Taxation,the primary source of fiscal revenue,has profound implications in guiding resource allocation,promoting economic growth,adjusting social wealth distribution,and enhancing cultural influence.The development of...Taxation,the primary source of fiscal revenue,has profound implications in guiding resource allocation,promoting economic growth,adjusting social wealth distribution,and enhancing cultural influence.The development of e-taxation provides a enhanced security for taxation,but it still faces the risk of inefficiency and tax data leakage.As a decentralized ledger,blockchain provides an effective solution for protecting tax data and avoiding tax-related errors and fraud.The introduction of blockchain into e-taxation protocols can ensure the public verification of taxes.However,balancing taxpayer identity privacy with regulation remains a challenge.In this paper,we propose a blockchain-based anonymous and regulatory e-taxation protocol.This protocol ensures the supervision and tracking of malicious taxpayers while maintaining honest taxpayer identity privacy,reduces the storage needs for public key certificates in the public key infrastructure,and enables selfcertification of taxpayers’public keys and addresses.We formalize the security model of unforgeability for transactions,anonymity for honest taxpayers,and traceability for malicious taxpayers.Security analysis shows that the proposed protocol satisfies unforgeability,anonymity,and traceability.The experimental results of time consumption show that the protocol is feasible in practical applications.展开更多
The rapid development of the industrial internet of things(IIoT)has brought huge benefits to factories equipped with IIoT technology,each of which represents an IIoT domain.More and more domains are choosing to cooper...The rapid development of the industrial internet of things(IIoT)has brought huge benefits to factories equipped with IIoT technology,each of which represents an IIoT domain.More and more domains are choosing to cooperate with each other to produce better products for greater profits.Therefore,in order to protect the security and privacy of IIoT devices in cross-domain communication,lots of cross-domain authentication schemes have been proposed.However,most schemes expose the domain to which the IIoT device belongs,or introduce a single point of failure in multi-domain cooperation,thus introducing unpredictable risks to each domain.We propose a more secure and efficient domain-level anonymous cross-domain authentication(DLCA)scheme based on alliance blockchain.The proposed scheme uses group signatures with decentralized tracing technology to provide domain-level anonymity to each IIoT device and allow the public to trace the real identity of the malicious pseudonym.In addition,DLCA takes into account the limited resource characteristics of IIoT devices to design an efficient cross-domain authentication protocol.Security analysis and performance evaluation show that the proposed scheme can be effectively used in the cross-domain authentication scenario of industrial internet of things.展开更多
A novel anonymous authentication scheme is proposed based on the ring signature. In the scheme, the private key and the the freely chosen anonymity set are used to achieve anonymous authentication. In terms of the thr...A novel anonymous authentication scheme is proposed based on the ring signature. In the scheme, the private key and the the freely chosen anonymity set are used to achieve anonymous authentication. In terms of the threshold sharing, a group of t members jointly implement threshold tracking. In order to improve the security of tracking, message recovery equation is used to verify and recover data leaked by the user. Compared with Liu et al’s scheme, the proposed scheme can resist conspiracy tracking and has less computational cost. On the premise of the discrete-logarithm-based assumption put forth by Lysyanskaya, Rivest, Sahai, and Wolf(LRSW) and Diffie-Hellman(DDH) assumption, the scheme is proved to meet the demands of anonymous authentication. The scheme has broad application prospects in many fields such as ad hoc network, electronic voting, and so on.展开更多
In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used ...In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used in multi domains environment is proposed and designed,in which,the certificate issuer located in outside of domain can be considered as a proxy server to issue the DAA certificate for valid member nodes directly.Our designed mechanism accords with present trusted computing group (TCG) international specification,and can solve the problems of practical authentication and privacy information protection between different trusted domains efficiently.Compared with present DAA scheme,in our protocol,the anonymity,unforgeability can be guaranteed,and the replay-attack also can be avoided.It has important referenced and practical application value in trusted computing field.展开更多
The vehicular cloud computing is an emerging technology that changes vehicle communication and underlying trafc management applications.However,cloud computing has disadvantages such as high delay,low privacy and high...The vehicular cloud computing is an emerging technology that changes vehicle communication and underlying trafc management applications.However,cloud computing has disadvantages such as high delay,low privacy and high communication cost,which can not meet the needs of realtime interactive information of Internet of vehicles.Ensuring security and privacy in Internet of Vehicles is also regarded as one of its most important challenges.Therefore,in order to ensure the user information security and improve the real-time of vehicle information interaction,this paper proposes an anonymous authentication scheme based on edge computing.In this scheme,the concept of edge computing is introduced into the Internet of vehicles,which makes full use of the redundant computing power and storage capacity of idle edge equipment.The edge vehicle nodes are determined by simple algorithm of dening distance and resources,and the improved RSA encryption algorithm is used to encrypt the user information.The improved RSA algorithm encrypts the user information by reencrypting the encryption parameters.Compared with the traditional RSA algorithm,it can resist more attacks,so it is used to ensure the security of user information.It can not only protect the privacy of vehicles,but also avoid anonymous abuse.Simulation results show that the proposed scheme has lower computational complexity and communication overhead than the traditional anonymous scheme.展开更多
