Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

Vireshwar Kumar,He Li,Noah Luther,Pranav Asokan,Jung-Min (Jerry) Park,Kaigui Bian,Martin B. H. Weiss,Taieb Znati

DOI: https://doi.org/10.1145/3196494.3196497

2018-01-01

Abstract:For a computing platform that is compliant with the Trusted Platform Module (TPM) standard, direct anonymous attestation (DAA) is an appropriate cryptographic protocol for realizing an anonymous subscription system. This approach takes advantage of a cryptographic key that is securely embedded in the platform's hardware, and enables privacy-preserving authentication of the platform. In all of the existing DAA schemes, the platform suffers from significant computational and communication costs that increase proportionally to the size of the revocation list. This drawback renders the existing schemes to be impractical when the size of the revocation list grows beyond a relatively modest size. In this paper, we propose a novel scheme called Lightweight Anonymous Subscription with Efficient Revocation (LASER) that addresses this very problem. In LASER, the computational and communication costs of the platform's signature are multiple orders of magnitude lower than the prior art. LASER achieves this significant performance improvement by shifting most of the computational and communication costs from the DAA's online procedure (i.e., signature generation) to its offline procedure (i.e., acquisition of keys/credentials). We have conducted a thorough analysis of LASER's performance related features. We have implemented LASER on a laptop with an on-board TPM. To the best of our knowledge, this is the first implementation of a DAA scheme on an actual TPM cryptoprocessor that is compliant with the most recent TPM specification, viz., TPM 2.0.

Qianying Zhang,Shijun Zhao,Li Xi,Wei Feng,Dengguo Feng

DOI: https://doi.org/10.1007/978-3-319-21966-0_3

2015-01-01

Abstract:In this paper, we investigate how to implement Direct Anonymous Attestation (DAA) on mobile devices, whose processing and storage capabilities are limited. We propose a generic framework providing a secure and efficient DAA functionality based on ARM TrustZone. Our framework is flexible enough to support multiple DAA schemes, and is efficient by leveraging the powerful ARM processor in secure mode to perform computations originally delegated to the Trusted Platform Module (TPM). Besides, our framework uses an SRAM PUF commonly available in the On-Chip Memory (OCM) of mobile devices for secure storage of user signing keys, which achieves a low-cost design. We present a prototype system that supports four DAA schemes on real TrustZone hardware, and give evaluations on its code size and performance together with comparisons of the four schemes with different curve parameters. The evaluation results indicate that our solution is feasible, efficient, and well-suited for mobile devices.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

Yu Qin,Xiaobo Chu,Dengguo Feng,Wei Feng

DOI: https://doi.org/10.1007/978-3-642-32298-3_21

2012-01-01

Abstract:Direct Anonymous Attestation (DAA) is a popular trusted computing protocol for the anonymous authentication designed for TPM or other embedding devices. Many DAA schemes give out detailed cryptographic proof, however, their security properties has not been yet automatically analyzed and verified particularly against the intruder’s or the malicious participant’s attack. It is proposed that a DAA analysis model focusing on the intruder’s attacks in this paper. The analysis method is the good supplements to the DAA cryptographic proof, though the intruder’s capability is not completely assumed. According to DAA protocol status analysis, we find out some attacks like rudolph attack, masquerading attack by using the Murphi tool. At last the paper gives out the reasons for these attacks, and also presents the recommendation solutions against these attacks. From our study, we propose that DAA protocol must be carefully analyzed from the intruder attacking point of view in the DAA system design and implementation.

Stephan Wesemeyer,Christopher J.P. Newton,Helen Treharne,Liqun Chen,Ralf Sasse,Jorden Whitefield

DOI: https://doi.org/10.1145/3320269.3372197

2020-10-05

Abstract:Direct Anonymous Attestation (Daa) is a set of cryptographic schemes used to create anonymous digital signatures. To provide additional assurance, Daa schemes can utilise a Trusted Platform Module (Tpm) that is a tamper-resistant hardware device embedded in a computing platform and which provides cryptographic primitives and secure storage. We extend Chen and Li's Daa scheme to support: 1) signing a message anonymously, 2) self-certifying Tpm keys, and 3) ascertaining a platform's state as recorded by the Tpm's platform configuration registers (PCR) for remote attestation, with explicit reference to Tpm2.0 API calls. We perform a formal analysis of the scheme and are the first symbolic models to explicitly include the low-level Tpm call details. Our analysis reveals that a fix pro-posed by Whitefield et al. to address an authentication attack on an Ecc-Daa scheme is also required by our scheme. Developing a fine-grained, formal model of a Daa scheme contributes to the growing body of work demonstrating the use of formal tools in supporting security analyses of cryptographic protocols. We additionally provide and benchmark an open-source C++implementation of this Daa scheme supporting both a hardware and a software Tpm and measure its performance.

