王常吉,吴建平,段海新

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.24.034

2004-01-01

Abstract:In this paper, a new certificate revocation information distribution scheme, called compact CRL is proposed by re-encoding revoked certificate entry in standard certificate revocation list and integrating the idea of segmented certificate revocation list scheme. The size of certificate revocation list is reduced greatly, thus the bandwidth that relying party need to download the CRL is saved greatly.

Chengyuan Zhang,Changqing An,Tao Yu,Zhiyan Zheng,Jilong Wang

DOI: https://doi.org/10.1109/noms59830.2024.10575605

2024-01-01

Abstract:The validity and efficiency of certificate revocation in today's web Public Key Infrastructure (PKI) are consistently overlooked. In this paper, we analyse current certificate revocation schemes from the perspective of Certificate Authorities (CAs) and browsers. We find that the average size of CRL files collected from popular CAs can be as large as 2MB and the average response time of OCSP is around 430ms, which means that the time overhead brought by current certificate revocation schemes is not negligible. Moreover, browsers often fail to perform the revocation check correctly and allow websites to use revoked certificates, which can help attackers to launch man-in-the-middle attacks using fraudulent certificates.We also summarise existing problems and propose a novel certificate revocation scheme utilizing DNS resource records for efficient and privacy-preserving distribution. We have implemented a prototype to evaluate the performance of our scheme, and test results show that our scheme is time-efficient and able to withstand realistic workloads. We hope that our work can stimulate further discussion of the problems in Web PKI.

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

张雪琳,马跃,王玮,徐塞虹

DOI: https://doi.org/10.3321/j.issn:1000-6788.2004.03.015

2004-01-01

Abstract:Public Key Infrastructure (PKI) is a infrastructure of asymmetric encryption that delivers strong capabilities for services such as data confidentiality,authentication,integrity and non-repudiation to effectively mitigate various risks involved in a network environment. The PKI infrastructure ensures that the availability of a well conceived combination of services,communications methods and protocols to its constituent applications and programs. It means that the infrastructure provides a blanket to enable the interoperability of its constituent parts for available,reliable,and unobtrusive security services. In this paper,a model of CRL disribution is set up. By analyzing the revocation delay,we get the expression of revocation delay.The simulation result is also given,which proved correctness of our analysis .

Zhi-Yu Peng,Shan-Ping Li

DOI: https://doi.org/10.1109/icmlc.2008.4620616

2008-01-01

Abstract:As pervasive computing leading to an increased collection of information in the computational world as well as the real world, privacy leaking becomes a serious issue. Although privacy protection has drawn great attention in recent years, the privacy-preserving trust management has not been brought forward. Credential chain discovery problem is the key issue in trust management, and traditionally credentials are full open in the whole system. This could expose users' access control policies as well as other private information, and leads to a great risk of being cheated by malicious users. This paper advocates a privacy-preserving credential chain discovery mechanism, in which credentials are no longer available to everyone. By merely learning credentials of one's logic neighbors, this mechanism still achieves good results. The simulations show that this mechanism is practical.

Yiming Mou,Lunzhi Deng,Yu Ruan

DOI: https://doi.org/10.1002/cpe.8321

2024-10-31

Concurrency and Computation Practice and Experience

Abstract:Certificateless cryptography, which solves the key escrow problem and avoids the complexity of certificate management, is an important part of public key cryptography. In the multi‐user scenarios, broadcast encryption can improve computational efficiency and reduce communication cost. Moreover, there may be some malicious users in the above scenarios, and the decryption permissions of these users need an effective mechanism to revoke them. In this paper, a revocable certificateless encryption scheme for multi‐user (RCLE‐MU) is proposed to address this issue. In the scheme, the Cloud Server Provider (CSP) utilizes the master time key to periodically generate time keys for legitimate users. For illegitimate users, their decryption privileges are revoked since they are unable to obtain the time keys. Then this new scheme is proved to be ciphertext indistinguishable under selected identity and chosen‐ciphertext attacks (sID‐CCAs). Finally, compared with several other schemes, the new scheme has more efficiency advantage. So it is suitable for multi‐user scenarios.