In network-connected UAV(NCUAV) communication systems, user authentication is replaced by platform identity authentication and integrity check because many NC-UAVs are operated without human intervention. Direct anony...In network-connected UAV(NCUAV) communication systems, user authentication is replaced by platform identity authentication and integrity check because many NC-UAVs are operated without human intervention. Direct anonymous attestation(DAA) is an attractive cryptographic scheme that provides an elegant balance between platform authentication and anonymity. However, because of the low-level computing capability and limited transmission bandwidth in UAV, the existing DAA schemes are not suitable for NC-UAV communication systems. In this paper, we propose an enhanced DAA scheme with mutual authentication(MA-DAA scheme), which meets the security requirements of NC-UAV communication systems. The proposed MA-DAA scheme, which is based on asymmetric pairings, bundles the identities of trusted platform module(TPM) and Host to solve the malicious module changing attacks. Credential randomization, batch proof and verification, and mutual authentication are realized in the MA-DAA scheme. The computational workload in TPM and Host is reduced in order to meet the low computation and resource requirements in TPM and Host.The entire scheme and protocols are presented,and the security and efficiency of the proposed MA-DAA scheme are proved and analyzed.Our experiment results also confirm the high efficiency of the proposed scheme.展开更多
Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by w...Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by which a trusted computer assures a remote computer whose platform is not tampered with. There are two protocols that implement attestation without disclosing the platform's real identity, which are Privacy CA-based protocol and direct anonymous attestation (DAA) protocol. However, in the first protocol the privacy CA is the bottleneck and the platform's identity will be disclosed if the privacy CA is compromise, while DAA protocol can do profiling when dealing with rogue hardware device. In this paper, we propose a DAA-extended new approach to ensure full anonymous attestation that can not only detect a rogue TPM, but also reveal rogue TPM's real identity.展开更多
Based on traveling ballot mode,we propose a secure quantum anonymous voting via Greenberger–Horne–Zeilinger(GHZ)states.In this scheme,each legal voter performs unitary operation on corresponding position of particle...Based on traveling ballot mode,we propose a secure quantum anonymous voting via Greenberger–Horne–Zeilinger(GHZ)states.In this scheme,each legal voter performs unitary operation on corresponding position of particle sequence to encode his/her voting content.The voters have multiple ballot items to choose rather than just binary options“yes”or“no”.After counting votes phase,any participant who is interested in voting results can obtain the voting results.To improve the efficiency of the traveling quantum anonymous voting scheme,an optimization method based on grouping strategy is also presented.Compared with the most existing traveling quantum voting schemes,the proposed scheme is more practical because of its privacy,verifiability and non-repeatability.Furthermore,the security analysis shows that the proposed traveling quantum anonymous voting scheme can prevent various attacks and ensure high security.展开更多
For the problem of the original direct anonymous attestation (DAA) scheme's complexity and great time consumption, a new DAA scheme based on symmetric bilinear pairings is presented, which gives a practical solutio...For the problem of the original direct anonymous attestation (DAA) scheme's complexity and great time consumption, a new DAA scheme based on symmetric bilinear pairings is presented, which gives a practical solution to ECC-based TPM in protecting the privacy of the TPM. The scheme still includes five procedures or algorithms: Setup, Join, Sign, Verify and Rogue tagging, but gets rid of zero-knowledge proof and takes on a new process and framework, of which the main operations are addition, scalar multiplication and bilinear maps on supersingular elliptic curve systems. Moreover, the scheme adequately utilizes the properties of bilinear maps as well as the signature and verification of the ecliptic curve system itself. Compared with other schemes, the new DAA scheme not only satis- fies the same properties, and shows better simplicity and high effi- ciency. This paper gives not only a detailed security proof of the proposed scheme, but also a careful performance analysis by comparing with the existing DAA schemes.展开更多
We investigate the design of anonymous voting protocols,CV-based binary-valued ballot and CV-based multi-valued ballot with continuous variables(CV) in a multi-dimensional quantum cryptosystem to ensure the security...We investigate the design of anonymous voting protocols,CV-based binary-valued ballot and CV-based multi-valued ballot with continuous variables(CV) in a multi-dimensional quantum cryptosystem to ensure the security of voting procedure and data privacy.The quantum entangled states are employed in the continuous variable quantum system to carry the voting information and assist information transmission,which takes the advantage of the GHZ-like states in terms of improving the utilization of quantum states by decreasing the number of required quantum states.It provides a potential approach to achieve the efficient quantum anonymous voting with high transmission security,especially in large-scale votes.展开更多
Incorporating electric vehicles into smart grid,vehicle-to-Grid(V2G) makes it feasible to charge for large-scale electric vehicles,and in turn support electric vehicles,as mobile and distributed storage units,to disch...Incorporating electric vehicles into smart grid,vehicle-to-Grid(V2G) makes it feasible to charge for large-scale electric vehicles,and in turn support electric vehicles,as mobile and distributed storage units,to discharge to smart grid.In order to provide reliable and efficient services,the operator of V2 G networks needs to monitor realtime status of every plug-in electric vehicle(PEV) and then evaluate current electricity storage capability.Anonymity,aggregation and dynamic management are three basic but crucial characteristics of which the services of V2 G networks should be.However,few of existing authentication schemes for V2 G networks could satisfy them simultaneously.In this paper,we propose a secure and efficient authentication scheme with privacy-preserving for V2 G networks.The scheme makes the charging/discharging station authenticate PEVs anonymously and manage them dynamically.Moreover,the monitoring data collected by the charging/discharging station could be sent to a local aggregator(LAG)in batch mode.In particular,time overheads during verification stage are independent with the number of involved PEVs,and there is no need to update the membership certificate and key pair before PEV logs out.展开更多
