposed. The system is composed of n1 servers and n2 users. Each user and each server holds a partial secret, respectively. To produce a valid signature, users and servers need to cooperate to complete the work. The partial secrets of the users and servers are updated by a one-way function at regular intervals, while the public key is always fixed. Even if all the current partial secrets are exposed, the signatures pertaining to previous periods are still valid.展开更多
A new efficient forward secure signature scheme based on bilinear pairings is presented m this paper. Each complexity of key generation, key update, signing and verifying algorithms in this scheme is O(1) in terms o...A new efficient forward secure signature scheme based on bilinear pairings is presented m this paper. Each complexity of key generation, key update, signing and verifying algorithms in this scheme is O(1) in terms of the total number of time periods T. Because a new structure in node secret key storage and a unique strategy in key update are employed, the signing and verifying costs don't grow when T increases. At the same time, the key generation and key update algorithms are efficiently constructed thanks to using the pre-order traversal technique of binary trees. Compared with other schemes based on bilinear pairings, the signature size in this scheme is very short, which doesn't change with T increasing. The scheme is forward secure in random oracle model assuming CDH problem is hard.展开更多
Mobile Ad-hoc Network(MANET)routing problems are thoroughly studied several approaches are identified in support of MANET.Improve the Quality of Service(QoS)performance of MANET is achieving higher performance.To redu...Mobile Ad-hoc Network(MANET)routing problems are thoroughly studied several approaches are identified in support of MANET.Improve the Quality of Service(QoS)performance of MANET is achieving higher performance.To reduce this drawback,this paper proposes a new secure routing algorithm based on real-time partial ME(Mobility,energy)approximation.The routing method RRME(Real-time Regional Mobility Energy)divides the whole network into several parts,and each node’s various characteristics like mobility and energy are randomly selected neighbors accordingly.It is done in the path discovery phase,estimated to identify and remove malicious nodes.In addition,Trusted Forwarding Factor(TFF)calculates the various nodes based on historical records and other characteristics of multiple nodes.Similarly,the calculated QoS Support Factor(QoSSF)calculating by the Data Forwarding Support(DFS),Throughput Support(TS),and Lifetime Maximization Support(LMS)to any given path.One route was found to implement the path of maximizing MANET QoS based on QoSSF value.Hence the proposed technique produces the QoS based on real-time regional ME feature approximation.The proposed simulation implementation is done by the Network Simulator version 2(NS2)tool to produce better performance than other methods.It achieved a throughput performance had 98.5%and a routing performance had 98.2%.展开更多
文摘In this paper, we point out that Libert and Quisquater’s signcryption scheme cannot provide public verifiability. Then we present a new identity based signcryption scheme using quadratic residue and pairings over elliptic curves. It combines the functionalities of both public verifiability and forward security at the same time. Under the Bilinear Diffie-Hellman and quadratic residue assumption, we describe the new scheme that is more secure and can be some-what more efficient than Libert and Quisquater’s one.
基金supported by the National Key Research and Development Program of China under Grant 2020YFB1804803the National Natural Science Foundation of China under Grant 61872382the Research and Development Program in Key Areas of Guangdong Province under Grant No.2018B010113001。
文摘The Space-Air-Ground Integrated Network(SAGIN) realizes the integration of space, air,and ground networks, obtaining the global communication coverage.Software-Defined Networking(SDN) architecture in SAGIN has become a promising solution to guarantee the Quality of Service(QoS).However, the current routing algorithms mainly focus on the QoS of the service, rarely considering the security requirement of flow. To realize the secure transmission of flows in SAGIN, we propose an intelligent flow forwarding scheme with endogenous security based on Mimic Defense(ESMD-Flow). In this scheme, SDN controller will evaluate the reliability of nodes and links, isolate malicious nodes based on the reliability evaluation value, and adapt multipath routing strategy to ensure that flows are always forwarded along the most reliable multiple paths. In addition, in order to meet the security requirement of flows, we introduce the programming data plane to design a multiprotocol forwarding strategy for realizing the multiprotocol dynamic forwarding of flows. ESMD-Flow can reduce the network attack surface and improve the secure transmission capability of flows by implementing multipath routing and multi-protocol hybrid forwarding mechanism. The extensive simulations demonstrate that ESMD-Flow can significantly improve the average path reliability for routing and increase the difficulty of network eavesdropping while improving the network throughput and reducing the average packet delay.
基金This work was supported by the National Natural Science Foundation of China(NSFC)under Grant(61902049,31960119)Joint Special Fund for Basic Research of Local Undergraduate Universities(Parts)in Yunnan Province under Grant(2018FH001-063,2018FH001-106)Dali University Innovation Team Project(ZKLX2020308).
