Wang Yu-min

A chaos-based image encryption algorithm using alternate structure

Combined with two chaotic maps, a novel alternate structure is applied to image cryptosystem. In proposed algorithm, a general cat-map is used for permutation and diffusion, as well as the OCML (one-way coupled map lattice), which is applied for substitution. These two methods are operated alternately in every round of encryption process, where two subkeys employed in different chaotic maps are generated through the masterkey spreading. Decryption has the same structure with the encryption algorithm, but the masterkey in each round should be reversely ordered in decryption. The cryptanalysis shows that the proposed algorithm bears good immunities to many forms of attacks. Moreover, the algorithm features high execution speed and compact program, which is suitable for various software and hardware applications.

A user authentication protocol for digital mobile communication network

A new public-key user authentication protocol for mobile communication network is presented based on Harn (see Electronics Letters, vol.30, no.5, p.396, 1994) proposed modified ElGa-mal signature system and Rabin cryptosystem. It overcomes the shortcomings of secret-key authentication protocol used in GSM and CT-2 systems, and a has lower computational complexity and a higher security.

An efficient and secure multi-secret sharing scheme with general access structures

A multiple secret sharing scheme can share a group of secrets in each sharing session, which is very useful especially in sharing large secrets. However, most of the existing multiple secret sharing schemes are (t, n) threshold schemes, so they are fit for only threshold applications and unfit for the applications of general access structures. Due to the fact that a (t, n) threshold scheme could only handle a small fraction of the secret sharing idea, a novel multi-secret sharing scheme is proposed, which is designed based on general access structures. The security of this scheme is the same as that of Shamirs threshold secret sharing scheme. Compared with the existing multiple secret sharing schemes, the proposed scheme can provide greater capabilities for many applications because it is able to deal with applications of general access structures.

Fair data collection scheme in wireless sensor networks

To solve the slow congestion detection and rate convergence problems in the existing rate control based fair data collection schemes, a new fair data collection scheme is proposed, which is named the improved scheme with fairness or ISWF for short. In ISWF, a quick congestion detection method, which combines the queue length with traffic changes of a node, is used to solve the slow congestion detection problem, and a new solution, which adjusts the rate of sending data of a node by monitoring the channel utilization rate, is used to solve the slow convergence problem. At the same time, the probability selection method is used in ISWF to achieve the fairness of channel bandwidth utilization. Experiment and simulation results show that ISWF can effectively reduce the reaction time in detecting congestion and shorten the rate convergence process. Compared with the existing tree-based fair data collection schemes, ISWF can achieve better fairness in data collection and reduce the transmission delay effectively, and at the same time, it can increase the average network throughput by 9.1% or more.

Authentication of mobile users in personal communication system

The logical structure of a personal communication system (PCS) is divided into three layers: intelligent layer, transmission layer and access layer. The authentication of mobile users is realized in the intelligent layer. The database structure of the PCS, different from the existing systems such as GSM and IS-41 etc., is centralized. Therefore the authentication schemes used in existing systems cannot meet the requirement of the PCS. In this paper, a user authentication scheme is proposed according to the database structure in the intelligent layer of the PCS. Compared with the existing authentication schemes, it has the following properties: (1) The authentication of mobile users in the visited network is not controlled by its home network. The traffic load of location update and interrogation is greatly reduced. (2) The authentication protocol adopts a public key/secret key hybrid algorithm. (3) When the data transmission network adopts PSPDN or common channel signaling network, the scheme still has very high security.

A Correctness Proof of WAPI Certificate Authentication Protocol

WAPI certificate authentication protocol is the core and key component of WAPI security mechanism proposed by Chinese WLAN standard. This protocol adopts pubfic key cryptographic technique, ASUE (authentication supplicant entity) and AE (authenticator entity) implement the mutual identity authentication aided by their trusting third ASE (authentication security entity) to realize secure access and negotiate the corresponding BK. Using a formal logic of PCL, WAPI certificate authentication protocol is programmed and its security properties are proved. The results show that if all the entities involved in the protocol do not reveal their long-term keys or short-term keys, this protocol provides the properties of strong session authentication and key secrecy and achieves its predefined security goals.

An anonymity-revoking e-payment system with a smart card

Abstract.An untraceable offline e-payment system can offer a degree of customer anonymity; however, it also presents criminals with opportunities, such as laundering money, corruption, and kidnapping. In this paper, we improve on the e-payment system with a smart card proposed by S. Brands, and present an anonymity-revoking e-payment system. On the one hand, the customer’s privacy cannot be compromised by the bank or by the payee. On the other hand, anonymity can be removed by a trusted third party (trustee) with the help of the bank. In this case, the third party can link a payment to a corresponding withdrawal and prevent money laundering and blackmailing.

Security analysis and improvement of TNC IF-T Protocol Binding to TLS

The TNC IF-T Protocol Binding to TLS (TIPBT) is specified by Trusted Computing Group (TCG) for TNC assessment exchanges. However, the TIPBT cannot be analysed by current Strand Space Model (SSM) because of the different requirements from the traditional security protocols. In order to solve this problem, first, we give an extension of the SSM and point out the TIPBT cannot prevent Man-in-the-Middle (MITM) attacks in some cases based on the extended SSM. Then, we improve the TIPBT and show that the improved TIPBT can resist MITM attacks in the extended SSM.

Security analysis of the improved group signature

We show that the improved group signature (Yuh-Min Tseng and Jinn-ke Jan, Electron. Lett., vol.35, no.16, p.1324, 1999) has an essential flaw: universal forgery. An adversary can forge a group membership certificate to sign any message without being traced by the group manager.

A New Forward-Secure Authenticated Encryption Scheme with Message Linkages

Yoon and Yoo recently proposed a robust authenticated encryption scheme and claimed their scheme has the properties of forward secrecy and confidentiality. The current paper, however, points out that Yoon-Yoos scheme also can not provide forward secrecy and confidentiality such that any adversary can easily recover the transferred message. Based on intractability of reversing the one-way hash function and discrete logarithm problem, an improved authenticated encryption scheme with messages linkage is proposed. The above security faults get solved perfectly. The new scheme is proven to satisfy all the basic security requirements of the authenticated encryption scheme. And by the concrete comparison, it has the similar efficiency of the original scheme.