Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Zhi-Yu Peng,Shan-Ping Li

DOI: https://doi.org/10.1109/icmlc.2008.4620616

2008-01-01

Abstract:As pervasive computing leading to an increased collection of information in the computational world as well as the real world, privacy leaking becomes a serious issue. Although privacy protection has drawn great attention in recent years, the privacy-preserving trust management has not been brought forward. Credential chain discovery problem is the key issue in trust management, and traditionally credentials are full open in the whole system. This could expose users' access control policies as well as other private information, and leads to a great risk of being cheated by malicious users. This paper advocates a privacy-preserving credential chain discovery mechanism, in which credentials are no longer available to everyone. By merely learning credentials of one's logic neighbors, this mechanism still achieves good results. The simulations show that this mechanism is practical.

Mingwu Zhang,Bo Yang,Shenglin Zhu,Wenzheng Zhang

DOI: https://doi.org/10.1007/978-3-540-69304-8_14

2008-01-01

Abstract:Three of the most important services offered by cryptography are confidential, private and authenticatability in distributed systems, such as P2P, trust negotiation and decentralized trust management. Information provider secretly encrypts a message with a hidden approach to protect message security and his privacy. Ring signcryption is an important way to realize full anonymity where the signcrypter cannot verify that this ciphertext was produced by himself. In this paper, we propose a novel construction of efficient secret authenticatable anonymous signcryption scheme in which only the actual signcrypter can authenticate that the ciphertext was produced by himself. The receiver cannot distinguish who the actual signcrypter is in the group even though he obtains all group members' private keys. Proposed scheme has the following properties: semantic security, signcrypter anonymity, signcrypter secret authenticatability, and unforgeability. We prove its security in the random oracle model under the DBDH assumption.

Di Wang,Yue Cao,Kim-Kwang Raymond Choo,Zhaohui Yang,Zhili Sun,Haitham Cruickshank

DOI: https://doi.org/10.1109/tvt.2023.3281592

IF: 6.8

2023-01-01

IEEE Transactions on Vehicular Technology

Abstract:For large-scale battery-swapping demands, reservations are utilized to effectively manage battery swapping. To achieve data security, one promising solution is heterogeneous signcryption (i.e. signature + encryption). However, existing heterogeneous signcryption cannot simultaneously support aggregation, batch verification, conditional privacy-preserving, bidirectional heterogeneous communication, and availability. Besides, to reduce the end-to-end delays, mobile edge computing (MEC) is introduced to reservations, so other challenge is to design an incentive mechanism to encourage mobile edge nodes (MENs) to transmit reservation messages. Seeking to address these challenges, we propose a reservation scheme with conditional privacy-preserving bidirectional heterogeneous aggregate signcryption and incentive mechanism, namely SecBS. More precisely, in status publication (i.e. SecBS-SP), electric vehicles (EVs) obtain status messages released by battery swapping stations (BSSs) via MENs, which is realized via heterogeneous signcryption from certificateless cryptosystem (CLC) to identity-based cryptosystem (IBC). In the reservation (i.e. SecBS-R), under the incentive, MENs transmit reservations sent by EVs to BSSs, which is realized via heterogeneous signcryption from IBC to CLC. Finally, formally security proof and extensive simulations are carried out to manifest the security and feasibility of our SecBS.

Fagen Li,Yupu Hu,Chuanrong Zhang

DOI: https://doi.org/10.1007/978-3-540-72738-5_24

2007-01-01

Abstract:As various applications of wireless ad hoc networks have been proposed, security has become one of the big research challenges and is receiving increasing attention. Recently, Several security schemes for wireless ad hoc networks have been proposed using identity-based signcryption schemes. However, almost all identity-based signcryption schemes that have been proposed until now are based on a single private key generator, which is not suitable for multi-domain ad hoc networks. In this paper, we propose a new identity-based signcryption scheme based on multiple private key generators, which is more suitable for multi-domain ad hoc networks. We prove its semantical security under the Decisional Bilinear Diffie-Hellman assumption in the random oracle model.

