scispace - formally typeset
Search or ask a question

Showing papers on "Key escrow published in 2012"


Journal ArticleDOI
TL;DR: In 2011, Wang et al. as mentioned in this paper proposed a certificateless signature scheme without bilinear pairings, which is more practical than the previous related schemes for practical application, and also showed the proposed scheme is secure in the random oracle.
Abstract: Certificateless public key cryptography simplifies the complex certificate management in the traditional public key cryptography and resolves the key escrow problem in identitybased cryptography. The certificateless signature scheme is studied widely as an important primitive. Following the pioneering work done by Al-Riyami et al., many certificateless signature schemes using bilinear pairings have been proposed ever since. However, the relative computation cost of the pairing is approximately 20 times higher than that of the scalar multiplication over the elliptic curve group. To improve the performance we propose a certificateless signature scheme without bilinear pairings. With the running time being reduced greatly, our scheme is more practical than the previous related schemes for practical application. Copyright © 2011 John Wiley & Sons, Ltd. (The key findings presented in the paper is described as follows. (1) We proposed an efficient certificateless signature scheme without pairings. (2) We also show the proposed scheme is secure in the random oracle. (3) The experimental results show the proposed scheme has better performance than the related schemes.)

109 citations


Journal ArticleDOI
TL;DR: This paper proposes a new pairing-free CLAKA protocol that has better performance and is provably secure in a very strong security model-the extended Canetti-Krawczyk (eCK) model.
Abstract: Since certificateless public key cryptography (CLPKC) has received widespread attention due to its efficiency in avoiding key escrow problems in identity-based public key cryptography (ID-PKC), the certificateless authenticated key agreement (CLAKA) protocol, an important part of CLPKC, has been studied a great deal. Most CLAKA protocols are built from pairings which need costly operations. To improve the performance, several pairing-free CLAKA protocols have been proposed. In this paper, we propose a new pairing-free CLAKA protocol. Compared with the related protocols, our protocol has better performance. Also, our protocol is provably secure in a very strong security model-the extended Canetti-Krawczyk (eCK) model.

69 citations


Proceedings ArticleDOI
01 Apr 2012
TL;DR: A secure and privacy-preserving communication protocol for V2G networks is proposed, which utilizes the restrictive partially blind signature to protect the identities of the EV owners and is also based on certificateless public key cryptography to simplify the certificate management as in traditional public key infrastructure and to overcome the key escrow problem as in identity-based publicKey cryptography.
Abstract: The concept of vehicle-to-grid (V2G) is that electric vehicles (EVs) communicate with the smart grid to sell demand response services by delivering electricity into the grid. The operation of V2G networks is based on continuously monitoring the status of individual EVs as well as a designed incentive scheme to attract sufficient participating EVs. However, the close monitoring might raise privacy concerns from the EV owners about identity and location information leakage. To the best of the authors' knowledge, V2G communication protocol with privacy-preserving has been proposed rarely in the literature. Therefore, we propose a secure and privacy-preserving communication protocol for V2G networks, which utilizes the restrictive partially blind signature to protect the identities of the EV owners and is also based on certificateless public key cryptography to simplify the certificate management as in traditional public key infrastructure and to overcome the key escrow problem as in identity-based public key cryptography. The proposed protocol can achieve the property of completeness, identity and location privacy, confidentiality and integrity of the communications, and known-key security, and is secure against the replay attacks and existential adaptively chosen message attacks.

50 citations


Journal ArticleDOI
TL;DR: The authors propose a new certificateless signature scheme, which exhibits an improvement on the existing schemes, and offers stronger security, shorter system parameters and higher computational efficiency.
Abstract: Certificateless cryptography shares many features of identity-based cryptography and partially solves the problem of key escrow. Three certificateless signature schemes without random oracles were found in the literature. However, all the schemes suffer from some common drawbacks. First, by obtaining a signature on a message and replacing the public key of a signer, an adversary can forge valid signatures on the same message under the replaced public key. Secondly, all the schemes require a relatively large size of public parameters. The authors propose a new certificateless signature scheme, which exhibits an improvement on the existing schemes. Compared with the previous schemes, the proposed scheme offers stronger security, shorter system parameters and higher computational efficiency.