In order to protect the user's privacy identity,authentication requires anonymous authentication.Anonymous authentication is divided into unconditional anonymous authentication and traceable anonymous authenticati...In order to protect the user's privacy identity,authentication requires anonymous authentication.Anonymous authentication is divided into unconditional anonymous authentication and traceable anonymous authentication.Unconditional anonymous authentication can verify that the user belongs to an anonymous set,but the user's true identity cannot be obtained.However,in some applications,it is necessary to trace the true identity of the user.Therefore,a traceable anonymous authentication scheme is proposed.In order to prevent random tracing,the proposed scheme uses threshold joint tracing.When the identity of the authenticator needs to be traced,the threshold number of members can jointly trace the identity of the authenticator.In some special network applications such as anonymous electronic voting,in order to prevent repeated authentications and repeated elections,it is necessary to verify whether the two authentication signatures are signed by the same user without revealing the true identity of the user.Therefore,the proposed anonymous authentication scheme should have selective linkability.In order to achieve linkable authentication,the linkable tag is embedded by linkable ring signature.Compared with similar schemes through the simulation experiments,the implementation time of the proposed scheme is slightly better than other schemes.展开更多
Based on elliptic curve public key cryptosystem and with the help of ring signature,a traceable and anonymous authentication scheme is proposed.The security of the proposed scheme is based on the difficulty of solving...Based on elliptic curve public key cryptosystem and with the help of ring signature,a traceable and anonymous authentication scheme is proposed.The security of the proposed scheme is based on the difficulty of solving elliptic curve discrete logarithm problem(ECDLP)and the computational Diffie-Hellman assumption(CDHA).In order to prevent random tracing,the threshold technology is introduced into anonymous tracing.In addition,in the signature generation process,using the private key and the additional random number,the signature satisfies unforgeability.Compared with the existing schemes,the communication overhead of the proposed scheme is relatively small.In the case of similar calculational overhead,the proposed scheme not only has anonymous authentication,signature unforgeability,but also has threshold traceability.展开更多
We characterized 14 anonymous nuclear loci from Pinus thunbergii Parl., an important pine species native to Japan. One hundred and twenty-six single nucleotide polymorphisms (SNPs) were identified from these loci, g...We characterized 14 anonymous nuclear loci from Pinus thunbergii Parl., an important pine species native to Japan. One hundred and twenty-six single nucleotide polymorphisms (SNPs) were identified from these loci, giving a frequency of 1 SNP per 51 bp. Nucleotide di- versity (0) ranged from 1.06 × 10^-3 to 11.87 × 10^-3, with all average of 4.99 × 10^-3. Only one locus (mK45) deviated significantly from the Hardy-Weinberg equilibrium. Thirteen of 14 loci were applicable in other pine species. These loci will be useful for nucleotide variation studies and will provide material for SNP-based marker development in P. thun- bergii and related species.展开更多
In three-party password authenticated key exchange (AKE) protocol, since two users use their passwords to establish a secure session key over an insecure communication channel with the help of the trusted server, su...In three-party password authenticated key exchange (AKE) protocol, since two users use their passwords to establish a secure session key over an insecure communication channel with the help of the trusted server, such a protocol may suffer the password guessing attacks and the server has to maintain the password table. To eliminate the shortages of password- based AKE protocol, very recently, according to chaotic maps, Lee et al. [2015 Nonlinear Dyn. 79 2485] proposed a first three-party-authenticated key exchange scheme without using passwords, and claimed its security by providing a well- organized BAN logic test. Unfortunately, their protocol cannot resist impersonation attack, which is demonstrated in the present paper. To overcome their security weakness, by using chaotic maps, we propose a biometrics-based anonymous three-party AKE protocol with the same advantages. Further, we use the pi calculus-based formal verification tool ProVerif to show that our AKE protocol achieves authentication, security and anonymity, and an acceptable efficiency.展开更多
By using Pedersen's verifiable secret sharing scheme and the theory of crossvalidation, we propose an a-nonymous payment protocol which have following features: protecting theconfidentiality of sensitive payment i...By using Pedersen's verifiable secret sharing scheme and the theory of crossvalidation, we propose an a-nonymous payment protocol which have following features: protecting theconfidentiality of sensitive payment information from spying by malicioushosts; using a trustedthird party in a minimal way; verifying the validity of the share by the merchant; allowing agent toverify that the product which it is a-bout to receive is the one it is paying for; keeping thecustomer anonymous.展开更多
