ID-based key-insulated signcryption with equality test in cloud computing

AbstractKey-insulated encryption reduces the problem of secret key exposure in hostile setting while signcryption cryptosystem attains the benefits of digitally signing a ciphertext and public key cryptosystem. In this study, we merge the primitives of parallel key-insulation cryptosystem and signcryption with equality test to construct ID-based parallel key-insulated signcryption with a test for equality (ID-PKSET) in cloud computing. The construction prevent data forgery, data re-play attacks and reduces the leakage of secret keys in harsh environments. Our scheme attains the security property of existential unforgeable chosen message attack (EUF-CMA) and indistinquishable identity chosen ciphertext attack (IND-ID-CCA2) using random oracle model.

Download Full-text

A CCA-PKE Secure-Cryptosystem Resilient to Randomness Reset and Secret-Key Leakage

Cryptography ◽

10.3390/cryptography6010002 ◽

2022 ◽

Vol 6 (1) ◽

pp. 2

Author(s):

Alfonso Labao ◽

Henry Adorna

Keyword(s):

Random Oracle Model ◽

Random Oracle ◽

Constant Factor ◽

Secret Key ◽

Public Key Cryptosystems ◽

Encryption And Decryption ◽

Key Leakage ◽

Hash Proof System ◽

Chosen Ciphertext Attack ◽

Ddh Assumption

In recent years, several new notions of security have begun receiving consideration for public-key cryptosystems, beyond the standard of security against adaptive chosen ciphertext attack (CCA2). Among these are security against randomness reset attacks, in which the randomness used in encryption is forcibly set to some previous value, and against constant secret-key leakage attacks, wherein the constant factor of a secret key’s bits is leaked. In terms of formal security definitions, cast as attack games between a challenger and an adversary, a joint combination of these attacks means that the adversary has access to additional encryption queries under a randomness of his own choosing along with secret-key leakage queries. This implies that both the encryption and decryption processes of a cryptosystem are being tampered under this security notion. In this paper, we attempt to address this problem of a joint combination of randomness and secret-key leakage attacks through two cryptosystems that incorporate hash proof system and randomness extractor primitives. The first cryptosystem relies on the random oracle model and is secure against a class of adversaries, called non-reversing adversaries. We remove the random oracle oracle assumption and the non-reversing adversary requirement in our second cryptosystem, which is a standard model that relies on a proposed primitive called LM lossy functions. These functions allow up to M lossy branches in the collection to substantially lose information, allowing the cryptosystem to use this loss of information for several encryption and challenge queries. For each cryptosystem, we present detailed security proofs using the game-hopping procedure. In addition, we present a concrete instantation of LM lossy functions in the end of the paper—which relies on the DDH assumption.

Download Full-text

Identity-Based Identification Scheme without Trusted Party against Concurrent Attacks

Security and Communication Networks ◽

10.1155/2020/8820271 ◽

2020 ◽

Vol 2020 ◽

pp. 1-9

Author(s):

Fei Tang ◽

Jiali Bao ◽

Yonghong Huang ◽

Dong Huang ◽

Fuqun Wang

Keyword(s):

Random Oracle Model ◽

Random Oracle ◽

Bilinear Pairing ◽

Key Generation ◽

Secret Key ◽

Key Escrow ◽

Identification Scheme ◽

Identification Schemes ◽

Secret Keys ◽

Identity Based

Identification schemes support that a prover who holding a secret key to prove itself to any verifier who holding the corresponding public key. In traditional identity-based identification schemes, there is a key generation center to generate all users’ secret keys. This means that the key generation center knows all users’ secret key, which brings the key escrow problem. To resolve this problem, in this work, we define the model of identity-based identification without a trusted party. Then, we propose a multi-authority identity-based identification scheme based on bilinear pairing. Furthermore, we prove the security of the proposed scheme in the random oracle model against impersonation under passive and concurrent attacks. Finally, we give an application of the proposed identity-based identification scheme to blockchain.

Download Full-text

Short Online/Off-line Signature Scheme for Wireless Sensor Networks

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2015010103 ◽

2015 ◽

Vol 9 (1) ◽

pp. 47-61

Author(s):

Anser Ghazzaal Ali Alquraishee ◽

Jayaprakash Kar ◽

Naomie Salim

Keyword(s):

Computational Cost ◽

Random Oracle Model ◽

Random Oracle ◽

Base Station ◽

Sensor Nodes ◽

Wireless Sensor ◽

Signature Scheme ◽

Diffie Hellman ◽

Two Phases ◽

Chosen Message Attack

This article proposes a novel construction of short Online/Off-line signature scheme with provable security in the random oracle model for wireless sensor network (WSN). Security of the proposed scheme relies on k-CAA Problem as well as Computational Diffie-Hellman problem and is resistant against chosen message attack. The scheme is suited for broadcast authentication and integrity of message exchanging between the sensor nodes. The process of generation of the signature is carried out in two phases online and off-line. The heavy computation is performed in off-line phase, i.e the base station. The actual signature will be generated in the sensor nodes. The authors assume that the online phase is more efficient. Here they have evaluated the size of the signature with respect to the size of the user's public key and compare with some current schemes. Also, the authors have evaluated the computational cost and time which shows the scheme is most suited to implement on sensor node.

