Cong Tang,Ruichuan Chen,Zhuhua Cai,Anmin Xie,Jian-bin Hu,Liyong Tang,Zhong Chen

DOI: https://doi.org/10.1145/1529282.1529298

2009-01-01

Abstract:Compared with the public key infrastructure (PKI) technique, identity based cryptography (IBC) can simplify the key management process in peer-to-peer (P2P) networks significantly. The identity of a peer (e.g., peer identifier or peer geometric coordinate) in P2P overlay networks is used to create its public key, thus avoiding the use of any certificates. These IBC-based systems are scalable, simple to administer, and each user can carry out anytime/anywhere encryption, establish secure communication channels, prove its identity to other nodes, verify protected messages and produce a form of signature with non-repudiation properties.

Xuqiu Chen,Wei Wang,Wei Gan,Yi Yang,Su Yuan,Meng Li

DOI: https://doi.org/10.1007/978-3-030-97774-0_10

2022-01-01

Abstract:With the rapid development of the power mobile Internet, traditional identity authentication and authentication modes still have identity information theft, are unable to prevent illegal behaviors of internal users, etc., which can no longer meet the security requirements of identity authentication in mobile Internet services. In response to this problem, this paper proposes a mobile terminal identity authentication method on the Identity-Based Cryptography (IBC). During registration, the user's voice is collected through the mobile terminal to establish an identity vector (i-vector) voiceprint model, and features are extracted and added to the identity mark to generate a user ID and a corresponding identity password system; during authentication, the legitimacy of the user is judged based on voice recognition to prevent illegal user intrusion, And then based on the identity password combined with the symmetric encryption algorithm AES to encrypt and decrypt data to achieve terminal identity authentication to resist common attacks in the mobile Internet. Finally, the experimental analysis shows that the method effectively improves the security of the power mobile Internet identity authentication process and has the advantages of low cost and high efficiency. In the power mobile Internet business scenario, this method greatly improves the identification ability of illegal users and the resistance to network malicious attacks.

Jason Chia,Swee-Huay Heng,Ji-Jian Chin,Syh-Yuan Tan,Wei-Chuen Yau

DOI: https://doi.org/10.3390/sym13081535

2021-08-20

Symmetry

Abstract:Public key infrastructure (PKI) plays a fundamental role in securing the infrastructure of the Internet through the certification of public keys used in asymmetric encryption. It is an industry standard used by both public and private entities that costs a lot of resources to maintain and secure. On the other hand, identity-based cryptography removes the need for certificates, which in turn lowers the cost. In this work, we present a practical implementation of a hybrid PKI that can issue new identity-based cryptographic keys for authentication purposes while bootstrapping trust with existing certificate authorities. We provide a set of utilities to generate and use such keys within the context of an identity-based environment as well as an external environment (i.e., without root trust to the private key generator). Key revocation is solved through our custom naming design which currently supports a few scenarios (e.g., expire by date, expire by year and valid for year). Our implementation offers a high degree of interoperability by incorporating X.509 standards into identity-based cryptography (IBC) compared to existing works on hybrid PKI–IBC systems. The utilities provided are minimalist and can be integrated with existing tools such as the Enterprise Java Bean Certified Authority (EJBCA).

V Mora-Afonso,Pino Caballero-Gil

DOI: https://doi.org/10.1007/978-3-319-01854-6_54

2022-08-13

Abstract:This work includes a review of two cases study of mobile applications that use Identity-Based Cryptography (IBC) to protect communications. It also describes a proposal of a new mobile application that combines the use of IBC for Wi-Fi or Bluetooth communication between smartphones, with the promising Near Field Communication (NFC) technology for secure authentication. The proposed scheme involves NFC pairing to establish as public key a piece of information linked to the device, such as the phone number, so that this information is then used in an IBC scheme for peer-to-peer communication. This is a work in progress, so the implementation of a prototype based on smartphones is still being improved.

Cryptography and Security

YAN Shi-jia,LIU Xiao-jie

DOI: https://doi.org/10.3969/j.issn.1000-3428.2011.19.037

2011-01-01

Abstract:For the security need of the current electronic bidding,an Identity-based Cryptosystem(IBC) electronic bidding scheme is proposed.Through improving key management system of IBC,this scheme solves the problem of IBC in the application of electronic bidding,such as key distribution,key escrow,ect.And it presents a new method for security of bidding information——multiple encrypted simultaneity sealing/ unsealing,which provides effective indemnification for bidding information,including integrity,confidentiality and non-repudiation.

