Your search keyword '"random oracle model"' showing total 466 results

1. Lattice-based ring signcryption scheme for smart healthcare management.

Author

Sourav and Ali, Rifaqat

Subjects

*MEDICAL records, *PHOTONS, *QUANTUM computing, *QUANTUM cryptography, *RECORDS management

Abstract

Conventional signcryption schemes that depend on discrete logarithm problem, big integer prime factorization, and bilinear pairing are at risk in the context of quantum computers. We suggest a signcryption scheme based on a lattice to overcome the problems posed due to potential quantum computers in healthcare management which is named as lattice-based ring signcryption scheme for smart healthcare management (LRS-SHM). Unlike existing schemes, our design uses regenerated keys for every signature generated by user itself (instead of a key generation center), thus protecting the privacy of the user. Furthermore, we provide an anonymous health record management scheme that combines a (t, n) threshold method with our lattice-based signcryption system in an effort to overcome the existing anonymity limits in health record administration, especially in light of quantum computing concerns. We show the anonymity of our lattice-based signcryption method against confidentiality and its existential non-forgeability against insider corruption in the context of health record administration, proving security under the random oracle model. We compare our proposed scheme with existing schemes and found that our scheme is more efficient than others. By the use of (t, n) threshold scheme, we protect our scheme from single point of failure because we distribute the secret share to n number of users and to reconstruct the secret the scheme requires at least t users. Empowering privacy, our lattice-based signcryption prevents quantum threats, introduces seamless key control, and enhances health record anonymity, setting a new standard for secure and efficient cryptographic solutions. [ABSTRACT FROM AUTHOR]

Published

2024

2. Committed-programming reductions: formalizations, implications and relations.

Author

Zhang, Jiang, Yu, Yu, Feng, Dengguo, Fan, Shuqin, and Zhang, Zhenfeng

Abstract

In this work, we introduce a class of black-box (BB) reductions called committed-programming reduction (CPRed) in the random oracle model (ROM) and obtain the following interesting results: (1) we demonstrate that some well-known schemes, including the full-domain hash (FDH) signature (Eurocrypt 1996) and the Boneh-Franklin identity-based encryption (IBE) scheme (Crypto 2001), are provably secure under CPReds; (2) we prove that a CPRed associated with an instance-extraction algorithm implies a reduction in the quantum ROM (QROM). This unifies several recent results, including the security of the Gentry-Peikert-Vaikuntanathan IBE scheme by Zhandry (Crypto 2012) and the key encapsulation mechanism (KEM) variants using the Fujisaki-Okamoto transform by Jiang et al. (Crypto 2018) in the QROM. Finally, we show that CPReds are incomparable to non-programming reductions (NPReds) and randomly-programming reductions (RPReds) formalized by Fischlin et al. (Asiacrypt 2010). [ABSTRACT FROM AUTHOR]

Published

2024

3. Fiat–Shamir Bulletproofs are Non-malleable (in the Random Oracle Model)

Author

Ganesh, Chaya, Orlandi, Claudio, Pancholi, Mahak, Takahashi, Akira, and Tschudi, Daniel

Abstract

Bulletproofs (Bünz et al., in: 2018 IEEE symposium on security and privacy, IEEE Computer Society Press, pp 315–334, 2018) are a celebrated ZK proof system that allows for short and efficient proofs, and have been implemented and deployed in several real-world systems. In practice, they are most often implemented in their non-interactive version obtained using the Fiat–Shamir transform. A security proof for this setting is necessary for ruling out malleability attacks. These attacks can lead to very severe vulnerabilities, as they allow an adversary to forge proofs re-using or modifying parts of the proofs provided by the honest parties. An earlier version of this work (Ganesh et al., in: EUROCRYPT 2022, Part II. LNCS, vol 13276, Springer, Cham, pp 397–426, 2022) provided evidence for non-malleability of Fiat–Shamir Bulletproofs. This was done by proving simulation-extractability, which implies non-malleability, in the algebraic group model. In this work, we generalize the former result and prove simulation-extractability in the programmable random oracle model, removing the need for the algebraic group model. Along the way, we establish a generic chain of reductions for Fiat–Shamir-transformed multi-round public-coin proofs to be simulation-extractable in the (programmable) random oracle model, which may be of independent interest. [ABSTRACT FROM AUTHOR]

Published

2025

4. Robust Schnorr-based subgroup multi-signature scheme

Author

Zhenqi ZHANG, Qiuchi ZHU, Zhiwei WANG

Subjects

schnorr signature, multi-signature, robustness, discrete logarithmic assumption, random oracle model, Electronic computers. Computer science, QA75.5-76.95

Abstract

The consensus mechanism has been considered as the core technology of blockchain systems. However, current consensus mechanisms have encountered three issues: low consensus efficiency, low reliability and security, and high computational complexity. To address these issues, a new Schnorr-based subgroup multi-signature scheme was proposed. This scheme retained the advantage of low computational complexity inherent in the Schnorr digital signature cryptosystem while incorporating the benefits of subgroup multi-signature. It allowed an indeterminate number of members from the entire set to form subgroups to generate multi-signatures, which replaced the group signature. The unpredictability of the subgroups effectively avoided the occurrence of Byzantine traitors, thus enhancing security and solving the problems of low reliability, security, and high computational complexity in consensus mechanisms. Additionally, a public third party was introduced, implemented by automatically and publicly executed smart contracts. It was completely open and transparent, capable of resisting the rogue public-key attack, and reduced the total number of communication rounds and time overhead in the signing process, addressing the issue of low consensus efficiency. The robustness of this scheme was proven in detail, demonstrating an improvement in the security of consensus mechanisms. Based on the discrete logarithm assumption, the scheme was shown to be unforgeable in the random oracle model. Theoretical analysis and experimental results show that the scheme possesses smaller public key length, private key length, single signature length, and multi-signature length, with fewer communication rounds and reduced time overhead in the signature generation and verification algorithms, providing superior performance when applied to consensus mechanisms.

Published

2024

5. Lattice-Based Polynomial Commitments: Towards Asymptotic and Concrete Efficiency.

Author

Fenzi, Giacomo, Moghaddas, Hossein, and Nguyen, Ngoc Khanh

Abstract

Polynomial commitments schemes are a powerful tool that enables one party to commit to a polynomial p of degree d, and prove that the committed function evaluates to a certain value z at a specified point u, i.e. p (u) = z , without revealing any additional information about the polynomial. Recently, polynomial commitments have been extensively used as a cryptographic building block to transform polynomial interactive oracle proofs (PIOPs) into efficient succinct arguments. In this paper, we propose a lattice-based polynomial commitment that achieves succinct proof size and verification time in the degree d of the polynomial. Extractability of our scheme holds in the random oracle model under a natural ring version of the BASIS assumption introduced by Wee and Wu (EUROCRYPT 2023). Unlike recent constructions of polynomial commitments by Albrecht et al. (CRYPTO 2022), and by Wee and Wu, we do not require any expensive preprocessing steps, which makes our scheme particularly attractive as an ingredient of a PIOP compiler for succinct arguments. We further instantiate our polynomial commitment, together with the Marlin PIOP (EUROCRYPT 2020), to obtain a publicly-verifiable trusted-setup succinct argument for Rank-1 Constraint System (R1CS). Performance-wise, we achieve 17 MB proof size for 2 20 constraints, which is 15 X smaller than currently the only publicly-verifiable lattice-based SNARK proposed by Albrecht et al. [ABSTRACT FROM AUTHOR]

Published

2024

6. 带鲁棒性的子分组多重 Schnorr 签名方案.

Author

张振琦, 朱秋池, and 王志伟

Abstract

Copyright of Chinese Journal of Network & Information Security is the property of Beijing Xintong Media Co., Ltd. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

7. An efficient group signature based certificate less verification scheme for vehicular ad-hoc network.

Author

Jayashree, S. and Kumar, S. V. N. Santhosh

Subjects

*DIGITAL signatures, *VEHICULAR ad hoc networks, *ELLIPTIC curve cryptography, *AUTOMOTIVE transportation

Abstract

Vehicular ad-hoc network (VANET) is widely applied in transportation applications to ensure safety and security during road transportation. In VANET, all the information's are interchanged among vehicles with the available infrastructure on the roadside to form an ad-hoc network. In VANET, due to its communication in an open medium achieving the major security goals like integrity, authenticity, anonymity and traceability are the major concern. Since, there are numerous vehicles in the network generation and verification of digital signature requires high storage along with and verification time. To overcome all these issues, in this paper an Efficient group signature based certificate less verification scheme (EGSCVS) has been proposed to provide lightweight end to end authentication in the network. The proposed EGSCVS employs certificate less aggregation signature mechanism which is based on Elliptical curve cryptography to optimize the storage and reduce the overhead in terms of communication and computation during authentication process. Moreover, the proposed protocol utilizes the Random oracle model (ROM) to provide the formal security analysis. The implementation of the proposed protocol has been implemented using NS3 simulator with realistic simulation parameters. The simulation result shows that the proposed protocol improves the transmission overhead by 53.16%, computational cost by 48.75%, communication cost by 42.81%, signing delay by 55.17%, verification delay by 28.38% and aggregate verification delay by 45.35%. [ABSTRACT FROM AUTHOR]

Published

2024

8. Enhancing Security and Efficiency: A Fine-Grained Searchable Scheme for Encryption of Big Data in Cloud-Based Smart Grids.