Zhenshen Ou,Xiaofei Xing,Siqi He,Guojun Wang

DOI: https://doi.org/10.1016/j.comcom.2024.02.018

IF: 5.047

2024-02-21

Computer Communications

Abstract:Data sharing has received much attention and research as an excellent way to unlock the value of data. Trusted data storage servers will participate in the data-sharing system to provide users with convenient data access and storage services. Currently, the vast majority of researchers design data-sharing systems based on centralized trusted authorities and key management centers, but they tend to ignore the problems of trust dependency and data leakage that exist in centralized trust and lead to the overall untrustworthiness of the system. To solve the above problems, this paper considers the use of public key infrastructure (PKI) to provide trusted authentication for data-sharing entities, but the traditional PKI has CA root trust and scenario adaptation problems, so we optimize the traditional PKI model for data-sharing scenarios and call it an improved PKI. Combining the decentralized trust property of blockchain, this paper proposes a TDS-NA scheme based on blockchain and improved PKI to build a distributed trusted, and secure data-sharing system in a semi-trusted network environment. TDS-NA can secure shared data in data sharing, and provide digital certificates that support entity-trusted authentication and reliable access control while designing digest blocks for efficient data auditing. In this paper, we demonstrate that the TDS-NA scheme is able to resist man-in-the-middle attacks and certificate forgery attacks through formal security analysis while satisfying the necessary security properties of data-sharing systems. We implement a prototype of the TDS-NA scheme in ethereum smart contracts and finally verify the security and feasibility of TDS-NA through experimental comparison and analysis.

computer science, information systems,telecommunications,engineering, electrical & electronic

Meng Xian Yong,Chen Zhong,Meng Xiang Yu

DOI: https://doi.org/10.4028/www.scientific.net/amm.475-476.1144

2013-01-01

Applied Mechanics and Materials

Abstract:In this paper, a novel decentralized key-policy attribute-based signcryption (ABS) scheme is proposed, where each authority can generate secret-public key pair for the user independently without any cooperation and a centralized authority. In the proposed scheme, each authority can join or leave the system randomly without reinitializing the system, and issue secret-public keys to user respectively. Therefore, it is clear that the multi-authority attribute-based access control scheme can reduce the communication cost and the collaborative computing cost. Additionally, the attribute-based signcryption scheme is efficient in terms of both the identification authentication and the confidential communication, and can realize security secret sharing in cloud computing environments.

Qiwei Lu,Wenchao Huang,Xudong Gong,Xingfu Wang,Yan Xiong,Fuyou Miao

DOI: https://doi.org/10.48550/arXiv.1307.2977

2013-07-11

Abstract:With the rapid development of MANET, secure and practical authentication is becoming increasingly important. The existing works perform the research from two aspects, i.e., (a)secure key division and distributed storage, (b)secure distributed authentication. But there still exist several unsolved problems. Specifically, it may suffer from cheating problems and fault authentication attack, which can result in authentication failure and DoS attack towards authentication service. Besides, most existing schemes are not with satisfactory efficiency due to exponential arithmetic based on Shamir's scheme. In this paper, we explore the property of verifiable secret sharing(VSS) schemes with Chinese Remainder Theorem (CRT), then propose a secret key distributed storage scheme based on CRT-VSS and trusted computing for MANET. Specifically, we utilize trusted computing technology to solve two existing cheating problems in secret sharing area before. After that, we do the analysis of homomorphism property with CRT-VSS and design the corresponding shares-product sharing scheme with better concision. On such basis, a secure distributed Elliptic Curve-Digital Signature Standard signature (ECC-DSS) authentication scheme based on CRT-VSS scheme and trusted computing is proposed. Furthermore, as an important property of authentication scheme, we discuss the refreshing property of CRT-VSS and do thorough comparisons with Shamir's scheme. Finally, we provide formal guarantees towards our schemes proposed in this paper.