Rongwei Yu,Lina Wang,Xiao-yan Ma,Bo Kuang

DOI: https://doi.org/10.1109/CSE.2009.73

2009-01-01

Abstract:Virtualization makes virtual machines with a wide range of security requirements run simultaneously on the same commodity hardware. Direct Anonymous Attestation (DAA) for virtual machine is a cryptographic mechanism that enables remote attestation of virtual machine instances ( VMIs ) while preserving privacy under the user’s control. However, Trusted Platform Module (TPM) with only limited storage space and communication capability is an indispensable component in remote attestation of multiply VMIs. In this paper, an optimized direct anonymous attestation protocol is proposed based on a hierarchical group signature without random oracles from asymmetric pairing. The analysis result of the proposed protocol shows that cost of TPM is lower than the most efficient CMS-DAA scheme to date, the computational cost of host and verifier are highly reduced. Furthermore, security of the proposed scheme is similar to CMS-DAA.

Guomin Yang,Duncan S. Wong,Xiaotie Deng,Huaxiong Wang

DOI: https://doi.org/10.1007/11745853_23

2006-01-01

Abstract:Digital signature is one of the most important primitives in public key cryptography. It provides authenticity, integrity and non- repudiation to many kinds of applications. On signer privacy however, it is generally unclear or suspicious of whether a signature scheme itself can guarantee the anonymity of the signer. In this paper, we give some armative answers to it. We formally define the signer anonymity for digital signature and propose some schemes of this type. We show that a signer anonymous signature scheme can be very useful by proposing a new anonymous key exchange protocol which allows a client Alice to establish a session key with a server Bob securely while keeping her iden- tity secret from eavesdroppers. In the protocol, the anonymity of Alice is already maintained when Alice sends her signature to Bob in clear, and no additional encapsulation or mechanism is needed for the signa- ture. We also propose a method of using anonymous signature to solve the collusion problem between organizers and reviewers of an anonymous paper review system.

Debiao He,Jianhua Chen

2013-01-01

The International Arab Journal of Information Technology

Abstract:To solve the key escrow problem in identity-based cryptosystem, Al-Riyami et al. introduced the CertificateLess Public Key Cryptography (CL-PKC). As an important cryptographic primitive, CertificateLess Designated Verifier Signature (CLDVS) scheme was studied widely. Following Al-Riyami et al. work, many certificateless Designated Verifier Signature (DVS) schemes using bilinear pairings have been proposed. But the relative computation cost of the pairing is approximately twenty times higher than that of the scalar multiplication over elliptic curve group. In order to improve the performance we propose a certificateless DVS scheme without bilinear pairings. With the running time of the signature being saved greatly, our scheme is more practical than the previous related schemes for practical application.

HAO Li-ming,YANG Shu-tang,LU Song-nian,CHEN Gong-liang

DOI: https://doi.org/10.3321/j.issn:1006-2467.2008.02.001

2008-01-01

Abstract:To the anonymity problem in P2P(Peer-to-Peer) reputation system,an anonymity mechanism was proposed using DAA(Direct Anonymous Attestation) protocol based on trusted computing technology.The analysis result shows that this mechanism ensures all the peers' anonymity in fully distributed P2P reputation systems.The security of this mechanism is ensured and it has good ability to withstand(malicious) peers' behaviors.

