Weifeng Wu,Fagen Li

DOI: https://doi.org/10.3837/tiis.2015.05.020

2015-01-01

KSII Transactions on Internet and Information Systems

Abstract:Deniable authentication protocol allows a sender to deny his/her involvement after the protocol run and a receiver can identify the true source of a given message. Meanwhile, the receiver has no ability to convince any third party of the fact that the message was sent by the specific sender. However, most of the proposed protocols didn't achieve confidentiality of the transmitted message. But, in some special application scenarios such as e-mail system, electronic voting and Internet negotiations, not only the property of deniable authentication but also message confidentiality are needed. To settle this problem, in this paper, we present a non-interactive identity-based deniable authenticated encryption (IBDAE) scheme using pairings. We give the security model and formal proof of the presented IBDAE scheme in the random oracle model under bilinear Diffie-Hellman (BDH) assumption.

Yanmei Cao,Jianghong Wei,Yang Xiang,Willy Susilo,Xiaofeng Chen

DOI: https://doi.org/10.1016/j.csi.2023.103761

2023-05-25

Abstract:Deniable encryption (DE) allows private communication over an insecure channel even under the coercion. That is, after an adversary forces communication participants to reveal their secret keys and randomness used during the communication, the message confidentiality can still be preserved. Since its introduction, a large body of studies have been made to improve the DE system in terms of efficiency, security definition and functionality, which is the focus of this paper. However, as far as we know, none of existing DE systems considers the abuse of deniability caused by malicious users, which is a crucial feature from the view of practical applications of DE. For instance, a malicious user (e.g., an employee who holds some sensitive documents and intends to sell these confidential contents for obtaining financial gain) can utilize a DE system to transmit the confidential content without the risk of being caught, which is extremely dangerous to the interests and security of his/her organization. In this paper, to mitigate this threat, we formally define the syntax and security notions of abuse-resistant deniable encryption, which restricts what users can deny. Then, we put forward a concrete construction of abuse-resistant DE scheme, and prove its security under the assumptions of indistinguishability obfuscation and one-way function. Compared with other related work, the proposed construction has advantages in terms of functionality and ciphertext rate simultaneously.

computer science, software engineering, hardware & architecture

Shaoquan Jiang,Yeow Meng Chee,San Ling,Huaxiong Wang,Chaoping Xing

DOI: https://doi.org/10.1016/j.ic.2022.104866

IF: 1.24

2022-01-01

Information and Computation

Abstract:A deniable secure key exchange protocol allows two parties to agree on a common secret while achieving two seemingly contradictory functionalities: authentication and deniability. The former requires each party to confirm the identity of the other while the latter requires any attacker (e.g., participant or eavesdropper) be unable to prove to a third party an honest party's participation. Designing an efficient secure key exchange with deniability is a challenging problem. In this paper, we first formalize the deniability model by requiring information theoretic deniability with an eavesdropping attack. The information theoretic deniability has the advantage that it can hold forever without any computational assumption. An eavesdropping attack (Di Raimondo et al., CCS'06) allows an attacker to apply eavesdropped transcripts into an active attack session. This gives an attacker more power to make the victim undeniable as he does not know the randomness of the transcript. We then propose an efficient, provably deniable secure framework of key exchange. Our deniability holds non-adaptively in the eavesdropping model. However, if we consider a model without an eavesdropping attack (which is practical in many scenarios), then our framework is proven adaptively deniable. This is important since no previous key exchange protocols can satisfy our adaptive and information theoretical deniability. We give a concrete realization for our framework that is more efficient than SKEME (Krawczyk, NDSS'96).

Fagen Li,Di Zhong,Tsuyoshi Takagi

DOI: https://doi.org/10.1109/tifs.2016.2585086

IF: 7.231

2016-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Confidentiality and authentication are two main security goals in secure electronic mail (e-mail). Pretty good privacy (PGP) and secure/multipurpose internet mail extensions (S/MIME) are two famous secure e-mail solutions. Both PGP and S/MIME use digital envelope to provide message confidentiality and digital signature to provide message authentication. However, these methods have the following two weaknesses: 1) digital signature provides non-repudiation evidence of sender that is not desired in some e-mail applications and 2) efficiency is low, since these methods use two kinds of public key cryptographic primitives: public key encryption and digital signature. To overcome the above two weaknesses, we introduce a new concept called deniably authenticated encryption that can achieve confidentiality, integrity, and deniable authentication in a logical single step. We first propose a deniably authenticated encryption scheme and prove its security in the random oracle model. Then, we design a secure e-mail protocol using the proposed deniably authenticated encryption scheme. The deniable authentication property protects senders' privacy.