Cryptography and Security

Fagen Li,Hui Zhang,Tsuyoshi Takagi

DOI: https://doi.org/10.1109/jsyst.2012.2221897

IF: 4.802

2013-01-01

IEEE Systems Journal

Abstract:Privacy and authentication are the two main security goals in secure communications. To solve the secure communications problem between two heterogeneous systems, we propose two efficient signcryption schemes that can simultaneously achieve confidentiality, integrity, authentication, and nonrepudiation in a logical single step. The first scheme allows a sender in a public key infrastructure (PKI) to send a message to a receiver in an identity-based cryptosystem (IBC) and the second scheme allows a sender in the IBC system to send a message to a receiver in the PKI system. We prove that the first scheme has indistinguishability against adaptive chosen ciphertext attacks (IND-CCA2) under the q-bilinear Diffie-Hellman inversion problem (q-BDHIP) and existential unforgeability against adaptive chosen messages attacks (EUF-CMA) under the Diffie-Hellman inversion problem in the random oracle model. We also prove that the second scheme has the IND-CCA2 property under the BDHIP and EUF-CMA property under the q-strong Diffie- Hellman problem (q-SDHP) in the random oracle model.

Qi Tao,Xiaohui Cui,Adnan Iftekhar

DOI: https://doi.org/10.1016/j.ins.2023.119839

IF: 8.1

2023-11-08

Information Sciences

Abstract:Social co-governance is an effective way to solve public safety incidents such as COVID-19 incident. But the insiders wouldn't share the firsthand information for fear of cyber-violence. Though most of researches paid attention to the data access control and security, less attention focused on the identity privacy. So, in this work, it constructed a lightweight decentralized attribute-based signature scheme with unconditional full anonymity (LDABS-UFA) scheme to protect user's identity privacy security. It confuses the user's private key with fuzzy factors, and prevents user's privacy in the signature from being disclosed. It outsources some complex computing to cloud servers to reduce the user device performance overhead. The security analysis result shows that the scheme is UFA security, unforgeability and non-collusion. Besides, a social co-governance system based on lightweight blackbox-based traceable decentralized attribute-based signature (LWBT-DABS) scheme is proposed. By generating fingerprints for the data owner in the signature, regulators can monitor the entire system and prevent malicious user from spreading rumors. And it constructs an accountability mechanism to prevent the abuse of supervisory power. The performance analysis shows that the data signature of our scheme size is constant, and the scheme is feasibility and practicability.

computer science, information systems

Yingzhe Hou,Yue Cao,Hu Xiong,Zhili Sun,Shahid Mumtaz,Daxin Tian

DOI: https://doi.org/10.1109/tiv.2024.3388724

IF: 8.2

2024-01-01

IEEE Transactions on Intelligent Vehicles

Abstract:To enhance the privacy of messages in Internet of Vehicles (IoVs), it is critical to preserve the communication security between Road Side Unit (RSU) and numerous vehicles. The primitive of signcryption is introduced to guarantee the confidentiality, integrity and unforgeability of transmitted messages. Nevertheless, the existing signcryption schemes fail to achieve a balance between security and efficiency. In this paper, we construct a Chinese remainder theorem (CRT) empowered certificateless aggregate signcryption scheme with key agreement (CASKA-CRT). As the vehicle joins and leaves dynamically, the proposed scheme can ensure the dynamic security via one modulo division operation. Besides, the certificateless aggregate signcryption and key agreement mechanisms are embedded. The former idea can both address the certificate management and key escrow problems, while the latter technology can create authentication as a premise of secure communication. Based on this construction, the hash-to-group operation and bilinear pairing are avoided, to realize a faster verification with the increased number of messages. Moreover, the security of proposed scheme is proved under the random oracle model. Finally, the performance analysis demonstrates the advantage of CASKA-CRT in terms of security and reliability over related works.