Wenchao Huang,Yan Xiong,Depin Chen

DOI: https://doi.org/10.1109/CSE.2009.87

2009-01-01

Abstract:Many approaches have been proposed to secure various ad hoc routing protocols. However, many attacks such as wormhole attacks, vertex cut attacks, and traffic-analysis based attacks are still not well addressed. In this paper, we propose a novel secure routing protocol DAAODV which is based on Ad-hoc On-demand Distance Vector routing (AODV). DAAODV takes full advantage of trusted computing technology, particularly the Direct Anonymous Attestation (DAA) and Property-based Attestation (PBA) protocols. DAAODV is an anonymous protocol without requirement of Trusted Third Party (TTP). Moreover, we propose an efficient signing and verification scheme to overcome the potential DoS attacks triggered by the low efficiency of DAA and PBA. In the simulation, the results show that DAAODV is still efficient in discovering secure routes compared with AODV protocol.

Xue Li,Cheng Jiang,Dajun Du,Minrui Fei,Lei Wu

DOI: https://doi.org/10.1109/jiot.2022.3221943

IF: 10.6

2023-03-11

IEEE Internet of Things Journal

Abstract:The existing identity security schemes (e.g., based on bilinear pairing) have high computational complexity and large bytes of variables, which results in high computation and communication costs. It is difficult to apply the schemes to resource-constrained (i.e., computation and communication) devices. Moreover, most of these schemes adopt a fixed cycle key update strategy compromising the security of authentication schemes or dynamic (real-time) key update strategy with high computational cost. To solve these issues, this article explores a novel revocable lightweight authentication scheme for resource-constrained devices in cyber–physical power systems (CPPSs). First, a lightweight authentication scheme combined elliptic-curve cryptography (ECC) and certificateless cryptography (CLC) is proposed to negotiate a secure session key, which can achieve mutual authentication with low computation and communication costs. Second, aiming at security problem caused by key leakage, a real-time key update strategy with low computational cost is designed to improve the security of identity authentication. Third, according to a hardness assumption of the elliptic-curve discrete logarithm problem (ECDLP), theoretical analysis rigorously proves that the proposed authentication scheme ensures the security with respect to existential unforgeability against adaptively chosen message attacks (EUF-CMAs). Finally, experimental results confirm the feasibility and effectiveness of the proposed authentication scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic

Guilin Wang,Fubiao Xia,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-25516-8_28

2011-01-01

Abstract:After the introduction of designated confirmer signatures (DCS) by Chaum in 1994, considerable researches have been done to build generic schemes from standard digital signatures and construct efficient concrete solutions. In DCS schemes, a signature cannot be verified without the help of either the signer or a semi-trusted third party, called the designated confirmer . If necessary, the confirmer can further convert a DCS into an ordinary signature that is publicly verifiable. However, there is one limit in most existing schemes: the signer is not given the ability to disavow invalid DCS signatures. Motivated by this observation, in this paper we first propose a new variant of DCS model, called designated confirmer signatures with unified verification , in which both the signer and the designated confirmer can run the same protocols to confirm a valid DCS or disavow an invalid signature. Then, we present the first DCS scheme with unified verification and prove its security in the random oracle (RO) model and under a new computational assumption, called Decisional Co-efficient Linear (D-co-L) assumption, whose intractability in pairing settings is analyzed in generic group model. The proposed scheme is constructed by encrypting Boneh, Lynn and Shacham's pairing based short signatures with signed ElGamal encryption. The resulting solution is efficient in both aspects of computation and communication. In addition, we point out that the proposed concept can be generalized by allowing the signer to run different protocols for confirming and disavowing signatures.

Yili Jiang,Kuan Zhang,Yi Qian,Liang Zhou

DOI: https://doi.org/10.1109/tifs.2022.3181848

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Distributed learning is proposed as a promising technique to reduce heavy data transmissions in centralized machine learning. By allowing the participants training the model locally, raw data is unnecessarily uploaded to the centralized cloud server, reducing the risks of privacy leakage as well. However, the existing studies have shown that an adversary is able to derive the raw data by analyzing the obtained machine learning models. To tackle this challenge, the state-of-the-art solutions mainly depend on differential privacy and encryption techniques (e.g., homomorphic encryption). Whereas, differential privacy degrades data utility and leads to inaccurate learning, while encryption based approaches are not effective to all machine learning algorithms due to the limited operations and excessive computation cost. In this work, we propose a novel scheme to resolve the privacy issues from the anonymous authentication approach. Different from the two types of existing solutions, this approach is generalized to all machine learning algorithms without reducing data utility, while guaranteeing privacy preservation. In addition, it can be integrated with detection schemes against data poisoning attacks and free-rider attacks, being more practical for distributed learning. To this end, we first design a pairing-based certificateless signature scheme. Based on the signature scheme, we further propose an anonymous and efficient authentication protocol which supports dynamic batch verification. The proposed protocol guarantees the desired security properties while being computationally efficient. Formal security proof and analysis have been provided to demonstrate the achieved security properties, including confidentiality, anonymity, mutual authentication, unlinkability, unforgeability, forward security, backward security, and non-repudiation. In addition, the performance analysis reveals that our proposed protocol significantly reduces the time consumption in batch verification, achieving high computational efficiency.

