External direct product of some low layer groups such as braid groups and general Artin groups, with a kind of special group action on it, provides a secure cryptographic computation platform, which can keep secure in...External direct product of some low layer groups such as braid groups and general Artin groups, with a kind of special group action on it, provides a secure cryptographic computation platform, which can keep secure in the quantum computing epoch. Three hard problems on this new platform, Subgroup Root Problem, Multi-variant Subgroup Root Problem and Subgroup Action Problem are presented and well analyzed, which all have no relations with conjugacy. New secure public key encryption system and key agreement protocol are designed based on these hard problems. The new cryptosystems can be implemented in a general group environment other than in braid or Artin groups.展开更多
A best algorithm generated scheme is proposed in the paper by making use of the thought of evolutionary algorithm, which can generate dynamically the best algorithm of generating primes in RSA cryptography under diffe...A best algorithm generated scheme is proposed in the paper by making use of the thought of evolutionary algorithm, which can generate dynamically the best algorithm of generating primes in RSA cryptography under different conditions. Taking into account the factors of time, space and security integrated, this scheme possessed strong practicability. The paper also proposed a model of multi-degree parallel evolutionary algorithm to evaluate synthetically the efficiency and security of the public key cryptography. The model contributes to designing public key cryptography system too.展开更多
Certificateless public key cryptography was introduced to overcome the key escrow limitation of the identity-based cryptography. It combines the advantages of the identity-based cryptography and the traditional PKI. M...Certificateless public key cryptography was introduced to overcome the key escrow limitation of the identity-based cryptography. It combines the advantages of the identity-based cryptography and the traditional PKI. Many certificateless public key encryption and signature schemes have been proposed. However, the key agreement in CL-PKE is seldom discussed. In this paper, we present a new certificateless two party authentication key agreement protocol and prove its security attributes. Compared with the existing protocol, our protocol is more efficient.展开更多
An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman probl...An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman problem and the computational Diffie-Hellman problem.Users can choose their private keys independently. The public keys and identities of users can beverified implicitly when the session key being generating in a logically single step. A trusted KeyGeneration Center is no longer requiredas in the ID-based authenticated key agreement protocolsCompared with existing authenticated key agreement protocols from pairings, the. new proposedprotocol is more efficient and secure.展开更多
A new public key encryption scheme is proposed in this paper, which is based on a hard problem over ergodic matrices. The security of this scheme is equal to the MQ-problem: multivariate quadratic equations over fini...A new public key encryption scheme is proposed in this paper, which is based on a hard problem over ergodic matrices. The security of this scheme is equal to the MQ-problem: multivariate quadratic equations over finite fields. This problem has been shown to be NP-complete and can't be solved with polynomial time algorithm.展开更多
In traditional networks , the authentication is performed by certificate authoritys(CA),which can't be built in distributed mobile Ad Hoc Networks however. In this pa per, we propose a fully self-organized public k...In traditional networks , the authentication is performed by certificate authoritys(CA),which can't be built in distributed mobile Ad Hoc Networks however. In this pa per, we propose a fully self-organized public key management based on bidirectional trust model without any centralized authority that allows users to generate their public-private key pairs, to issue certificates, and the trust relation spreads rationally according to the truly human relations. In contrast with the traditional self-organized public-key management, the average certificates paths get more short, the authentication passing rate gets more high and the most important is that the bidirectional trust based model satisfys the trust re quirement of hosts better.展开更多
A proxy signature scheme with message recovery using self-certified public key is proposed, which withstands public key substitution attacks, active attacks, and forgery attacks. The proposed scheme accomplishes the t...A proxy signature scheme with message recovery using self-certified public key is proposed, which withstands public key substitution attacks, active attacks, and forgery attacks. The proposed scheme accomplishes the tasks of public key verification, proxy signature verification, and message recovery in a logically single step. In addition, the proposed scheme satisfies all properties of strong proxy signature and does not use secure channel in the communication between the original signer and the proxy signature signer.展开更多