Hu Xiong,Kim-Kwang Raymond Choo,Athanasios V. Vasilakos

DOI: https://doi.org/10.1109/tbdata.2017.2697448

2017-01-01

IEEE Transactions on Big Data

Abstract:To be able to leverage big data to achieve enhanced strategic insight, process optimization and make informed decision, we need to be an efficient access control mechanism for ensuring end-to-end security of such information asset. Signcryption is one of several promising techniques to simultaneously achieve big data confidentiality and authenticity. However, signcryption suffers from the limitation of not being able to revoke users from a large-scale system efficiently. We put forward, in this paper, the first identity-based (ID-based) signcryption scheme with efficient revocation as well as the feature to outsource unsigncryption to enable secure big data communications between data collectors and data analytical system(s). Our scheme is designed to achieve end-to-end confidentiality, authentication, non-repudiation, and integrity simultaneously, while providing scalable revocation functionality such that the overhead demanded by the private key generator (PKG) in the key-update phase only increases logarithmically based on the cardiality of users. Although in our scheme the majority of the unsigncryption tasks are outsourced to an untrusted cloud server, this approach does not affect the security of the proposed scheme. We then prove the security of our scheme, as well as demonstrating its utility using simulations.

Weifeng Long,Lunzhi Deng,Jiwen Zeng,Yan Gao,Tianxiu Lu

DOI: https://doi.org/10.3390/s24154899

2024-07-28

Abstract:A Wireless Body Area Network (WBAN), introduced into the healthcare sector to improve patient care and enhance the efficiency of medical services, also brings the risk of the leakage of patients' privacy. Therefore, maintaining the communication security of patients' data has never been more important. However, WBAN faces issues such as open medium channels, resource constraints, and lack of infrastructure, which makes the task of designing a secure and economical communication scheme suitable for WBAN particularly challenging. Signcryption has garnered attention as a solution suitable for resource-constrained devices, offering a combination of authentication and confidentiality with low computational demands. Although the advantages offered by existing certificateless signcryption schemes are notable, most of them only have proven security within the random oracle model (ROM), lack public ciphertext authenticity, and have high computational overheads. To overcome these issues, we propose a certificateless anonymous signcryption (CL-ASC) scheme suitable for WBAN, featuring anonymity of the signcrypter, public verifiability, and public ciphertext authenticity. We prove its security in the standard model, including indistinguishability, unforgeability, anonymity of the signcrypter, and identity identifiability, and demonstrate its superiority over relevant schemes in terms of security, computational overheads, and storage costs.

Huifang Yu,Runtao Ren

DOI: https://doi.org/10.1109/jsyst.2021.3096531

IF: 4.802

2021-01-01

IEEE Systems Journal

Abstract:Driven by new situation of "Internet +," Internet has achieved the integrated development with all walks of life. Among them, the fifth generation is a key technology to promote the deep integration of Internet-of-Things equipment, cloud computing, blockchain and other trades. Hence, it is necessary for IoTs to consider the cost and efficiency of authentication and confidentiality of the communication. For effectively solving the above problems, we devise certificateless elliptic curve aggregate signcryption (CL-ECASC) scheme for IoTs that can improve the authentication efficiency, realize data confidentiality, and avoid the problems of complex certificate management and key escrow. Under the hardness of discrete logarithm and computational DiffieHellman problems on elliptic curve, CL-ECASC is proved to has the IND-CCA2 security (indistinguishability under the adaptive chosen-ciphertext attacks) and UF-CMA security (existentially unforgeable under the adaptive chosen-message attacks). CL-ECASC has relatively faster computation efficiency and lower communication cost, and so it is suitable for secure transmission of the information in the previously mentioned environments.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Fagen Li,Masaaki Shirase,Tsuyoshi Takag

DOI: https://doi.org/10.1007/978-3-642-01440-6_23

2009-01-01

Abstract:As various applications of ad hoc networks have been proposed, security has become an important research issue. ID-based signcryption is very suitable to provide security solution for ad hoc networks. In multi-domain ad hoc networks, we should use identity-based signcryption with multiple private key generators. Recently, two such schemes were proposed. However, we find that both schemes are not secure. In this paper, we propose a new identity-based signcryption with multiple private key generators. We prove its semantic security and existential unforgeability in the random oracle model. Compared with the existing two schemes, our scheme is more secure and efficient.

