Broadcast Proxy Reencryption Based on Certificateless Public Key Cryptography for Secure Data Sharing

Broadcast proxy reencryption (BPRE), which combines broadcast encryption (BE) and proxy reencryption (PRE), is a technology used for the redistribution of data uploaded on the cloud to multiple users. BPRE reencrypts data encrypted by the distributor and then uploads it to the cloud into a ciphertext that at a later stage targets multiple recipients. As a result of this, flexible data sharing is possible for multiple recipients. However, various inefficiencies and vulnerabilities of the BE, such as the recipient anonymity problem and the key escrow problem, also creep into BPRE. Our aim in this study was to address this problem of the existing BPRE technology. The partial key verification problem that appeared in the process of solving the key escrow problem was solved, and the computational efficiency was improved by not using bilinear pairing, which requires a lot of computation time.

A Certificateless Authenticated Key Agreement Scheme for the Power IoT

Power Internet of Things (IoT) is the application of IoT technology in the field of power grid, which can better control all kinds of power equipment, power personnel and operating environment. However, access to mass terminals brings higher requirements for terminal authentication and key management for the power IoT. And the traditional public key infrastructure (PKI) and identity-based public key cryptography (IB-PKC) exist the problems of certificate management and key escrow. Therefore, the paper proposes a novel authenticated key agreement scheme based on the certificateless public key cryptography (CL-PKC) mechanism. In addition, the proposed scheme is proven with the improved extended Canetti-Krawczyk (eCK) security model. Finally, the implementation of the authenticated key agreement protocol is given based on the actual application requirement of the power IoT, and the analysis and comparison of the simulation demonstrates that the proposed scheme has higher efficiency and would be suitable for the power IoT.

A Certificateless Aggregate Arbitrated Signature Scheme for IoT Environments

The Internet of Things (IoT) environment consists of numerous devices. In general, IoT devices communicate with each other to exchange data, or connect to the Internet through a gateway to provide IoT services. Most IoT devices participating in the IoT service are lightweight devices, in which the existing cryptographic algorithm cannot be applied to provide security, so a more lightweight security algorithm must be applied. Cryptographic technologies to lighten and provide efficiency for IoT environments are currently being studied a lot. In particular, it is necessary to provide efficiency for computation at a gateway, a point where many devices are connected. Additionally, as many devices are connected, data authentication and integrity should be fully considered at the same time, and thus digital signature schemes have been proposed. Among the recently studied signature algorithms, the certificateless signature (CLS) based on certificateless public key cryptography (CL-PKC) provides efficiency compared to existing public key-based signatures. However, in CLS, security threats, such as public key replacement attacks and signature forgery by the malicious key generation center (KGC), may occur. In this paper, we propose a new signature scheme using CL-PKC in generating and verifying the signature of a message in an IoT environment. The proposed scheme is a certificateless aggregate arbitrated signature, and the gateway aggregates the signatures of messages generated by the device group to reduce the size of the entire signature. In addition, it is designed to be safe from security threats by solving the problems caused by public key replacement attacks and malicious KGC, and adding arbitrated signatures of the gateway to strengthen non-repudiation.

Efficient Certificateless Signcryption in the Standard Model: Revisiting Luo and Wan’s Scheme from Wireless Personal Communications (2018)

Certificateless public key cryptography (CL-PKC) promises a practical resolution in establishing practical schemes, since it addresses two fundamental issues, namely the necessity of requiring certificate managements in traditional public key infrastructure (PKI) and the key escrow problem in identity-based (ID-based) setting concurrently. Signcryption is an important primitive that provides the goals of both encryption and signature schemes as it is more efficient than encrypting and signing messages consecutively. Since the concept of certificateless signcryption (CL-SC) scheme was put forth by Barbosa and Farshim in 2008, many schemes have been proposed where most of them are provable in the random oracle model (ROM) and only a few number of them are provable in the standard model. Very recently, Luo and Wan (Wireless Personal Communication, 2018) proposed a very efficient CL-SC scheme in the standard model. Furthermore, they claimed that their scheme is not only more efficient than the previously proposed schemes in the standard model, but also it is the only scheme which benefits from known session-specific temporary information security (KSSTIS). Therefore, this scheme would indeed be very practical. The contributions of this paper are 2-fold. First, in contrast to the claim made by Luo and Wan, we show that unfortunately Luo and Wan made a significant error in the construction of their proposed scheme. While their main intention is indeed interesting and useful, the failure of their construction has indeed left a gap in the research literature. Hence, the second contribution of this paper is to fill this gap by proposing a CL-SC scheme with KSSTIS, which is provably secure in the standard model.

Certificateless Public Verification for the Outsourced Data Integrity in Cloud Storage

By advances in cloud storage systems, users have access to the data saved in the cloud and can manipulate the data without limitation of time and place. As the data owner no longer possesses data physically, he is required to ensure the integrity of the data stored in the cloud with the public key given by public key infrastructure (PKI). Thus the security of PKI and certificates are essential. However, there are numerous security risks in the traditional PKI and it is complex to administer the certificates. Certificateless public key cryptography is used in this paper to solve these problems. We also use elliptic curve group to reduce computation overhead. In this paper, we design a certificateless public verification mechanism to check the integrity of data outsourced in the cloud and we further extend it to support a multiuser group by batch verification. Specifically, a public verifier who replaces the data owner to check the integrity in the proposed scheme does not require to manage any certificates during the verification process. Meanwhile, a verifier is not required to download the entire file for integrity checking. Theoretical analyses verify the security of our scheme and experimental results show its efficiency.

A Certificateless Ring Signature Scheme with High Efficiency in the Random Oracle Model

Ring signature is a kind of digital signature which can protect the identity of the signer. Certificateless public key cryptography not only overcomes key escrow problem but also does not lose some advantages of identity-based cryptography. Certificateless ring signature integrates ring signature with certificateless public key cryptography. In this paper, we propose an efficient certificateless ring signature; it has only three bilinear pairing operations in the verify algorithm. The scheme is proved to be unforgeable in the random oracle model.