Author

Wen, Jing, Li, Haifeng, Liu, Liangliang, and Lan, Caihui

Subjects

*DATA encryption, *CLOUD storage, *DATA privacy, *BIG data, *ACCESS control, *UPLOADING of data, *PUBLIC key cryptography

Abstract

The smart grid, as a crucial part of modern energy systems, handles extensive and diverse data, including inputs from various sensors, metering devices, and user interactions. Outsourcing data storage to remote cloud servers presents an economical solution for enhancing data management within the smart grid ecosystem. However, ensuring data privacy before transmitting it to the cloud is a critical consideration. Therefore, it is common practice to encrypt the data before uploading them to the cloud. While encryption provides data confidentiality, it may also introduce potential issues such as limiting data owners' ability to query their data. The searchable attribute-based encryption (SABE) not only enables fine-grained access control in a dynamic large-scale environment but also allows for data searches on the ciphertext domain, making it an effective tool for cloud data sharing. Although SABE has become a research hotspot, existing schemes often have limitations in terms of computing efficiency on the client side, weak security of the ciphertext and the trapdoor. To address these issues, we propose an efficient server-aided ciphertext-policy searchable attribute-based encryption scheme (SA-CP-SABE). In SA-CP-SABE, the user's data access authority is consistent with the search authority. During the search process, calculations are performed not only to determine whether the ciphertext matches the keyword in the trapdoor, but also to assist subsequent user ciphertext decryption by reducing computational complexity. Our scheme has been proven under the random oracle model to achieve the indistinguishability of the ciphertext and the trapdoor and to resist keyword-guessing attacks. Finally, the performance analysis and simulation of the proposed scheme are provided, and the results show that it performs with high efficiency. [ABSTRACT FROM AUTHOR]

Published

2024

9. SEPCVN: Secure and Efficient Protocol for Cloud Vehicular Networking

Author

Vinod Kumar, Seema, Kamal Kumar, Ramakant Prasad, Khalid Almutib, and M. Shamim Hossain

Subjects

Cloud vehicular networking, authentication, security, encryption, AVISPA, random oracle model, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Cloud vehicular networking is a relatively new inter-vehicle communication paradigm. The ability of cloud vehicular networking to address critical safety issues in road traffic is highly rated by operators. This study examines cloud vehicular networking technology, its advantages, problems, and possible remedies. It focuses on overcoming control system issues while placing a stronger emphasis on security. Integrating vehicles into the cloud ecosystem presents numerous security and efficiency challenges. This study thoroughly examines the current protocols and suggests a brand-new, Secure, and Efficient Protocol for Cloud Vehicular Networking (SEPCVN). The proposed protocol aims to improve data transmission efficiency and address security flaws in cloud-connected vehicle networks. We discuss a specialized authentication method for secure vehicle-to-vehicle communication to tackle many challenges. According to the security study, formally and informally, our suggested protocol satisfies the necessary security requirements. Using the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool, a simulation analysis was carried out on the proposed protocol, which is safe from man-in-the-middle and reply attacks. Compared to similar protocols, the proposed framework is computationally and communicably effective. The results indicate that the suggested plan for cloud vehicular networking is both effective and safe.

Published

2024

10. A Secure Authentication Protocol Supporting Efficient Handover for UAV.

Author

Wen, Kang, Wang, Shengbao, Wu, Yixiao, Wang, Jie, Han, Lidong, and Xie, Qi

Subjects

*EARTH stations, *INTERNET of things, *PHYSICAL mobility, *DRONE aircraft, *RESCUE work

Abstract

Unmanned Aerial Vehicles (UAVs) are increasingly pivotal in operations such as flood rescue, wildfire surveillance, and covert military endeavors, with their integration into the Internet of Things (IoT) networks broadening the scope of services they provide. Amidst this expansion, security concerns for UAVs have come to the forefront, particularly in open communication environments where they face authentication challenges and risks of sensitive data, including location information, being exposed to unauthorized parties. To address these issues, we propose a secure and lightweight authentication scheme that combines the use of anonymity mechanisms and Physical Unclonable Functions (PUFs). Specifically, we employ pseudo- and temporary identities to maintain the anonymity of UAVs, while also utilizing PUF technology to strengthen the security of Ground Station Servers (GSSs) against physical threats. Rigorous validation through ProVerif and the Random Oracle (ROR) Model indicates our scheme's superior performance over existing protocols in terms of both efficiency and security. [ABSTRACT FROM AUTHOR]

Published

2024

11. Simulation extractable versions of Groth's zk-SNARK revisited.

Author

Amine, Oussama, Baghery, Karim, Pindado, Zaira, and Ràfols, Carla

Subjects

*PUBLIC key cryptography, *ARGUMENT

Abstract

Zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARKs) are the most efficient proof systems in terms of proof size and verification. Currently, Groth's scheme from EUROCRYPT 2016, Groth 16 , is the state-of-the-art and is widely deployed in practice. Groth 16 is originally proven to achieve knowledge soundness, which does not guarantee the non-malleability of proofs. There has been considerable progress in presenting new zk-SNARKs or modifying Groth 16 to efficiently achieve strong Simulation extractability, which is shown to be a necessary requirement in some applications. In this paper, we revise the Random oracle based variant of Groth 16 proposed by Bowe and Gabizon, BG18, the most efficient one in terms of prover efficiency and CRS size among the candidates, and present a more efficient variant that saves 2 pairings in the verification and 1 group element in the proof. This supersedes our preliminary construction, presented in CANS 2020 (Baghery et al. in CANS 20, volume 12579 of LNCS, Springer, Heidelberg. pp 453-461, 2020), which saved 1 pairing in the verification, and was proven in the generic group model. Our new construction also improves on BG18 in that our proofs are in the algebraic group model with Random Oracles and reduces security to standard computational assumptions in bilinear groups (as opposed to using the full power of the generic group model (GGM)). We implement our proposed simulation extractable zk-SNARK (SE zk-SNARK) along with BG18 in the Arkworks library, and compare the efficiency of our scheme with some related works. Our empirical experiences confirm that our SE zk-SNARK is more efficient than all previous simulation extractable (SE) schemes in most dimensions and it has very close efficiency to the original Groth 16 . [ABSTRACT FROM AUTHOR]

Published

2024

12. A Pairing-free Provable Secure and Efficient Identity-based Identification Scheme with Anonymity.

Author

Kannan, R., Chin, J. J., Goh, V. T., and Yip, S. C.

Subjects

*ANONYMITY, *TRUST, *IMPERSONATION, *BLINDNESS

Abstract

In this paper, we propose a Blind Identity-Based Identification (Blind IBI) scheme based on the Guillou-Quisquater (GQ) scheme. Our proposed scheme combines the benefits of traditional Identity-Based Identification (IBI) schemes that can authenticate a user's identity without relying on a trusted third party with the Blind Signature (BS) scheme that provides anonymity. As a result, the proposed scheme assures absolute user privacy during the authentication process. It does not rely on a third party, yet the verifier can still be assured of the user's identity without the user actually revealing it. In our work, we show that the proposed scheme is provably secure under the random oracle model, with the assumption that the one-more-RSA-inversion problem is difficult. Furthermore, we demonstrate that the proposed scheme is secure against passive, active, and concurrent impersonation attacks. In conclusion, the proposed scheme is able to achieve the desired blindness property without compromising the security of the GQ-IBI scheme it is based upon. [ABSTRACT FROM AUTHOR]

Published

2023

13. 安全高效的无对运算无证书有序多重签名方案.