With the widespread application of cloud computing and network virtualization technologies,more and more enterprise applications are directly deployed in the cloud.However,the traditional TCP/IP network transmission m...With the widespread application of cloud computing and network virtualization technologies,more and more enterprise applications are directly deployed in the cloud.However,the traditional TCP/IP network transmission model does not fully consider the information security issues caused by the uncontrollable internet environment.Network security communication solutions represented by encrypted virtual private networks(VPN)are facing multiple security threats.In fact,during the communication process,the user application needs to protect not only the content of the communication but also the behavior of the communication,such as the communication relationship,the communication protocol,and so on.Inspired by blockchain and software-defined networking technology,this paper proposes a resilient anonymous information sharing environment,RAISE.The RAISE system consists of user agents,a core switching network and a control cluster based on a consortium blockchain.User agents are responsible for segmenting,encrypting,and encapsulating user traffic.The core switching network forwards user traffic according to the rules issued by the controller,and the controller dynamically calculates the forwarding rules according to the security policy.Different from onion routing technology,RAISE adopts the controller to replace the onion routing model,which effectively overcomes the uncontrollability of nodes.The dispersed computing model is introduced to replace the TCP/IP pipeline transmission models,which overcomes the problems of anti-tracking and traffic hijacking that cannot be solved by VPNs.We propose a blockchain control plane framework,design the desired consensus algorithmand deploy a RAISE systemconsisting of 150 nodes in an internet environment.The experimental results show that the use of blockchain technology can effectively improve the reliability and security of the control plane.While maintaining high-performance network transmission,it further provides network communication security.展开更多
With the development of sensor technology and wireless communication technology,edge computing has a wider range of applications.The privacy protection of edge computing is of great significance.In the edge computing ...With the development of sensor technology and wireless communication technology,edge computing has a wider range of applications.The privacy protection of edge computing is of great significance.In the edge computing system,in order to ensure the credibility of the source of terminal data,mobile edge computing(MEC)needs to verify the signature of the terminal node on the data.During the signature process,the computing power of edge devices such as wireless terminals can easily become the bottleneck of system performance.Therefore,it is very necessary to improve efficiency through computational offloading.Therefore,this paper proposes an identitybased edge computing anonymous authentication protocol.The protocol realizes mutual authentication and obtains a shared key by encrypting the mutual information.The encryption algorithm is implemented through a thresholded identity-based proxy ring signature.When a large number of terminals offload computing,MEC can set the priority of offloading tasks according to the user’s identity and permissions,thereby improving offloading efficiency.Security analysis shows that the scheme can guarantee the anonymity and unforgeability of signatures.The probability of a malicious node forging a signature is equivalent to cracking the discrete logarithm puzzle.According to the efficiency analysis,in the case of MEC offloading,the computational complexity is significantly reduced,the computing power of edge devices is liberated,and the signature efficiency is improved.展开更多
With the rapid spread of smart sensors,data collection is becoming more and more important in Mobile Edge Networks(MENs).The collected data can be used in many applications based on the analysis results of these data ...With the rapid spread of smart sensors,data collection is becoming more and more important in Mobile Edge Networks(MENs).The collected data can be used in many applications based on the analysis results of these data by cloud computing.Nowadays,data collection schemes have been widely studied by researchers.However,most of the researches take the amount of collected data into consideration without thinking about the problem of privacy leakage of the collected data.In this paper,we propose an energy-efficient and anonymous data collection scheme for MENs to keep a balance between energy consumption and data privacy,in which the privacy information of senors is hidden during data communication.In addition,the residual energy of nodes is taken into consideration in this scheme in particular when it comes to the selection of the relay node.The security analysis shows that no privacy information of the source node and relay node is leaked to attackers.Moreover,the simulation results demonstrate that the proposed scheme is better than other schemes in aspects of lifetime and energy consumption.At the end of the simulation part,we present a qualitative analysis for the proposed scheme and some conventional protocols.It is noteworthy that the proposed scheme outperforms the existing protocols in terms of the above indicators.展开更多
文摘Taxation,the primary source of fiscal revenue,has profound implications in guiding resource allocation,promoting economic growth,adjusting social wealth distribution,and enhancing cultural influence.The development of e-taxation provides a enhanced security for taxation,but it still faces the risk of inefficiency and tax data leakage.As a decentralized ledger,blockchain provides an effective solution for protecting tax data and avoiding tax-related errors and fraud.The introduction of blockchain into e-taxation protocols can ensure the public verification of taxes.However,balancing taxpayer identity privacy with regulation remains a challenge.In this paper,we propose a blockchain-based anonymous and regulatory e-taxation protocol.This protocol ensures the supervision and tracking of malicious taxpayers while maintaining honest taxpayer identity privacy,reduces the storage needs for public key certificates in the public key infrastructure,and enables selfcertification of taxpayers’public keys and addresses.We formalize the security model of unforgeability for transactions,anonymity for honest taxpayers,and traceability for malicious taxpayers.Security analysis shows that the proposed protocol satisfies unforgeability,anonymity,and traceability.The experimental results of time consumption show that the protocol is feasible in practical applications.
