Ideal function is the fundamental component in the universally composable security model. However, the certification ideal function defined in the universally composable security model realizes the identity authentica...Ideal function is the fundamental component in the universally composable security model. However, the certification ideal function defined in the universally composable security model realizes the identity authentication by binding identity to messages and the signature, which fails to characterize the special security requirements of anonymous authentication with other kind of certificate. Therefore, inspired by the work of Marten, an anonymous hash certification ideal function and a more universal certificate CA model are proposed in this paper. We define the security requirements and security notions for this model in the framework of universal composable security and prove in the plain model (not in the random-oracle model) that these security notions can be achieved using combinations of a secure digital signature scheme, a symmetrical encryption mechanism, a family of pseudorandom functions, and a family of one-way collision-free hash functions. Considering the limitation of wireless environment and computation ability of wireless devices, this anonymous Hash certification ideal function is realized by using symmetry primitives.展开更多
Within the framework of UC (universally composable) security, a general method is presented to construct a secure channel protocol with using IND-CVA (indistinguishability of encryption scheme under ciphertext veri...Within the framework of UC (universally composable) security, a general method is presented to construct a secure channel protocol with using IND-CVA (indistinguishability of encryption scheme under ciphertext verification attacks). A channel protocol with using the method first invokes an ideal keyexchange protocol to get a session key, and then computes the messages with an authenticated encryption scheme. The paper shows that a channel protocol is UC secure if and only if the underlying authenticated encryption scheme is both IND-CVA secure and INT-PTXT secure. The condition about secure channel protocol in this paper is much weaker than IND-CCA secure and INT-CTXT secure. The IND-CVA can be presented for describing the privacy requirements of secure channels in detail. Moreover, the method for designing secure channel protocol in the paper reduces the UC security of secure channels, which are measured by action-simulation in the UC security framework, to the security of authenticated encryption schemes, which are measured semantically.展开更多
基金the National Natural Science Foundation of China (Grant Nos. 90204012, 60573035, and 60573036)the MIC of Korea,under the ITRC support program supervised by the IITA (IITA-2006-C1090-0603-0026)
文摘Ideal function is the fundamental component in the universally composable security model. However, the certification ideal function defined in the universally composable security model realizes the identity authentication by binding identity to messages and the signature, which fails to characterize the special security requirements of anonymous authentication with other kind of certificate. Therefore, inspired by the work of Marten, an anonymous hash certification ideal function and a more universal certificate CA model are proposed in this paper. We define the security requirements and security notions for this model in the framework of universal composable security and prove in the plain model (not in the random-oracle model) that these security notions can be achieved using combinations of a secure digital signature scheme, a symmetrical encryption mechanism, a family of pseudorandom functions, and a family of one-way collision-free hash functions. Considering the limitation of wireless environment and computation ability of wireless devices, this anonymous Hash certification ideal function is realized by using symmetry primitives.
基金Supported by the National Basic Research Program of China (Grant No. G2002cb312205)
文摘Within the framework of UC (universally composable) security, a general method is presented to construct a secure channel protocol with using IND-CVA (indistinguishability of encryption scheme under ciphertext verification attacks). A channel protocol with using the method first invokes an ideal keyexchange protocol to get a session key, and then computes the messages with an authenticated encryption scheme. The paper shows that a channel protocol is UC secure if and only if the underlying authenticated encryption scheme is both IND-CVA secure and INT-PTXT secure. The condition about secure channel protocol in this paper is much weaker than IND-CCA secure and INT-CTXT secure. The IND-CVA can be presented for describing the privacy requirements of secure channels in detail. Moreover, the method for designing secure channel protocol in the paper reduces the UC security of secure channels, which are measured by action-simulation in the UC security framework, to the security of authenticated encryption schemes, which are measured semantically.