Cloud computing, a recently emerged paradigm faces major challenges in achieving the privacy of migrated data, network security, etc. Too many cryptographic technologies are raised to solve these issues based on ident...Cloud computing, a recently emerged paradigm faces major challenges in achieving the privacy of migrated data, network security, etc. Too many cryptographic technologies are raised to solve these issues based on identity, attributes and prediction algorithms yet;these techniques are highly prone to attackers. This would raise a need of an effective encryption technique, which would ensure secure data migration. With this scenario, our proposed methodology Efficient Probabilistic Public Key Encryption(EPPKE) is optimized with Covariance Matrix Adaptation Evolution Strategies(CMA-ES). It ensures data integrity through the Luhn algorithm with BLAKE 2b encapsulation. This enables an optimized security to the data which is migrated through cloud. The proposed methodology is implemented in Open Stack with Java Language. It achieves better results by providing security compared to other existing techniques like RSA, IBA, ABE, PBE, etc.展开更多
Internet key exchange (IKE) is an automated key exchange mechanism that is used to facilitate the transfer of IPSec security associations (SAs). Public key infrastructure (PKI) is considered as a key element for provi...Internet key exchange (IKE) is an automated key exchange mechanism that is used to facilitate the transfer of IPSec security associations (SAs). Public key infrastructure (PKI) is considered as a key element for providing security to new distributed communication networks and services. In this paper, we concentrate on the properties of the protocol of Phase 1 IKE. After investigating IKE protocol and PKI technology, we combine IKE protocol and PKI and present an implementation scheme of the IKE based on PKI. Then, we give a logic analysis of the proposed protocol with the BAN-logic and discuss the security of the protocol. The result indicates that the protocol is correct and satisfies the security requirements of Internet key exchange.展开更多
Modular arithmetic is a fundamental operation and plays an important role in public key cryptosystem. A new method and its theory evidence on the basis of modular arithmetic with large integer modulus-changeable modul...Modular arithmetic is a fundamental operation and plays an important role in public key cryptosystem. A new method and its theory evidence on the basis of modular arithmetic with large integer modulus-changeable modulus algorithm is proposed to improve the speed of the modular arithmetic in the presented paper. For changeable modulus algorithm, when modular computation of modulo n is difficult, it can be realized by computation of modulo n-1 and n-2 on the perquisite of easy modular computations of modulo n-1 and modulo n-2. The conclusion is that the new method is better than the direct method by computing the modular arithmetic operation with large modulus. Especially, when computations of modulo n-1 and modulo n-2 are easy and computation of modulo n is difficult, this new method will be faster and has more advantages than other algorithms on modular arithmetic. Lastly, it is suggested that the proposed method be applied in public key cryptography based on modular multiplication and modular exponentiation with large integer modulus effectively展开更多
RSA public key cryptosystem is extensively used in information security systems. However, key generation for RSA cryptosystem requires multiplicative inversion over finite field, which has higher computational complex...RSA public key cryptosystem is extensively used in information security systems. However, key generation for RSA cryptosystem requires multiplicative inversion over finite field, which has higher computational complexity, compared with either multiplication in common sense or modular multiplication over finite field. In order to improve the performance of key generation, we propose a batch private keys generation method in this paper. The method derives efficiency from cutting down multiplicative inversions over finite field. Theoretical analysis shows that the speed of batch private keys generation for s users is faster than that of s times solo private key generation. It is suitable for applications in those systems with large amount of users.展开更多