文摘The rapid development of the industrial internet of things(IIoT)has brought huge benefits to factories equipped with IIoT technology,each of which represents an IIoT domain.More and more domains are choosing to cooperate with each other to produce better products for greater profits.Therefore,in order to protect the security and privacy of IIoT devices in cross-domain communication,lots of cross-domain authentication schemes have been proposed.However,most schemes expose the domain to which the IIoT device belongs,or introduce a single point of failure in multi-domain cooperation,thus introducing unpredictable risks to each domain.We propose a more secure and efficient domain-level anonymous cross-domain authentication(DLCA)scheme based on alliance blockchain.The proposed scheme uses group signatures with decentralized tracing technology to provide domain-level anonymity to each IIoT device and allow the public to trace the real identity of the malicious pseudonym.In addition,DLCA takes into account the limited resource characteristics of IIoT devices to design an efficient cross-domain authentication protocol.Security analysis and performance evaluation show that the proposed scheme can be effectively used in the cross-domain authentication scenario of industrial internet of things.
基金Supported by the National Natural Science Foundation of China(61503112)the Key Projects of Support Program for Outstanding Youth Talent of Universities in Anhui Province(gxyq ZD2016231)
文摘A novel anonymous authentication scheme is proposed based on the ring signature. In the scheme, the private key and the the freely chosen anonymity set are used to achieve anonymous authentication. In terms of the threshold sharing, a group of t members jointly implement threshold tracking. In order to improve the security of tracking, message recovery equation is used to verify and recover data leaked by the user. Compared with Liu et al’s scheme, the proposed scheme can resist conspiracy tracking and has less computational cost. On the premise of the discrete-logarithm-based assumption put forth by Lysyanskaya, Rivest, Sahai, and Wolf(LRSW) and Diffie-Hellman(DDH) assumption, the scheme is proved to meet the demands of anonymous authentication. The scheme has broad application prospects in many fields such as ad hoc network, electronic voting, and so on.
基金Acknowledgements This work was supported by Research Funds of Information Security Key Laboratory of Beijing Electronic Science & Technology Institute National Natural Science Foundation of China(No. 61070219) Building Together Specific Project from Beijing Municipal Education Commission.
文摘In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used in multi domains environment is proposed and designed,in which,the certificate issuer located in outside of domain can be considered as a proxy server to issue the DAA certificate for valid member nodes directly.Our designed mechanism accords with present trusted computing group (TCG) international specification,and can solve the problems of practical authentication and privacy information protection between different trusted domains efficiently.Compared with present DAA scheme,in our protocol,the anonymity,unforgeability can be guaranteed,and the replay-attack also can be avoided.It has important referenced and practical application value in trusted computing field.
基金The nancial support provided from the Cooperative Education Fund of China Ministry of Education(201702113002,201801193119)Hunan Natural Science Foundation(2018JJ2138)Degree and Graduate Education Reform Project of Hunan Province(JG2018B096)are greatly appreciated by the authors.
文摘The vehicular cloud computing is an emerging technology that changes vehicle communication and underlying trafc management applications.However,cloud computing has disadvantages such as high delay,low privacy and high communication cost,which can not meet the needs of realtime interactive information of Internet of vehicles.Ensuring security and privacy in Internet of Vehicles is also regarded as one of its most important challenges.Therefore,in order to ensure the user information security and improve the real-time of vehicle information interaction,this paper proposes an anonymous authentication scheme based on edge computing.In this scheme,the concept of edge computing is introduced into the Internet of vehicles,which makes full use of the redundant computing power and storage capacity of idle edge equipment.The edge vehicle nodes are determined by simple algorithm of dening distance and resources,and the improved RSA encryption algorithm is used to encrypt the user information.The improved RSA algorithm encrypts the user information by reencrypting the encryption parameters.Compared with the traditional RSA algorithm,it can resist more attacks,so it is used to ensure the security of user information.It can not only protect the privacy of vehicles,but also avoid anonymous abuse.Simulation results show that the proposed scheme has lower computational complexity and communication overhead than the traditional anonymous scheme.