50 citations


Journal ArticleDOI
TL;DR: This paper presents a short certificate-based signature scheme, which is proven to be existentially unforgeable against adaptive chosen message attacks in the random oracle model and to the best of the knowledge, the signature size is the shortest and the computational cost is the lowest when compared with other concrete certificate- based signature schemes in the literature.

45 citations


Patent
10 Aug 2012
TL;DR: In this article, the authors describe a system for enabling users to select from available secure service providers (each having a Trusted Service Manager (TSM)) for provisioning applications and services on a secure element installed on a device of the user.
Abstract: Systems and methods are described herein for enabling users to select from available secure service providers (each having a Trusted Service Manager (“TSM”)) for provisioning applications and services on a secure element installed on a device of the user. The device includes a service provider selector (“SPS”) module that provides a user interface for selecting the secure service provider. In one embodiment, the SPS communicates with a key escrow service that maintains cryptographic keys for the secure element and distributes the keys to the user selected secure service provider. The key escrow service also revokes the keys from deselected secure service providers. In another embodiment, the SPS communicates with a central TSM that provisions applications and service on behalf of the user selected secure service provider. The central TSM serves as a proxy between the secure service providers and the secure element.

36 citations


Journal ArticleDOI
TL;DR: The certificateless authenticated asymmetric group key agreement protocol is proposed, which does not have certificate management burden and key escrow problem, and achieves known-key security, unknown key-share security, key-compromise impersonation security, and key control security.
Abstract: Group key agreement (GKA) is a cryptographic primitive allowing two or more users to negotiate a shared session key over public networks. Wu et al. recently introduced the concept of asymmetric GKA that allows a group of users to negotiate a common public key, while each user only needs to hold his/her respective private key. However, Wu et al.’s protocol can not resist active attacks, such as fabrication. To solve this problem, Zhang et al. proposed an authenticated asymmetric GKA protocol, where each user is authenticated during the negotiation process, so it can resist active attacks. Whereas, Zhang et al.’s protocol needs a partially trusted certificate authority to issue certificates, which brings a heavy certificate management burden. To eliminate such cost, Zhang et al. constructed another protocol in identity-based setting. Unfortunately, it suffers from the so-called key escrow problem. In this paper, we propose the certificateless authenticated asymmetric group key agreement protocol which does not have certificate management burden and key escrow problem. Besides, our protocol achieves known-key security, unknown key-share security, key-compromise impersonation security, and key control security. Our simulation based on the pairing-based cryptography (PBC) library shows that this protocol is efficient and practical.

27 citations


Journal ArticleDOI
TL;DR: This paper formalizes the security model of certificateless proxy signature schemes and proposes a provably secure certificatelessproxy signature scheme with formal security proof under the computational Diffie-Hellman assumption.

25 citations


Patent
16 Feb 2012
TL;DR: In this article, the authors present a system for managing access to stored data resources that assigns one or more wrapped (encrypted) encryption keys to each data resource, and the keys may be stored in an access control list (ACL) in association with the encrypted data resources.
Abstract: Methods and systems for managing access to stored data resources assign one or more wrapped (encrypted) encryption keys to each data resource. The resources are encrypted, and the keys may be stored in an access control list (ACL) in association with the encrypted data resources. The keys may be wrapped with metadata that indicates who or what is authorized to use the resource and what role the user or users may have with respect to the resource. The keys may be unwrapped upon receipt of access requests from authorized users, and may be used to decrypt the data resources.

24 citations


01 Mar 2012
TL;DR: Identity Based Authenticated Key Exchange (IBAKE) Protocol is specified which does not suffer from the key escrow problem and in addition provides mutual authentication and a perfect forward and backwards secrecy.
Abstract: Cryptographic protocols based on public key methods are based on certificates and large scale public key infrastructure (PKI) to support certificate management. The emerging field of Identity Based Encryption protocols allows to simplify the infrastructure requirements via a Key Generation Function (KGF) while providing the same flexibility. However one significant limitation of Identity Based Encryption methods is that the KGF can end up being a de-facto key escrow server with undesirable consequences. Another observed deficiency is a lack of mutual authentication of communicating parties. Here, Identity Based Authenticated Key Exchange (IBAKE) Protocol is specified which does not suffer from the key escrow problem and in addition provides mutual authentication and a perfect forward and backwards secrecy.

