S. Liu,K. Chem

2012-01-01

Abstract:Proof of Retrievability (POR) refers to interactive auditing protocols executed between a storage server and clients, so that clients can be convinced that their data is available at the stor- age server, ready to be retrieved when needed. In an interactive POR protocol, clients initiate challenges to the server, and the server feed- backs responses to clients with the help of the stored data. Retriev- ability means that it should be possible for a client to extract his/her data from the server's valid responses. An essential step leading to retrievability is the server's unforgeability of valid responses, i.e, any server coming up with valid responses to a client's challenges is ac- tually storing the client's data with overwhelming probability. Un- forgeability can be achieved with authentication schemes like MAC, Digital Signature, etc. With Homomorphic Linear Authentication (HLA) schemes, the server's several responses can be aggregated into one, hence reducing the communication complexity. In this paper, we explore some new constructions of ǫ-almost strong universal hash- ing functions (ǫ-ASU2), which are used to build homomorphic linear authenticator schemes in POR to provide unforgeability. We show the HLA scheme involved in Shacham and Waters' POR scheme (see Shacham and Waters, 2008) is just an employment of a class ǫ-ASU2 functions. Using another class of ǫ-ASU2 for authentication in POR results in a new HLA scheme, which enjoys unforgability, the same shortest responses as the SW scheme, but reduces the local storage from O(n+s) to O(n) for information soundness, and from O(s) to O(1) for knowledge-soundness.

Xiao Zhang,Shengli Liu,Shuai Han

DOI: https://doi.org/10.1504/ijics.2019.098205

2019-01-01

International Journal of Information and Computer Security

Abstract:Proofs of retrievability (PoR) enables clients to outsource huge amount of data to cloud servers, and provides an efficient audit protocol, which can be employed to check that all the data is being maintained properly and can be retrieved from the server. In this paper, we present a generic construction of PoR from linearly homomorphic structure-preserving signature (LHSPS), which makes public verification possible. Authenticity and retrievability of our PoR scheme are guaranteed by the unforgeability of LHSPS. We further extend our result to dynamic PoR, which supports dynamic update of outsourced data. Our construction is free of complicated data structures like Merkle hash tree. With an instantiation of a recent LHSPS scheme proposed by Kiltz and Wee (EuroCrypt15), we derive a publicly verifiable (dynamic) PoR scheme. The security is based on standard assumptions and proved in the standard model.

YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Lin Yao,Xiangwei Kong,Guowei Wu,Qingna Fan,Chi Lin

DOI: https://doi.org/10.1007/s11767-008-0089-5

2010-01-01

Abstract:In pervasive computing environments, users can get services anytime and anywhere, but the ubiquity and mobility of the environments bring new security challenges. The user and the service provider do not know each other in advance, they should mutually authenticate each other. The service provider prefers to authenticate the user based on his identity while the user tends to stay anonymous. Privacy and security are two important but seemingly contradictory objectives. As a result, a user prefers not to expose any sensitive information to the service provider such as his physical location, ID and so on when being authenticated. In this paper, a highly flexible mutual authentication and key establishment protocol scheme based on biometric encryption and Diffie-Hellman key exchange to secure interactions between a user and a service provider is proposed. Not only can a user’s anonymous authentication be achieved, but also the public key cryptography operations can be reduced by adopting this scheme. Different access control policies for different services are enabled by using biometric encryption technique. The correctness of the proposed authentication and key establishment protocol is formally verified based on SVO logic.

Shuai Han,Shengli Liu,Fangguo Zhang,Kefei Chen

DOI: https://doi.org/10.1145/2897845.2897859

2016-01-01

Abstract:Proofs of Data Possession/Retrievability (PoDP/PoR) schemes are essential to cloud storage services, since they can increase clients' confidence on the integrity and availability of their data. The majority of PoDP/PoR schemes are constructed from homomorphic linear authentication (HLA) schemes, which decrease the price of communication between the client and the server. In this paper, a new subclass of authentication codes, named epsilon-authentication codes, is proposed, and a modular construction of HLA schemes from epsilon-authentication codes is presented. We prove that the security notions of HLA schemes are closely related to the size of the authenticator/tag space and the successful probability of impersonation attacks (with non-zero source states) of the underlying epsilon-authentication codes. We show that most of HLA schemes used for the PoDP/PoR schemes are instantiations of our modular construction from some epsilon-authentication codes. Following this line, an algebraic curves-based epsilon-authentication code yields a new HLA scheme.