Qiang Wang,Zhiguang Qin

DOI: https://doi.org/10.1109/ICCCAS.2010.5581993

2010-01-01

Abstract:Web Applications have changed significantly since the World Wide Web was introduced, facing a shift in web content from simple hyperlinked documents to active programs. However, the prevailing web protection model, the same origin policy, is an imperfect approach to identify web applications and govern their behavior. As a result, web applications have become attractive targets of exploitation, especially web plug-ins. In this paper, we present KUBERA, a new web browser security model that adapts lessons from OS to make the browser a more suitable platform for web applications. Using system call interposition, KUBERA is responsible for uniformly specifying and enforcing security policies on not just HTML and JavaScript, but plug-in media and browser extensions as well. We describe our implementation of a prototype of KUBERA, and illustrate how browsers can use KUBERA for securing their resources.

Hu Xiong,Yingzhe Hou,Xin Huang,Yanan Zhao,Chien-Ming Chen

DOI: https://doi.org/10.1109/jsyst.2020.3048972

IF: 4.802

2021-01-01

IEEE Systems Journal

Abstract:The signcryption protocols supporting the equality test are only for a single system rather than a flexible heterogeneous environment of wireless body area networks (WBANs). In this article, this problem is efficiently addressed through a proposed heterogeneous signcryption scheme from identity-based cryptosystem (IBC) to public key infrastructure (PKI) with an equality test (HSCIP-ET) for WBANs. Our scheme allows the sensors planted or worn by a user in the IBC system to signcrypt sensitive data using the public key of the management center in the PKI system, and then uploading it to the cloud server. Subsequently, the equality test can be executed by the cloud server on diverse ciphertexts to determine whether they contain the identical plaintext and return the corresponding result after receiving a request from an application provider. Furthermore, a rigorous analysis and an experimental comparison demonstrate the security and efficiency of the HSCIP-ET approach, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Beini Zhou,Hui Li,Li Xu

DOI: https://doi.org/10.1109/iscc.2018.8538446

2018-01-01

Abstract:Identity-based encryption is a key distribution system in which the public key of a user is derived directly from his identity information. Compared with PKI, Identity-based encryption simplifies key management issue, but it still suffers from drawbacks inkey escrow and private key delivering. Motivated by this, we propose an improved key distribution solution called BIBE by integrating the technique of blockchain into the identity-based encryption. Specifically, we split the nodes in the chain to complete user authentication and private key protection, respectively. Furthermore, the two sides complete the mutual identity authentication with the identity information key pairs obtained from BIBE. Additionally, to prevent network attack, we employ timestamps, random numbers and hash algorithm in the process of identification. Through the rigorous and mathematical analysis, the proposed scheme demonstratesa far better performance on correctness, safety and efficiency.

V Mora-Afonso,Pino Caballero-Gil,Jezabel Molina-Gil

DOI: https://doi.org/10.48550/arXiv.2208.03541

2022-08-06

Cryptography and Security

Abstract:The rapid deployment of wireless technologies has given rise to the current situation where mobile phones and other wireless devices have become essential elements in all types of activities, including in the home. In particular, smartphones and laptops are used for wirelessly sharing photos and documents, playing games, browsing websites, and viewing multimedia, for example. This work describes a proposal for both desktop and mobile applications that use Identity-Based Cryptography (IBC) to protect communications between smart wireless devices in the home. It combines the use of IBC for Wi-Fi and Bluetooth communication, with the promising Near Field Communication (NFC) technology for secure authentication. The proposed scheme involves NFC pairing to establish as public key a piece of information linked to the device, such as a phone number or an IP address. In this way, such information can be then used in an IBC scheme for peer-to-peer communication. This is a work in progress, but preliminary implementations of prototypes on several mobile platforms have already produced promising results.

Cong Tang,Ruichuan Chen,Zhuhua Cai,Anming Me,Jianbin Hu,Liyong Tang,Zhong Chen

DOI: https://doi.org/10.1109/icns.2009.64

2009-01-01

Valencia

Abstract:Identity based cryptography (IBC) was introduced into peer-to-peer (P2P) networks recently for identity verification and authentication purposes. However current IBC-based solutions could not address the problem of secure private key issuing. In this paper we propose SKIP: a novel secure key issuing scheme for P2P networks using IBC. We present an IBC infrastructure setup phase, a peer registration solution using Shamir's (k, n) secret sharing scheme, and a secure key issuing scheme, which adopts key generate center (KGC) and key privacy authorities (KPAs) to issue private keys to peers securely in order to enable the IBC systems to be more acceptable and applicable in real-world P2P networks. Furthermore, to maintain the security of KPAs, we develop a scheme to authenticate KPAs using Byzantine fault tolerance protocol. The theoretical analysis and experimental results show that SKIP performs effectively and efficiently, and is able to support large scale networks.