In the proposed photo certificate, the principal component is the image, for example, the user's photo. User-related fields, such as the subject's name, the issuer's name, and the expiration period, which are meani...In the proposed photo certificate, the principal component is the image, for example, the user's photo. User-related fields, such as the subject's name, the issuer's name, and the expiration period, which are meaningful to users, are embedded into the surface of the photo by using a visible watermark algorithm, so that the reader can capture this information without the requirement for special software. The remaining fields in the certificate are embedded into a marked photo. Later, the whole photo certificate is eryptographically signed by certification authority (CA) private key to guarantee the integrity of our photo certificate. By such arrangement, the eertificate's verification is divided into two layers. The first layer is human visual system oriented and the second layer is the software-oriented. User can determine whether the user's photo and its subject's name are consistent and cheek whether the expired period is valid first. The second layer's verification is lunched only when the first layer's verification is passed. To sum up, the proposed photo certificate not only inherits the functions of a traditional certificate, but also provides a friendlier operational environment of X.509 certificate.展开更多
Trapdoor is a key component of public key cryptography design which is the essential security foundation of modern cryptography.Normally,the traditional way in designing a trapdoor is to identify a computationally har...Trapdoor is a key component of public key cryptography design which is the essential security foundation of modern cryptography.Normally,the traditional way in designing a trapdoor is to identify a computationally hard problem,such as the NPC problems.So the trapdoor in a public key encryption mechanism turns out to be a type of limited resource.In this paper,we generalize the methodology of adversarial learning model in artificial intelligence and introduce a novel way to conveniently obtain sub-optimal and computationally hard trapdoors based on the automatic information theoretic search technique.The basic routine is constructing a generative architecture to search and discover a probabilistic reversible generator which can correctly encoding and decoding any input messages.The architecture includes a trapdoor generator built on a variational autoencoder(VAE)responsible for searching the appropriate trapdoors satisfying a maximum of entropy,a random message generator yielding random noise,and a dynamic classifier taking the results of the two generator.The evaluation of our construction shows the architecture satisfying basic indistinguishability of outputs under chosen-plaintext attack model(CPA)and high efficiency in generating cheap trapdoors.展开更多
To prevent active attack, we propose a new threshold signature scheme usingself-certified public keys, which makes use of hash function and discrete logarithm problem. Thescheme has less commutnication and computation...To prevent active attack, we propose a new threshold signature scheme usingself-certified public keys, which makes use of hash function and discrete logarithm problem. Thescheme has less commutnication and computation cost than previous schemes. Furthermore, the signatmeprocess of the proposed scheme is non-interactive.展开更多
Digital watermark can be used for image ownership verification orauthentication. In this paper, we propose a new image authentication plan concentrating on itssecurity performance. Digital watermark is first turbo cod...Digital watermark can be used for image ownership verification orauthentication. In this paper, we propose a new image authentication plan concentrating on itssecurity performance. Digital watermark is first turbo coded, sealed and then processed. In waveletdomain. To enhance security level, public key cryptosystem is utilized to replace traditionalwatermark key. Simulation results are finally given by experiment.展开更多
Public Key Infrastructure (PKI) is a comprehensive information security framework for providing secure information and communication over the internet. Its need and use has grown over the years and continually grows. ...Public Key Infrastructure (PKI) is a comprehensive information security framework for providing secure information and communication over the internet. Its need and use has grown over the years and continually grows. This research work examines the current PKI framework’s validation process as operated by vendors and subscribers to identify the drawbacks and propose enhanced approaches to its validation mechanism. Using an approach of reviewing secondary data, critical weaknesses of integrity, proof of trust and single point-of-failure were identified with the current PKI framework. This study therefore advances proposed solutions to address the identified weaknesses by specifically introducing multiple Certificate Authorities, storage, visibility and searchability of subscriber information in public repository. A comprehensive detail of its implementation is proposed to address the identified weaknesses of uncertain integrity, trust for certificate authorities and prevent a single point of failure. Furthermore, the proposed enhancements are validated with the protection motivation theory and a framework for empirically testing the enhancements is suggested. Further research would be required to factor in multi-factor authentication without compromising performance.展开更多