Download Full-text

Revisiting Anonymous Two-Factor Authentication Schemes for IoT-Enabled Devices in Cloud Computing Environments

Security and Communication Networks ◽

10.1155/2019/2516963 ◽

2019 ◽

Vol 2019 ◽

pp. 1-13 ◽

Cited By ~ 5

Author(s):

Ping Wang ◽

Bin Li ◽

Hongjin Shi ◽

Yaosheng Shen ◽

Ding Wang

Keyword(s):

Cloud Computing ◽

Random Oracle Model ◽

Random Oracle ◽

Replay Attack ◽

Password Guessing Attack ◽

Symmetric Key ◽

Computing Environments ◽

Guessing Attack ◽

Key Techniques ◽

User Friendly

Investigating the security pitfalls of cryptographic protocols is crucial to understand how to improve security. At ICCCS’17, Wu and Xu proposed an efficient smart-card-based password authentication scheme for cloud computing environments to cope with the vulnerabilities in Jiang et al.’s scheme. However, we reveal that Wu-Xu’s scheme actually is subject to various security flaws, such as offline password guessing attack and replay attack. Besides security, user friendly is also another great concern. In 2017, Roy et al. found that in most previous two-factor schemes a user has to manage different credentials for different services and further suggested a user-friendly scheme which is claimed to be suitable for multiserver architecture and robust against various attacks. In this work, we show that Roy et al.’s scheme fails to achieve truly two-factor security and shows poor scalability. At FGCS’18, Amin et al. pointed out that most of existing two-factor schemes are either insecure or inefficient for mobile devices due to the use of public-key techniques and thus suggested an improved protocol by using only light-weight symmetric key techniques. Almost at the same time, Wei et al. also observed this issue and proposed a new scheme based on symmetric key techniques with formal security proofs in the random oracle model. Nevertheless, we point out that both Amin et al.’s and Wei et al.’s schemes cannot achieve the claimed security goals (including the most crucial goal of “truly two-factor security”). Our results invalidate any use of the scrutinized schemes for cloud computing environments.

Download Full-text

Public key encryption with equality test from generic assumptions in the random oracle model

Information Sciences ◽

10.1016/j.ins.2019.05.026 ◽

2019 ◽

Vol 500 ◽

pp. 15-33 ◽

Cited By ~ 3

Author(s):

Hyung Tae Lee ◽

San Ling ◽

Jae Hong Seo ◽

Huaxiong Wang

Keyword(s):

Random Oracle Model ◽

Random Oracle ◽

Public Key ◽

Public Key Encryption ◽

Equality Test

Download Full-text

An Efficient V2I Authentication Scheme for VANETs

Mobile Information Systems ◽

10.1155/2018/4070283 ◽

2018 ◽

Vol 2018 ◽

pp. 1-11 ◽

Cited By ~ 6

Author(s):

Yousheng Zhou ◽

Siling Liu ◽

Min Xiao ◽

Shaojiang Deng ◽

Xiaojun Wang

Keyword(s):

Traffic Safety ◽

Vehicular Ad Hoc Networks ◽

Ad Hoc ◽

Intelligent Transportation System ◽

Random Oracle Model ◽

Random Oracle ◽

Forgery Attack ◽

Security Issues ◽

Secret Keys ◽

Hoc Networks

The advent of intelligent transportation system has a crucial impact on the traffic safety and efficiency. To cope with security issues such as spoofing attack and forgery attack, many authentication schemes for vehicular ad hoc networks (VANETs) have been developed, which are based on the hypothesis that secret keys are kept perfectly secure. However, key exposure is inevitable on account of the openness of VANET environment. To address this problem, key insulation is introduced in our proposed scheme. With a helper device, vehicles could periodically update their own secret keys. In this way, the forward and backward secrecy has been achieved. In addition, the elliptic curve operations have been integrated to improve the performance. The random oracle model is adopted to prove the security of the proposed scheme, and the experiment has been conducted to demonstrate the comparison between our scheme and the existing similar schemes.

Download Full-text

One-Round Attribute-Based Key Exchange in the Multi-Party Setting

International Journal of Foundations of Computer Science ◽

10.1142/s0129054117400159 ◽

2017 ◽

Vol 28 (06) ◽

pp. 725-742 ◽

Cited By ~ 1

Author(s):

Yangguang Tian ◽

Guomin Yang ◽

Yi Mu ◽

Shiwei Zhang ◽

Kaitai Liang ◽

...