Author

陈虹, 曹玥, 金海波, and 王颖辉

Subjects

*LOGARITHMS

Abstract

In order to address the problem of low security or complex computation in most existing sequential multi-signature schemes, this paper proposed a new secure and efficient certificateless sequential multi-signature scheme. To prevent public key replacement attacks, the scheme hashed the signer's identity and part of public key as the partial private key of the signer. Signers verified the partial signatures generated in the signature stage with the specified signature order to ensure the order of signatures. Under the random oracle model, the scheme was proved to be unforgeable and immutable based on the difficulty of computing discrete logarithmic problems. In the signature and verification stage, the scheme mainly involved elliptic curve point multiplication without bilinear pair. Theoretical analysis and simulation experiments show that compared with similar schemes, the proposed scheme can improve the efficiency by up to 28%. [ABSTRACT FROM AUTHOR]

Published

2023

14. Blockchain-enhanced certificateless signature scheme in the standard model

Author

Xiaodong Yang, Haoqi Wen, Lei Liu, Ningning Ren, and Caifen Wang

Subjects

certificateless signature, forgery attack, random oracle model, blockchain, unforgeability, Biotechnology, TP248.13-248.65, Mathematics, QA1-939

Abstract

The Internet of Things (IoT), driven by wireless communication and other technologies, is gradually entering our lives and promoting the transformation of society from "informatization" to "intelligence". Certificateless signature (CLS) eliminates the characteristic of certificate management, making it an effective method for verifying large-scale data in the IoT environment. Nevertheless, hash functions are regarded as ideal random oracles in the security proofs of most CLS schemes, which cannot guarantee the security of CLS schemes in reality. In response to this problem, Shim devised a CLS scheme without random oracles in the standard model and declared it to be provably secure. Unfortunately, in this paper, we cryptanalyze Shim's CLS scheme and demonstrate that it is not resistant to public key replacement attacks from a Type Ⅰ attacker. Furthermore, to further improve the security of the Shim CLS scheme and avoid the single-point failure of the KGC and the signature forgery initiated, we propose a blockchain-based CLS scheme without a random oracle. Finally, we evaluate the comprehensive performance, and while maintaining the computational and communication performance of the Shim scheme, we resist both Type Ⅰ and Type Ⅱ attackers, as well as signature forgery initiated against public parameters.

Published

2023

15. A quantum resistant universal designated verifier signature proof

Author

P. Thanalakshmi, N. Anbazhagan, Gyanendra Prasad Joshi, and Eunmok Yang

Subjects

coding theory, random oracle model, syndrome decoding problem, universal designated verifier signature proof, Mathematics, QA1-939

Abstract

In order to ensure that only the designated person can verify the signer's signature on the message, Steinfeld et al. introduced the concept of Universal Designated Verifier Signature (UDVS), which enables a designator who has obtained a signature on a message from the signer to designate the signature to any desired designated verifier. This idea was developed to address the privacy concerns of the signature holder at the time of certificate distribution. They are appropriate for applications that demand the designer's secrecy. The fact that the designated verifier must generate a public key with regard to the signer's public parameter for signature verification is a significant drawback of UDVS methods. In cases where the verifier is unable to begin the key generation procedure, this constraint is inapplicable. Baek et al. developed the idea of "Universal Designated Verifier Signature Proof (UDVSP)", which does not require the verifier's public key for verification, to get around this restriction. All existing UDVSP constructions are based on a discrete logarithm problem, which is vulnerable to quantum computer attacks. As a result, an efficient quantum resistant UDVSP is built on a hard problem in coding theory, as suggested by NIST reports. The scheme's security against forgeability and impersonation attacks is examined using the random oracle model.

Published

2023

16. Enhancing Security and Efficiency: A Fine-Grained Searchable Scheme for Encryption of Big Data in Cloud-Based Smart Grids

Author

Jing Wen, Haifeng Li, Liangliang Liu, and Caihui Lan

Subjects

searchable encryption, attribute-based encryption, server-aided decryption, trapdoor indistinguishability, random oracle model, Mathematics, QA1-939

Abstract

The smart grid, as a crucial part of modern energy systems, handles extensive and diverse data, including inputs from various sensors, metering devices, and user interactions. Outsourcing data storage to remote cloud servers presents an economical solution for enhancing data management within the smart grid ecosystem. However, ensuring data privacy before transmitting it to the cloud is a critical consideration. Therefore, it is common practice to encrypt the data before uploading them to the cloud. While encryption provides data confidentiality, it may also introduce potential issues such as limiting data owners’ ability to query their data. The searchable attribute-based encryption (SABE) not only enables fine-grained access control in a dynamic large-scale environment but also allows for data searches on the ciphertext domain, making it an effective tool for cloud data sharing. Although SABE has become a research hotspot, existing schemes often have limitations in terms of computing efficiency on the client side, weak security of the ciphertext and the trapdoor. To address these issues, we propose an efficient server-aided ciphertext-policy searchable attribute-based encryption scheme (SA-CP-SABE). In SA-CP-SABE, the user’s data access authority is consistent with the search authority. During the search process, calculations are performed not only to determine whether the ciphertext matches the keyword in the trapdoor, but also to assist subsequent user ciphertext decryption by reducing computational complexity. Our scheme has been proven under the random oracle model to achieve the indistinguishability of the ciphertext and the trapdoor and to resist keyword-guessing attacks. Finally, the performance analysis and simulation of the proposed scheme are provided, and the results show that it performs with high efficiency.

Published

2024

17. Proactive threshold-proxy re-encryption scheme for secure data sharing on cloud.

Author

Raghav, Andola, Nitish, Verma, Katyayani, Venkatesan, S., and Verma, Shekhar

Subjects

*INFORMATION sharing, *IMAGE encryption, *PUBLIC key cryptography, *CONCRETE construction, *ACCESS control, *COLLUSION

Abstract

Cloud-based data sharing addresses the limited storage availability problem for resource-constrained users albeit at the cost of privacy and the need for access control mechanism. However, most of the techniques for secure data sharing with high access control are computationally intensive. Proxy re-encryption scheme is computationally light and provides secure cloud-based data sharing. Proxy re-encryption has a single semi-trust proxy for all intermediate re-encryption processes, which makes it a single point of failure and vulnerable to several attacks. In this paper, we propose, PB-TPRE, a threshold proxy re-encryption with the proactive property. The shares of re-encryption keys are sent to all proxies using shamir secret sharing. The shares may be leaked with passage of time or whenever any proxy leaves or joins the network, then, the secret needs to be change. The proactive property in threshold proxy re-encryption helps renew the shares without changing the secret. PB-TPRE scheme is collusion resistant against the proxies, users and cloud. We present a concrete construction for PB-TPRE that satisfies indistinguishability under chosen-plaintext attacks with a random oracle model and formally proves its security. We compared and discussed PB-TPRE scheme with other threshold proxy re-encryption schemes and found it to be efficient and secure for cloud-based data sharing applications. [ABSTRACT FROM AUTHOR]

Published

2023

18. A novel and quantum-resistant handover authentication protocol in IoT environment.

Author

Zhang, Shuailiang, Du, Xiujuan, and Liu, Xin

Subjects

*KEY agreement protocols (Computer network protocols), *QUANTUM cryptography, *PUBLIC key cryptography, *ELLIPTIC curve cryptography, *INTERNET of things, *POLYNOMIAL time algorithms, *MOBILE computing, *QUANTUM computers

Abstract

Handover authentication and key agreement protocol is extremely essential to ensure the security of the Internet of Things (IoT), and it enables mobile devices to access roaming services in the trust domain of the foreign agent. The energy and computing capabilities of mobile devices are extremely limited, and the requirements for storage and computing efficiency are higher in IoT. The problem of large integer decomposition and discrete logarithm can be solved in polynomial time on a quantum computer, which makes the massive traditional handover authentication and key agreement protocols based on bilinear pairing and elliptic curve cryptography no longer safe. Due to the participation of the home agent, the traditional handover authentication protocol has a long communication delay and is vulnerable to the session key compromise attacks. Moreover, the session key between the foreign agent and the home agent is randomly specified in advance, and its generation process is not given, which has poor security and is easy to cause the leakage of the session key. Lattice cipher based on NTRU is the lightweight public key primitive that can resist quantum attacks and has a faster calculation speed and smaller key length, which is more suitable for IoT. Therefore, we proposed a secure and lightweight two-party handover authentication protocol based on NTRU for the mobile device without the home agent to prevent these deficiencies. We employ the BAN logic to validate the correctness of the proposed protocol and utilize the random oracle model to evaluate the security of the proposed protocol. In contrast with other current handover authentication protocols, the proposed protocol has greater security, higher efficiency, and lower communication overhead. [ABSTRACT FROM AUTHOR]