The expanding and ubiquitous availability of the Internet of Things(IoT)have changed everyone’s life easier and more convenient.Same time it also offers a number of issues,such as effectiveness,security,and excessive...The expanding and ubiquitous availability of the Internet of Things(IoT)have changed everyone’s life easier and more convenient.Same time it also offers a number of issues,such as effectiveness,security,and excessive power consumption,which constitute a danger to intelligent IoT-based apps.Group managing is primarily used for transmitting and multi-pathing communications that are secured with a general group key and it can only be decrypted by an authorized group member.A centralized trustworthy system,which is in charge of key distribution and upgrades,is used to maintain group keys.To provide longitudinal access controls,Software Defined Network(SDN)based security controllers are employed for group administration services.Cloud service providers provide a variety of security features.There are just a few software security answers available.In the proposed system,a hybrid protocols were used in SDN and it embeds edge system to improve the security in the group communication.Tree-based algorithms compared with Group Key Establishment(GKE)and Multivariate public key cryptosystem with Broadcast Encryption in the proposed system.When all factors are considered,Broadcast Encryption(BE)appears to become the most logical solution to the issue.BE enables an initiator to send encrypted messages to a large set of recipients in a efficient and productive way,meanwhile assuring that the data can only be decrypted by defining characteristic.The proposed method improves the security,efficiency of the system and reduces the power consumption and minimizes the cost.展开更多
In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/ser...In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/server setting is proposed, which uses pairings on certain elliptic curves. We show that the newly proposed key agreement protocol is practical and of great efficiency, meanwhile, it satisfies every desired security require ments for key agreement protocols.展开更多
Certificateless public key cryptography (CL-PKC) avoids the inherent escrow of identity-based cryptography and does not require certificates to guarantee the authenticity of public keys. Based on CL-PKC, we present ...Certificateless public key cryptography (CL-PKC) avoids the inherent escrow of identity-based cryptography and does not require certificates to guarantee the authenticity of public keys. Based on CL-PKC, we present an efficient constant-round group key exchange protocol, which is provably secure under the intractability of computation Diffie-Hellman problem. Our protocol is a contributory key exchange with perfect forward secrecy and has only two communication rounds. So it is more efficient than other protocols. Moreover, our protocol provides a method to design efficient constant-round group key exchange protocols and most secret sharing schemes could be adopted to construct our protocol.展开更多
This research investigates the applications of homomorphic encryption systems in electronic voting schemes. We make use of Paillier cryptosystem which exhibits additive homomorphic properties. The other homomorphic cr...This research investigates the applications of homomorphic encryption systems in electronic voting schemes. We make use of Paillier cryptosystem which exhibits additive homomorphic properties. The other homomorphic cryptosystems RSA and Elgamal are not considered, since they exhibit only multiplicative homomorphic property. Our proposed method increases the level of security when compared to Elgamal method. It is more flexible when compared to previous schemes. We also propose data packing for efficient storage of election data. Finally, we demonstrate the advantages of the homomorphic encryption in voting schemes by comparing with other electronic voting scheme.展开更多
基金Supported by the National Natural Science Funda-tion of China (60403027)
文摘External direct product of some low layer groups such as braid groups and general Artin groups, with a kind of special group action on it, provides a secure cryptographic computation platform, which can keep secure in the quantum computing epoch. Three hard problems on this new platform, Subgroup Root Problem, Multi-variant Subgroup Root Problem and Subgroup Action Problem are presented and well analyzed, which all have no relations with conjugacy. New secure public key encryption system and key agreement protocol are designed based on these hard problems. The new cryptosystems can be implemented in a general group environment other than in braid or Artin groups.
基金Supported by the Hi-Tech Research and Development Program of China(2002AA1Z1490)
文摘A best algorithm generated scheme is proposed in the paper by making use of the thought of evolutionary algorithm, which can generate dynamically the best algorithm of generating primes in RSA cryptography under different conditions. Taking into account the factors of time, space and security integrated, this scheme possessed strong practicability. The paper also proposed a model of multi-degree parallel evolutionary algorithm to evaluate synthetically the efficiency and security of the public key cryptography. The model contributes to designing public key cryptography system too.