Tao Yang,Liyong Tang,Lingbo Kong,Zhong Chen

DOI: https://doi.org/10.1109/fskd.2012.6233869

2012-01-01

Abstract:Recently, distributed online social networks (OSNs) are developed to address the security and privacy issues in centralized OSNs. Identity based cryptography (IBC) was introduced into distributed OSNs recently for better identity verification and authentication purposes. However, current IBC-based solutions in OSNs could not address the problem of secure private key issuing. In this paper we propose PEKING: a novel Pivacy Enhanced Key IssuiNG scheme for distributed online social networks using IBC. Our scheme adopts key generate center (KGC) and key privacy assistants (PAs) to issue keys to peers securely. In the scheme, PAs can be selected from users' friends. Neither KGC nor PAs can impersonate the users to obtain the private keys. Furthermore, to maintain the security of PAs, we develop a scheme to authenticate PAs using Byzantine fault tolerance protocol. The experimental results show that PEKING performs effectively and efficiently, and is able to support large scale networks.

Tao Sun,Liang Hu,Xiaochun Cheng,Zheli Liu

DOI: https://doi.org/10.1109/ICMLC.2009.5212807

2009-01-01

Abstract:Compared with the RSA used in PKI, identity based encryption (IBE) can provide the same security with lower computation consumption and remove the need for certificates. However, there are still many problems of IBE when it is in the rush to market and just few successful business solutions were presented now. In this paper, we first propose a practical IBE application architecture. Then, we present two improved TLS handshakes to meet the requirements of secure communication, describe the details proceeding on identity authentication and key exchange. Finally, we analyze the security and efficiency.

Zuoqi Jiang,Jiangtao Luo,Fei Zhang,Chen He,Mengnan Wang,Yanyong Zhang

DOI: https://doi.org/10.1109/hoticn48464.2019.9063215

2019-01-01

Abstract:The current data-centric security architecture for the Information Centric Network (ICN) does not provide efficient user authentication mechanisms, thus causing undesirable issues such as interest flooding a ttacks (IFA). I no rder to address them, this paper proposes a pseudonym authentication scheme on network layer based on the system of identity-based cryptography (IBC). In the proposed approach, each consumer needs to be authenticated before sending Interest packets into the network. After successful authentication, the consumer will be assigned a temporary nickname to be used in later data request. During the procedure, IBC is adopted to protect real names of consumers and verify the interest origin. As a result, this approach can complete user authentication and protect his real identity simultaneously. The proposed approach is case studied in IFA depression and expected results are achieved.

Zhi Guan,Long Zhang,Zhong Chen,Xianghao Nan

DOI: https://doi.org/10.1007/978-3-540-88625-9_18

2008-01-01

Abstract:With the increasing concerns over the security and privacy of Web based applications, many solutions based on strong cryptography have been proposed to protect client side Web applications against attacks such as phishing, pharming and even server side attacks. While strong cryptography is used, one critical building block in cryptosystem, the random number generator, is often neglected. Considering this situation, in this paper we design and implement a pseudo-random number generator only rely on ubiquitous Web browser abilities - JavaScript, HTML and AJAX. We also provide a mechanism called Pseudo-cookiefor JavaScript programs to access operating system services for retrieving random or entropy values without changing Web browser security policies. The security model, analysis and performance evaluation demonstrate that our method is secure and efficient.

Siyu Gan,Gu, Chunhua,Xueqin Zhang

DOI: https://doi.org/10.1109/IEEC.2010.5533219

2010-01-01

Abstract:With the rapid development of E-Business systems, the technology of distributed services and security becomes research focus in the field of Internet based applications. The distributed E-Business application platform has strong security requirements and specific demands on secure user authentication. After analyzing the distributed authentication protocol and public key infrastructure (PKI), a method for distributed E-Business application authentication using public key cryptography is introduced in this paper. By distributing most of the authentication workload away from the trusted intermediary and to the communicating parties, significant enhancements to security and scalability can be achieved.

