【Abstract】In this paper, we present the concept of certificateless public key encryption with equality test (CL-PKEET), which integrates certificateless public key cryptography (CL-PKC) into public key encryption with equality test (PKEET) to solve the key escrow problem of identity-based encryption with equality test (IBEET). In the CL-PKEET scheme, the receiver first computes his private key with the receiver’s secret value and the partial private key generated by the key generation center (KGC). The trapdoor is generated with this private key. Then, using the trapdoor, the receiver authorizes the cloud server to test the equivalence between his ciphertexts and others’ ciphertexts. We formalize the system model and definition of CL-PKEET, propose the security models by considering four types of adversaries, and then present a concrete CL-PKEET scheme. Our proposal achieves the IND-CCA security against adversaries without trapdoor, and the OW-CCA security against adversaries with trapdoor. Furthermore, compared with IBEET and PKEET, our proposal which has the features of CL-PKC solves certificate management and key escrow problems simultaneously.
Lin X J, Sun L, Qu H. Generic construction of public key encryption, identity-based encryption and signcryption with equality test[J]. Information Sciences, 2018, 453
【Abstract】 Public key encryption with equality test (PKEET) allows the cloud server to test whether two ciphertexts are generated on the same message. Recently, Lee etal. proposed a semi-generic approach for PKEET constructions by using the traditional public key encryption schemes. However, how to design a generic approach is still an open problem. In this paper, we propose a generic approach for PKEET constructions. Our approach can be easily extended to the identity-based setting. Compared with Lee et al.’s approach, ours is (surprisingly) more efficient. Moreover, we propose a new primitive, called signcryption with equality test (SCET). Compared with the traditional PKEET, SCET provides both confidentiality and authentication simultaneously..
Lin X J, Sun L, Qu H, et al. Cryptanalysis of A Pairing-Free Certificateless Signcryption Scheme[J]. Computer Journal, 2018, 61(4).
【Abstract】Certificateless signcryption (CLSC) has attracted much attention from the research community since it provides both confidentiality and unforgeability, and, at the same time, it does not suffer from the certificate management problem in traditional public key cryptography and the key escrow problem in identity-based cryptography. However, most CLSC schemes are based on the bilinear pairing which is still a time-costing operation although many efforts have been made to improve its efficiency. Recently, Yu et al. proposed a pairing-free CLSC scheme and proved its security. In this paper, we point out that their scheme can be totally broken since confidentiality and unforgeability actually are not captured.
Qian Lu, Haipeng Qu, Yuan Zhuang, Xi-Jun Lin, Yuzhan Ouyang. Client-side Evil Twin Attacks Detection Using Statistical Characteristics of 802.11 Data Frames.
【Abstract】With the development of wireless network technology and popularization of mobile devices, the Wireless Local Area Network (WLAN) has become an indispensable part of our daily life. Although the 802.11-based WLAN provides enormous convenience for users to access the Internet, it also gives rise to a number of security issues. One of the most severe threat encountered by Wi-Fi users is the evil twin attacks. The evil twin, a kind of rogue access points (RAPs), masquerades as a legitimate access point (AP) to lure users to connect it. Due to the characteristics of strong concealment, high confusion, great harmfulness and easy implementation, the evil twin has led to significant loss of sensitive information and become one of the most prominent security threats in recent years. In this paper, we propose a passive client-based detection solution that enables users to independently identify and locate evil twins without any assistance from a wireless network administrator. Because of the forwarding behavior of evil twins, proposed method compares 802.11 data frames sent by target APs to users to determine evil twin attacks. We implemented our detection technique in a Python tool named ET-spotter. Through implementation and evaluation in our study, our algorithm achieves 96\% accuracy in distinguishing evil twins from legitimate APs.
Lu Q, Qu H, Zhuang Y, et al. A Passive Client-based Approach to Detect Evil Twin Attacks[C]// Trustcom/bigdatase/icess. IEEE, 2017:233-239.
【Abstract】As the widespread deployment and usage of 802.11-based wireless local area networks (WLANs), Wi-Fi users are vulnerable to be attacked by a security threat called evil twins. The evil twin, a kind of rogue access points (RAPs), masquerades as a legitimate access point (AP) to lure users to connect it. Malicious adversaries can easily configure evil twins on a laptop to induce victim wireless users. The presence of such a threat continuously leads to significant loss of information. In this paper, we propose a passive client-side detection approach that allows users to independently identify and locate evil twins without any assistance from a wireless network administrator. Because of the forwarding behavior of evil twins, proposed method compares 802.11 data frames sent by target APs to users to determine evil twin attacks. We implemented our detection and location technique in a Python tool named ET-spotter. Through implementation and evaluation in our study, our algorithm achieves 96% accuracy in distinguishing evil twins from legitimate APs. .
Yang H, Lin X, Haipeng Q U. Improved Top-k Query Algorithm in Distributed Networks[J]. Computer Engineering, 2017.
【Abstract】Existing Top-k query algorithms are mainly applied in the centralized relational database.However,the algorithms will cause huge communication costs and low efficiency in the distributed networks.In order to solve these problems,an improved Top-k Query Algorithm is proposed.This algorithm sets a Pretreatment Index Table(PIT) to cut the independent data out in the distributed networks,builds candidate subset which contains the correct Top-k results and realizes Top-k query based on it.Experimental result shows that the query results of this algorithm are more accurate,and it has shorter operation time and less network overhead compared with Fagin and Naive Top-k query algorithms.
Lin X J, Sun L, Qu H. An efficient RSA-based certificateless public key encryption scheme[J]. Discrete Applied Mathematics, 2017.
【Abstract】In order to resolve the key escrow in identity-based scheme and the significant cost of using a PKI system in traditional public key scheme, the notion of certificateless public key cryptography (CL-PKC) was introduced. The first certificateless public key encryption scheme (CL-PKE) was proposed by Al-Riyami and Paterson, and then further schemes were developed. However, most of them are constructed from the bilinear pairing which is a time costing operation. In this paper, we construct an efficient CL-PKE scheme from RSA since RSA is the de facto Internet standard and is widely used in many applications. The security is based on Kilian–Petrank’s RSA assumption which is a variant of RSA.
Lin X J, Sun L, Qu H, et al. Editorial: On the Security of the First Leakage-Free Certificateless Signcryption Scheme[J]. Computer Journal, 2016, 60(4).
【Abstract】Recently, Islam and Li proposed the first certificateless signcryption scheme without ephemeral secret leakage (ESL) attack, called leakage-free certificateless signcryption (leakage-free CLSC) scheme. However, we point out in this paper that the confidentiality property is not captured in their proposal. Moreover, our attack adheres to the security model proposed in the original paper. On the other hand, the security models proposed by Islam and Li are insufficient. In fact, the ESL attack is not involved in the security models since the ephemeral secret is not returned to the adversary when CLSC-Signcryption query and Challenge are issued. Finally, we give the amended security models..
李嘉伟, 杨知举, 林喜军,等. 基于软件定义网络的网络故障诊断方法研究[J]. 网络与信息安全学报, 2016, 2(12):56-62.
【摘要】基于软件定义网络环境下故障诊断方法的研究现状，提出了一种在软件定义网络下故障诊断定位的方法。通过发送具有匹配识别标志字段的 TCP 测试数据分组，利用软件定义网络环境下控制器的可编程和流表可扩展匹配的特性，设计匹配流表和指令，匹配并按特定格式写入具备定位作用的转发信息到测试数据分组。监听分析模块根据返回数据分组中的历史转发信息，提取数据并据此诊断和定位网络故障。在模拟环境下，实验结果证明了该方法的有效性，具备一定的应用价值。