computer science, theory & methods, software engineering

Jing Chen,Shixiong Yao,Quan Yuan,Kun He,Shouling Ji,Ruiying Du

DOI: https://doi.org/10.1109/infocom.2018.8486344

2018-01-01

Abstract:In recent years, real-world attacks against PKI take place frequently. For example, malicious domains' certificates issued by compromised CAs are widespread, and revoked certificates are still trusted by clients. In spite of a lot of research to improve the security of SSL/TLS connections, there are still some problems unsolved. On one hand, although log-based schemes provided certificate audit service to quickly detect CAs' misbehavior, the security and data consistency of log servers are ignored. On the other hand, revoked certificates checking is neglected due to the incomplete, insecure and inefficient certificate revocation mechanisms. Further, existing revoked certificates checking schemes are centralized which would bring safety bottlenecks. In this paper, we propose a blockchain-based public and efficient audit scheme for TLS connections, which is called Certchain. Specially, we propose a dependability-rank based consensus protocol in our blockchain system and a new data structure to support certificate forward traceability. Furthermore, we present a method that utilizes dual counting bloom filter (DCBF) with eliminating false positives to achieve economic space and efficient query for certificate revocation checking. The security analysis and experimental results demonstrate that CertChain is suitable in practice with moderate overhead.

Hong-Sheng Huang,Zhe-Yi Jiang,Hsuan-Tung Chen,Hung-Min Sun

2024-02-27

Abstract:Hsu et al. (2022) proposed a cryptographic scheme within the public key infrastructure to bolster the security of smart grid meters. Their proposal involved developing the Certificate Management over CMS mechanism to establish Simple Certificate Enrollment Protocol and Enrollment over Secure Transport protocol. Additionally, they implemented Online Certificate Status Protocol (OCSP) services to independently query the status of certificates. However, their implementation featured a single OCSP server handling all query requests. Considering the typical scenario in smart grid PKI environments with over tens of thousands of end-meters, we introduced a Hybrid Online Certificate Status Protocol mechanism. This approach decreases demand of query resources from the client to OCSP servers collaborating with Certificate Revocation Lists. Our simulations, mimicking meter behavior, demonstrated increased efficiency, creating a more robust architecture tailored to the smart grid meter landscape.

Cryptography and Security

Wei Ren,Kui Ren,Wenjing Lou,Yanchao Zhang

DOI: https://doi.org/10.4108/icst.qshine2008.3824

2008-01-01

Abstract:Privacy-aware Public Key Infrastructure (PKI) can maintain user access control and yet protect user privacy, which is envisioned as a promising technique in many emerging applications. To justify the applicability of privacy-aware PKI and optimize the performance, it is highly important to ensure the efficiency of handling user revocations. In practice, user revocation can be due to various predictable and unpredictable reasons, e.g., subscription expiration, network access policy violation, group changing, secret key exposure, etc. Both predictable and unpredictable reasons can happen concurrently, which makes the design of efficient user revocation mechanism challenging. In this paper, we study how to achieve optimized user revocation cost with respect to various revocation approaches. We also propose an advanced scheme Delta-RL that ensures an optimized overall performance in terms of communication, computation and storage, as justified by the extensive analysis.

Xinyi Luo,Zhuo Xu,Kaiping Xue,Qiantong Jiang,Ruidong Li,David Wei

DOI: https://doi.org/10.1109/icdcs54860.2022.00121

2022-01-01

Abstract:As the voucher for identity, digital certificates and the public key infrastructure (PKI) system have always played a vital role to provide the authentication services. In recent years, with the increase in attacks on traditional centralized PKIs and the extensive deployment of blockchains, researchers have tried to establish blockchain-based secure decentralized PKIs and have made significant progress. Although blockchain enhances security, it brings new problems in scalability due to the inherent limitations of blockchain’s data structure and consensus mechanism, which become much severe for the massive access in the era of 5G and B5G. In this paper, we propose ScalaCert to mitigate the scalability problems of blockchain-based PKIs by utilizing redactable blockchain for "on-cert" revocation. Specifically, we utilize the redactable blockchain to record revocation information directly on the original certificate ("on-cert") and remove additional data structures such as CRL, significantly reducing storage overhead. Moreover, the combination of redactable and consortium blockchains brings a new kind of attack called deception of versions (DoV) attack. To defend against it, we design a random-block-node-check (RBNC) based freshness check mechanism. Security and performance analyses show that ScalaCert has sufficient security and effectively solves the scalability problem of the blockchain-based PKI system.