Chunhua Jin,Chunxiang Xu,Xiaojun Zhang,Fagen Li

DOI: https://doi.org/10.1504/ijesdf.2015.069611

2015-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:A deniable authentication protocol enables an intended receiver to identify the source of a given message, but the receiver cannot prove the source of a given message to any third party. It is very useful in some particular applications such as electronic voting, online negotiation and online shopping. However, many related protocols are lack of formal security proof which is very important for cryptographic protocol design. In this paper, we present a certificateless deniable authentication protocol. Our protocol is based on certificateless cryptography, which can solve the public key certificate management problem of public key infrastructure PKI-based cryptography and the key escrow problem of identity-based cryptography. Our protocol does not need the pairing operation which is the most time-consuming. In addition, our protocol can admit formal security proof in the random oracle model and resist key compromise impersonation KCI attack. Compared with the existing deniable authentication protocols, our protocol can be well applied in electronic voting system.

Haifeng Qian,Zhenfu Cao,Lichen Wang,Qingshui Xue

DOI: https://doi.org/10.1109/CIT.2005.109

2005-01-01

Abstract:Deniable authentication protocol is an authentication protocol that allows a sender to authenticate a message for a receiver, in a way that the receiver cannot convince a third party that such authentication ever took place. In recent years, due to the popularity of Internet and its special property, many deniable authentication protocols have been proposed. However, most of these proposed schemes are interactive and less efficient. To our knowledge, Shao has proposed an efficient non-interactive deniable authentication protocol based on generalized ElGamal signature scheme without security proof. Lu et al have proposed a deniable authentication also, however, the protocol suffers from the receiver's attack who once interacts with the sender. For the reason above, we would like to propose a generic method to construct efficient non-interactive deniable authentication protocols from any trapdoor permutations. Using RSA trapdoor permutations we introduce a new digital signature with tight security and use it to construct a concrete deniable authentication protocol. Concentrated on security problem we prove the protocol secure in random oracle. We also believe that the protocol is much efficient and practical in application with non-interactive property.

Chunhua Jin,Chunxiang Xu,Xiaojun Zhang,Qianna Xie,Fagen Li

DOI: https://doi.org/10.1080/1206212x.2016.1188564

2015-01-01

Abstract:Deniable authenticate is a different and attractive authenticate mechanism compared with the traditional authentication. It allows the appointed receiver to identify the identity of the sender, but not to prove the source of a given message to a third party even if the appointed receiver is willing to reveal its private key. Certificateless public key cryptography can solve both the public key certificate management problem of public key infrastructure-based cryptography and the key escrow problem of identity-based cryptography. In this paper, we first define a security model for certificateless deniable authentication protocols. Then we propose a non-interactive certificateless deniable authentication protocol. In addition, we prove its security in the random oracle model. Our protocol can be applied in many actual application scenarios, such as electronic voting, electronic tendering, and online shopping.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

Cheng Jicheng,Yang Shoubao

DOI: https://doi.org/10.3969/j.issn.1000-386X.2006.04.042

2006-01-01

Abstract:Deniable authentication is a kind of authentication by which a receiver cannot prove the source of a message to a third party.A deniable authentication scheme for secret communication suits the sender to parallel implementation is provided.

Emmanuel Ahene,Chunhua Jin,Fagen Li

DOI: https://doi.org/10.1007/s11235-018-0496-3

2018-01-01

Telecommunication Systems

Abstract:The concept of deniably authenticated encryption (DAE) is presently significant in cryptography due to its security properties and wide range of application. It achieves deniable authentication and confidentiality in a simultaneous manner. It has merited application in e-voting systems, e-mail systems and confidential online negotiation. Although several DAE schemes have been proposed recently, we point out that those constructions are either weak against masquerading attacks or inherent key escrow problem. As a remedy, we propose a certificateless deniably authenticated encryption (CLDAE) scheme that is provably secure. Typically, we can obtain this goal using the “deniable authentication followed by certificateless encryption” approach. However, this approach is computationally expensive and complex to design since it is a combination of two cryptographic constructions. In contrast, our CLDAE scheme is a single cryptographic construction but it concurrently accomplishes the requirements of public key encryption and deniable authentication at a relatively lower cost. For instance, our simulation results at 80 bits of security level shows up to be approximately 43.3 and 30.4% respectively faster than two “deniable authentication followed by certificateless encryption” schemes. Moreover, the communication overhead of our CLDAE scheme is 12.9 and 34.9% lesser than that of those two schemes respectively. Finally, to demonstrate the significance of our CLDAE scheme, we apply it to a real world application such as e-voting system.