基金Supported by the National Natural Science Foundation of China (19501032)
文摘Certificateless public key cryptography was introduced to overcome the key escrow limitation of the identity-based cryptography. It combines the advantages of the identity-based cryptography and the traditional PKI. Many certificateless public key encryption and signature schemes have been proposed. However, the key agreement in CL-PKE is seldom discussed. In this paper, we present a new certificateless two party authentication key agreement protocol and prove its security attributes. Compared with the existing protocol, our protocol is more efficient.
文摘An efficient authenticated key agreement protocol is proposed, which makesuse of bilinear pairings and self-certificd public keys. Its security is based on the securityassumptions of the bilinear Diff ie-Hellman problem and the computational Diffie-Hellman problem.Users can choose their private keys independently. The public keys and identities of users can beverified implicitly when the session key being generating in a logically single step. A trusted KeyGeneration Center is no longer requiredas in the ID-based authenticated key agreement protocolsCompared with existing authenticated key agreement protocols from pairings, the. new proposedprotocol is more efficient and secure.
基金Supported bythe Specialized Research Fundfor the Doctoral Programof Higher Education of China (20050183032) the Science Foundation Project of Jilin Province Education Office(2005180 ,2005181)
文摘A new public key encryption scheme is proposed in this paper, which is based on a hard problem over ergodic matrices. The security of this scheme is equal to the MQ-problem: multivariate quadratic equations over finite fields. This problem has been shown to be NP-complete and can't be solved with polynomial time algorithm.
基金Supported by the National Natural Science Funda-tion of China (60403027)
文摘In traditional networks , the authentication is performed by certificate authoritys(CA),which can't be built in distributed mobile Ad Hoc Networks however. In this pa per, we propose a fully self-organized public key management based on bidirectional trust model without any centralized authority that allows users to generate their public-private key pairs, to issue certificates, and the trust relation spreads rationally according to the truly human relations. In contrast with the traditional self-organized public-key management, the average certificates paths get more short, the authentication passing rate gets more high and the most important is that the bidirectional trust based model satisfys the trust re quirement of hosts better.
文摘A proxy signature scheme with message recovery using self-certified public key is proposed, which withstands public key substitution attacks, active attacks, and forgery attacks. The proposed scheme accomplishes the tasks of public key verification, proxy signature verification, and message recovery in a logically single step. In addition, the proposed scheme satisfies all properties of strong proxy signature and does not use secure channel in the communication between the original signer and the proxy signature signer.
文摘Cloud computing, a recently emerged paradigm faces major challenges in achieving the privacy of migrated data, network security, etc. Too many cryptographic technologies are raised to solve these issues based on identity, attributes and prediction algorithms yet;these techniques are highly prone to attackers. This would raise a need of an effective encryption technique, which would ensure secure data migration. With this scenario, our proposed methodology Efficient Probabilistic Public Key Encryption(EPPKE) is optimized with Covariance Matrix Adaptation Evolution Strategies(CMA-ES). It ensures data integrity through the Luhn algorithm with BLAKE 2b encapsulation. This enables an optimized security to the data which is migrated through cloud. The proposed methodology is implemented in Open Stack with Java Language. It achieves better results by providing security compared to other existing techniques like RSA, IBA, ABE, PBE, etc.
文摘Internet key exchange (IKE) is an automated key exchange mechanism that is used to facilitate the transfer of IPSec security associations (SAs). Public key infrastructure (PKI) is considered as a key element for providing security to new distributed communication networks and services. In this paper, we concentrate on the properties of the protocol of Phase 1 IKE. After investigating IKE protocol and PKI technology, we combine IKE protocol and PKI and present an implementation scheme of the IKE based on PKI. Then, we give a logic analysis of the proposed protocol with the BAN-logic and discuss the security of the protocol. The result indicates that the protocol is correct and satisfies the security requirements of Internet key exchange.
