Wenbo Shi

A provable secure authentication protocol given forward secure session key

This paper proposes a key distribution and authentication protocol between user, service provider and key distribution center (KDC). This protocol is based on symmetric cryptosystem, challenge-response, Diffie-Hellman component and hash function. In proposed protocol, user and server update the session key under token-update operation, and user can process repeated efficient authentications by using updated session keys. Another merit is that KDC needs not to totally control the session key between user and server in proposed protocol. Even if an attacker steals the parameters from the KDC, the attacker still can not calculate session key. We use BAN logic to proof these merits of our proposed protocol. Also according to the comparison and analysis with other protocols, our proposed protocol provides good efficiency and forward secure session key.

An Inside Attacker Proof Intrusion Detection System

Recently, an intrusion detection system which named CONFIDANT was proposed, which utilized file integrity analyzers and mobile agent for intrusion detection and aimed to detection of malicious activity by insiders. But CONFIDANT has vulnerabilities in security aspect, the sensor agents in the lowest echelon are easily compromised by malicious platforms. Therefore, we integrate a security mechanism which named clone agent protocol into CONFIDANT. We improved the structure of CONFIDANT to protect those agents and strengthen its security, make sure them finish their computation and detect malicious hosts even though there are a few malicious platforms.

An efficient electronic marketplace bidding auction protocol with bid privacy

We modified the multi-agent negotiation test-bed which was proposed by Collins et al. In 2004, Jaiswal et al. have modified Collinss scheme, but Jaiswals scheme still has some security weaknesses: such as replay data attack and DOS (denial-of-service) attack, anonymity disclosure, collision between customers and a certain supplier. So the proposed protocol tries to reduce DOS attack and avoids replay data attack by providing ticket token and deal sequence number to the supplier. It utilizes efficient LPN-based authentication method to accomplish lightweight authentication. And it publishes an interpolating polynomial for sharing the determination process data and avoids collusion between a customer and a certain supplier. Also the proposed scheme relaxes the trust assumptions for three-party in Jaiswals scheme. According to comparison and analysis with other protocols, our proposed protocol shows good security and less computation cost.

Efficient nonce-based authentication scheme using token-update

In this paper an efficient token-update scheme based on nonce is proposed. This scheme provides an enhancement, resolving some problems with regard to Lees scheme, which cannot defend against and replay and impersonation attacks. Accordingly, an analysis and comparison with Lees and other schemes, demonstrate that the current paper avoids replay and impersonation attacks, providing mutual authentication, and also results in a lower computation cost than the original scheme.

Chosen Ciphertext Secure Fuzzy Identity-Based Encryption Scheme with Short Ciphertext

In this paper, we present an improved biometric identity based encryption scheme which is based on Baek et al’s scheme. By using fuzzy extractor to construct the public key of a user, we reduce the number of exponentiations of encryption algorithm, the number of MaptoPoint hash function and the length of ciphertext from O(n) to O(1). Furthermore, we proved the proposed scheme satisfy the security requirement under indistinguishability of encryptions under fuzzy selective-ID, chosen ciphertext attack (IND-FSIDCCA).

A Sealed-Bid Electronic Marketplace Bidding Auction Protocol by Using Ring Signature

We modified the multi-agent negotiation test-bed auction scheme which was proposed by Collins et al. In 2004, Jaiswal et al. have modified Collins’s scheme, but Jaiswal’s scheme still has some security weaknesses: such as replay data attack and DOS (denial-of-service) attack, collision between customers and a certain supplier. So the proposed protocol tries to reduce DOS attack and avoid replay data attack by using improved ring signature scheme, also it achieves perfect anonymity. And it publishes an interpolating polynomial for sharing the determination process data and avoids collusion between a customer and a certain supplier. Furthermore, the proposed scheme relaxes the trust assumptions for three-party in Jaiswal’s scheme. According to comparison and analysis with other protocols, our proposed protocol shows good security