Chaowen Guan,Kui Ren,Fangguo Zhang,Florian Kerschbaum,Jia Yu

DOI: https://doi.org/10.1007/978-3-319-24174-6_11

2015-01-01

Abstract:Proofs-of-Retrievability enables a client to store his data on a cloud server so that he executes an efficient auditing protocol to check that the server possesses all of his data in the future. During an audit, the server must maintain full knowledge of the client's data to pass, even though only a few blocks of the data need to be accessed. Since the first work by Juels and Kaliski, many PoR schemes have been proposed and some of them can support dynamic updates. However, all the existing works that achieve public verifiability are built upon traditional public-key cryptosystems which imposes a relatively high computational burden on low-power clients (e.g., mobile devices).In this work we explore indistinguishability obfuscation for building a Proof-of-Retrievability scheme that provides public verification while the encryption is based on symmetric key primitives. The resulting scheme offers light-weight storing and proving at the expense of longer verification. This could be useful in apations where outsourcing files is usually done by low-power client and verifications can be done by well equipped machines (e.g., a third party server). We also show that the proposed scheme can support dynamic updates. At last, for better assessing our proposed scheme, we give a performance analysis of our scheme and a comparison with several other existing schemes which demonstrates that our scheme achieves better performance on the data owner side and the server side.

Jianhong Zhang,Yuehai Wang

2019-01-01

Abstract:.As a significant cryptographical primitive, proxy re-signature(PRS) technique is broadly applied to distributed computation, copyright transfer and hidden path transfer because it permits that a proxy translates an entity’s signature into the other entity’s signature on the identical data. Recently, to discard time-consuming pairing operator and intricate certificate-maintenance, Wang et al. proposed two efficient pairing-free ID-based PRS schemes, and declared that their schemes were provably secure in the ROM. Very unluckily, in this investigation, we point out that Wang et al.’s schemes suffer from attacks of universal forgery by analysing their security, i.e., anyone can fabricate a signature on arbitrary file. After the relevant attacks are shown, the reasons which result in such attacks is analyzed. Finally, we discuss the corresponding improved method. Key–Words: ID-based PRS, integer factorization problem, universal forgeability, security attack

Qi XIE,XiuYuan YU,WenHao LIU,DeRen CHEN,GuiLin WANG,JiYi WU

DOI: https://doi.org/10.1360/112011-915

2012-01-01

Scientia Sinica Informationis

Abstract:Mutual authentication between the user and the public cloud is essential requirement for the user to access the public cloud in cloud computing. In 2011, Juang et al. proposed a first authentication scheme based on proxy signature. The advantage of the scheme is that the user only needs to register on his home service cloud (HSC), and can pass through the authentication of the public cloud with the help of his HSC. However, their scheme has three weaknesses: 1) the users HSC needs to update the users public key in each session to protect the users privacy; 2) HSC may suffer from network jam when many users in the same HSC need to register on different public clouds simultaneously; and 3) a secret key should be shared between HSC and visiting cloud. To overcome these weaknesses, a provably secure convertible proxy signcryption for privacy preserving is proposed. Based on this scheme, a novel one-round authentication protocol is proposed, which the user only needs to register on his HSC, and can pass through the authentication of the visiting cloud without the help of his HSC. On the other hand, the proposed protocol can provide some nice properties, such as user privacy protection, non-repudiation, without updating the users public key, and secret key does not have to be shared between HSC and visiting cloud. In addition, the proposed scheme is provably secure in the random oracle model, and is more efficient than Juang et al.s scheme.

Qi Xie,Guilin Wang,Fubiao Xia,Deren Chen

DOI: https://doi.org/10.1002/cpe.3058

2013-01-01

Concurrency and Computation Practice and Experience

Abstract:By integrating self-certified public-key systems and the designated verifier proxy signature with message recovery, Wu and Lin proposed the first self-certified proxy convertible authenticated encryption (SP-CAE) scheme and its variants based on discrete logarithm problem (DLP) in 2009. Though their schemes are claimed provably secure, we demonstrate that their schemes are existentially forgeable under adaptive chosen warrants, unconfidentiable and verifiable under adaptive chosen messages and designated verifiers. Then we propose a provably secure SP-CAE scheme in the random oracle model.