24 citations


Patent
29 Jun 2012
TL;DR: In this paper, a way of sharing privately encrypted user data that is stored remotely from an owner of the user data is provided, where a request to share the privately encrypted data with a set of authorized persons may be received.
Abstract: A way of sharing privately encrypted user data that is stored remotely from an owner of the user data is provided. A request to share the privately encrypted data with a set of authorized persons may be received. A private encryption key may be received, where the private encryption key is managed by the owner of the user data. The privately encrypted user data may be decrypted using the private encryption key, where the decrypted user data is share data. The share data may be encrypted using a default encryption key. The encrypted share data may be stored at the remote storage. The set of authorized persons may be provided access to the encrypted share data.

Proceedings ArticleDOI
03 Aug 2012
TL;DR: An efficient and secure certificateless strong designated verifier multisignature scheme using elliptic curve cryptography (ECC) and bilinear pairings that satisfies the properties of singer's privacy protection, strongness, non-transferability and source hiding of an SDVS scheme and is unforgeable against the adversaries of different capabilities.
Abstract: The certificateless public key cryptography (CL-PKC) is a new paradigm of modern cryptography, which was proposed to simplify the certificate management problem of PKC and to avoid the key escrow problem of identity-based cryptosystem (IBC). In this paper, we proposed an efficient and secure certificateless strong designated verifier multisignature (CL-SDVMS) scheme using elliptic curve cryptography (ECC) and bilinear pairings. The proposed CL-SDVMS scheme allows a group of signers to generate a common signature on the same message intended to a designated verifier for verification. The length of the final multisignature is independent of the number of signers and identical to the length of the individual signatures, and the verification time of the multisignature is the same as the time needs to verify any individual signature generated by a signer. In addition, our multisignature scheme can be verified by a designated verifier only; however, he cannot claim to a third-party that the signature is computed by the signers or himself. The proposed scheme satisfies the properties of singer's privacy protection, strongness, non-transferability and source hiding of an SDVS scheme and is unforgeable against the adversaries of different capabilities. The proposed CL-SDVMS scheme is useful where a single document needs to be authenticated by a set of persons and applicable in various applications like decision making processes, petitions, workflow systems etc.

Journal ArticleDOI
TL;DR: This paper first presents a security model for certificateless AKA protocols for three parties, and then proposes an efficient construction based on bilinear pairings that can be proved to be equivalent to the computational Diffie–Hellman problem in the random oracle model.

Journal ArticleDOI
TL;DR: This paper proposes an certificateless undeniable signature scheme based on bilinear maps that satisfies all the security properties under certain standard assumptions in the random oracle model and extends security notions of undeniable signatures in the traditional public key infrastructure to the certificateless setting.

Journal ArticleDOI
TL;DR: A dependable and secure access policy enforcement scheme for disruption-tolerant medical information systems that allows the device controller to partially decrypt the encrypted medical information for the authorized receivers with their corresponding attributes without leaking any confidential information to it.

Journal ArticleDOI
TL;DR: This paper shows that Liu et al.

Patent
21 Mar 2012
TL;DR: In this paper, a certificateless partially blind signature method is proposed for electronic cash transactions and electronic voting, which can be used in an electronic cash transaction and e-voting.
Abstract: The invention relates to a certificateless partially blind signature method. In the prior art, practicality of the partially blind signature method is low. The method of the invention is mainly used to solve the above problem. The method comprises the following steps that: 1) a secret key generation center randomly selects an integer sPKG as a private key in an integer multiplication group of mod q and stores secretly, and discloses a system parameter: (G1, q, 1, P, G2, e, H, h, QPKG); 2) a signer generates the partial private key s1 and a partial public key Q1, the secret key generation center generates the other partial private key S2 and the public key Q2 and sends to the signer through a safe authentication channel, and the signer acquires a private key pair (s1, S2) and a public key pair (Q1, Q2); 3) the signer carries out signature; 4) an authenticator verifies validity of the signature by using the public key pair (Q1, Q2) of the signer. By using the method of the invention, a demand to a certificate can be eliminated. There is no disadvantage of secret key escrow. A partial blind characteristic is possessed. Simultaneously, the method is simple and high efficient and possesses good practicality and security. The method can be used in an electronic cash transaction and electronic voting.

