Ting-Chieh Ho,Yuh-Min Tseng,Sen-Shan Huang

DOI: https://doi.org/10.15388/24-infor546

2024-03-08

Informatica

Abstract:Signcryption integrates both signature and encryption schemes into single scheme to ensure both content unforgeability (authentication) and message confidentiality while reducing computational complexity. Typically, both signers (senders) and decrypters (receivers) in a signcryption scheme belong to the same public-key systems. When signers and decrypters in a signcryption scheme belong to heterogeneous public-key systems, this scheme is called a hybrid signcryption scheme which provides more elastic usage than typical signcryption schemes. In recent years, a new kind of attack, named side-channel attack, allows adversaries to learn a portion of the secret keys used in cryptographic algorithms. To resist such an attack, leakage-resilient cryptography has been widely discussed and studied while a large number of leakage-resilient schemes have been proposed. Also, numerous hybrid signcryption schemes under heterogeneous public-key systems were proposed, but none of them possesses leakage-resilient property. In this paper, we propose the first hybrid signcryption scheme with leakage resilience, called leakage-resilient hybrid signcryption scheme, in heterogeneous public-key systems (LR-HSC-HPKS). Security proofs are demonstrated to show that the proposed scheme provides both authentication and confidentiality against two types of adversaries in heterogeneous public-key systems.

computer science, information systems,mathematics, applied

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Khamseh, Elaheh,Esterabadi, Afshin Soltani

DOI: https://doi.org/10.1007/s11277-024-11120-4

IF: 2.017

2024-05-08

Wireless Personal Communications

Abstract:A certificate-based public key cryptosystem has been developed to solve key escrow problems in ID-based public key cryptography, and to remove computational operations for certificate management. Signcryption is a primitive cryptographic that enables signing and encryption to be done in a one step, improving performance by reducing computational loads and communication overheads. Recent research has suggested some pairing-based cryptographic protocols for public key cryptosystems. However, most use Type-1 pairings, which weaken system security by using supersingular elliptic curves over a finite field of characteristics 2 and 3, making them totally unsafe against new attacks designed for Discrete Logarithm Problems. Furthermore, Type-1 pairings that use supersingular elliptic curves over finite fields of massive characteristics are highly inefficient compared to Type-3 pairings. This work proposes a secure and efficient online/offline trade-off scheme based on Type-3 pairings. The safety of the suggested scheme is asserted according to confidentiality and unforgeability based on a random oracle model. Moreover, the efficiency of the proposed approach is evaluated and compared with Type-2 and Type-4 pairings.

telecommunications

Ikram Ali,Yong Chen,Niamat Ullah,Muhammad Afzal,HE Wen,Wen HE

DOI: https://doi.org/10.1109/tvt.2021.3078806

IF: 6.8

2021-06-01

IEEE Transactions on Vehicular Technology

Abstract:Vehicular ad-hoc networks (VANETs) enable vehicles to exchange safety information with the surrounding vehicles and infrastructure in order to ensure safety and efficiency in traffic management. Recently however, vehicles come from different manufacturers and therefore use different protocols for the transmission of messages. As a result, communication among vehicles become heterogeneous. Because of this, VANETs face problems related to security and performance. To address this, some heterogeneous vehicular communication-based schemes have been proposed. However, they do not perform well because of an increase in computational overhead. In order to resolve this, we propose a certificateless cryptosystem (CLC) and public key infrastructure (PKI)-based conditional privacy-preserving hybrid signcryption (CP-CPPHSC) scheme. This scheme utilizes bilinear pairings and provides security requirements in a single logical step. Through the CP-CPPHSC scheme, a message is transmitted by a vehicle using the CLC to a vehicle using the PKI. Additionally, the CP-CPPHSC scheme supports the batch unsigncryption method which helps a vehicle to unsigncrypt more than one messages simultaneously. In the random oracle model (ROM), our scheme ensures existential unforgeability against adaptive chosen message attack (EUF-CMA) with respect to a hardness assumption of q-strong Diffie-Hellman (q-SDH) and modified inverse computational Diffie-Hellman (mICDH) problems and indistinguishability against adaptive chosen ciphertext attack (IND-CCA2) with respect to a hardness assumption of q-bilinear Diffie-Hellman inversion (q-BDHI) problem. Our scheme effectively reduces computational cost when compared to state-of-the-art schemes without an increase in the communication cost.

telecommunications,engineering, electrical & electronic,transportation science & technology

Hu Xiong,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.2316/journal.202.2012.1.202-3156

2012-01-01

International Journal of Computers and Applications

Abstract:Signcryption is a cryptographic primitive that performs digitalsignature and public key encryption simultaneously at lower computational costs and communication overheads than the signature-then-encryption approach.