Tao Wang,Bo Yang,Hongyu Liu,Yong Yu,Guoyong Qiu,Zhe Xia

DOI: https://doi.org/10.1007/s00500-018-3155-4

IF: 3.732

2018-01-01

Soft Computing

Abstract:Public cloud data auditing allows a user to delegate an auditing job to a third party who is responsible for verifying whether a cloud server has faithfully stored a file or not. Proof of retrievability (PoR) is a widely used protocol for this kind of job. To the best of our knowledge, in the publicly verifiable setting with supporting data dynamics, all known PoR schemes are either rely on the random oracles or are built in the standard model but require nonstandard assumptions. In this paper, we present a scheme which explores the linear homomorphic signature and the sequence Merkle hash tree to construct the homomorphic linear authenticator for the PoR. The security of our proposed scheme can be proved in the standard model, assuming the hash function is collision resilient and the computational Diffie–Hellman assumption holds. The scheme also supports data modification, data insertion and data deletion. Furthermore, our technique can also be regarded as a novel paradigm by combining the homomorphic signature and authenticated data structure (with certain properties) to construct the homomorphic linear authenticator for the PoR protocols.

Maura B. Paterson,Douglas R. Stinson,Jalaj Upadhyay

DOI: https://doi.org/10.48550/arXiv.1210.7756

2012-10-30

Abstract:There has been considerable recent interest in "cloud storage" wherein a user asks a server to store a large file. One issue is whether the user can verify that the server is actually storing the file, and typically a challenge-response protocol is employed to convince the user that the file is indeed being stored correctly. The security of these schemes is phrased in terms of an extractor which will recover or retrieve the file given any "proving algorithm" that has a sufficiently high success probability. This paper treats proof-of-retrievability schemes in the model of unconditional security, where an adversary has unlimited computational power. In this case retrievability of the file can be modelled as error-correction in a certain code. We provide a general analytical framework for such schemes that yields exact (non-asymptotic) reductions that precisely quantify conditions for extraction to succeed as a function of the success probability of a proving algorithm, and we apply this analysis to several archetypal schemes. In addition, we provide a new methodology for the analysis of keyed POR schemes in an unconditionally secure setting, and use it to prove the security of a modified version of a scheme due to Shacham and Waters under a slightly restricted attack model, thus providing the first example of a keyed POR scheme with unconditional security. We also show how classical statistical techniques can be used to evaluate whether the responses of the prover are accurate enough to permit successful extraction. Finally, we prove a new lower bound on storage and communication complexity of POR schemes.

Cryptography and Security,Combinatorics

Xin Tang,Yining Qi,Yongfeng Huang

DOI: https://doi.org/10.1007/978-3-319-53465-7_22

2017-01-01

Abstract:Cloud storage is widely used to ease the storage burden of clients. Meanwhile it raises a basic issue in the security of outsourced data: whether the corruption can be detected and recovered? Focusing on this problem, most existing proofs of retrievability (POR) schemes relies on precomputed tokens or tags as well as code redundancy to achieve integrity verification and corruption recovery, which, however, results in extra storage cost for cloud storage and high computational overhead for clients. Fragile watermarking provides a new way to implement the scheme without such drawbacks. In this paper, we propose a novel fragile watermarking based public auditable POR scheme for archival cloud data, which is able to not only improve the efficiency of audit process but also ensure both privacy-preserving and replay attack resistance simultaneously. The simulation results validate both the correctness of our scheme in detecting and recovering data corruption and the large improvement in performance compared to traditional POR schemes.

Ee-Chien Chang,Jia Xu

DOI: https://doi.org/10.1007/978-3-540-88313-5_15

2008-01-01

Abstract:We are interested in this problem: a verifier, with a small and reliable storage, wants to periodically check whether a remote server is keeping a large file x. A dishonest server, by adapting the challenges and responses, tries to discard partial information of x and yet evades detection. Besides the security requirements, there are considerations on communication, storage size and computation time. Juels et al. [10] gave a security model for Proof of Retrievability (\documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$\mathcal{POR}$\end{document}) system. The model imposes a requirement that the original x can be recovered from multiple challenges-responses. Such requirement is not necessary in our problem. Hence, we propose an alternative security model for Remote Integrity Check (\documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$\mathcal{RIC}$\end{document}). We study a few schemes and analyze their efficiency and security. In particular, we prove the security of a proposed scheme HENC. This scheme can be deployed as a \documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$\mathcal{POR}$\end{document} system and it also serves as an example of an effective \documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$\mathcal{POR}$\end{document} system whose “extraction” is not verifiable. We also propose a combination of the RSA-based scheme by Filho et al. [7] and the ECC-based authenticator by Naor et al. [12], which achieves good asymptotic performance. This scheme is not a \documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$\mathcal{POR}$\end{document} system and seems to be a secure \documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$\mathcal{RIC}$\end{document}. In-so-far, all schemes that have been proven secure can also be adopted as \documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$\mathcal{POR}$\end{document} systems. This brings out the question of whether there are fundamental differences between the two models. To highlight the differences, we introduce a notion, trap-door compression, that captures a property on compressibility.