Published

2023

19. A quantum resistant universal designated verifier signature proof.

Author

Thanalakshmi, P., Anbazhagan, N., Joshi, Gyanendra Prasad, and Yang, Eunmok

Subjects

CODING theory, CYBERTERRORISM, IMPERSONATION, QUANTUM computers, LOGARITHMS

Abstract

In order to ensure that only the designated person can verify the signer's signature on the message, Steinfeld et al. introduced the concept of Universal Designated Verifier Signature (UDVS), which enables a designator who has obtained a signature on a message from the signer to designate the signature to any desired designated verifier. This idea was developed to address the privacy concerns of the signature holder at the time of certificate distribution. They are appropriate for applications that demand the designer's secrecy. The fact that the designated verifier must generate a public key with regard to the signer's public parameter for signature verification is a significant drawback of UDVS methods. In cases where the verifier is unable to begin the key generation procedure, this constraint is inapplicable. Baek et al. developed the idea of "Universal Designated Verifier Signature Proof (UDVSP)", which does not require the verifier's public key for verification, to get around this restriction. All existing UDVSP constructions are based on a discrete logarithm problem, which is vulnerable to quantum computer attacks. As a result, an efficient quantum resistant UDVSP is built on a hard problem in coding theory, as suggested by NIST reports. The scheme's security against forgeability and impersonation attacks is examined using the random oracle model. [ABSTRACT FROM AUTHOR]

Published

2023

20. A Secure and Privacy-Preserving Lightweight Authentication and Key Exchange Algorithm for Smart Agriculture Monitoring System

Author

Samiulla Itoo, Akber Ali Khan, Musheer Ahmad, and M. Javed Idrisi

Subjects

Agriculture sensors, Elliptic curve cryptography, Gateway, Scyther tool, Wireless sensor networks, Random oracle model, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Agriculture plays a vital role in the economic life cycle of an agrarian country and considers the backbone of the economy. It supplies not just raw food materials, but also a vast number of job opportunities. Therefore, modern technology is required in agriculture to increase productivity. Wireless Sensor Networks (WSN) could be used to monitor climatic parameters in an agriculture field, such as the acidity level of soil, soil moisture, humidity, light, and so on. Climate variables have a significant impact on crop growth, quality, and productivity. These factors contribute to increased agricultural productivity in terms of both quantity and quality. WSN, on the other hand, has security risks such as impersonation, alteration, interference, and interception all of which have negative effects on crop production and other agricultural activities. The primary issues for agricultural WSN are hence privacy preservation and security enhancement. In this paper, we proposed a privacy-preserving and efficient key agreement framework for smart agriculture monitoring systems by using elliptic curve cryptography and hash function. The proposed framework is secure against various security assaults and provides secure communication in smart agriculture monitoring systems. We demonstrate the accuracy of the proposed protocol for mutual authentication and key exchange using BAN logic, and we also simulate the security correctness of the encrypted proposed framework using the well-known security verification Scyther tool. Using the ROR model, we formalize the security of the proposed system. Further, we provide a comparison based on security features, computation, and communication overheads comparison between the proposed protocol and similar protocols in the same context. Hence, when compared to other similar protocols in the same environment, the proposed protocol provides superior security and efficiency than other existing protocols. For the practical implementation of smart agriculture monitoring systems, the proposed protocol is better than comparable protocols.

Published

2023

21. Robust Subgroup ID-based Multi-signature Scheme

Author

TIAN Chen, WANG Zhi-wei

Subjects

id-based signature, multi-signatures, computational diffie-hellman(cdh) problem, random oracle model, forking lemma, Computer software, QA76.75-76.765, Technology (General), T1-995

Abstract

The existing multi-signature scheme applied in the consensus mechanism scenario defaults that the signers are honest entities,so the security and validity of the signature could not be guaranteed when malicious nodes existed.In order to improve the robustness of multi-signature in the typical adversarial scenarios in consensus protocols,this paper proposes an ID-based multi-signature scheme based on the advantages of the ID-based cryptography system.In this signature scheme,non-fixed subgroup generates randomly cooperated to generate multi-signatures representing the entire group,and the validity of all subgroup signatures must be verified before signature aggregation.The bilinear pairings required by this scheme to generate multi-signatures are related to the number of subgroup members,which improve the security of the scheme at the cost of certain efficiency.This paper introduces a notion of robustness for robust subgroup ID-based multi-signatures,and the corresponding proof of the proposed scheme is given.Furthermore,under the random oracle model,relying on the hardness of the computational Diffie-Helman(CDH) problem,the scheme is proved is proved to be unforgeable under adaptive selection message attack.In addition,theoretical analysis and prototype implementation of the signature scheme are carried out,and the experimental results are compared with the performance of relevant signature schemes.

Published

2022

22. Pairing-free certificateless blind signature scheme for smart grid

Author

ShuangGen Liu, Yu Zhu, and RuiYun Wang

Subjects

Smart grid, Certificateless blind signature, Batch verification, Elliptic curve discrete logarithm, Random oracle model, Electronic computers. Computer science, QA75.5-76.95

Abstract

The smart grid is an emerging power system that can realize the information exchange between users and power companies in two-way communication and adjust power companies’ power supply according to the real-time power requests from smart meters on the users’ side. However, since malicious attackers can eavesdrop on two-way communication to collect and transmit information, they may leak users’ information. Therefore, this paper proposes a new certificateless blind signature (CLBS) scheme with batch verification function and improves a power request system model for the smart grid to protect users’ privacy. In addition, the proposed CLBS scheme simplifies the certificate management process in the traditional public key cryptosystem and eliminates the hidden key escrow in the identity-based public key cryptosystem. The unforgeability of the scheme is proved through the random oracle model, and the scheme’s security can be reduced to the intractability of the elliptic curve discrete logarithm problem (ECDLP). The analysis results show that our scheme does not use the time-consuming bilinear pairing operation, and has obvious advantages in computing performance compared with the existing signature schemes.

Published

2022

23. RDAF-IIoT: Reliable Device-Access Framework for the Industrial Internet of Things.

Author

Alasmary, Hisham

Subjects

*INTERNET of things, *CYBERTERRORISM, *DATA privacy, *MACHINE-to-machine communications, *DATA security, *FACTORIES

Abstract

The Internet of Things (IoT) has experienced significant growth and is now a fundamental part of the next-generation Internet. Alongside improving daily life, IoT devices generate and collect vast amounts of data that can be leveraged by AI-enabled big data analytics for diverse applications. However, due to the machine-to-machine communication inherent in IoT, ensuring data security and privacy is crucial to mitigate various malicious cyber attacks, including man-in-the-middle, impersonation, and data poisoning attacks. Nevertheless, designing an efficient and adaptable IoT security framework poses challenges due to the limited computational and communication power of IoT devices, as well as their wide-ranging variety. To address these challenges, this paper proposes an Access Key Agreement (AKA) scheme called the "Reliable Device-Access Framework for the Industrial IoT (RDAF-IIoT)". RDAF-IIoT verifies the user's authenticity before granting access to real-time information from IIoT devices deployed in an industrial plant. Once authenticated at the gateway node, the user and IIoT device establish a session key for future encrypted communication. The security of the proposed RDAF-IIoT is validated using a random oracle model, while the Scyther tool is employed to assess its resilience against various security attacks. Performance evaluations demonstrate that the proposed scheme requires lower computational and communication costs compared to related security frameworks while providing enhanced security features. [ABSTRACT FROM AUTHOR]

Published

2023

24. An Authenticated Group Shared Key Mechanism Based on a Combiner for Hash Functions over the Industrial Internet of Things.

Author

Ali, Waleed and Ahmed, Adel Ali

Subjects

INTERNET of things, PROCESS capability, ELLIPTIC curves, CYBERTERRORISM

Abstract

The Industrial Internet of Things (IIoT) provides internet connectivity for instruments, digital machines, and any other manufactured object to enable intelligent industrial operations to achieve high productivity. Securing communications between IIoT devices remains a critical and challenging issue due to the resource-constrained and processing capabilities of sensing devices. Moreover, the traditional group shared key might implement complex mathematical operations that are not suitable for the limited recourse capability of the IIoT device. Furthermore, the standard Diffie–Hellman (DH) and elliptic curve Diffie–Hellman (ECDH), which are the most suited for tiny devices, only work between a pair of IIoT devices, while they are not designed to work among a group of IIoT devices. This paper proposes an authenticated group shared key (AGSK) mechanism that allows a set of industrial objects to establish a common session key over the IIoT. The proposed AGSK utilizes the combiner for the hash function and digital signature, which is implemented in IIoT devices. Additionally, the random oracle model has been used to prove the security of AGSK, while the IIoT adversary model has been used to analyze the AGSK countermeasures against cyberattacks. The results of the performance evaluation showed that the efficiency of the AGSK was reduced by 41.3% for CPU computation time, 45.7% for storage cost, and 40% less power consumption compared to the baseline group key management algorithms. [ABSTRACT FROM AUTHOR]