WANG Ji-lin,CHEN Xiao-feng,CHEN De-ren

DOI: https://doi.org/10.3785/j.issn.1008-973x.2006.04.010

2006-01-01

Abstract:Exchange of digitally signed certificates was often used to establish mutual trust between strangers that wish to share resources or to conduct business transactions.Automated trust negotiation(ATN) was an approach to regulate the flow of sensitive information during such an exchange.But ATN cannot handle cyclic policy interdependency satisfactorily.Oblivious signature-based envelope(OSBE) is a scheme to solve this problem.However,the existed scheme could only be implemented on a secure channel.An efficient OSBE scheme without the secure channel is proposed using the ideas of identity-based systems and certificate-based encryption,which satisfies all the properties required by OSBE such as soundness and oblivious et al.Also,the scheme can achieve the desired security notations in the random oracle model.

Hu Xiong,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.6633/ijns.201307.15(4).12

2013-01-01

Abstract:Signcryption is a cryptographic primitive that performs digital signature and public key encryption simultaneously, at lower computational costs and communication overhead than signing and encrypting separately. Recently, Chung et al. proposed an anonymous ECC-based signcryption scheme. We show that their scheme is not secure even against a chosen-plaintext attack.

Kui Ma,Yanwei Zhou,Ying Wang,Chunsheng Dong,Zhe Xia,Bo Yang,Mingwu Zhang

DOI: https://doi.org/10.1109/jsyst.2023.3269597

IF: 4.802

2023-01-01

IEEE Systems Journal

Abstract:The Internet of Things (IoT) is helpful in making people's life more convenient and efficient. To ensure that the nodes within IoT can interact securely, a certificateless signature (CLS) can be used to protect message authentication in the IoT. Recently, some concrete constructions of CLS schemes have been proposed in the literature, but through our analyses, we demonstrate that some existing CLS schemes cannot keep their claimed security because of various security flaws. For example, a valid signature can be forged by any Type I adversary by replacing the corresponding user's public key. In this article, we describe the security flaws that need to be addressed and introduce a novel CLS scheme without using bilinear mapping. The existential unforgeability in our proposed scheme can be proved based on the hardness of the elliptic curve discrete logarithm problem in the random oracle model. The comparison with existing CLS schemes shows that our scheme not only enjoys more security features but also is more efficient in computation. Moreover, we introduce an identity authentication protocol as the application of our proposed CLS scheme, which achieves mutual authentication and anonymity in communications.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Sumithra Alagarsamy,S P Rajagopalan

DOI: https://doi.org/10.1371/journal.pone.0186207

IF: 3.7

2017-10-17

PLoS ONE

Abstract:Certificateless-based signcryption overcomes inherent shortcomings in traditional Public Key Infrastructure (PKI) and Key Escrow problem. It imparts efficient methods to design PKIs with public verifiability and cipher text authenticity with minimum dependency. As a classic primitive in public key cryptography, signcryption performs validity of cipher text without decryption by combining authentication, confidentiality, public verifiability and cipher text authenticity much more efficiently than the traditional approach. In this paper, we first define a security model for certificateless-based signcryption called, Complex Conjugate Differential Integrated Factor (CC-DIF) scheme by introducing complex conjugates through introduction of the security parameter and improving secured message distribution rate. However, both partial private key and secret value changes with respect to time. To overcome this weakness, a new certificateless-based signcryption scheme is proposed by setting the private key through Differential (Diff) Equation using an Integration Factor (DiffEIF), minimizing computational cost and communication overhead. The scheme is therefore said to be proven secure (i.e. improving the secured message distributing rate) against certificateless access control and signcryption-based scheme. In addition, compared with the three other existing schemes, the CC-DIF scheme has the least computational cost and communication overhead for secured message communication in mobile network.