基金Supported by the National Natural Science Foun-dation of China (60373087)
文摘Modular arithmetic is a fundamental operation and plays an important role in public key cryptosystem. A new method and its theory evidence on the basis of modular arithmetic with large integer modulus-changeable modulus algorithm is proposed to improve the speed of the modular arithmetic in the presented paper. For changeable modulus algorithm, when modular computation of modulo n is difficult, it can be realized by computation of modulo n-1 and n-2 on the perquisite of easy modular computations of modulo n-1 and modulo n-2. The conclusion is that the new method is better than the direct method by computing the modular arithmetic operation with large modulus. Especially, when computations of modulo n-1 and modulo n-2 are easy and computation of modulo n is difficult, this new method will be faster and has more advantages than other algorithms on modular arithmetic. Lastly, it is suggested that the proposed method be applied in public key cryptography based on modular multiplication and modular exponentiation with large integer modulus effectively
基金Supported by National Laboratory for Modern Communications Foundation (No. 5143 6010404DZ0235)
文摘RSA public key cryptosystem is extensively used in information security systems. However, key generation for RSA cryptosystem requires multiplicative inversion over finite field, which has higher computational complexity, compared with either multiplication in common sense or modular multiplication over finite field. In order to improve the performance of key generation, we propose a batch private keys generation method in this paper. The method derives efficiency from cutting down multiplicative inversions over finite field. Theoretical analysis shows that the speed of batch private keys generation for s users is faster than that of s times solo private key generation. It is suitable for applications in those systems with large amount of users.
文摘In the proposed photo certificate, the principal component is the image, for example, the user's photo. User-related fields, such as the subject's name, the issuer's name, and the expiration period, which are meaningful to users, are embedded into the surface of the photo by using a visible watermark algorithm, so that the reader can capture this information without the requirement for special software. The remaining fields in the certificate are embedded into a marked photo. Later, the whole photo certificate is eryptographically signed by certification authority (CA) private key to guarantee the integrity of our photo certificate. By such arrangement, the eertificate's verification is divided into two layers. The first layer is human visual system oriented and the second layer is the software-oriented. User can determine whether the user's photo and its subject's name are consistent and cheek whether the expired period is valid first. The second layer's verification is lunched only when the first layer's verification is passed. To sum up, the proposed photo certificate not only inherits the functions of a traditional certificate, but also provides a friendlier operational environment of X.509 certificate.
基金the National Natural Science Foundation of China(No.61572521,U1636114)National Key Project of Research and Development Plan(2017YFB0802000)+2 种基金Natural Science Foundation of Shaanxi Province(2021JM-252)Innovative Research Team Project of Engineering University of APF(KYTD201805)Fundamental Research Project of Engineering University of PAP(WJY201910).
文摘Trapdoor is a key component of public key cryptography design which is the essential security foundation of modern cryptography.Normally,the traditional way in designing a trapdoor is to identify a computationally hard problem,such as the NPC problems.So the trapdoor in a public key encryption mechanism turns out to be a type of limited resource.In this paper,we generalize the methodology of adversarial learning model in artificial intelligence and introduce a novel way to conveniently obtain sub-optimal and computationally hard trapdoors based on the automatic information theoretic search technique.The basic routine is constructing a generative architecture to search and discover a probabilistic reversible generator which can correctly encoding and decoding any input messages.The architecture includes a trapdoor generator built on a variational autoencoder(VAE)responsible for searching the appropriate trapdoors satisfying a maximum of entropy,a random message generator yielding random noise,and a dynamic classifier taking the results of the two generator.The evaluation of our construction shows the architecture satisfying basic indistinguishability of outputs under chosen-plaintext attack model(CPA)and high efficiency in generating cheap trapdoors.
文摘To prevent active attack, we propose a new threshold signature scheme usingself-certified public keys, which makes use of hash function and discrete logarithm problem. Thescheme has less commutnication and computation cost than previous schemes. Furthermore, the signatmeprocess of the proposed scheme is non-interactive.
文摘Digital watermark can be used for image ownership verification orauthentication. In this paper, we propose a new image authentication plan concentrating on itssecurity performance. Digital watermark is first turbo coded, sealed and then processed. In waveletdomain. To enhance security level, public key cryptosystem is utilized to replace traditionalwatermark key. Simulation results are finally given by experiment.