Published

2023

25. Identity-Based Encryption With Continuous Leakage-Resilient CCA Security From Static Complexity Assumption.

Author

Zhou, Yanwei, Wang, Zhaolong, Qiao, Zirui, Wang, Ying, Yang, Bo, Mu, Yi, and Zhang, Mingwu

Subjects

*SECURITY management, *LEAKAGE

Abstract

Although a large number of provably secure cryptographic primitives have been proposed in the literature, many of these schemes might be broken in practice because of various leakage attacks. Therefore, the leakage resilience should be considered in designing these primitives. However, in identity-based cryptography, most of the existing leakage-resilient identity-based encryption (IBE) schemes suffer some limitations: they either resist the leakage attacks in the selective identity security model or achieve the chosen-ciphertext attack (CCA) security based on a non-static assumption. In this paper, an IBE scheme with adaptive leakage-resilient CCA security is proposed, and its security is rigorously proved in the random oracle model under a classic static complexity assumption, e.g. decisional bilinear Diffie–Hellman assumption. In our construction, all elements of ciphertext are randomly distributed in the adversary's view. Hence, the adversary cannot obtain any useful information of the user's private key from the given ciphertexts. Moreover, a unique property of our construction is that the leakage parameter is independent of the plaintext space, which contributes a better leakage rate. [ABSTRACT FROM AUTHOR]

Published

2023

26. A Secure Authentication Protocol Supporting Efficient Handover for UAV

Author

Kang Wen, Shengbao Wang, Yixiao Wu, Jie Wang, Lidong Han, and Qi Xie

Subjects

Unmanned Aerial Vehicle, handover authentication, ProVerif, random oracle model, Mathematics, QA1-939

Abstract

Unmanned Aerial Vehicles (UAVs) are increasingly pivotal in operations such as flood rescue, wildfire surveillance, and covert military endeavors, with their integration into the Internet of Things (IoT) networks broadening the scope of services they provide. Amidst this expansion, security concerns for UAVs have come to the forefront, particularly in open communication environments where they face authentication challenges and risks of sensitive data, including location information, being exposed to unauthorized parties. To address these issues, we propose a secure and lightweight authentication scheme that combines the use of anonymity mechanisms and Physical Unclonable Functions (PUFs). Specifically, we employ pseudo- and temporary identities to maintain the anonymity of UAVs, while also utilizing PUF technology to strengthen the security of Ground Station Servers (GSSs) against physical threats. Rigorous validation through ProVerif and the Random Oracle (ROR) Model indicates our scheme’s superior performance over existing protocols in terms of both efficiency and security.

Published

2024

27. Secure and efficient two-party collaborative SM9 signature scheme suitable for smart home

Author

Shuang Gen Liu, Ru Liu, and Si Yuan Rao

Subjects

Smart home, SM9 algorithm, Two-party collaborative signature, Random oracle model, Provable security, Electronic computers. Computer science, QA75.5-76.95

Abstract

The smart home usually has poor security and is vulnerable to attack since it adopts embedded processors that are limited by volume and power consumption. To improve the communication security of the smart home system, identity-based signature schemes are widely used in wireless network communications. However, the user’s signature private key is generally stored in a single device, it is easy to be stolen by attackers to control the smart home devices. To reduce the risk of leakage of the signature private key, a two-party collaborative signature scheme based on the SM9 algorithm is proposed in this paper. The user’s signature private key is generated through the collaboration of the two-party key generation center (KGC), and the integer secrets related to the signature private key are stored in two devices respectively. During the signing process, the two devices sign collaboratively to prevent the complete private key from being leaked. The security of the scheme is proved in the random oracle model. Theoretical analysis and experimental results show that our proposed scheme can achieve higher security with lower computation cost and communication cost when compared with the existing two-party SM9 signature schemes.

Published

2022

28. Practical dynamic group signatures without knowledge extractors.

Author

Kim, Hyoseung, Sanders, Olivier, Abdalla, Michel, and Park, Jong Hwan

Subjects

PUBLIC key cryptography, ANONYMITY, LOGARITHMS

Abstract

A dynamic group signature (DGS ) allows a user to generate a signature on behalf of a group, while preserving anonymity. Although many existing DGS schemes have been proposed in the random oracle model for achieving efficiency, their security proofs require knowledge extractors that cause loose security reductions. In this paper, we first propose a new practical DGS scheme whose security can be proven without knowledge extractors in the random oracle model. Moreover, our scheme can also be proven in the strong security model where an adversary is allowed to generate the group managers' keys maliciously. The efficiency of our scheme is comparable to existing secure DGS schemes in the random oracle model using knowledge extractors. The security of our scheme is based on a new complexity assumption that is obtained by generalizing the Pointcheval–Sanders (PS) assumption. Although our generalized PS (GPS) assumption is interactive, we prove that, under the (2,1)-discrete logarithm assumption, the new GPS assumption holds in the algebraic group model. [ABSTRACT FROM AUTHOR]

Published

2023

29. 基于身份的可审计多重截取签名方案.

Author

何启芝, 曹素珍, 王彩芬, 卢彦霏, 方子旋, and 闫俊鉴

Abstract

To solve the problems of malicious user revisions in content extraction signatures and untraceability of signatures after extraction, an auditable extraction signature scheme is proposed under the identity-based cryptosystem. The scheme adopts a generic model of M-tree to realize hier-archical multiple extraction signatures, and achieves auditability of signatures by backtracking the tree structure to achieve the purpose of extractor auditable questioning rights. Under the random oracle model, based on the discrete logarithmic difficulty problem, it is proved to be resistant to existential forgery under the adaptive selection message attack. The analysis of experimental results shows that the proposed scheme has certain computational advantages in the signature and extraction phases and the signature verification phase. [ABSTRACT FROM AUTHOR]

Published

2023

30. Understanding Failures in Security Proofs of Multi-Factor Authentication for Mobile Devices.

Author

Wang, Qingxuan and Wang, Ding

Abstract

Multi-factor authentication is a promising way to enhance the security of password-based authenticated key exchange (PAKE) schemes. It is widely deployed in various daily applications for mobile devices (e.g., e-Bank, smart home, and cloud services) to provide the first line of defense for system security. However, despite intensive research, how to design a secure and efficient multi-factor authentication scheme is still a challenging problem. Hundreds of new schemes have been successfully proposed, and many are even equipped with a formal security proof. However, most of them have been shortly found to be insecure and cannot achieve the claimed security goals. Now a paradox arises: How can a multi-factor scheme that was “formally proven secure” later be found insecure? To answer this seemingly contradicting question, this paper takes a substantial first step towards systematically exploring the security proof failures in multi-factor authentication schemes for mobile devices. We first investigate the root causes of the “provable security” failure in vulnerable multi-factor authentication schemes under the random oracle model, and classify them into eight different types in terms of the five steps of conducting a formal security proof. Then, we elaborate on each type of these eight proof failures by examining three typical vulnerable protocols, and suggest corresponding countermeasures. Finally, we conduct a large-scale comparative measurement of 70 representative multi-factor authentication schemes under our extended evaluation criteria. The schemes we select range from 2009 to 2022, and the comparison results suggest that understanding failures in formal security proofs is helpful to design more secure multi-factor authentication protocols for mobile devices. [ABSTRACT FROM AUTHOR]

Published

2023

31. Blockchain-enhanced efficient and anonymous certificateless signature scheme and its application.

Author

Feng, Tao, Wang, Jie, and Zheng, Lu

Subjects

DIGITAL signatures, SMART devices, DIGITAL certificates, ACCESS control, ELLIPTIC curves, VEHICULAR ad hoc networks

Abstract

Although the Internet of Things (IoT) brings efficiency and convenience to various aspects of people's lives, security and privacy concerns persist as significant challenges. Certificateless Signatures eliminate digital certificate management and key escrow issues and can be well embedded in resource-constrained IoT devices for secure access control. Recently, Ma et al. designed an efficient and pair-free certificateless signature (CLS) scheme for IoT deployment. Unfortunately, We demonstrate that the scheme proposed by Ma et al. is susceptible to signature forgery attacks by Type-II adversaries. That is, a malicious-and-passive key generation center (KGC) can forge a legitimate signature for any message by modifying the system parameters without the user's secret value. Therefore, their identity authentication scheme designed based on vehicular ad-hoc networks also cannot guarantee the claimed security. To address the security vulnerabilities, we designed a blockchain-enhanced and anonymous CLS scheme and proved its security under the Elliptic curve discrete logarithm (ECDL) hardness assumption. Compared to similar schemes, our enhanced scheme offers notable advantages in computational efficiency and communication overhead, as well as stronger security. In addition, a mutual authentication scheme that satisfies the cross-domain scenario is proposed to facilitate efficient mutual authentication and negotiated session key generation between smart devices and edge servers in different edge networks. Performance evaluation shows that our protocol achieves an effective trade-off between security and compute performance, with better applicability in IoT scenarios. [ABSTRACT FROM AUTHOR]

Published

2024

32. Quantum-attack-resilience OTP-based multi-factor mutual authentication and session key agreement scheme for mobile users.