Keyword(s):

Random Oracle Model ◽

Random Oracle ◽

Key Exchange ◽

Secret Key ◽

Security Issue ◽

User Privacy ◽

Session Key ◽

Shared Secret ◽

Key Exchange Protocols ◽

Straightforward Approach

Attribute-based authenticated key exchange (AB-AKE) is a useful primitive that allows a group of users to establish a shared secret key and at the same time enables fine-grained access control. A straightforward approach to design an AB-AKE protocol is to extend a key exchange protocol using an attribute-based authentication technique. However, insider security is a challenge security issue for AB-AKE in the multi-party setting and cannot be solved using the straightforward approach. In addtion, many existing key exchange protocols for the multi-party setting (e.g., the well-known Burmester-Desmedt protocol) require multiple broadcast rounds to complete the protocol. In this paper, we propose a novel one-round attribute-based key exchange (OAKE) protocol in the multi-party setting. We define the formal security models, including session key security, insider security and user privacy, for OAKE, and prove the security of the proposed protocol under some standard assumptions in the random oracle model.

Download Full-text

Compiled Constructions towards Post-Quantum Group Key Exchange: A Design from Kyber

Mathematics ◽

10.3390/math8101853 ◽

2020 ◽

Vol 8 (10) ◽

pp. 1853

Author(s):

José Ignacio Escribano Pablos ◽

María Isabel González Vasco ◽

Misael Enrique Marriaga ◽

Ángel Luis Pérez del Pozo

Keyword(s):

Random Oracle Model ◽

Building Blocks ◽

Random Oracle ◽

Key Exchange ◽

Encryption Scheme ◽

Secret Key ◽

Key Exchange Protocol ◽

Group Key ◽

Group Key Exchange ◽

Starting Point

A group authenticated key exchange (GAKE) protocol allows a set of parties belonging to a certain designated group to agree upon a common secret key through an insecure communication network. In the last few years, many new cryptographic tools have been specifically designed to thwart attacks from adversaries which may have access to (different kinds of) quantum computation resources. However, few constructions for group key exchange have been put forward. Here, we propose a four-round GAKE which can be proven secure under widely accepted assumptions in the Quantum Random Oracle Model. Specifically, we integrate several primitives from the so-called Kyber suite of post-quantum tools in a (slightly modified) compiler from Abdalla et al. (TCC 2007). More precisely, taking as a starting point an IND-CPA encryption scheme from the Kyber portfolio, we derive, using results from Hövelmanns et al. (PKC 2020), a two-party key exchange protocol and an IND-CCA encryption scheme and prove them fit as building blocks for our compiled construction. The resulting GAKE protocol is secure under the Module-LWE assumption, and furthermore achieves authentication without the use of (expensive) post-quantum signatures.

Download Full-text

Scalable and Soundness Verifiable Outsourcing Computation in Marine Mobile Computing

Wireless Communications and Mobile Computing ◽

10.1155/2017/6128437 ◽

2017 ◽

Vol 2017 ◽

pp. 1-11 ◽

Cited By ~ 2

Author(s):

Kai Zhang ◽

Lifei Wei ◽

Xiangxue Li ◽

Haifeng Qian

Keyword(s):

Cloud Computing ◽

Mobile Computing ◽

Input Data ◽

Random Oracle Model ◽

Single Mode ◽

Random Oracle ◽

Data Set

Outsourcing computation with verifiability is a merging notion in cloud computing, which enables lightweight clients to outsource costly computation tasks to the cloud and efficiently check the correctness of the result in the end. This advanced notion is more important in marine mobile computing since the oceangoing vessels are usually constrained with less storage and computation resources. In such a scenario, vessels always firstly outsource data set and perform a function computing over them or at first outsource computing functions and input data set into them. However, vessels may choose which delegation computation type to outsource, which generally depends on the actual circumstances. Hence, we propose a scalable verifiable outsourcing computation protocol (SV-OC) in marine cloud computing at first and extract a single-mode version of it (SM-SV-OC), where both protocols allow anyone who holds verification tokens to efficiently verify the computed result returned from cloud. In this way, the introduced “scalable” property lets vessels adjust the protocol to cope with different delegation situations in practice. We additionally prove both SV-OC and SM-SV-OC achieving selective soundness in the random oracle model and evaluate their performance in the end.

Download Full-text

Shorter Decentralized Attribute-Based Encryption via Extended Dual System Groups

Security and Communication Networks ◽

10.1155/2017/7323158 ◽

2017 ◽

Vol 2017 ◽

pp. 1-19

Author(s):

Jie Zhang ◽

Jie Chen ◽

Aijun Ge ◽

Chuangui Ma

Keyword(s):

Random Oracle Model ◽

Random Oracle ◽

Dual System ◽

Common Reference ◽

Access Structures ◽

Attribute Based Encryption ◽

Secret Keys ◽

The Common ◽

Global Coordination ◽

Reference Parameters

Decentralized attribute-based encryption (ABE) is a special form of multiauthority ABE systems, in which no central authority and global coordination are required other than creating the common reference parameters. In this paper, we propose a new decentralized ABE in prime-order groups by using extended dual system groups. We formulate some assumptions used to prove the security of our scheme. Our proposed scheme is fully secure under the standard k-Lin assumption in random oracle model and can support any monotone access structures. Compared with existing fully secure decentralized ABE systems, our construction has shorter ciphertexts and secret keys. Moreover, fast decryption is achieved in our system, in which ciphertexts can be decrypted with a constant number of pairings.

Download Full-text