基金supported in part by the European Commission Marie Curie IRSES project "AdvIOT"the National Natural Science Foundation of China (NSFC) under grant No.61372103
文摘In network-connected UAV(NCUAV) communication systems, user authentication is replaced by platform identity authentication and integrity check because many NC-UAVs are operated without human intervention. Direct anonymous attestation(DAA) is an attractive cryptographic scheme that provides an elegant balance between platform authentication and anonymity. However, because of the low-level computing capability and limited transmission bandwidth in UAV, the existing DAA schemes are not suitable for NC-UAV communication systems. In this paper, we propose an enhanced DAA scheme with mutual authentication(MA-DAA scheme), which meets the security requirements of NC-UAV communication systems. The proposed MA-DAA scheme, which is based on asymmetric pairings, bundles the identities of trusted platform module(TPM) and Host to solve the malicious module changing attacks. Credential randomization, batch proof and verification, and mutual authentication are realized in the MA-DAA scheme. The computational workload in TPM and Host is reduced in order to meet the low computation and resource requirements in TPM and Host.The entire scheme and protocols are presented,and the security and efficiency of the proposed MA-DAA scheme are proved and analyzed.Our experiment results also confirm the high efficiency of the proposed scheme.
基金Supported by the National High Technology Research and Development Program of China (2005AA145110)
文摘Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by which a trusted computer assures a remote computer whose platform is not tampered with. There are two protocols that implement attestation without disclosing the platform's real identity, which are Privacy CA-based protocol and direct anonymous attestation (DAA) protocol. However, in the first protocol the privacy CA is the bottleneck and the platform's identity will be disclosed if the privacy CA is compromise, while DAA protocol can do profiling when dealing with rogue hardware device. In this paper, we propose a DAA-extended new approach to ensure full anonymous attestation that can not only detect a rogue TPM, but also reveal rogue TPM's real identity.
基金supported by the Tang Scholar Project of Soochow Universitythe National Natural Science Foundation of China(Grant No.61873162)+1 种基金the Fund from Jiangsu Engineering Research Center of Novel Optical Fiber Technology and Communication NetworkSuzhou Key Laboratory of Advanced Optical Communication Network Technology。
文摘Based on traveling ballot mode,we propose a secure quantum anonymous voting via Greenberger–Horne–Zeilinger(GHZ)states.In this scheme,each legal voter performs unitary operation on corresponding position of particle sequence to encode his/her voting content.The voters have multiple ballot items to choose rather than just binary options“yes”or“no”.After counting votes phase,any participant who is interested in voting results can obtain the voting results.To improve the efficiency of the traveling quantum anonymous voting scheme,an optimization method based on grouping strategy is also presented.Compared with the most existing traveling quantum voting schemes,the proposed scheme is more practical because of its privacy,verifiability and non-repeatability.Furthermore,the security analysis shows that the proposed traveling quantum anonymous voting scheme can prevent various attacks and ensure high security.
基金Supported by the National Natural Science Foundation of China (60970113)Sichuan Youth Science and Technology Foundation (2011JQ0038)
文摘For the problem of the original direct anonymous attestation (DAA) scheme's complexity and great time consumption, a new DAA scheme based on symmetric bilinear pairings is presented, which gives a practical solution to ECC-based TPM in protecting the privacy of the TPM. The scheme still includes five procedures or algorithms: Setup, Join, Sign, Verify and Rogue tagging, but gets rid of zero-knowledge proof and takes on a new process and framework, of which the main operations are addition, scalar multiplication and bilinear maps on supersingular elliptic curve systems. Moreover, the scheme adequately utilizes the properties of bilinear maps as well as the signature and verification of the ecliptic curve system itself. Compared with other schemes, the new DAA scheme not only satis- fies the same properties, and shows better simplicity and high effi- ciency. This paper gives not only a detailed security proof of the proposed scheme, but also a careful performance analysis by comparing with the existing DAA schemes.
基金Project supported by the National Natural Science Foundation of China(Grant Nos.61272495,61379153,and 61401519)the Research Fund for the Doctoral Program of Higher Education of China(Grant No.20130162110012)the MEST-NRF of Korea(Grant No.2012-002521)
文摘We investigate the design of anonymous voting protocols,CV-based binary-valued ballot and CV-based multi-valued ballot with continuous variables(CV) in a multi-dimensional quantum cryptosystem to ensure the security of voting procedure and data privacy.The quantum entangled states are employed in the continuous variable quantum system to carry the voting information and assist information transmission,which takes the advantage of the GHZ-like states in terms of improving the utilization of quantum states by decreasing the number of required quantum states.It provides a potential approach to achieve the efficient quantum anonymous voting with high transmission security,especially in large-scale votes.