Gaspard Anthoine,Jean-Guillaume Dumas,Michael Hanling,Mélanie de Jonghe,Aude Maignan,Clément Pernet,Daniel Roche

DOI: https://doi.org/10.48550/arXiv.2007.12556

2021-06-08

Abstract:Proofs of Retrievability (PoRs) are protocols which allow a client to store data remotely and to efficiently ensure, via audits, that the entirety of that data is still intact. A dynamic PoR system also supports efficient retrieval and update of any small portion of the data. We propose new, simple protocols for dynamic PoR that are designed for practical efficiency, trading decreased persistent storage for increased server computation, and show in fact that this tradeoff is inherent via a lower bound proof of time-space for any PoR scheme. Notably, ours is the first dynamic PoR which does not require any special encoding of the data stored on the server, meaning it can be trivially composed with any database service or with existing techniques for encryption or redundancy. Our implementation and deployment on Google Cloud Platform demonstrates our solution is scalable: for example, auditing a 1TB file takes just less than 5 minutes and costs less than $0.08 USD. We also present several further enhancements, reducing the amount of client storage, or the communication bandwidth, or allowing public verifiability, wherein any untrusted third party may conduct an audit.

Cryptography and Security

Xiao Tan,Qi Xie,Lidong Han,Shengbao Wang,Wenhao Liu

DOI: https://doi.org/10.1016/j.cose.2023.103486

IF: 5.105

2023-09-23

Computers & Security

Abstract:With numerous applications in cloud storage, Proof of Retrievability (PoR) is an efficient solution for verification and retrieval of big data on a remote server. Existing PoR schemes can support two mutually exclusive verification modes, namely either private verifiability or public verifiability, depending on whether the outsourced data is verifiabile by the data owner (user) only or by everyone. In order to allow the user to flexibly designate the capability of verification, we propose a novel framework for PoR schemes that enables fine-grained control of remote data verification for cloud storage. Our idea is enabling the user to dynamically release some tokens (verification keys) to one or more third parties (designated verifiers), such that only the user and the designated verifiers can verify and retrieve the outsourced data from the server. We formalize this notion as PoR with Flexible Designated Verification (PoR-FDV), and define an extended adversarial model for PoR-FDV based on Juel et al.'s PoR model. Under the new framework, we propose a generic, simple and elegant construction of PoR-FDV from public verifiable PoR and identity-based KEM/DEM, which then gives birth to a concrete and efficient PoR-FDV scheme. Compared to existing PoR schemes, PoR-FDV provides higher flexibility and scalability, as well as many useful features.

computer science, information systems

Shimin Li,Xin Wang,Rui Zhang

DOI: https://doi.org/10.1007/978-3-319-94289-6_7

2018-01-01

Abstract:Homomorphic Message Authentication Code (MAC) allows a user to outsource data to an untrusted server and verify that results of computation on the data returned by the server are correct. Recently, much effort has been independently focused on whether a homomorphic MAC scheme supports data confidentiality or the authenticators can be efficiently verified. In this paper, we address the question of whether it is possible for homomorphic MAC to simultaneously achieve both the privacy and the efficiency . The answer is affirmative and we propose a new cryptographic primitive, privacy-preserving homomorphic MACs with efficient verification that can guarantee the authenticator can not reveal the underlying message. More precisely, our contributions are three-fold: ( i ) we introduce the primitive of privacy-preserving homomorphic MAC (PHMAC) that provides both data confidentiality and efficient verification, ( ii ) We provide a PHMAC construction which supports homogeneous polynomials, and demonstrate it shows high efficiency, ( iii ) We investigate how our PHMAC primitive with efficient verification can be employed to homomorphic authenticator-encryption and verifiable computation.

Shaohua Tang,Lingling Xu

DOI: https://doi.org/10.1016/j.future.2013.06.003

IF: 7.307

2014-01-01

Future Generation Computer Systems

Abstract:Proxy signatures are important cryptosystems that are widely adopted in different applications. Most of the proxy signature schemes so far are based on the hardness of integer factoring, discrete logarithm, and/or elliptic curve. However, Peter Shor proved that the emerging quantum computers can solve the problem of prime factorization and discrete logarithm in polynomial time, which threatens the security of current RSA, ElGamal, ECC, and the proxy signature schemes based on these problems. We propose a proxy signature scheme based on the problem of Isomorphism of Polynomials (IP) which belongs to a major category of Multivariate Public Key Cryptography (MPKC). The most attractive advantage of our scheme should be its feature to potentially resist the future quantum computing attacks. A formal security proof is also given, which shows that our scheme can reach Existential Unforgeability under an Adaptive Chosen Message Attack with Proxy Key Exposure assuming that the underlying IP signature is Existential Unforgeability under an Adaptive Chosen Message Attack. It is a valuable attempt to explore the provable security in the area of MPKCs. The scheme is implemented in C/C++ programming language, and the performance shows that the scheme is efficient. The parameters we choose can let the security level of our implementation up to 2^8^6^.^5^9.