M. Au,Junbin Liang,Liantao Lan,Qiong Huang,Jianye Huang

DOI: https://doi.org/10.3390/info14030160

2023-03-02

Abstract:A ring signature (RS) scheme enables a group member to sign messages on behalf of its group without revealing the definite signer identify, but this also leads to the abuse of anonymity by malicious signers, which can be prevented by traceable ring signatures (TRS). Up until that point, traceable ring signatures have been secure based on the difficult problem of number-theoretic (discrete logarithms or RSA), but since the advent of quantum computers, traditional traceable ring signatures may no longer be secure. Thus Feng proposed a lattice based TRS, which are resistant to attacks by quantum computers. However, that works did not tackle the certificate management problem. To close this gap, a quantum-resistant certificateless TRS scheme was proposed in the study. To the best of our knowledge, this is the first lattice based certificateless TRS. In detail, a specific TRS scheme was combined with the lattice-based certificateless signature technology to solve the certificate management problem while avoid key escrow problem. Additionally, a better zero-knowledge protocol is used to improve the computational efficiency of the scheme, and by reducing the soundness error of the zero-knowledge protocol, the number of runs of the zero-knowledge protocol is reduced, so that the communication overhead of the scheme is reduced. Under random oracle model, the proposed scheme satisfies tag-linkability, anonymity, exculpability and is secure based on the SIS problem and the DLWE problem. In conclusion, the proposed scheme is more practical and promising in e-voting.

Mathematics,Computer Science

Yaqing Song,Yuan Zhang,Chunxiang Xu,Shiyu Li,Anjia Yang,Nan Cheng

DOI: https://doi.org/10.1109/jiot.2023.3264682

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Certificate revocation checking (CRC) is a fundamental requirement in certificate-based public-key cryptographic systems. Most existing CRC schemes are not tailored for edgecloud computing systems, and directly applying these schemes would cause security and efficiency problems. In this paper, we first propose a two-layer edge-cloud-assisted CRC framework, dubbed ECA-CRC, where edge nodes utilizing a probabilistic checking algorithm serve as a first layer, and the cloud server utilizing a deterministic checking algorithm serves as a second layer. Both the edge nodes and the cloud server collaboratively provide verifiable CRC services for devices. The most prominent manifestations of ECA-CRC are that (1) most CRC requests can be processed with the probabilistic checking layer, which reduces the checking delay significantly while providing an accurate CRC service; (2) devices can detect the irresponsible behavior of the service provider, including using an incorrect revoked certificate set (RCS) to compute checking results or procrastinating on updating the RCS, as soon as possible.We then propose an efficient instantiation of ECA-CRC, dubbed eECACRC, by utilizing a Merkle hash tree (MHT) based homomorphic signature, Cuckoo filter, and Othello. We formally prove the security of eECA-CRC against the irresponsible service provider under the random oracle model. We implement an eECA-CRC prototype and conduct a comprehensive performance evaluation based on a public certificate database. Our results show that 95% of CRC requests are completed on the edge nodes, and only 5% of CRC requests need to be handled by the cloud server.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jie XU,Hong-xiang SUN,Qiao-yan WEN,Hua ZHANG

DOI: https://doi.org/10.1016/s1005-8885(11)60288-4

2012-01-01

The Journal of China Universities of Posts and Telecommunications

Abstract:Multi-proxy signature is a scheme that an original signer delegates his or her signing capability to a proxy group. In the scheme, only the cooperation of all proxy signers in the proxy group can create a signature on behalf of the original signer. Jin and Wen firstly defined the formal security model of certificateless multi-proxy signature (CLMPS) and proposed a concrete CLMPS scheme. However, their construction has three problems: the definition of the strengthened security model is inaccurate, the concrete signature scheme has a security flaw, and the proof of the security is imperfect. With further consideration, a remedial strengthened security model is redefined, and an improved scheme is also proposed, which is existentially unforgeable against adaptively chosen-warrant, chosen-message and chosen-identity attacks in the random oracles. In this condition, the computational Diffie-Hellman (CDH) assumption is used to prove full security for our CLMPS scheme.