文摘Certificateless one-round key exchange(CL-ORKE)protocols enable each participant to share a common key with only one round of communication which greatly saves communication cost.CLORKE protocols can be applied to scenarios with limited communication,such as space communication.Although CL-ORKE protocols have been researched for years,lots of them only consider what secrets can be compromised but ignore the time when the secrets have been corrupted.In CL-ORKE protocols,the reveal of the long-term key attacks can be divided into two different attacks according to the time of the long-term key revealed:the attack to weak Forward Security(wFS)and the attack to strong Forward Security(sFS).Many CLKE protocols did not take into account the sFS property or considered sFS as wFS.In this paper,we first propose a new security model for CL-ORKE protocols which considers the sFS property as well as the Ephemeral Key Reveal attack.Then,we give a CL-ORKE protocol which is called CLORKE-SFS.CLORKE-SFS is provably secure under the proposed model provided the Elliptic Curve Computational Diffie-Hellman(ECCDH)and the Bilinear Computational Diffie-Hellman problem(BCDH)assumption hold.The security model and the protocol may give inspiration for constructing oneround key exchange protocols with perfect forward security in certificateless scenarios.
基金Supported by the National Natural Science Foun-dation of China (60473072)
文摘Yoon and Yoo recently proposed a robust authenticated encryption scheme and claimed their scheme has the properties of forward secrecy and confidentiality. The current paper, however, points out that Yoon-Yoo's scheme also can not provide forward secrecy and confidentiality such that any adversary can easily recover the transferred message. Based on intractability of reversing the one-way hash function and discrete logarithm problem, an improved authenticated encryption scheme with messages linkage is proposed. The above security faults get solved perfectly. The new scheme is proven to satisfy all the basic security requirements of the authenticated encryption scheme. And by the concrete comparison, it has the similar efficiency of the original scheme.
基金the Natural Science Foundation of Shandong Province (Y2007G37)
文摘Based on the definition of tamper evidence, the authors define a new notion of tamper evidence forward secure signature scheme (TE-FSig), and propose a general method to build a TE-FSig scheme. Based on this method, they also give out a concrete instance. A TE-FSig scheme is constructed by the standard signature scheme, forward secures signature scheme and the aggregate signature scheme. It has an additional property of tamper evidence besides the property of forward secure, which can detect the time period when the key is exposed. In the standard model, the scheme constructed in the paper is proved to satisfy the prop- erties of forward secure, strong forward tamper-evidence secure, and strongly unforgeable under the chosen-message attack.
基金the National Natural Science Foundation of China (60703089)the National High-Technology Research and Development Program of China (863 Program) (2006AA012110)
文摘Forward secure signature can protect the security of signatures previous to the key exposure. Server-assisted signature is a special digital signature in which the signer allies one server to produce the signatures. In this paper, server-assisted for-ward-secure threshold signature is proposed. The system is composed of n1 servers and n2 users. Each user and each server holds a partial secret, respectively. To produce a valid signature, users and servers need to cooperate to complete the work. The partial secrets of the users and servers are updated by a one-way function at regular intervals, while the public key is always fixed. Even if all the current partial secrets are exposed, the signatures pertaining to previous periods are still valid.
文摘A new efficient forward secure signature scheme based on bilinear pairings is presented m this paper. Each complexity of key generation, key update, signing and verifying algorithms in this scheme is O(1) in terms of the total number of time periods T. Because a new structure in node secret key storage and a unique strategy in key update are employed, the signing and verifying costs don't grow when T increases. At the same time, the key generation and key update algorithms are efficiently constructed thanks to using the pre-order traversal technique of binary trees. Compared with other schemes based on bilinear pairings, the signature size in this scheme is very short, which doesn't change with T increasing. The scheme is forward secure in random oracle model assuming CDH problem is hard.
文摘Mobile Ad-hoc Network(MANET)routing problems are thoroughly studied several approaches are identified in support of MANET.Improve the Quality of Service(QoS)performance of MANET is achieving higher performance.To reduce this drawback,this paper proposes a new secure routing algorithm based on real-time partial ME(Mobility,energy)approximation.The routing method RRME(Real-time Regional Mobility Energy)divides the whole network into several parts,and each node’s various characteristics like mobility and energy are randomly selected neighbors accordingly.It is done in the path discovery phase,estimated to identify and remove malicious nodes.In addition,Trusted Forwarding Factor(TFF)calculates the various nodes based on historical records and other characteristics of multiple nodes.Similarly,the calculated QoS Support Factor(QoSSF)calculating by the Data Forwarding Support(DFS),Throughput Support(TS),and Lifetime Maximization Support(LMS)to any given path.One route was found to implement the path of maximizing MANET QoS based on QoSSF value.Hence the proposed technique produces the QoS based on real-time regional ME feature approximation.The proposed simulation implementation is done by the Network Simulator version 2(NS2)tool to produce better performance than other methods.It achieved a throughput performance had 98.5%and a routing performance had 98.2%.