基金the Natural Science Foundation of China(61102056,61201132)Fundamental Research Funds for the Central Universities of China(K5051301013)the 111 Project of China(B08038)
文摘Incorporating electric vehicles into smart grid,vehicle-to-Grid(V2G) makes it feasible to charge for large-scale electric vehicles,and in turn support electric vehicles,as mobile and distributed storage units,to discharge to smart grid.In order to provide reliable and efficient services,the operator of V2 G networks needs to monitor realtime status of every plug-in electric vehicle(PEV) and then evaluate current electricity storage capability.Anonymity,aggregation and dynamic management are three basic but crucial characteristics of which the services of V2 G networks should be.However,few of existing authentication schemes for V2 G networks could satisfy them simultaneously.In this paper,we propose a secure and efficient authentication scheme with privacy-preserving for V2 G networks.The scheme makes the charging/discharging station authenticate PEVs anonymously and manage them dynamically.Moreover,the monitoring data collected by the charging/discharging station could be sent to a local aggregator(LAG)in batch mode.In particular,time overheads during verification stage are independent with the number of involved PEVs,and there is no need to update the membership certificate and key pair before PEV logs out.
基金Supported by the Key Natural Science Foundation of Anhui Higher Education Institutions(2022AH052536)。
文摘In order to protect the user's privacy identity,authentication requires anonymous authentication.Anonymous authentication is divided into unconditional anonymous authentication and traceable anonymous authentication.Unconditional anonymous authentication can verify that the user belongs to an anonymous set,but the user's true identity cannot be obtained.However,in some applications,it is necessary to trace the true identity of the user.Therefore,a traceable anonymous authentication scheme is proposed.In order to prevent random tracing,the proposed scheme uses threshold joint tracing.When the identity of the authenticator needs to be traced,the threshold number of members can jointly trace the identity of the authenticator.In some special network applications such as anonymous electronic voting,in order to prevent repeated authentications and repeated elections,it is necessary to verify whether the two authentication signatures are signed by the same user without revealing the true identity of the user.Therefore,the proposed anonymous authentication scheme should have selective linkability.In order to achieve linkable authentication,the linkable tag is embedded by linkable ring signature.Compared with similar schemes through the simulation experiments,the implementation time of the proposed scheme is slightly better than other schemes.
基金Supported by the Key Natural Science Foundation of Anhui Higher Education Institutions(KJ2017A857,KJ2019A0727)the Nature Science Youth Foundation of Anhui Province(1708085QF157)the Key Projects of Support Program for Outstanding Youth Talent of Universities in Anhui Province(gxyq2017050)。
文摘Based on elliptic curve public key cryptosystem and with the help of ring signature,a traceable and anonymous authentication scheme is proposed.The security of the proposed scheme is based on the difficulty of solving elliptic curve discrete logarithm problem(ECDLP)and the computational Diffie-Hellman assumption(CDHA).In order to prevent random tracing,the threshold technology is introduced into anonymous tracing.In addition,in the signature generation process,using the private key and the additional random number,the signature satisfies unforgeability.Compared with the existing schemes,the communication overhead of the proposed scheme is relatively small.In the case of similar calculational overhead,the proposed scheme not only has anonymous authentication,signature unforgeability,but also has threshold traceability.
文摘We characterized 14 anonymous nuclear loci from Pinus thunbergii Parl., an important pine species native to Japan. One hundred and twenty-six single nucleotide polymorphisms (SNPs) were identified from these loci, giving a frequency of 1 SNP per 51 bp. Nucleotide di- versity (0) ranged from 1.06 × 10^-3 to 11.87 × 10^-3, with all average of 4.99 × 10^-3. Only one locus (mK45) deviated significantly from the Hardy-Weinberg equilibrium. Thirteen of 14 loci were applicable in other pine species. These loci will be useful for nucleotide variation studies and will provide material for SNP-based marker development in P. thun- bergii and related species.
基金supported by the Natural Science Foundation of Zhejiang Province,China(Grant No.LZ12F02005)the Major State Basic Research Development Program of China(Grant No.2013CB834205)the National Natural Science Foundation of China(Grant No.61070153)
文摘In three-party password authenticated key exchange (AKE) protocol, since two users use their passwords to establish a secure session key over an insecure communication channel with the help of the trusted server, such a protocol may suffer the password guessing attacks and the server has to maintain the password table. To eliminate the shortages of password- based AKE protocol, very recently, according to chaotic maps, Lee et al. [2015 Nonlinear Dyn. 79 2485] proposed a first three-party-authenticated key exchange scheme without using passwords, and claimed its security by providing a well- organized BAN logic test. Unfortunately, their protocol cannot resist impersonation attack, which is demonstrated in the present paper. To overcome their security weakness, by using chaotic maps, we propose a biometrics-based anonymous three-party AKE protocol with the same advantages. Further, we use the pi calculus-based formal verification tool ProVerif to show that our AKE protocol achieves authentication, security and anonymity, and an acceptable efficiency.
