Zhide Chen

Multi-Identity Single-Key Decryption without Random Oracles

Multi-Identity Single-Key Decryption (MISKD) is an Identity-Based Encryption (IBE) system where a private decryption key can map multiple public keys (identities). More exactly, in MISKD, a single private key can be used to decrypt multiple ciphertexts encrypted with different public keys associated to the private key. MISKD is a variant of IBE and offers convenience to users who have to manage many private keys in a standard IBE. The notion of MISKD was recently introduced by Guo, Mu and Chen in Pairing 2007. They proposed a concrete MISKD scheme and proved its security based on the Bilinear Strong Diffie-Hellman problem (q-BSDH) in random oracle model. In this paper, we present a novel MISKD scheme that is provably secure in the selective-ID model based on the Decisional Bilinear Diffie-Hellman (DBDH) assumption. Our scheme is more efficient in decryption.

Identity-Based Online/Offline Encryption

We consider a scenario of identity-based encryption (IBE) where the encryption device (such as a smartcard) has low power. To improve the computation efficiency, it is desirable that part of computation can be done prior to knowing the message and the recipient (its identity or public key). The real encryption can be conducted efficiently once the message and the recipients identity become available. We borrow the notion of online/offline signatures introduced by Even, Goldreich and Micali in 1990 and call this kind of encryption identity-based online/offline encryption(IBOOE), in the sense that the pre-computation is referred to as offline phaseand the real encryption is considered as online phase. We found that this new notion is not trivial, since all previously proposed IBE schemes cannot be separated into online and offline phases so that the online phase is very efficient. However, we also found that with a proper transformation, some existing identity-based encryption schemes can be converted into IBOOE schemes with or without random oracles. We look into two schemes in our study: Boneh-Boyen IBE (Eurocrypt 2004), and Gentry IBE (Eurocrypt 2006).

Efficient Batch Verification of Short Signatures for a Single-Signer Setting without Random Oracles

In Eurocrypt 2007, Camenisch, Hohenberger and Pedersen introduced the notion of multi-signer batch verification and proposed several efficient and practical batch verification schemes for signatures, including a very efficient batch verification scheme for a multi-signer setting without random oracles. This scheme is the most efficient in comparison with other existing schemes, but it can be applied only to the multi-signer setting. We observe that amongst all existing batch verification schemes, the fastest scheme for a single-signer setting is based on the BLS short signature whose proof need resort to random oracles. It is clear that batch verification for a single-signer setting is as important as for multi-signer scenarios in some applications, especially where the system has only a single signer, such as a secure time-stamping server or a certificate generation server. However, to our knowledge, the efficient batch verification of short signatures in a single-signer setting without random oracles is a challenging open problem. In this paper, we propose a new signature scheme from Gentry IBE that is as efficient as the BLS short signature scheme in batch verification. We are able to prove its security without random oracles. Our signature is approximately 320 bits in length, and a verification requires only two pairings for verifying n signatures from a single signer.

Fault-Tolerant Algorithms for Connectivity Restoration in Wireless Sensor Networks.

As wireless sensor network (WSN) is often deployed in a hostile environment, nodes in the networks are prone to large-scale failures, resulting in the network not working normally. In this case, an effective restoration scheme is needed to restore the faulty network timely. Most of existing restoration schemes consider more about the number of deployed nodes or fault tolerance alone, but fail to take into account the fact that network coverage and topology quality are also important to a network. To address this issue, we present two algorithms named Full 2-Connectivity Restoration Algorithm (F2CRA) and Partial 3-Connectivity Restoration Algorithm (P3CRA), which restore a faulty WSN in different aspects. F2CRA constructs the fan-shaped topology structure to reduce the number of deployed nodes, while P3CRA constructs the dual-ring topology structure to improve the fault tolerance of the network. F2CRA is suitable when the restoration cost is given the priority, and P3CRA is suitable when the network quality is considered first. Compared with other algorithms, these two algorithms ensure that the network has stronger fault-tolerant function, larger coverage area and better balanced load after the restoration.