Huifang Yu,Runtao Ren

DOI: https://doi.org/10.1109/jsyst.2021.3096531

IF: 4.802

2021-01-01

IEEE Systems Journal

Abstract:Driven by new situation of "Internet +," Internet has achieved the integrated development with all walks of life. Among them, the fifth generation is a key technology to promote the deep integration of Internet-of-Things equipment, cloud computing, blockchain and other trades. Hence, it is necessary for IoTs to consider the cost and efficiency of authentication and confidentiality of the communication. For effectively solving the above problems, we devise certificateless elliptic curve aggregate signcryption (CL-ECASC) scheme for IoTs that can improve the authentication efficiency, realize data confidentiality, and avoid the problems of complex certificate management and key escrow. Under the hardness of discrete logarithm and computational DiffieHellman problems on elliptic curve, CL-ECASC is proved to has the IND-CCA2 security (indistinguishability under the adaptive chosen-ciphertext attacks) and UF-CMA security (existentially unforgeable under the adaptive chosen-message attacks). CL-ECASC has relatively faster computation efficiency and lower communication cost, and so it is suitable for secure transmission of the information in the previously mentioned environments.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Arijit Karati,Chun-I Fan,Ruei-Hau Hsu

DOI: https://doi.org/10.1109/jiot.2019.2939204

IF: 10.6

2019-12-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT) is revolutionizing our modern lives by introducing active connection between smart devices. However, IoT devices are repeatedly exhibiting many security flaws, which will inevitably lead to eavesdropping and impersonation attacks. Thus, providing a proper security in IoT becomes a prime focus for the researchers. In cryptography, certificateless signcryption (CLSC) is one of the recent public key techniques for the security requirements of the authenticity and confidentiality of any message between the parties. In this article, a new generalized CLSC (gCLSC) is introduced to provide the functions of digital signature and encryption to fulfill the authenticity and confidentiality for the resource-constrained IoT devices. Besides, the gCLSC supports the property of public verifiability and security of an ideal signcryption under the strong Diffie–Hellman and bilinear Diffie–Hellman inversion problems without random oracle model. Performance assessment of the gCLSC gives satisfactory results after comparing with other competitive CLSC schemes in terms of its functionality. Therefore, the gCLSC can be adopted in the IoT networks where authenticity, confidentiality, and lightweight are the essential factors.

Shan Shan,Bo Zhang

DOI: https://doi.org/10.1007/s11277-024-11012-7

IF: 2.017

2024-04-19

Wireless Personal Communications

Abstract:Recently, Kasyoka et al. (Wirel Pers Commun 118:3349–3366, 2021) presented a new pairing free certificateless signcryption scheme for use in ubiquitous healthcare systems. Kasyoka et al. gave a formal security proof for indistinguishability against adaptive chosen ciphertext attack and unforgeability against adaptive chosen message attack for their scheme in random oracle model. In this paper, we give a cryptographic analysis and the results show that, in their newly proposed scheme, internal users can forge the signcryption ciphertext sent to them. The more serious is that Kasyoka et al.'s scheme can not resist public key replacement attack. Any user can forge or unsigncrypt a signcryption ciphertext by launching a public key replacement attack without knowing partial private key. Therefore, Kasyoka et al.'s scheme is not safe for use in ubiquitous healthcare systems.

telecommunications

Manoj Kumar,Harsh Kumar Verma,Geeta Sikka

DOI: https://doi.org/10.1002/ett.3883

IF: 3.6

2020-03-22

Transactions on Emerging Telecommunications Technologies

Abstract:<p>Cloud‐edge (CE) is revolutionizing our modern world with a greater user experience through the Internet of Things (IoT). However, the edge devices, communication bridge between the cloud and users, are repeatedly exhibiting many security flaws which will inevitably lead to massive cyber attacks. Thus, providing a proper security, specifically, the confidentiality and authenticity of sensitive data become a prime focus for many of the researchers. In cryptography, certificateless signcryption (CLSC) is one of the recent public key techniques that meets the requirements of confidentiality and authenticity of sensitive data between parties with minimal overhead. This paper aims to present a new data sharing protocol where the safety of data is achieved through a new CLSC scheme. The proposed CLSC is designed using the bilinear pairing and modular exponentiation operations. Besides, the CLSC is secure based on the intractability of Diffie‐Hellman inversion (DHI) and bilinear‐DHI assumptions without considering the random oracle model (ROM). Performance assessment of proposed CLSC gives satisfactory results after comparing with other related CLSC schemes. Therefore, proposed CLSC can be installed in the cloud‐based edge‐IoT environment where both the authenticity and confidentiality with minimal computational overhead are the essential factors.</p>