Mohamed Abid,Songbo Song,Hassnaa Moustafa,Hossam Afifi

DOI: https://doi.org/10.48550/arXiv.1004.0762

2010-04-06

Abstract:Nowadays, the IP Multimedia Subsystem (IMS) is a promising research field. Many ongoing works related to the security and the performances of its employment are presented to the research community. Although, the security and data privacy aspects are very important in the IMS global objectives, they observe little attention so far. Secure access to multimedia services is based on SIP and HTTP digest on top of IMS architecture. The standard deploys AKA-MD5 for the terminal authentication. The third Generation Partnership Project (3GPP) provided Generic Bootstrapping Architecture (GBA) to authenticate the subscriber before accessing multimedia services over HTTP. In this paper, we propose a new IMS Service Authentication scheme using Identity Based cryptography (IBC). This new scheme will lead to better performances when there are simultaneous authentication requests using Identity-based Batch Verification. We analyzed the security of our new protocol and we presented a performance evaluation of its cryptographic operations

Cryptography and Security,Multimedia

XJ Lai

DOI: https://doi.org/10.1007/978-0-387-35515-3_52

2000-01-01

Abstract:With the recent explosive growth of the Internet, more and more business are conducted over the open communication network. The increase of information transmitted electronically has lead to an increased need for security. Cryptographic techniques, especially the public-key cryptographic techniques are used to provide the necessary protection to ensure such business process. The widespread of public-key technology requires a reliable and trusted system to manage public keys. Public-key infrastructure provides such a system for mange the trust of the public keys.

Fagen Li,Muhammad Khurram Khan

DOI: https://doi.org/10.4103/0256-4602.81236

2011-01-01

IETE Technical Review

Abstract:Signcryption is a cryptographic primitive that fulfills both the functions of digital signature and public key encryption simultaneously, at a cost significantly lower than that required by the traditional signature-then-encryption approach. Signcryption has found many applications, such as electronic transaction protocol, mobile agent protocol, key management, and routing protocol. In this article, the state-of-the-art of identity-based signcryption (IBSC) is surveyed. We examine the security model of IBSC. We survey the existing IBSC schemes and compare their security properties and efficiency. IBSC with special properties and identity-based hybrid signcryption are investigated. Some possible future work is also pointed out.

Shuo Tang,Nathan Dautenhahn,Samuel T. King

DOI: https://doi.org/10.1145/2046707.2046777

2011-01-01

Abstract:Browser designers create security mechanisms to help web developers protect web applications, but web developers are usually slow to use these features in web-based applications (web apps). In this paper we introduce ZAN(1), a browser-based system for applying new browser security mechanisms to legacy web apps automatically. Our key insight is that web apps often contain enough information, via web developer source-code patterns or key properties of web-app objects, to allow the browser to infer opportunities for applying new security mechanisms to existing web apps. We apply this new concept to protect authentication cookies, prevent web apps from being framed unwittingly, and perform JavaScript object deserialization safely. We evaluate ZAN on up to the 1000 most popular websites for each of the three cases. We find that ZAN can provide complimentary protection for the majority of potentially applicable websites automatically without requiring additional code from the web developers and with negligible incompatibility impact.

Dan Cao,Wang Xiao-feng,Fei Wang,Hu Qiao-lin,Su Jin-shu

DOI: https://doi.org/10.3724/SP.J.1146.2011.00399

2011-01-01

Abstract:In an Identity-Based Encryption (IBE) scheme, an user's public key can be derived from his identity directly, which eliminates the cost of the certificate management in Public Key Infrastructure (PKI) systems. However, the IBE has the key escrow issue, that is, the trusted Private Key Generator (PKG), can decrypt the users' ciphertexts and leak their secret keys. To solve this issue, most existing schemes either can only solve part of the key escrow problem, or need a secure key distribution channel and complicated identification schemes causing great performance cost. This paper proposes a Secure and Accountable Identity-Based Encryption (SA-IBE) scheme, in which user's initial secret key is issued by the PKG, and then its privacy is consolidated parallel by multiple Key Privacy Authorities (KPAs), so that no single authority can get the user's secret key or message. In addition, an efficient and accountable single PKG identification scheme is designed, and the blinding technique is used to remove the secure channel for the key distribution. Based on the standard Diffie-Hellman assumption, it is proved that SA-IBE can efficiently address the key escrow issue while ensures its security and the accountability of the system identification.