An implicit identity authentication system considering changes of gesture based on keystroke behaviors

Smartphones have become ubiquitous personal devices so that much of sensitive and private information will be saved in the phone, and users have their own unique behavioral characteristics when using smartphones, so, to prevent private information from falling into the hands of impostors, there is a kind of identity authentication system based on users behavioral features while the user is unlocking. However, due to the impact of environmental factors, changes of gesture will introduce bias into the feature data, which results in a diminishment of the system performance. To solve this problem, we propose an implicit identity authentication system based on keystroke behaviors, and it is the first attempt to consider the changes of a users gesture. This system collects five keystroke features in the background and analyzes to identify different users without additional hardware supporting. We present our work with an experimental study, and our experiments show that the accuracy of identity authentication system we proposed is up to 99.1329%. Comparing with the identity authentication system without considering the impact of gesture changes, the EER of the system considering the impact of gesture changes is decreased by 1.2514%.

Dynamics stability in wireless sensor networks active defense model

Wireless sensor networks, which are widely used in military, industrial and transportation fields, are vulnerable to various kinds of attacks, since they are mostly deployed in a relatively open environment. Based on the evolutionary game theory, this paper proposes a proactive defense model for wireless sensor networks, in which we emphasize that the node has a limited ability to learn the evolution of rationality from different attack strategies of the attacker, and can dynamically adjust their strategies to achieve the most effective defense. Following this approach, the cost (e.g., energy consumption and wastage of machinery) has been greatly saved and the life cycle of the nodes has been extended as well. By employing the proposed model, the whole wireless sensor network can be implemented in an effective way.

A Cluster Header Election Scheme Based on Auction Mechanism for Intrusion Detection in MANET

In this paper, we study the cluster head nodes election mechanism for cluster based intrusion detection in the presence of selfish nodes in Mobile Ad Hoc Networks (MANETs). To prolong the lifetime of all nodes, each cluster should elect a node with the most remaining energy as its cluster head. But, the selfish nodes may behave selfishly by lying about their remaining energy and avoiding being elected. We represent the existence of selfish nodes really has a bad effect on the lifetime of the networks and propose a solution based on auction mechanism. More specifically, we design a mechanism with the following attributes: First, the mechanism can always elect the most energy remaining nodes as cluster heads. Second, the mechanism can encourage the selfish nodes behave honestly by providing incentives. Simulation results show that our mechanism can effectively prolong the overall lifetime of Intrusion Detection System (IDS) in MANET.

Secure Anonymous Routing in Trust and Clustered Wireless Ad Hoc Networks

Wireless ad hoc networks , especially in the hostile environment, are vulnerable to traffic analysis which allows the adversary to trace the routing messages and the sensitive data packets. Anonymity mechanism in ad hoc networks is critical securing measure used to mitigate these problems. In this paper, we propose a novel secure anonymous routing scheme for clustered wireless ad hoc networks. In our proposed scheme, we use the bloom filter to establish secure anonymous routing in trust and clustered wireless ad hoc networks. It provides not only the basic sender and receiver anonymity, but also the link anonymity and the identity anonymity to the forwarders en route.

Routing Protocols Based on Double Auction for Ad Hoc Networks

We introduce a game-theoretic setting for routing in mobile ad hoc networks in this paper. We implement the continuous double auction (CDA), a double auctioning mechanism in ad hoc networks and propose our routing protocols based on it. This mechanism can stimulate nodes to cooperate with each other and the aim to allocate routes in communication would be achieved. It is the first time that double auction methods are shown to offer theoretical guarantees for route allocation in ad hoc networks.

On the Security of WAI Protocol in the Third Version of WAPI

Firstly, we concentrate on the security of WAI Protocol in the third version of WAPI(WLAN authentication and privacy infrastructure), listing several possible attacks the protocol is liable to suffer from. Also, we do according improvement on the protocol when mentioning a certain attack. Finally, we provide a new protocol as an alternative by doing holistic improvement..