Author

Basu, Swagatam and Islam, SK Hafizul

Subjects

*BIOMETRIC identification, *QUANTUM computing, *MULTI-factor authentication, *TELECOMMUNICATION, *QUANTUM efficiency

Abstract

Due to rapid advancements in hardware and mobile communication technologies, the usage of various mobile-based online applications is increasing tremendously. However, security and privacy are two of the most essential features of wireless communication. Using a Mutual Authentication and Session Key Agreement (MASK) scheme, an authorized mobile user can login to a remote server over the Internet. In quantum contexts, many of the MASK schemes are not secure. This paper proposes a One-Time Password (OTP) and biometric-based Multi-Factor MASK (OTP-MF-MASK) scheme for mobile users. We used Peikert's authentication and reconciliation mechanism, defined for the post-quantum environments. The OTP-MF-MASK scheme used a password, mobile device, biometric, and OTP as login credentials. To avoid the biometric acquisition problem, we used the fuzzy extractor in the OTP-MF-MASK scheme. We proved that the OTP-MF-MASK scheme is semantically secure in the Random Oracle Model (ROM) based on the hardness assumption of the Ring Learning With Errors (RLWE) problem. The OTP-MF-MASK scheme is compared with state-of-the-art schemes to justify the attack-resilience and computation efficiencies in quantum environments. • We proposed a OTP and biometric-based Multi-Factor MASK (OTP-MF-MASK) scheme. • OTP-MF-MASK used Peikert's authentication and reconciliation mechanism. • OTP-MF-MASK is secure against the quantum-attacks. • OTP-MF-MASK is secure in the Random Oracle Model (ROM) based on the Ring Learning With Errors (RLWE) problem. • OTP-MF-MASK scheme provides attack-resilience and computation efficiencies in than the existing schemes. [ABSTRACT FROM AUTHOR]

Published

2024

33. A Secure User Authentication Protocol for Heterogeneous Mobile Environments

Author

Alzubair Hassan, Rafik Hamza, Fagen Li, Awad Ali, Mohammed Bakri Bashir, Samar M. Alqhtani, Tawfeeg Mohmmed Tawfeeg, and Adil Yousif

Subjects

User authentication, key agreement, random oracle model, heterogeneous environment, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Mobile devices have become very important for our daily needs. The user authentication protocols with the key agreement are required to deal with the security issues that arise from the use of mobile devices through Internet applications. However, existing user authentication protocols are only suitable if the client and the server use a similar cryptographic approach. Therefore, it is important to develop an authentication protocol for mobile environments with heterogeneous cryptographic approaches. In this paper, an efficient user authentication and key agreement protocol is proposed for a heterogeneous client-server mobile environment. The security of the proposed scheme is formally proved under the ${q}$ -strong Diffie-Hellman problem ( ${q}$ -SDH), the ${q}$ -bilinear Diffie-Hellman inversion problem ( ${q}$ -BDHI), and the modified bilinear Diffie-Hellman inversion problem (mBDHI), respectively. Our scheme has reasonable processing costs and communication costs on the client and server sides. Moreover, our scheme is suitable for applications that use different cryptographic approaches. In particular, the proposed protocol can work when the client applies the identity-based cryptosystem and the server applies the certificateless cryptosystem.

Published

2022

34. Unforgeable Digital Signature Integrated into Lightweight Encryption Based on Effective ECDH for Cybersecurity Mechanism in Internet of Things.

Author

Ahmed, Adel A. and Barukab, Omar M.

Subjects

INTERNET of things, DATA encryption, INTERNET security, PRIVATE security services, ELLIPTIC curves, DIGITAL signatures, LOCKS & keys

Abstract

Cybersecurity protocols enable several levels of protection against cyberattacks (digital attacks) that spread across network devices, platform programs, and network applications. On the Internet of Things (IoT), cyberattacks are generally intended to access and change/destroy sensitive information, which may reduce IoT benefits. Moreover, recent IoT systems are experiencing a critical challenge in designing a lightweight and robust cybersecurity mechanism on resource-constrained IoT devices. The cybersecurity challenges facing the IoT that should be taken into consideration are identifying compromised devices, data/service protection, and identifying impacted IoT users. This paper proposes an unforgeable digital signature integrated into an effective lightweight encryption (ELCD) mechanism that utilizes the secure key distribution in an elliptic curve Diffie–Hellman (ECDH) and resolves the weak bit problem in the shared secret key due to the Diffie–Hellman exchange. The ELCD mechanism proposes a secure combination between the digital signature and encryption, and it uses fast hash functions to confidentially transfer a shared secret key among IoT devices over an insecure communication channel. Furthermore, the ELCD mechanism checks the true identity of the sender with certainty through the proposed digital signature, which works based on a hash function and three steps of curve-point inspection. Furthermore, the security of ELCD was mathematically proven using the random oracle and IoT adversary models. The findings of the emulation results show the effectiveness of ELCD in terms of CPU execution time, storage cost, and power consumption that are less by 53.8%, 33–17%, and 68.7%, respectively, compared to the baseline cryptographic algorithms. [ABSTRACT FROM AUTHOR]

Published

2022

35. Active Authentication Protocol for IoV Environment with Distributed Servers.

Author

Manikandan, Saravanan, Rahaman, Mosiur, and Yu-Lin Song

Subjects

KEY agreement protocols (Computer network protocols), NEAR field communication, INTELLIGENT transportation systems, BLOCKCHAINS, COMPUTER network security

Abstract

The Internet of Vehicles (IoV) has evolved as an advancement over the conventional Vehicular Ad-hoc Networks (VANETs) in pursuing a more optimal intelligent transportation system that can provide various intelligent solutions and enable a variety of applications for vehicular traffic. Massive volumes of data are produced and communicated wirelessly among the different relayed entities in these vehicular networks, which might entice adversaries and endanger the system with a wide range of security attacks. To ensure the security of such a sensitive network, we proposed a distributed authentication mechanism for IoV based on blockchain technology as a distributed ledger with an ouroboros algorithm. Using timestamp and challenge-responsemechanisms, the proposed authentication model can withstand several security attacks such asMan-in-Middle (MiM) attacks, Distributed Denial of Service (DDoS) attacks, server spoofing attacks and more. The proposed method also provides a solution for single-point failure, forward secrecy, revocability, etc. We exhibit the security of our proposed model by using formal (mathematical) analysis and informal analysis. We used Random Oracle Model to perform themathematical analysis. In addition, we compared the communication cost, computation cost, and security of the proposed model with the related existing studies. We have verified the security of the model by using AVISPA tool simulation. The security analysis and computation analysis show that the proposed protocol is viable. [ABSTRACT FROM AUTHOR]

Published

2022

36. Pairing-free certificateless blind signature scheme for smart grid.

Author

Liu, ShuangGen, Zhu, Yu, and Wang, RuiYun

Subjects

PUBLIC key cryptography, TWO-way communication, ELLIPTIC curves, SMART meters, POWER resources, INFORMATION sharing

Abstract

The smart grid is an emerging power system that can realize the information exchange between users and power companies in two-way communication and adjust power companies' power supply according to the real-time power requests from smart meters on the users' side. However, since malicious attackers can eavesdrop on two-way communication to collect and transmit information, they may leak users' information. Therefore, this paper proposes a new certificateless blind signature (CLBS) scheme with batch verification function and improves a power request system model for the smart grid to protect users' privacy. In addition, the proposed CLBS scheme simplifies the certificate management process in the traditional public key cryptosystem and eliminates the hidden key escrow in the identity-based public key cryptosystem. The unforgeability of the scheme is proved through the random oracle model, and the scheme's security can be reduced to the intractability of the elliptic curve discrete logarithm problem (ECDLP). The analysis results show that our scheme does not use the time-consuming bilinear pairing operation, and has obvious advantages in computing performance compared with the existing signature schemes. [ABSTRACT FROM AUTHOR]

Published

2022

37. 一种面向低轨卫星网络的高效无证书身份认证方案.