Narges Kazempour,Mahtab Mirmohseni,Mohammad Reza Aref

DOI: https://doi.org/10.1007/s10207-024-00917-w

2024-11-13

International Journal of Information Security

Abstract:Most of the security services in the connected world of cyber-physical systems necessitate authenticating a large number of nodes privately. In this paper, the private authentication problem is considered which consists of a certificate authority, a verifier (or some verifiers), many legitimate users (provers), and an arbitrary number of attackers. Each legitimate user wants to be authenticated (using his personal key) by the verifier(s), while simultaneously staying completely anonymous (even to the verifier). On the other hand, an attacker must fail to be authenticated. We analyze this problem from an information-theoretic perspective and propose a general interactive information-theoretic model for the problem. As a metric to measure the reliability, we consider the normalized total key rate whose maximization has a trade-off with establishing privacy. The problem is considered in two different scenarios: single-server scenario (only one verifier is considered, to which all the provers are connected) and multi-server scenario ( N verifiers are assumed, where each verifier is connected to a subset of users). For both scenarios, two regimes are considered: finite size regime (i.e., the variables are elements of a finite field) and asymptotic regime (i.e., the variables are considered to have large enough length). We propose achievable schemes that satisfy the completeness, soundness, and privacy properties in both single-server and multi-server scenarios. In the finite size regime, the main idea is to generate the authentication keys according to a secret sharing scheme. We show that the proposed scheme in the special case of multi-server authentication in the finite size regime is optimal. In the asymptotic regime, we use a random binning-based scheme that relies on the joint typicality to generate the authentication keys. Moreover, providing the converse proof, we show that our scheme achieves capacity in the asymptotic regime both in the single-server and multi-server scenarios.

computer science, information systems, theory & methods, software engineering

Yongjun Ren,Jian Shen,Jin Wang,Jin Han,Sungyoung Lee

DOI: https://doi.org/10.6138/jit.2015.16.2.20140918

2015-01-01

Abstract:Cloud storage is now a hot research topic in information technology. In cloud storage, date security properties such as data confidentiality, integrity and availability become more and more important in many commercial applications. Recently, many provable data possession (PDP) schemes are proposed to protect data integrity. In some cases, it has to delegate the remote data possession checking task to some proxy. However, these PDP schemes are not secure since the proxy stores some state information in cloud storage servers. Hence, in this paper, we propose an efficient mutual verifiable provable data possession scheme, which utilizes Diffie-Hellman shared key to construct the homomorphic authenticator. In particular, the verifier in our scheme is stateless and independent of the cloud storage service. It is worth noting that the presented scheme is very efficient compared with the previous PDP schemes, since the bilinear operation is not required.

Shaoying Cai,Yingjiu Li,Changshe Ma,Sherman S. M. Chow,Robert H. Deng

DOI: https://doi.org/10.48550/arXiv.2210.10244

2022-10-19

Abstract:Radio Frequency Identification (RFID) is a key technology used in many applications. In the past decades, plenty of secure and privacy-preserving RFID tag/mutual authentication protocols as well as formal frameworks for evaluating them have been proposed. However, we notice that a property, namely proof of possession (PoP), has not been rigorously studied till now, despite it has significant value in many RFID applications. For example, in RFID-enabled supply chains, PoP helps prevent dis-honest parties from publishing information about products/tags that they actually have never processed. We propose the first formal framework for RFID tag/mutual authentication with PoP after correcting deficiencies of some existing RFID formal frameworks. We provide a generic construction to transform an RFID tag/mutual authentication protocol to one that supports PoP using a cryptographic hash function, a pseudorandom function (PRF) and a signature scheme. We prove that the constructed protocol is secure and privacy-preserving under our framework if all the building blocks possess desired security properties. Finally, we show an RFID mutual authentication protocol with PoP. Arming tag/mutual authentication protocols with PoP is an important step to strengthen RFID-enabled systems as it bridges the security gap between physical layer and data layer, and reduces the misuses of RFID-related data.

Cryptography and Security