文摘By using Pedersen's verifiable secret sharing scheme and the theory of crossvalidation, we propose an a-nonymous payment protocol which have following features: protecting theconfidentiality of sensitive payment information from spying by malicioushosts; using a trustedthird party in a minimal way; verifying the validity of the share by the merchant; allowing agent toverify that the product which it is a-bout to receive is the one it is paying for; keeping thecustomer anonymous.
基金This work was supported by the National Natural Science Foundation of China(Grant No.61976064).
文摘With the widespread application of cloud computing and network virtualization technologies,more and more enterprise applications are directly deployed in the cloud.However,the traditional TCP/IP network transmission model does not fully consider the information security issues caused by the uncontrollable internet environment.Network security communication solutions represented by encrypted virtual private networks(VPN)are facing multiple security threats.In fact,during the communication process,the user application needs to protect not only the content of the communication but also the behavior of the communication,such as the communication relationship,the communication protocol,and so on.Inspired by blockchain and software-defined networking technology,this paper proposes a resilient anonymous information sharing environment,RAISE.The RAISE system consists of user agents,a core switching network and a control cluster based on a consortium blockchain.User agents are responsible for segmenting,encrypting,and encapsulating user traffic.The core switching network forwards user traffic according to the rules issued by the controller,and the controller dynamically calculates the forwarding rules according to the security policy.Different from onion routing technology,RAISE adopts the controller to replace the onion routing model,which effectively overcomes the uncontrollability of nodes.The dispersed computing model is introduced to replace the TCP/IP pipeline transmission models,which overcomes the problems of anti-tracking and traffic hijacking that cannot be solved by VPNs.We propose a blockchain control plane framework,design the desired consensus algorithmand deploy a RAISE systemconsisting of 150 nodes in an internet environment.The experimental results show that the use of blockchain technology can effectively improve the reliability and security of the control plane.While maintaining high-performance network transmission,it further provides network communication security.
基金Beijing Postdoctoral Research Foundation(No.2021-ZZ-077,No.2020-YJ-006)Chongqing Industrial Control System Security Situational Awareness Platform,2019 Industrial Internet Innovation and Development Project-Provincial Industrial Control System Security Situational Awareness Platform,Center for Research and Innovation in Software Engineering,School of Computer and Information Science(Southwest University,Chongqing 400175,China)Chongqing Graduate Education Teaching Reform Research Project(yjg203032).
文摘With the development of sensor technology and wireless communication technology,edge computing has a wider range of applications.The privacy protection of edge computing is of great significance.In the edge computing system,in order to ensure the credibility of the source of terminal data,mobile edge computing(MEC)needs to verify the signature of the terminal node on the data.During the signature process,the computing power of edge devices such as wireless terminals can easily become the bottleneck of system performance.Therefore,it is very necessary to improve efficiency through computational offloading.Therefore,this paper proposes an identitybased edge computing anonymous authentication protocol.The protocol realizes mutual authentication and obtains a shared key by encrypting the mutual information.The encryption algorithm is implemented through a thresholded identity-based proxy ring signature.When a large number of terminals offload computing,MEC can set the priority of offloading tasks according to the user’s identity and permissions,thereby improving offloading efficiency.Security analysis shows that the scheme can guarantee the anonymity and unforgeability of signatures.The probability of a malicious node forging a signature is equivalent to cracking the discrete logarithm puzzle.According to the efficiency analysis,in the case of MEC offloading,the computational complexity is significantly reduced,the computing power of edge devices is liberated,and the signature efficiency is improved.
基金This work is supported by the National Key R&D Program of China under Grant No.2018YFB0505000the National Natural Science Foundation of China under Grant No.U1836115,No.61922045,No.U1836115 and No.61672295+2 种基金the Natural Science Foundation of Jiangsu Province under Grant No.BK20181408the State Key Laboratory of Cryptology Foundation,Guangxi Key Laboratory of Cryptography and Information Security No.GCIS201715the CICAEET fund,and the PAPD fund.
文摘With the rapid spread of smart sensors,data collection is becoming more and more important in Mobile Edge Networks(MENs).The collected data can be used in many applications based on the analysis results of these data by cloud computing.Nowadays,data collection schemes have been widely studied by researchers.However,most of the researches take the amount of collected data into consideration without thinking about the problem of privacy leakage of the collected data.In this paper,we propose an energy-efficient and anonymous data collection scheme for MENs to keep a balance between energy consumption and data privacy,in which the privacy information of senors is hidden during data communication.In addition,the residual energy of nodes is taken into consideration in this scheme in particular when it comes to the selection of the relay node.The security analysis shows that no privacy information of the source node and relay node is leaked to attackers.Moreover,the simulation results demonstrate that the proposed scheme is better than other schemes in aspects of lifetime and energy consumption.At the end of the simulation part,we present a qualitative analysis for the proposed scheme and some conventional protocols.It is noteworthy that the proposed scheme outperforms the existing protocols in terms of the above indicators.