Proceedings ArticleDOI
26 Mar 2012
TL;DR: This paper proposes a Certificate less Partially Blind Signature by laying its construction on bilinear pairings over Gap Diffie-Hellman (GDH) Group for solving the key escrow problem in normal ID-based partially blind signature.
Abstract: Blind signatures play a central role in applications such as e-cash and e-voting systems, while partially blind signature is an even more applicable variant. This paper proposes a Certificate less Partially Blind Signature (CPBS) by laying its construction on bilinear pairings over Gap Diffie-Hellman (GDH) Group for solving the key escrow problem in normal ID-based partially blind signature. Formally, a framework is presented for defining the components of CPBS scheme and illustrating attack models. We then prove that our new scheme is secure in the random oracle model if we assume that Computational Diffie-Hellman Problem (CDHP) is intractable. Also, we theoretically validate that our proposed scheme is more efficient than those existing ones in terms of computational complexity.

Journal ArticleDOI
TL;DR: This paper analyzes the security of an existing certificateless threshold signature (CLTHS) scheme and shows it is insure by demonstrating its three security drawbacks, and presents a kind of public key replacement attack against it.
Abstract: Certificateless public key cryptography is a new paradigm with two interesting features. On one hand, it keeps the certificate free property of identity-based public key cryptography (ID-PKC), while on the other hand, it gets rid of the inherent key escrow problem of ID-PKC. These two distinctive features make certificateless threshold signature schemes more applicable in practice as it removes the cost of transmitting and verifying the public key certificates of the participants who are involved in signing, and yet without the fear of key escrow. In this paper, we analyze the security of an existing certificateless threshold signature (CLTHS) scheme recently proposed by Zhong et al.[26]. We show it is insure by demonstrating its three security drawbacks. Especially, we present a kind of public key replacement attack against it. Our attack reveals that it is subject to universal forgeries of type I adversaries

Journal Article
TL;DR: The new scheme can not only avoid the inherent key escrow problem in the identity-based cryptographic system, but also have the advantage of MPKC, that is, it can withstand the quantum attack.
Abstract: Aiming at the vulnerability under quantum attacks and the inherent key escrow problem of the existing ID-based multi-receiver signcryption schemes,we propose an efficient certificateless multi-receiver signcryption scheme(CLMSC),which is based on the multivariate public key cryptography(MPKC)The new scheme can not only avoid the inherent key escrow problem in the identity-based cryptographic system,but also have the advantage of MPKC,that is,it can withstand the quantum attackThe proposed scheme does not require any pairing operations in signcrypting a message for any number of receiversTherefore,compared with the existing signcryption schemes,the proposed scheme is more efficient,and thus it is suitable for terminals which have lower computation capacity like smart cardFinally,we prove its semantic security under the hardness of Multivariate Quadratic(MQ) problem and its unforgeability under the Isomorphism of Polynomials(IP) assumption in the random oracle model respectivelyThe proposed scheme also has the security properties of non-repudiation,forward security,backward security and the recipient privacy protection

01 Jan 2012
TL;DR: This work proposes an OSAS scheme in a certificateless setting called certificateless ordered sequential aggregate signature (CLOSAS), which resists KGC’s malicious activities associated with key escrow and forgery of signatures as long as both each user and KGC involve directly in a key generation.
Abstract: Certificateless cryptosystem is a hybrid scheme of traditional PKI and ID-based scheme and has positive aspects of both of PKI and ID-based cryptosystem, i.e. solving key escrow problem and certificate management problem simultaneously. Cryptographic schemes constructed in such a hybrid setting, generally called certificateless setting, retain these positive aspects and have been extensively studied recently. To the best of our knowledge, an ordered sequential aggregate signature (OSAS) scheme, which is a signature scheme verifying both the validity of a document and a signing order of a group of signers, has never been proposed in the certificateless setting. Therefore we propose an OSAS scheme in a certificateless setting called certificateless ordered sequential aggregate signature (CLOSAS) scheme. Our proposed scheme has advantages in its communication cost and the security proof. In particular, its signature size is fixed with respect to the number of signers, and the security is proven in the random oracle model against super adversaries that are the strongest adversary in certificateless signature scheme. Our scheme resists KGC’s malicious activities associated with key escrow and forgery of signatures as long as both of each user and KGC involve directly in a key generation.