Ding Wang,Debiao He,Ping Wang,Chao-Hsien Chu

DOI: https://doi.org/10.1109/tdsc.2014.2355850

2015-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Despite two decades of intensive research, it remains a challenge to design a practical anonymous two-factor authentication scheme, for the designers are confronted with an impressive list of security requirements (e.g., resistance to smart card loss attack) and desirable attributes (e.g., local password update). Numerous solutions have been proposed, yet most of them are shortly found either unable to satisfy some critical security requirements or short of a few important features. To overcome this unsatisfactory situation, researchers often work around it in hopes of a new proposal (but no one has succeeded so far), while paying little attention to the fundamental question: whether or not there are inherent limitations that prevent us from designing an “ideal” scheme that satisfies all the desirable goals? In this work, we aim to provide a definite answer to this question. We first revisit two foremost proposals, i.e. Tsai et al.'s scheme and Li's scheme, revealing some subtleties and challenges in designing such schemes. Then, we systematically explore the inherent conflicts and unavoidable trade-offs among the design criteria. Our results indicate that, under the current widely accepted adversarial model, certain goals are beyond attainment. This also suggests a negative answer to the open problem left by Huang et al. in 2014. To the best of knowledge, the present study makes the first step towards understanding the underlying evaluation metric for anonymous two-factor authentication, which we believe will facilitate better design of anonymous two-factor protocols that offer acceptable trade-offs among usability, security and privacy.

Fagen Li,Zhaohui Zheng,Chunhua Jin

DOI: https://doi.org/10.1007/s11235-015-0099-1

2015-01-01

Telecommunication Systems

Abstract:An authenticated encryption (AE) scheme simultaneously achieves two security goals: confidentiality and authenticity. AE can be divided into symmetric AE and asymmetrical (public key) AE. In a symmetric AE scheme, deniability is gained automatically. However, a public key AE scheme can not gain deniability automatically; on the contrary, it provides non-repudiation. In this paper, we address a question on deniability of public key AE. Of course, we can achieve this goal by “deniable authentication followed by encryption” method. However, such method has the following two weaknesses: (1) the computational cost and communication overhead are the sum of two cryptographic primitives; (2) it is complex to design cryptographic protocols with deniable authentication and confidentiality using two cryptographic primitives. To overcome the two weaknesses, we propose a new concept called deniable authenticated encryption (DAE) that can achieve both the functions of deniable authentication and public key encryption simultaneously, at a cost significantly lower than that required by the “deniable authentication followed by encryption” method. This single cryptographic primitive can simplify the design of cryptographic protocols with deniable authentication and confidentiality. In particular, we construct an identity-based deniable authenticated encryption (IBDAE) scheme. Our construction uses tag-key encapsulation mechanism (KEM) and data encapsulation mechanism (DEM) hybrid techniques, which is more practical for true applications. We show how to construct an IBDAE scheme using an identity-based deniable authenticated tag-KEM (IBDATK) and a DEM. We also propose an IBDATK scheme and prove its security in the random oracle model. For typical security level, our scheme is at least 50.7 and 22.7 % faster than two straightforward “deniable authentication followed by encryption” schemes, respectively. The communication overhead is respectively reduced at least 21.3 and 31.1 %. An application of IBDAE to an e-mail system is described.