Yan Wu,Hu Xiong,Chuanjie Jin

DOI: https://doi.org/10.1007/s11235-019-00623-2

2019-10-24

Telecommunication Systems

Abstract:Proxy re-signature (PRS) allows a semi-trusted proxy served as a translator to transform a signature of delegatee into a signature of delegator on the same message. The heavy overhead of certificate management and the key escrow problem hinder the development of the public key infrastructure-based PRS scheme and the identity (ID)-based PRS, respectively. Featured with the certificate-free and escrow-free properties, certificateless PRS (CL-PRS) has attracted great attention from researchers. However, none of the existing CL-PRS satisfies the multi-use and unidirectional properties. Motivated by the practical applications with long signing chains and the untrusted relationship between two parties, it is desirable to construct a CL-PRS scheme with multi-use and unidirectional properties. This paper proposes the first multi-use unidirectional CL-PRS scheme based on the bilinear pairing. The presented scheme is proved to be secure based on the extended computational Diffie–Hellman assumption under the random oracle model. Performance evaluations demonstrate that our scheme is superior to related works.

telecommunications

Mohammad Khodaei,Panos Papadimitratos

DOI: https://doi.org/10.1145/3212480.3212481

2018-07-08

Abstract:In spite of progress in securing Vehicular Communication (VC) systems, there is no consensus on how to distribute Certificate Revocation Lists (CRLs). The main challenges lie exactly in (i) crafting an efficient and timely distribution of CRLs for numerous anonymous credentials, pseudonyms, (ii) maintaining strong privacy for vehicles prior to revocation events, even with honest-but-curious system entities, (iii) and catering to computation and communication constraints of on-board units with intermittent connectivity to the infrastructure. Relying on peers to distribute the CRLs is a double-edged sword: abusive peers could "pollute" the process, thus degrading the timely CRLs distribution. In this paper, we propose a vehicle-centric solution that addresses all these challenges and thus closes a gap in the literature. Our scheme radically reduces CRL distribution overhead: each vehicle receives CRLs corresponding only to its region of operation and its actual trip duration. Moreover, a "fingerprint" of CRL 'pieces' is attached to a subset of (verifiable) pseudonyms for fast CRL 'piece' validation (while mitigating resource depletion attacks abusing the CRL distribution). Our experimental evaluation shows that our scheme is efficient, scalable, dependable, and practical: with no more than 25 KB/s of traffic load, the latest CRL can be delivered to 95% of the vehicles in a region (50x50 KM) within 15s, i.e., more than 40 times faster than the state-of-the-art. Overall, our scheme is a comprehensive solution that complements standards and can catalyze the deployment of secure and privacy-protecting VC systems.

Cryptography and Security

Wei Ren,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/icdcs.workshops.2008.95

2008-01-01

Abstract:Privacy-aware Public Key Infrastructure (PKI) can maintain user access control and yet protect user privacy, which is important for many applications. The applicability of privacy-aware PKI highly relies on the performance of user revocation. The requirements of user revocation are various in general, such as subscription expiration, violation of access policy, group changing, and key exposure. To satisfy different requirements, multiple revocation approaches may interact each other. In this paper, we study how to achieve optimized user revocation cost with respect to various revocation approaches. We also propose a practical scheme Delta-RL that can fulfill an optimal overall performance on the base of extensive analysis.

Qi XIE,XiuYuan YU,WenHao LIU,DeRen CHEN,GuiLin WANG,JiYi WU

DOI: https://doi.org/10.1360/112011-915

2012-01-01

Scientia Sinica Informationis

Abstract:Mutual authentication between the user and the public cloud is essential requirement for the user to access the public cloud in cloud computing. In 2011, Juang et al. proposed a first authentication scheme based on proxy signature. The advantage of the scheme is that the user only needs to register on his home service cloud (HSC), and can pass through the authentication of the public cloud with the help of his HSC. However, their scheme has three weaknesses: 1) the users HSC needs to update the users public key in each session to protect the users privacy; 2) HSC may suffer from network jam when many users in the same HSC need to register on different public clouds simultaneously; and 3) a secret key should be shared between HSC and visiting cloud. To overcome these weaknesses, a provably secure convertible proxy signcryption for privacy preserving is proposed. Based on this scheme, a novel one-round authentication protocol is proposed, which the user only needs to register on his HSC, and can pass through the authentication of the visiting cloud without the help of his HSC. On the other hand, the proposed protocol can provide some nice properties, such as user privacy protection, non-repudiation, without updating the users public key, and secret key does not have to be shared between HSC and visiting cloud. In addition, the proposed scheme is provably secure in the random oracle model, and is more efficient than Juang et al.s scheme.