Book ChapterDOI
26 Sep 2012
TL;DR: A new escrow-free IBS is proposed, which enjoys three main advantages, namely key escrow free, practical and very efficient, and presents a generic intuition as well as an efficient instantiation.
Abstract: The notion of identity-based signature scheme (IBS) has been proven useful in some scenarios where relying on the validity of the certificates is impractical. Nevertheless, one remaining inherent problem that hinders the adoption of this cryptographic primitive in practice is due to the key escrow problem, where the private key generator (PKG) can always impersonate the user in the system. In 2010, Yuen et al. proposed the notion of IBS that does not suffer from the key escrow problem. Nevertheless, their approach relies on the judge who will later blame the malicious PKG when such a dispute occurs, assuming that the PKG is willing to collaborate. Although the approach is attractive, but unfortunately it is impractical since the malicious PKG may just refuse to collaborate when such an incident happens. In this paper, we propose a new escrow-free IBS, which enjoys three main advantages, namely key escrow free, practical and very efficient. We present a generic intuition as well as an efficient instantiation. In our approach, there is no judge involvement required, as the public can determine the malicious behaviour of PKG when such an incident happens. Further, the signature size of our instantiation is only two group elements, which outperforms the existing constructions in the literature.

Journal ArticleDOI
TL;DR: An anonymous authentication protocol featured with conditional privacy preservation and non-repudiation is proposed for vehicular ad-hoc network by applying the proposed signature scheme and a novel concept called the account index.
Abstract: Certificate-based Cryptography (CBC) combines the advantages of ID-based cryptography (implicit certification) and traditional PKI approach (no key escrow). Based on CBC, an anonymous authentication protocol featured with conditional privacy preservation and non-repudiation is proposed for vehicular ad-hoc network. First, a certificate-based signature scheme with only one pairing computation and only one element signature is proposed. Then, an anonymous authentication protocol is constructed by applying the proposed signature scheme and a novel concept called the account index which helps to realize On-Board Units anonymity, non-reputation, and conditional privacy preservation. A secure session key is established in the protocol which provides perfect forward secrecy.

Journal Article
TL;DR: Nowadays, the increasing political, economic, and cultural exchanges all over the world will lead to more and more transnational crime and terrorist attacks, so this program can be adapted to the multinational (or multi-organization) key escrow cooperation.
Abstract: To combat crime and terrorist organizations, government expects to monitor the suspicious communication but the leak of personal privacy is a common problem. Assuming that there are two Escrow Agent groups (Escrow party), one is designated by the government, while the other is unofficial. The two groups can achieve mutual supervision and dependence, thus implementing monitoring for users by the cooperation rather than by only a single one. If the number of the mutual participation is less than the required threshold number, the monitoring cannot be achieved. Therefore, an equation set corresponding to the specific program can be constructed, for example, multiply i th equation and j th equation to get an (i+j) th equation. As long as this kind of equation set is established, various key escrow schemes involved by several Escrow Agent groups can be constructed. Nowadays, the increasing political, economic, and cultural exchanges all over the world will lead to more and more transnational crime and terrorist attacks, so this program can be adapted to the multinational (or multi-organization) key escrow cooperation. Streszczenie. Analizuje sie mozliwości monitorowania transakcji w przypadku wielu escrow agents - depozytariuszy. Metoda ma na celu ochrone rynku przed atakami terrorystycznymi. (Schematy depozytowe (escrow) w mechanizmach kooperacyjnych przy wielu depozytariuszach)

Journal Article
TL;DR: A formal model of certificateless aggregate signature was proposed, which is secure against existential forgery under adaptive chosen messages and identities in random oracle mode and a concrete certificate less aggregate signature scheme, in which the length of the signature is independent of the signers.
Abstract: Certificateless cryptosystem can solve the key escrow of ID-based cryptosystem and the public key authentication of certification-based cryptosystem.A formal model of certificateless aggregate signature was proposed.It also proposed a concrete certificateless aggregate signature scheme,in which the length of the signature is independent of the signers.Based on the hardness of computational Diffie-Hellman problem,the proposed scheme is secure against existential forgery under adaptive chosen messages and identities in random oracle mode.

Journal ArticleDOI
TL;DR: A unified security framework (USF) for multi-domain wireless mesh networks is proposed and the identity-based encryption and the certificateless signature are unified in the proposed cryptography operations utilizing bilinear groups to solve key escrow problem.