telecommunications

Weifeng Long,Lunzhi Deng,Jiwen Zeng,Yan Gao,Tianxiu Lu

DOI: https://doi.org/10.3390/s24154899

2024-07-28

Abstract:A Wireless Body Area Network (WBAN), introduced into the healthcare sector to improve patient care and enhance the efficiency of medical services, also brings the risk of the leakage of patients' privacy. Therefore, maintaining the communication security of patients' data has never been more important. However, WBAN faces issues such as open medium channels, resource constraints, and lack of infrastructure, which makes the task of designing a secure and economical communication scheme suitable for WBAN particularly challenging. Signcryption has garnered attention as a solution suitable for resource-constrained devices, offering a combination of authentication and confidentiality with low computational demands. Although the advantages offered by existing certificateless signcryption schemes are notable, most of them only have proven security within the random oracle model (ROM), lack public ciphertext authenticity, and have high computational overheads. To overcome these issues, we propose a certificateless anonymous signcryption (CL-ASC) scheme suitable for WBAN, featuring anonymity of the signcrypter, public verifiability, and public ciphertext authenticity. We prove its security in the standard model, including indistinguishability, unforgeability, anonymity of the signcrypter, and identity identifiability, and demonstrate its superiority over relevant schemes in terms of security, computational overheads, and storage costs.

Kaifeng Xiao,Xinjian Chen,Hongbo Li,Jianye Huang,Willy Susilo,Qiong Huang

DOI: https://doi.org/10.1016/j.ins.2023.120015

IF: 8.1

2023-01-01

Information Sciences

Abstract:In hospital information systems, large volumes of electronic diagnostic records (EDRs) take up most of the storage space. While cloud server providers can reduce the local storage burden on hospitals and provide data-sharing services, the potential threat of sensitive data leakage and non-traceability of diagnoses prevents hospitals from uploading patients' diagnostic records to remote cloud servers directly. Therefore, to address security and traceability issues, we propose a new construction of post-quantum secure signcryption scheme with a designated equality test based on lattices (LB-SCDET) in this paper. Our LB-SCDET scheme allows a designated tester to perform equality tests on signcrypt-ciphertexts of EDRs without leaking what the EDRs actually are. Compared to the recent LB-SCET scheme proposed by Le et al., our LB-SCDET scheme implements a designated mechanism and is secure against offline message recovery attacks (OMRA). The comparison shows that our scheme enjoys a higher level of security, albeit the ciphertext size is slightly larger. Finally, we prove the scheme to be secure under the hardness of the Learning-with-Errors problem and unidirectionality of the Short-Integer-Solution problem. To be of independent interest, we show that the LB-SCET scheme fails to achieve the claimed IND-CCA security.

Shamsher Ullah,Xiang-Yang Li,Lan Zhang

DOI: https://doi.org/10.1109/BIGCOM.2017.51

2017-01-01

Abstract:Now-a-days security is a challenging task in different types of networks, such as Mobile Networks, Wireless Sensor Networks (WSN) and Radio Frequency Identifications Systems (RFIS) etc, to overcome these challenges we use sincryption. Signcryption is a new public key cryptographic primitive that performs the functions of digital signature and encryption in single logical step. The main contribution of signcrytion scheme, it is more suitable for low constrained environment. Moreover some signcryption schemes based on RSA, Elliptic Curve (EC) and Hyper Elliptic Curve (HEC). This paper contains a critical review of signcryption schemes based on hyper elliptic curve, since it reduce communication and computational costs for low constrained devices. It also explores advantages and disadvantages of different signcryption schemes based on HEC.