Author

张 毅, 吴 奇, 周霜霜, and 贾梦朝

Subjects

*ADDITION (Mathematics), *COMPUTATIONAL mathematics, *ELLIPTIC curves, *MULTIPLICATION, *COST

Abstract

Aiming at the problems of long time delay and high computation cost of using complex bilinear mapping in the current LEO satellite network authentication scheme, this paper proposed an efficient certificateless authentication scheme based on the Gayathri’s certificateless authentication scheme. This scheme unifies the user’s public key and real identity, so that need not the third party to participate in the authentication process and reduce the authentication delay; uses a small number of point multiplication and point addition operations on the elliptic curve to construct the authentication message, which does not involve the bilinear mapping and reduces the computation cost. Then this paper proves the authentication scheme’s security based on the assumption of elliptic curve discrete mathematics under the random oracle model. Finally, through experimental simulation, comparing with the existing LEO satellite identity authentication schemes, the proposed scheme has lower authentication delay, computational overhead and communication overhead. [ABSTRACT FROM AUTHOR]

Published

2022

38. mIBS方案的分析与改进.

Author

陈 明 and 冷建华

Subjects

*CYCLIC groups, *PROBLEM solving, *DIGITAL signatures, *COMPARATIVE studies, *REVOCATION, *NEAR field communication, *PUBLIC key cryptography

Abstract

Wei Songjie et al. proposed an identity-based signature scheme（named mIBS）, and used a security mediator（SEM） node to realize real-time revocation of entity identity in the mIBS scheme. The SEM held a part of the signature key, and generated a signature by working collaboratively with a signer. This paper analyzed the security of the mIBS scheme, found it had serious security flaws, and presented a specific attack instance. In the attack instance, a signer can stole the key held by the SEM through once normal signature interaction with a SEM, and then bypassed the SEM to implement a signature independently. This paper proposed an improved signature scheme（named mIBSG）. The mIBSG scheme remedied the security flaws of the original scheme by randomizing the private key held by the SEM. Further, this paper established a security model for mIBS scheme, named mEUF-CMIA, and defined a new type of adversary that simulated malicious but legitimate signers. The new adversary had the power to generate a forged signature independently through asking random oracles. Based on the new security model, this paper deduced the unforgeability of the mIBSG scheme as solving the CDH problem on a cyclic group. Comparative analysis showed that the mIBSG scheme achieved provable security with a small calculate efficiency loss. The mIBSG scheme can be used to build an IBC-based cross-domain authentication system. [ABSTRACT FROM AUTHOR]

Published

2022

39. 格上基于身份的可链接环签名方案.

Author

刘梦情 and 汪学明

Subjects

*RIESZ spaces, *ANONYMITY, *PROBLEM solving, *ALGORITHMS, *STORAGE, *CRYPTOGRAPHY

Abstract

In order to resist the attack of quantum algorithm and deal with the defect that malicious signers can output multiple signatures using the complete anonymity of ring signature technology to carry out double overhead attack, and to solve the unnecessary waste of system overhead, this paper proposed a new identity-based linkable ring signature scheme form lattice. The scheme takes the approximate shortest vector problem on the lattice as the security basis, reduces the solution of the problem to the solution of the collision problem, generates the signature by using the linear operation between matrix vectors, and combines the identity-based cryptography technology. It solved the problem of system overhead waste, does not involve complex algorithms such as trapdoor generation and Gaussian sampling, improves the signature efficiency and reduces the storage overhead. It is verified that the scheme meets the requirements of complete anonymity and strong unforgeability under the random oracle model. After analysis, the scheme is a secure and efficient ring signature scheme. [ABSTRACT FROM AUTHOR]

Published

2022

40. 安全增强的智能电网轻量级匿名认证方案.

Author

丁志帆, 胡洪波, 杨庆余, and 肖思远

Subjects

*SMART devices, *ELLIPTIC curves, *SMART meters, *PROBLEM solving, *ALGORITHMS, *SIMULATION methods & models

Abstract

Most of the existing smart grid authentication schemes suffer from high computational costs and complex authentication processes, which are not suitable for resource-constrained smart devices in the smart grid, while some lightweight schemes suffer from various security vulnerabilities, none of which can achieve the required trade-off between efficiency and security. To solve these problems, this paper designed an enhanced provably secure smart grid lightweight anonymous authentication scheme based on elliptic curve encryption algorithm. Introducing auxiliary validator to get rid of the reliance on the power supplier in the authentication phase and to achieve mutual authentication between the gateway and the smart meter under the condition of protecting the true identity of the smart meter. In addition, the scheme can trace and revoke the identity of malicious smart meters through pseudo identity. Through the security analysis under the random oracle model and simulation tool ProVerif verifies that the proposed scheme has high security properties. Performance analysis shows that the proposed scheme can meet the requirements for security and efficiency in smart grid environment. [ABSTRACT FROM AUTHOR]

Published

2022

41. Security Analysis and Improvement of Strongly Secure Certificateless Digital Signature Scheme

Author

YE Sheng-nan, CHEN Jian-hua

Subjects

certificateless signature, bilinear pairings, security analysis, elliptic curve discrete diffie-hellman problem, random oracle model, Computer software, QA76.75-76.765, Technology (General), T1-995

Abstract

Certificateless public key cryptosystem combines the advantages of identity-based cryptosystem and traditional PKI public key cryptosystem,overcomes the key escrow problem of identity-based public key cryptosystem and the certificate management problem of PKI system,and has obvious advantages.By analysing the security of a strongly secure certificateless signature scheme proposed by Hassouna,et al,it shows that the scheme cannot resist the attack of falsifying messages and do not use private key generated by system master key to sign.So it is not a certificateless signature scheme.On this basis,an improved certificateless signature scheme is proposed and it proves the scheme can resist the attack of the first class of strong adversaries and the second class of adversaries.In the random oracle model and under the assumption of the Diffie-Hellman problem of the elliptic curve,the improved scheme satisfies the existential forgery.

Published

2021

42. RAPCHI: Robust authentication protocol for IoMT-based cloud-healthcare infrastructure.

Author

Kumar, Vinod, Mahmoud, Mahmoud Shuker, Alkhayyat, Ahmed, Srinivas, Jangirala, Ahmad, Musheer, and Kumari, Adesh

Subjects

*CYBER physical systems, *ARTIFICIAL intelligence, *INTERNET of things, *TELECOMMUNICATION systems, *DATA security, *ELLIPTIC curve cryptography

Abstract

With the fast growth of technologies like cloud computing, big data, the Internet of Things, artificial intelligence, and cyber-physical systems, the demand for data security and privacy in communication networks is growing by the day. Patient and doctor connect securely through the Internet utilizing the Internet of medical devices in cloud-healthcare infrastructure (CHI). In addition, the doctor offers to patients online treatment. Unfortunately, hackers are gaining access to data at an alarming pace. In 2019, 41.4 million times, healthcare systems were compromised by attackers. In this context, we provide a secure and lightweight authentication scheme (RAPCHI) for CHI employing Internet of medical Things (IoMT) during pandemic based on cryptographic primitives. The suggested framework is more secure than existing frameworks and is resistant to a wide range of security threats. The paper also explains the random oracle model (ROM) and uses two alternative approaches to validate the formal security analysis of RAPCHI. Further, the paper shows that RAPCHI is safe against man-in-the-middle and reply attacks using the simulation programme AVISPA. In addition, the paper compares RAPCHI to related frameworks and discovers that it is relatively light in terms of computation and communication. These findings demonstrate that the proposed paradigm is suitable for use in real-world scenarios. [ABSTRACT FROM AUTHOR]

Published

2022

43. RAKS: robust authentication and key agreement scheme for satellite infrastructure.

Author

Khan, Akber Ali, Kumar, Vinod, Srinivas, Jangirala, Kumari, Saru, and Gupta, Mridul Kumar

Subjects

TELECOMMUNICATION satellites, KEY agreement protocols (Computer network protocols), ELLIPTIC curve cryptography, TELECOMMUNICATION systems, COMPUTER network protocols, SOFTWARE development tools

Abstract

One of the network communication systems in our surroundings that has a significant influence on our day-to-day lives is the satellite network. Many authentications and key agreement procedures have been developed for satellite communication systems in order to ensure secure communication. None, however, offer the satellite communication system with the desired security characteristics. Using elliptic curve cryptography and a hash function, this article provides a safe and efficient architecture for satellite network systems. By employing key agreement, users can safely access services offered by the network control centre in the proposed protocol. The suggested framework is resistant to a wide range of security threats and includes a variety of security features and capabilities. Users can easily update their passwords using the proposed protocol. The random oracle model is used to show the suggested protocol security. We provide security verification of the proposed protocol by using AVISPA software tool against man in the middle attack and replay attack. Further, we demonstrates the informal security of the proposed protocol and shows that proposed protocol secure against various security attacks and maintain various cryptographic security properties. We further show that the proposed protocol has lower computation and transmission overhead than competing methods. As a consequence, the proposed satellite network protocol is both efficient and secure. [ABSTRACT FROM AUTHOR]