Jerzy Pejaś,Tomasz Hyla,Wojciech Zabierowski

DOI: https://doi.org/10.3390/e25091315

2023-09-09

Abstract:This paper addresses the certificate revocation problem and proposes the first revocable pairing-based signature scheme with implicit and explicit certificates (IE-RCBS-kCAA). We should no longer discuss whether to revoke certificates but how to do it effectively, ensuring both the scalability of the revocation operation and the non-repudiation of the signature in the short or long term. Under the computational difficulty assumptions of the modified collusion attack algorithm with k traitors (k-mCAA) and discrete logarithm (DL) problems, we demonstrate that our scheme is secure against existential unforgeability under chosen message attacks (EUF-IERCBS-kCAA-CMA) in a random oracle model. The proposed solution is scaled and allows the use of many trusted status authorities that issue explicit short-term certificates confirming the validity of explicit long-term certificates. Furthermore, we demonstrate that our signature scheme has a short-term non-repudiation property for the shell validity model.

Kui Ma,Yanwei Zhou,Ying Wang,Chunsheng Dong,Zhe Xia,Bo Yang,Mingwu Zhang

DOI: https://doi.org/10.1109/jsyst.2023.3269597

IF: 4.802

2023-01-01

IEEE Systems Journal

Abstract:The Internet of Things (IoT) is helpful in making people's life more convenient and efficient. To ensure that the nodes within IoT can interact securely, a certificateless signature (CLS) can be used to protect message authentication in the IoT. Recently, some concrete constructions of CLS schemes have been proposed in the literature, but through our analyses, we demonstrate that some existing CLS schemes cannot keep their claimed security because of various security flaws. For example, a valid signature can be forged by any Type I adversary by replacing the corresponding user's public key. In this article, we describe the security flaws that need to be addressed and introduce a novel CLS scheme without using bilinear mapping. The existential unforgeability in our proposed scheme can be proved based on the hardness of the elliptic curve discrete logarithm problem in the random oracle model. The comparison with existing CLS schemes shows that our scheme not only enjoys more security features but also is more efficient in computation. Moreover, we introduce an identity authentication protocol as the application of our proposed CLS scheme, which achieves mutual authentication and anonymity in communications.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Abba Garba,Qinwen Hu,Zhong Chen,Muhammad Rizwan Asghar

DOI: https://doi.org/10.1109/hpcc-smartcity-dss50907.2020.00108

2020-01-01

Abstract:Recently, real-world attacks against the web Public Key Infrastructure (PKI) have arisen more frequently. The current PKI that use Registration Authorities/Certificate Authorities (RAs/CAs) model suffer from notorious security vulnerabilities. Most of these vulnerabilities are due to compromises of RAs, which lead to impersonation attacks resulting in CAs misbehaving to issue bogus certificates. To counter this problem, many approaches, such as Certificate Transparency (CT), ARPKI, and PoliCert, have been proposed. Nonetheless, no solution has yet gained widespread acceptance as a result of complexity and deployability issues. Moreover, existing approaches still require to satisfy complicated interactions and synchronisation among the entities that are involved during certificate issuance, updates, and revocations. In this paper, we propose a new Blockchain-Based PKI (BB-PKI) to address these vulnerabilities of CA misbehaviour caused by impersonation attacks against RAs. Certificate Issuance Request (CIR) should be vouched by manifold RAs. Multiple CAs shall sign and issue the certificate using an out-of-band secure communication channel. Any RA that contributes to the verification process of a user's request can publish the certificate in the blockchain by creating a smart contract certificate transaction. BB-PKI offers strong security guarantees, compromising $n - 1$ of the RAs or CAs is not enough to launch impersonation attacks, meaning that attackers cannot compromise more than the threshold of the latter signatures to launch an attack.