Jianhua Yan,Licheng Wang,Mianxiong Dong,Yixian Yang,Wenbin Yao

DOI: https://doi.org/10.1002/sec.1297

IF: 1.968

2015-01-01

Security and Communication Networks

Abstract:Signcryption as a cryptographic primitive can carry out signature and encryption simultaneously at a remarkably reduced cost. Identity-based cryptography is more convenient than public key infrastructure-based cryptography in certificate management. As a result, identity-based signcryption has been studied extensively, and many efficient and provably secure constructions have been proposed. However, most of these schemes are based on intractability assumptions from number theory, and these assumptions have been threatened by the booming quantum computation. Therefore, a recent trend in cryptography is to construct cryptosystems that are based on lattice-based intractability assumptions because of their plausible features of quantum attack resistance. In this paper, several identity-based signcryption schemes from lattice hardness assumptions are proposed. In the standard model, these schemes are indistinguishable against inner adaptively chosen ciphertext attacks (IND-CCA2) and strongly unforgeable against inner chosen message attacks. In our construction, it does not matter whether the original encryption scheme used to construct signcryption is deterministic or probabilistic; the resulted signcryption schemes can reach IND-CCA2 security. To achieve this, we carefully combine three techniques-the identity-based encryption from lattice due to Agrawal-Boneh-Boyen (EUROCRYPT 2010), the framework of lattice-based short signature due to Boyen (Public Key Cryptography 2010), and the Canetti-Halevi-Katz (abbr. CHK) technique, with necessary and tailored optimization-for transforming an (l + 1)-level indistinguishable under chosen plaintext attack secure hierarchical identity-based encryption (HIBE) into an l level IND-CCA2 secure HIBE scheme. In addition, our security proof also contains a more efficient simulation tool that might have separate interest in cryptographic applications. Copyright (C) 2015 John Wiley & Sons, Ltd.

Ms. K. Sudharani,Dr. N. K. Sakthivel

DOI: https://doi.org/10.14419/ijet.v10i1.21480

2021-02-19

International Journal of Engineering and Technology

Abstract:Certificateless Public Key Cryptography (CL-PKC) scheme is a new standard that combines Identity (ID)-based cryptography and tradi- tional PKC. It yields better security than the ID-based cryptography scheme without requiring digital certificates. In the CL-PKC scheme, as the Key Generation Center (KGC) generates a public key using a partial secret key, the need for authenticating the public key by a trusted third party is avoided. Due to the lack of authentication, the public key associated with the private key of a user may be replaced by anyone. Therefore, the ciphertext cannot be decrypted accurately. To mitigate this issue, an Enhanced Certificateless Proxy Signature (E-CLPS) is proposed to offer high security guarantee and requires minimum computational cost. In this work, the Hackman tool is used for detecting the dictionary attacks in the cloud. From the experimental analysis, it is observed that the proposed E-CLPS scheme yields better Attack Detection Rate, True Positive Rate, True Negative Rate and Minimum False Positives and False Negatives than the existing schemes.

sun hua,guo li,wang aimin

2011-01-01

Abstract:Signcryption is a cryptographic primitive which provides authentication and confidentiality simultaneously with a computational cost lower than signing and encryption respectively. The ring signcryption has anonymity in addition to authentication and confidentiality, which allows any user to choose any set of users that includes himself and signcrypt messages without revealing who in the set has actually produced it. This paper presents an efficient identity-based ring signcryption scheme in the standard model, which proves its indistinguishability against adaptive chosen ciphertext attacks and existential unforgeability against adaptive chosen message and identity attacks in terms of the hardness of CDH problem and DBDH problem.

Sumithra Alagarsamy,Vijayalakshmi Nagarajan,M. M. Yamuna Devi

DOI: https://doi.org/10.1007/s11276-023-03624-x

IF: 2.701

2024-01-31

Wireless Networks

Abstract:The technological breakthroughs of Internet of thing (IoT) applications in various sectors are nowadays contributing to the development of smart mobile IoT (SM-IoT). Lack of authentication and encryption schemes make SM-IoT more susceptible to major security and privacy issues. Signcryption has evolved as a new paradigm in recent years that provides better authenticity and security to the messages and minimizes both computation cost and communication costs simultaneously. To secure the communicated message on the sender and receiver sides, this paper proposes an efficient and secure decentralized communication system to offer personalized service for the users. The proposed network framework comprises four key entities namely trusted service providers, gateways, resource senders, and receivers. The master private keys are generated at the initial setup phase. Then, the optimal partial private keys are extracted and broadcasted through the channel by the key extraction process utilizing the fuzzy whale sine cosine levy algorithm. The ciphertext is generated for the sender on signcryption using a modified Identity-based Cryptography approach. The signcryption ciphertext generated is broadcasted via gateways to the receiver by measuring verification parameters. Finally, the designcryption process is performed using the certificateless hybrid signcryption scheme to retrieve the plaintext message. The proposed secure communication network is evaluated using performance metrics such as bilinear pairing time, modular experimentation time, pairing-based experimentation time, elliptic curve (EC) scalar point multiplication time, map-to-point hash function time, and EC point addition time. The experimental results revealed the effectiveness of the proposed secure communication framework on both the sender and receiver sides.

computer science, information systems,telecommunications,engineering, electrical & electronic