Fagen Li,Zhaohui Zheng,Chunhua Jin

DOI: https://doi.org/10.1007/s11235-015-0099-1

2015-01-01

Telecommunication Systems

Abstract:An authenticated encryption (AE) scheme simultaneously achieves two security goals: confidentiality and authenticity. AE can be divided into symmetric AE and asymmetrical (public key) AE. In a symmetric AE scheme, deniability is gained automatically. However, a public key AE scheme can not gain deniability automatically; on the contrary, it provides non-repudiation. In this paper, we address a question on deniability of public key AE. Of course, we can achieve this goal by “deniable authentication followed by encryption” method. However, such method has the following two weaknesses: (1) the computational cost and communication overhead are the sum of two cryptographic primitives; (2) it is complex to design cryptographic protocols with deniable authentication and confidentiality using two cryptographic primitives. To overcome the two weaknesses, we propose a new concept called deniable authenticated encryption (DAE) that can achieve both the functions of deniable authentication and public key encryption simultaneously, at a cost significantly lower than that required by the “deniable authentication followed by encryption” method. This single cryptographic primitive can simplify the design of cryptographic protocols with deniable authentication and confidentiality. In particular, we construct an identity-based deniable authenticated encryption (IBDAE) scheme. Our construction uses tag-key encapsulation mechanism (KEM) and data encapsulation mechanism (DEM) hybrid techniques, which is more practical for true applications. We show how to construct an IBDAE scheme using an identity-based deniable authenticated tag-KEM (IBDATK) and a DEM. We also propose an IBDATK scheme and prove its security in the random oracle model. For typical security level, our scheme is at least 50.7 and 22.7 % faster than two straightforward “deniable authentication followed by encryption” schemes, respectively. The communication overhead is respectively reduced at least 21.3 and 31.1 %. An application of IBDAE to an e-mail system is described.

Chengyu Fan,Shijie Zhou,Fagen Li

DOI: https://doi.org/10.1109/ispa.2009.113

2009-01-01

Abstract:A deniable authentication allows the receiver to identify the source of the received messages but cannot prove it to any third party. However, the deniability of the content, which is called restricted deniability in this paper, is concerned in electronic voting and some other similar application. At present, most non-interactive deniable authentication protocols cannot resist weaken key-compromise impersonation (W-KCI) attack. To settle this problem, a non-interactive identity-based restricted deniable authentication protocol is proposed. It not only can resist W-KCI attack but also has the properties of communication flexibility. It meets the security requirements such as correctness, restricted deniability as well. Therefore, this protocol can be applied in electronic voting.

Tianjie Cao,Dongdai Lin,Rui Xue

DOI: https://doi.org/10.1109/AINA.2005.100

2005-01-01

Abstract:Deniability is a privacy property that ensures protocol participants can later deny taking part in a particular protocol run. A deniable authentication protocol enables an intended receiver to identify the source of a given message, but not prove the identity of the sender to a third party even if the intended receiver is willing to reveal his secret-key. In this paper, we present an efficient ID-based deniable authentication protocol from pairings. The proposed protocol satisfies the correctness, authentication and deniability properties.

L Fan,CX Xu,JH Li

DOI: https://doi.org/10.1049/el:20020502

2002-01-01

Electronics Letters

Abstract:Deniable authentication is a new kind of authentication, by which means a receiver cannot prove the source of a message to a third party. A deniable authentication protocol, which is based on the Deffie-Hellman key exchange protocol, is presented. It does not require a trusted third party, and the protocol can resist person-in-the-middle attack.