Book ChapterDOI
26 Jun 2012
TL;DR: In this paper, a novel key management infrastructure called RIKE is proposed to integrate the inherent key escrow of identity-based encryption (IBE) into PKIs, an effective certificate-based solution and highly compatible with traditional PKIs.
Abstract: Public key infrastructures (PKIs) are proposed to provide various security services. Some security services such as confidentiality, require key escrow in certain scenarios; while some others such as non-repudiation, prohibit key escrow. Moreover, these two conflicting requirements can coexist for one user. The common solution in which each user has two certificates and an escrow authority backups all escrowed private keys for users, faces the problems of efficiency and scalability. In this paper, a novel key management infrastructure called RIKE is proposed to integrate the inherent key escrow of identity-based encryption (IBE) into PKIs. In RIKE, a user's PKI certificate also serves as a revocable identity to derive the user's IBE public key, and the revocation of its IBE key pair is achieved by the certificate revocation of PKIs. Therefore, the certificate binds the user with two key pairs, one of which is escrowed and the other is not. RIKE is an effective certificate-based solution and highly compatible with traditional PKIs.

Proceedings ArticleDOI
07 May 2012
TL;DR: This paper proposes the first non-transferable proxy re-encryption scheme which successfully achieves the nontransferable property and shows that the new scheme solved the PKG despotism problem and key escrow problem as well.
Abstract: A proxy re-encryption (PRE) scheme allows a proxy to re-encrypt a ciphertext for Alice (delegator) to a ciphertext for Bob (delegatee) without seeing the underlying plaintext. However, existing PRE schemes generally suffer from at least one of the followings. Some schemes fail to provide the non-transferable property in which the proxy and the delegatee can collude to further delegate the decryption right to anyone. This is the main open problem left for PRE schemes. Other schemes assume the existence of a fully trusted private key generator (PKG) to generate the re-encryption key to be used by the proxy for re-encrypting a given ciphertext for a target delegatee. But this poses two problems in PRE schemes if the PKG is malicious: the PKG in their schemes may decrypt both original ciphertexts and re-encrypted ciphertexts (referred as the key escrow problem); and the PKG can generate reencryption key for arbitrary delegatees without permission from the delegator (we refer to it as the PKG despotism problem). In this paper, we propose the first non-transferable proxy re-encryption scheme which successfully achieves the nontransferable property. We show that the new scheme solved the PKG despotism problem and key escrow problem as well.

Journal Article
TL;DR: A new certificateless signature scheme without pairings is proposed that is prova-bly secure in the random oracle model(ROM) under the relatively weaker assumption,i.e.,the discrete logarithm as-sumption and is more efficient than the existing schemes.
Abstract: To solve the key escrow problem inherited in ID-based cryptography and the complex certificate management problem of traditional certification-based public key cryptosystem,Al-Riyami and Paterson proposed the novel concept of certificateless public key cryptography.Almost all existing certificateless signature schemes need bilinear pairings ei-ther during signature generation stage or the signature verification stage,and were proven secure only with stronger computational assumptions.A new certificateless signature scheme without pairings was proposed.The scheme is prova-bly secure in the random oracle model(ROM) under the relatively weaker assumption,i.e.,the discrete logarithm as-sumption and is more efficient than the existing schemes.

Journal Article
TL;DR: This paper presents a new efficient certificateless aggregate signature scheme that is shown to be secure under the standard computational Diffie-Hellman assumption in the random oracle model and its performance is comparable to the most efficient up-to-date schemes.
Abstract: An aggregate signature scheme allows a public algo- rithm to aggregate n signatures on n distinct messages from n signers into a single signature. By validating the single resulting signature, one can be convinced that the messages have been endorsed by all the signers. Certificateless aggregate signatures allow the signers to authenticate messages without suffering from the complex certifi- cate management in the traditional public key cryptography or the key escrow problem in identity-based cryptography. In this paper, we present a new efficient certificateless aggregate signature scheme. Compared with up-to-date certificateless aggregate signatures, our scheme is equipped with a number of attracting features: (1) it is shown to be secure under the standard computational Diffie-Hellman assumption in the random oracle model; (2) the security is proven in the strongest security model so far; (3) the signers do not need to be synchronized; and (4) its performance is comparable to the most efficient up-to-date schemes. These features are desirable in a mobile networking and computing environment where the stor- age/computation capacity of the end devices are limited, and due to the wireless connection and distributed feature, the computing devices are easy to be attacked and hard to be synchronized.