Ting Chen,Huiqun Yu

DOI: https://doi.org/10.12785/amis/070314

2013-01-01

Applied Mathematics & Information Sciences

Abstract:Bilinear pairings based on the Weil and Tate pairings over elliptic curves have been applied for constructive applications in cryptography protocol for years. Most protocol can be proved to be simplified or expanded using the mathematical structures of different types of pairings. In this paper, we applied parings to a remote attestation model, namely cloud based remote attestation(CBA). We give all the detailed algorithms of it and it can guarantee the private of cloud service and solve authorization auditing mechanisms in cloud environment. The bilinear pair can shorten the required key length and reduced bandwidth usage. It meets the requirements of the trusted computing remote attestation and cloud environment at the same time and the virtual TPM structure fulfills the need of standard cloud computing secure measure, such as duty separation. What's more, we prove the scheme is correct and secure under the LRSW assumption, and give the costs comparison between the classic remote attestation, BPBA and CBA which show CBA costs lowly.

Emmanuel Ahene,Chunhua Jin,Fagen Li

DOI: https://doi.org/10.1007/s11235-018-0496-3

2018-01-01

Telecommunication Systems

Abstract:The concept of deniably authenticated encryption (DAE) is presently significant in cryptography due to its security properties and wide range of application. It achieves deniable authentication and confidentiality in a simultaneous manner. It has merited application in e-voting systems, e-mail systems and confidential online negotiation. Although several DAE schemes have been proposed recently, we point out that those constructions are either weak against masquerading attacks or inherent key escrow problem. As a remedy, we propose a certificateless deniably authenticated encryption (CLDAE) scheme that is provably secure. Typically, we can obtain this goal using the “deniable authentication followed by certificateless encryption” approach. However, this approach is computationally expensive and complex to design since it is a combination of two cryptographic constructions. In contrast, our CLDAE scheme is a single cryptographic construction but it concurrently accomplishes the requirements of public key encryption and deniable authentication at a relatively lower cost. For instance, our simulation results at 80 bits of security level shows up to be approximately 43.3 and 30.4% respectively faster than two “deniable authentication followed by certificateless encryption” schemes. Moreover, the communication overhead of our CLDAE scheme is 12.9 and 34.9% lesser than that of those two schemes respectively. Finally, to demonstrate the significance of our CLDAE scheme, we apply it to a real world application such as e-voting system.

Zhiguang Qin,Hu Xiong,Guobin Zhu,Zhong Chen

DOI: https://doi.org/10.1016/j.ins.2013.11.015

IF: 8.1

2014-01-01

Information Sciences

Abstract:There is an increasing demand of ad hoc anonymous authentication (AHAA) to secure communications between ad hoc group members while preserving privacy for the members. The main obstacles in AHAA is that it is difficult to deploy traditional public-key infrastructure (PKI) in this scenario and the end users are usually limited in computation. This paper addresses these obstacles with a pairing-free certificateless ring signature scheme. The scheme does not require a setup procedure and each user can sign on behalf of a group generated in an ad hoc way. The signer does not need any certificate but only a legal signer can generate a valid signature to be validated. The signature verification does not leak any information about the signer's identity, even if the attacker is computationally unbound. The scheme exploits only traditional efficient modular exponentiations, without relying on time-consuming bilinear map operations. The scheme is shown to be secure in the random oracle model. Therefore, our proposal is practical for ad hoc anonymous authentication.

Solomon Guadie Worku,Chunxiang Xu,Jining Zhao

DOI: https://doi.org/10.1007/s11704-013-3138-7

IF: 2.6688

2014-01-01

Frontiers of Computer Science

Abstract:An auditing scheme is a good way to prove owner’s data outsourced to the cloud are kept intact, and a scheme capable of giving public verifiability service is a good option that some researchers have managed to build for the last few years. However, in a public auditing scheme everybody does verification of data and a possibility of leaking some secrete information to the public verifiers is an issue that data owners are unhappywith this scenario. For example, the data owner does not want anybody else to know he has the data stored in the cloud server. Motivated by the issue of privacy associated with public auditing system, we proposed a designated verifier auditing (DVA) scheme based on Steinfeld et al.’s universal designated verifier (DV) signature scheme. Our DVA scheme authorizes a third party auditor with private verification capability. It provides private verification because the scheme involves private key of the verifier. Moreover, we present the batch auditing scheme to improve auditing efficiency. Through rigorous security analysis we showed that our scheme is provably secure in the random oraclemodel assuming that the computational Diffie-Hellman (CDH) problem is hard over the group of bilinear maps.