Published

2022

44. A power resource dispatching framework with a privacy protection function in the Power Internet of Things.

Author

Liu, Shuanggen, Zheng, Shuangzi, Zhang, Wenbo, and Fu, Runsheng

Abstract

Copyright of Frontiers of Information Technology & Electronic Engineering is the property of Springer Nature and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2022

45. Preprocessing succinct non-interactive arguments for rank-1 constraint satisfiability from holographic proofs.

Author

Zhang, Shuangjun, Kan, Haibin, and Wang, Liguan

Subjects

*ARGUMENT, *CRYPTOGRAPHY

Abstract

We design a new preprocessing succinct non-interactive argument (SNARG) for rank-1 constraint satisfiability (R1CS) from holographic Interactive Oracle Proofs (IOPs). The protocol is secure in the random oracle model (ROM). We achieve polylogarithm time verifier and polylogarithm proof size. Our construction consists of two parts: (1) a holographic IOP for R1CS with linear size proof and logarithmic query complexity. (2) A cryptography complier converts holographic IOPs to SNARGs. In the first part, univariate sumcheck and low degree testing play an important role in the holographic IOP. In the second part, we use Merkle tree scheme and Fiat-Shamir heuristic to achieve succinctness and non-interactivity. • A new holographic IOP for R1CS is proposed. • A transformation form holographic IOP to preprocessing SNARG is proposed. • Our construction is transparent and using only lightweight symmetric cryptography. [ABSTRACT FROM AUTHOR]

Published

2022

46. A blockchain‐based approach to secure electronic health records using fuzzy commitment scheme.

Author

Barman, Subhas, Chattopadhyay, Samiran, Samanta, Debasis, and Barman, Sayantani

Abstract

The electronic health record is the most sensitive data which needs a secure framework to protect it from data breaching. Recently, blockchain‐based platforms are used in healthcare services for data security, data sharing and availability of immutable data during medico‐legal verification. In this paper, a blockchain‐based approach for securing electronic health records using elliptic curve cryptography (ECC) and a biometric‐based fuzzy commitment scheme is proposed. The proposed approach addresses common issues of blockchain, namely scalability, integrity, confidentiality and decentralization of the ledger. The security of the proposed scheme was verified using the Random Oracle model. The block time for a variable number of transactions per block was measured and compared with the block time of the existing approaches. Also, the proposed approach was compared with the existing approaches with reference to various security features. [ABSTRACT FROM AUTHOR]

Published

2022

47. Secure and efficient two-party collaborative SM9 signature scheme suitable for smart home.

Author

Liu, Shuang Gen, Liu, Ru, and Rao, Si Yuan

Subjects

SMART homes, PUBLIC key cryptography, HOME security measures, HOME wireless technology, SMART devices, WIRELESS communications

Abstract

The smart home usually has poor security and is vulnerable to attack since it adopts embedded processors that are limited by volume and power consumption. To improve the communication security of the smart home system, identity-based signature schemes are widely used in wireless network communications. However, the user's signature private key is generally stored in a single device, it is easy to be stolen by attackers to control the smart home devices. To reduce the risk of leakage of the signature private key, a two-party collaborative signature scheme based on the SM9 algorithm is proposed in this paper. The user's signature private key is generated through the collaboration of the two-party key generation center (KGC), and the integer secrets related to the signature private key are stored in two devices respectively. During the signing process, the two devices sign collaboratively to prevent the complete private key from being leaked. The security of the scheme is proved in the random oracle model. Theoretical analysis and experimental results show that our proposed scheme can achieve higher security with lower computation cost and communication cost when compared with the existing two-party SM9 signature schemes. [ABSTRACT FROM AUTHOR]

Published

2022

48. Attacks to Some Recently Proposed CL-SC Schemes and Presenting a Secure Scheme with KSSTIS.

Author

Rastegari, Parvin

Subjects

PUBLIC key cryptography, INFORMATION technology security

Abstract

The certificateless public key cryptography (CL-PKC) setting, makes it possible to overcome the problems of the conventional public key infrastructure and the ID-Based public key cryptography, concurrently. A certificateless signcryption (CL-SC) scheme is an important cryptographic primitive which provides the goals of a signature scheme and an encryption scheme both at once, in a certificateless setting. In addition to the basic security requirements of a CL-SC scheme (i.e. the unforgeability and the confidentiality), a new security notion called as the known session specific temporary information security (KSSTIS) has been proposed in the literature, recently. This security notion guarantees the confidentiality of the message even if the temporary information, used for creating the signcryption on the message, reveals. However, as discussed in the literature, there are not any secure CL-SC schemes in the standard model (i.e. without the assumption of random oracles) which guarantees the KSSTIS. In this paper, three recently proposed CL-SC schemes (Caixue, Shan and Ullah et al.'s schemes) are analyzed and it is shown that these schemes not only do not satisfy the KSSTIS, but also they do not even provide the basic security requirements of a CL-SC scheme. Furthermore, an enhanced secure CL-SC scheme is proposed in the standard model which satisfies the KSSTIS. [ABSTRACT FROM AUTHOR]

Published

2022

49. ATS-LIA: A lightweight mutual authentication based on adaptive trust strategy in flying ad-hoc networks.

Author

Du, Xiaoyu, Li, Yinyin, Zhou, Sufang, and Zhou, Yi

Subjects

MILITARY reconnaissance, TRAFFIC estimation, TRUST, EARTH stations, EDGE computing, DRONE aircraft

Abstract

With the rapid development of wireless communication and edge computing, UAV-assisted networking technology has great significance in many application scenarios such as traffic forecasting, emergency rescue, military reconnaissance. However, due to dynamic topology changes of Flying Ad-hoc Networks (FANET), frequent identity authentication is easy to cause the instability of communications between UAV nodes, which makes FANET face serious identity security threats. Therefore, it is an inevitable trend to build a secure and reliable FANET. In this paper, we propose a lightweight mutual identity authentication scheme based on adaptive trust strategy for Flying Ad-hoc Networks (ATS-LIA), which selects the UAV with the highest trust value from the UAV swarm to authenticate with the ground control station (GCS). While ensuring the communication security, we reduce the energy consumption of UAV to the greatest extent, and reduce the frequent identity authentication between UAV and GCS. Through the security game verification under the random oracle model, it is proved that the proposed method can effectively resist some attacks, effectively reduce the computational overhead, and ensure the communication security of FANET. The results show that compared with the existing schemes, the proposed ATS-LIA scheme has lower computational overhead. [ABSTRACT FROM AUTHOR]

Published

2022

50. Lattice-based strong designated verifier signature with non-delegatability.

Author

Zhang, Yanhua, Susilo, Willy, and Guo, Fuchun

Subjects

*CRYPTOGRAPHY, *INTEGERS, *RIGHTS, *RESPONSIBILITY

Abstract

Strong designated verifier signature (SDVS) is a special type of digital signatures which provides authentication of a message without providing non-repudiation property. More specifically, SDVS can enable that it is impossible for any entity, other than the designated verifier, to recognize the validity of a given signature. Although there have been several proposals of lattice-based SDVS schemes since the first non-quantum resistant scheme proposed by Jakobsson et al. at EUROCRYPT 1996, all the existing lattice-based ones cannot achieve a security notion called non-delegatablity (ND), which was an essential property introduced by Lipmaa et al. at ICALP 2005 when considering an SDVS in scenarios where the responsibility of the signer is important and the signing rights cannot be delegated to another entity. Therefore, in this work, we provide the first lattice-based SDVS scheme that offers non-delegatablity (i.e., neither the signer nor the designated verifier can delegate the signing rights to other entities without the revealment of their corresponding private keys), and thus, resolve a prominent open problem posed by previous works. Moreover, we achieve this non-trivial feat in a relatively simple manner. Starting with Lyubashevsky's lattice signatures without trapdoors at EUROCRYPT 2012 - which is arguably the first practical alternative method in general lattices for designing digital signatures not adopting the "hash-and-sign" methodology, we introduce simple-but-insightful tweaks allowing to upgrade it directly into an SDVS with non-delegatablity. The scheme satisfies the strong security requirements of Lipmaa et al.'s model and is proven secure in the random oracle model under the short integer solution (SIS) and the learning with errors (LWE) assumptions. • We provide the first lattice-based strong designated verifier signature (SDVS) scheme that offers non-delegatablity. • An effective combination of Lyubashevsky's lattice signatures without trapdoors and a lattice-based chameleon hash function with new private keys generatingstrategies for the signer and a designated verifier benefits us resolving a prominent open problem. [ABSTRACT FROM AUTHOR]

Published

2025