Mingwu Zhang,Bo Yang,Shenglin Zhu,Wenzheng Zhang

DOI: https://doi.org/10.6633/ijns.200903.8(2).01

2009-01-01

Abstract:Trust management systems support the provision of the required levels of assurance in a flexible and scalable manner by locally discriminating between the entities with which a principal should interact. However, there is a tension between the preservation of privacy and the controlled release of information when an entity submits credentials for establishing and verifying trust. Furthermore, trust delegation will require some levels of risk to be tolerated. In this paper, we propose a privacy-protecting trust establishing model, which is based on an ordered semiring framework. In proposed semiring framework, the credential graph is flexible enough to express trust relationships which adapts to the trust and privacy risk aggregating and concentrating in decentralized network systems. We analyze a computing model to describe the trust opinion and privacy opinion, and also provide the minimized privacy disclosure credential search algorithm based on semiring model.

Yong Yu,Fagen Li,Chunxiang Xu,Ying Sun

DOI: https://doi.org/10.1007/s11859-008-0607-1

2008-01-01

Abstract:Signcryption is a cryptographic primitive that performs encryption and signature in a single logical step more efficiently than sign-then-encrypt approach. Till now, various kinds of signcryption schemes have been proposed. Among them, the requirement of signcrypter’s privacy protection is needful in some practical applications. In this paper, a new identity-based anonymous signcryption scheme from bilinear pairings, which is the organic combination of identity-based ring signature and encryption scheme, is proposed. The proposed scheme is indistinguishable against the chosen ciphertext attack under the Decisional Bilinear Diffie-Hellman assumption in the random oracle model. Its unforgeability relies on the computational Diffie-Hellman problem. Compared with the previous schemes, the new scheme is more efficient in computation.

Jing He,Xiaofeng MA,Dawei Zhang,Feng Peng

DOI: https://doi.org/10.1051/sands/2024013

2024-10-16

Security and Safety

Abstract:Decentralized identity represents an innovative approach based on blockchain to achieve effective identity management. This method utilizes decentralized identifiers and verifiable credential to enable trusted authentication, free circulation of identity information, and self-sovereign control over identity data functionalities. The current decentralized identity systems rely on entirely anonymous identifiers, lacking robust identity regulation. Furthermore, they face challenges such as identity attribute leakage during verifiable credential presentation and the issuers' struggle to reliably revoke credentials. To address these issues, efficient and practical schemes have been designed based on BBS signature, zero-knowledge proof, dynamic accumulator and blockchain technology: one for decentralized identifiers management and the other for verifiable credential privacy protection, both of which are supervised and revocable. The former ensures the privacy of subject identity while achieving regulatability and revocability of identity data by regulator. The latter facilitates selective disclosure of anonymous credentials and reliable revocation. A security analysis shows that the proposed scheme meets anonymity, non-forgeability, regulatory reliability, and revocability reliability, and offers comprehensive and effective privacy protection measures. The experimental results demonstrate that the algorithms designed operate at a millisecond level, which satisfies the demands of blockchain identity management scenarios.

Dong Jiao,Mingchu Li,Jinping Ou,Cheng Guo,Yizhi Ren,Yongrui Cui

DOI: https://doi.org/10.1049/iet-ifs.2012.0350

2013-01-01

IET Information Security

Abstract:In a group-based trust management scheme, peers are partitioned into groups based on chosen characteristics, such as location and interest. The super peer (SP), who is responsible for the storage and distribution of reputation value, has an important role in group-based trust management. Thus, if the SP is a disguised or malicious peer, serious security problems could occur. To solve these security problems, the authors propose a traceable, group-oriented, signature scheme with multiple signing policies for trust management. The SP's signature is generated by a designated group called the signature group. In the authors scheme, peers in the signature group will decide whether to generate the signature for the SP based on the SP's reputation, meaning that attackers cannot forge a valid signature. In addition, an outsider also can trace the signers who were involved in generating the signature for reputation valuation.