Shi-Feng Sun,Udaya Parampalli,Tsz Hon Yuen,Yu,Dawu Gu

DOI: https://doi.org/10.1145/2897845.2897921

2016-01-01

Abstract:Non-malleability is an important and intensively studied security notion for many cryptographic primitives. In the context of public key encryption, this notion means it is infeasible for an adversary to transform an encryption of some message m into one of a related message m' under the given public key. Although it has provided a strong security property for many applications, it still does not suffice for some scenarios like the system where the users could issue keys on-the-fly. In such settings, the adversary may have the power to transform the given public key and the ciphertext. To withstand such attacks, Fischlin introduced a stronger notion, known as complete non-malleability, which requires that the non-malleability property be preserved even for the adversaries attempting to produce a ciphertext of some related message under the transformed public key. To date, many schemes satisfying this stronger security have been proposed, but they are either inefficient or proved secure in the random oracle model. In this work, we put forward a new encryption scheme in the common reference string model. Based on the standard DBDH assumption, the proposed scheme is proved completely non-malleable secure against adaptive chosen ciphertext attacks in the standard model. In our scheme, the well-formed public keys and ciphertexts could be publicly recognized without drawing support from unwieldy techniques like non-interactive zero knowledge proofs or one-time signatures, thus achieving a better performance.

YJ Wang,JH Li,L Tie

DOI: https://doi.org/10.1002/net.20062

2005-01-01

Abstract:Deniable authentication is different from traditional authentication in that the receiver cannot prove the source of a given message to a third party. This article presents a new deniable authentication protocol, based on ElGamal cryptography. The protocol meets the two properties of deniable authentication and can withstand person-in-middle (PIM) attacks. Compared with previous schemes, it is simpler and more efficient. © 2005 Wiley Periodicals, Inc. NETWORKS, Vol. 45(4), 193–194 2005

xu chongxiang,fan lei,li jianhua

DOI: https://doi.org/10.3969/j.issn.1002-0802.2002.04.022

2002-01-01

Abstract:A deniable authentication protocol is proposed in this paper.This proto col is based on public key algorithm,Hash function and common key encryption are used.T his protocol can make the re-ceiver assure the source of a given me ssage,but others cannot do that.At t he same time,this protocol can resist Person -In -the -Middle(PIM)attack.deniable authentication,public -key algorithm,person -in -the -middl e attack

Fagen Li,Tsuyoshi Takagi

DOI: https://doi.org/10.1007/s11277-012-0640-4

IF: 2.017

2012-01-01

Wireless Personal Communications

Abstract:A deniable authentication protocol enables a receiver to identify the source of a given message, but the receiver cannot prove the source of the message to a third party. Recently, Yoon et al. (Wirel Pers Commun 55:81–90, 2010) proposed a robust deniable authentication protocol based on ElGamal cryptosystem. Although they proved that their protocol satisfies the deniable authentication, mutual authentication and confidentiality, we show that their protocol does not satisfy the deniable authentication property. The receiver can prove the source of a given message to a third party. In addition, we propose an improved protocol that removes this weakness.

SF Sun,Udaya Parampalli,TH Yuen,Yong Yu,Dawu Gu

2016-01-01

Abstract:© Springer International Publishing Switzerland 2016.Motivated by tampering attacks in practice, two different but related security notions, termed complete non-malleability and relatedkey attack security, have been proposed recently. In this work, we study their relations and present the first public key encryption scheme that is secure in both notions under standard assumptions. Moreover, by exploiting the technique for achieving complete non-malleability, we give a practical scheme for the related-key attack security. Precisely, the scheme is proven secure against polynomial functions of bounded degree d under a newly introduced hardness assumption called dmodified extended decisional bilinear Diffie-Hellman assumption. Since the schemes are constructed in a direct way instead of relying on the noninteractive zero knowledge proof or signature techniques, they not only achieve the strong security notions but also have better performances.

李廷元,范成瑜,秦志光,刘晓东

DOI: https://doi.org/10.16208/j.issn1000-7024.2010.10.069

2010-01-01

Abstract:To satisfy the application requirement in electronic commence and electronic government field,the characteristic and the application of non-interactive deniable authentication protocols are intensively researched.According to the various applications,the deniable authentication protocols are divided into interactive protocols and non-interactive protocols.The cost of the communication rounds about the two types of protocols are analyzed and the fact that electronic voting and E-mail negotiation need non-interactive protocols is proposed.Finally,based on the analysis of some typical non-interactive protocols,the fact that the present researches cannot satisfy the needs of applications is pointed out,and the future research aspects about non-interactive deniable authentication are discussed.