文摘Public Key Infrastructure (PKI) is a comprehensive information security framework for providing secure information and communication over the internet. Its need and use has grown over the years and continually grows. This research work examines the current PKI framework’s validation process as operated by vendors and subscribers to identify the drawbacks and propose enhanced approaches to its validation mechanism. Using an approach of reviewing secondary data, critical weaknesses of integrity, proof of trust and single point-of-failure were identified with the current PKI framework. This study therefore advances proposed solutions to address the identified weaknesses by specifically introducing multiple Certificate Authorities, storage, visibility and searchability of subscriber information in public repository. A comprehensive detail of its implementation is proposed to address the identified weaknesses of uncertain integrity, trust for certificate authorities and prevent a single point of failure. Furthermore, the proposed enhancements are validated with the protection motivation theory and a framework for empirically testing the enhancements is suggested. Further research would be required to factor in multi-factor authentication without compromising performance.
文摘The expanding and ubiquitous availability of the Internet of Things(IoT)have changed everyone’s life easier and more convenient.Same time it also offers a number of issues,such as effectiveness,security,and excessive power consumption,which constitute a danger to intelligent IoT-based apps.Group managing is primarily used for transmitting and multi-pathing communications that are secured with a general group key and it can only be decrypted by an authorized group member.A centralized trustworthy system,which is in charge of key distribution and upgrades,is used to maintain group keys.To provide longitudinal access controls,Software Defined Network(SDN)based security controllers are employed for group administration services.Cloud service providers provide a variety of security features.There are just a few software security answers available.In the proposed system,a hybrid protocols were used in SDN and it embeds edge system to improve the security in the group communication.Tree-based algorithms compared with Group Key Establishment(GKE)and Multivariate public key cryptosystem with Broadcast Encryption in the proposed system.When all factors are considered,Broadcast Encryption(BE)appears to become the most logical solution to the issue.BE enables an initiator to send encrypted messages to a large set of recipients in a efficient and productive way,meanwhile assuring that the data can only be decrypted by defining characteristic.The proposed method improves the security,efficiency of the system and reduces the power consumption and minimizes the cost.
基金Supported bythe National Natural Science Foundationof China (60225007 ,60572155) the Science and Technology ResearchProject of Shanghai (04DZ07067)
文摘In the area of secure Web information system, mutual authentication and key agreement are essential between Web clients and servers. An efficient certificateless authenticated key agreement protocol for Web client/server setting is proposed, which uses pairings on certain elliptic curves. We show that the newly proposed key agreement protocol is practical and of great efficiency, meanwhile, it satisfies every desired security require ments for key agreement protocols.
基金Supported by the National Natural Science Foundation of China (90204012, 60573035, 60573036) and the University IT Research Center Project of Korea
文摘Certificateless public key cryptography (CL-PKC) avoids the inherent escrow of identity-based cryptography and does not require certificates to guarantee the authenticity of public keys. Based on CL-PKC, we present an efficient constant-round group key exchange protocol, which is provably secure under the intractability of computation Diffie-Hellman problem. Our protocol is a contributory key exchange with perfect forward secrecy and has only two communication rounds. So it is more efficient than other protocols. Moreover, our protocol provides a method to design efficient constant-round group key exchange protocols and most secret sharing schemes could be adopted to construct our protocol.
文摘This research investigates the applications of homomorphic encryption systems in electronic voting schemes. We make use of Paillier cryptosystem which exhibits additive homomorphic properties. The other homomorphic cryptosystems RSA and Elgamal are not considered, since they exhibit only multiplicative homomorphic property. Our proposed method increases the level of security when compared to Elgamal method. It is more flexible when compared to previous schemes. We also propose data packing for efficient storage of election data. Finally, we demonstrate the advantages of the homomorphic encryption in voting schemes by comparing with other electronic voting scheme.